1 /**
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package com.android.remoteprovisioner;
18 
19 import java.time.Duration;
20 import java.util.HashMap;
21 import java.util.Map;
22 
23 /**
24  * Convenience class for packaging up the values returned by the server when initially requesting
25  * an Endpoint Encryption Key for remote provisioning. Those values are described by the following
26  * CDDL Schema:
27  *    GeekResponse = [
28  *        [+CurveAndEek],
29  *        challenge : bstr,
30  *        ? Config,
31  *    ]
32  *    CurveAndEek = [
33  *        curve: uint,
34  *        EekChain
35  *    ]
36  *    Config = {
37  *        ? "num_extra_attestation_keys": uint,
38  *        ? "time_to_refresh_hours" : uint,
39  *        ? "provisioning_url": tstr,
40  *    }
41  *
42  * The CDDL that defines EekChain is defined in the RemoteProvisioning HAL, but this app does not
43  * require any semantic understanding of the format to perform its function.
44  */
45 public class GeekResponse {
46     public static final int NO_EXTRA_KEY_UPDATE = -1;
47     private byte[] mChallenge;
48     private Map<Integer, byte[]> mCurveToGeek;
49     public int numExtraAttestationKeys;
50     public Duration timeToRefresh;
51     public String provisioningUrl;
52 
53     /**
54      * Default initializer.
55      */
GeekResponse()56     public GeekResponse() {
57         mCurveToGeek = new HashMap();
58         numExtraAttestationKeys = NO_EXTRA_KEY_UPDATE;
59     }
60 
61     /**
62      * Add a CBOR encoded array containing a GEEK and the corresponding certificate chain, keyed
63      * on the EC {@code curve}.
64      *
65      * @param curve an integer which represents an EC curve.
66      * @param geekChain the encoded CBOR array containing an ECDH key and corresponding certificate
67      *                  chain.
68      */
addGeek(int curve, byte[] geekChain)69     public void addGeek(int curve, byte[] geekChain) {
70         mCurveToGeek.put(curve, geekChain);
71     }
72 
73     /**
74      * Returns the encoded CBOR array with an ECDH key corresponding to the provided {@code curve}.
75      *
76      * @param curve an integer which represents an EC curve.
77      * @return the corresponding encoded CBOR array.
78      */
getGeekChain(int curve)79     public byte[] getGeekChain(int curve) {
80         return mCurveToGeek.get(curve);
81     }
82 
83     /**
84      * Sets the {@code challenge}.
85      */
setChallenge(byte[] challenge)86     public void setChallenge(byte[] challenge) {
87         mChallenge = challenge;
88     }
89 
90     /**
91      * Returns the {@code challenge}.
92      *
93      * @return the challenge that will be embedded in the CSR sent to the server.
94      */
getChallenge()95     public byte[] getChallenge() {
96         return mChallenge;
97     }
98 }
99