commit 9e8edcf57414d7623c7bc2fee9bec27452a51fcd
author Shawn Willden <swillden@google.com> Mon Dec 18 15:11:46 2017 -0700
committer Shawn Willden <swillden@google.com> Mon Dec 18 15:32:23 2017 -0700
tree 9a91ed58eea7185dfef24b108c8fc258199dbb7a
parent c7db2a54b2a19ec4123f8a7c700235df66904eed

Fix ID attestation.

The previous change to add support for attestation for system keys
broke attestation for non-system keys, causing keystore to segfault
and the CTS tests to fail.

Test: runtest --path cts/tests/tests/keystore/src/android/keystore/cts/KeyAttestationTest.java
Change-Id: I08d649755e78bb044157b44b30f1d13183447634

keystore/keystore_attestation_id.cpp

diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
index 97d81c5..7f9c38d 100644
--- a/keystore/keystore_attestation_id.cpp
+++ b/keystore/keystore_attestation_id.cpp
@@ -45,7 +45,9 @@
 
 namespace {
 
-static std::vector<uint8_t> signature2SHA256(const content::pm::Signature& sig) {
+constexpr const char* kAttestationSystemPackageName = "AndroidSystem";
+
+std::vector<uint8_t> signature2SHA256(const content::pm::Signature& sig) {
     std::vector<uint8_t> digest_buffer(SHA256_DIGEST_LENGTH);
     SHA256(sig.data().data(), sig.data().size(), digest_buffer.data());
     return digest_buffer;
@@ -97,7 +99,8 @@
     ASN1_SET_OF(KM_ATTESTATION_APPLICATION_ID, signature_digests, ASN1_OCTET_STRING),
 } ASN1_SEQUENCE_END(KM_ATTESTATION_APPLICATION_ID);
 IMPLEMENT_ASN1_FUNCTIONS(KM_ATTESTATION_APPLICATION_ID);
-}
+
+}  // namespace
 
 }  // namespace android
 
@@ -228,22 +231,18 @@
 }  // namespace
 
 StatusOr<std::vector<uint8_t>> gather_attestation_application_id(uid_t uid) {
-    auto& pm = KeyAttestationApplicationIdProvider::get();
+    KeyAttestationApplicationId key_attestation_id;
 
-    /* Get the attestation application ID from package manager */
-    KeyAttestationApplicationId* key_attestation_id = nullptr;
     if (uid == AID_SYSTEM) {
-      KeyAttestationPackageInfo::SharedSignaturesVector signatures(
-                new KeyAttestationPackageInfo::SignaturesVector());
-        signatures->push_back(std::unique_ptr<content::pm::Signature>(
-                new content::pm::Signature()));
-
-        std::unique_ptr<KeyAttestationPackageInfo> package_info(
-                new KeyAttestationPackageInfo(
-                        String16("AndroidSystem"), 1, signatures));
-        key_attestation_id = new KeyAttestationApplicationId(std::move(package_info));
+        /* Use a fixed ID for system callers */
+        auto pinfo = std::make_unique<KeyAttestationPackageInfo>(
+            String16(kAttestationSystemPackageName), 1 /* version code */,
+            std::make_shared<KeyAttestationPackageInfo::SignaturesVector>());
+        key_attestation_id = KeyAttestationApplicationId(std::move(pinfo));
     } else {
-        auto status = pm.getKeyAttestationApplicationId(uid, key_attestation_id);
+        /* Get the attestation application ID from package manager */
+        auto& pm = KeyAttestationApplicationIdProvider::get();
+        auto status = pm.getKeyAttestationApplicationId(uid, &key_attestation_id);
         if (!status.isOk()) {
             ALOGE("package manager request for key attestation ID failed with: %s %d",
                   status.exceptionMessage().string(), status.exceptionCode());
@@ -252,7 +251,7 @@
     }
 
     /* DER encode the attestation application ID */
-    return build_attestation_application_id(*key_attestation_id);
+    return build_attestation_application_id(key_attestation_id);
 }
 
 }  // namespace security