binder: Support DER format certificates. (2c23db14) · Commits · e / os / android_frameworks_native-old

libs/binder/RpcCertificateUtils.cpp

+17 −0

Original line number	Original line	Diff line number	Diff line
	@@ -31,6 +31,18 @@ bssl::UniquePtr<X509> fromPem(const std::vector<uint8_t>& cert) {
	return bssl::UniquePtr<X509>(PEM_read_bio_X509(certBio.get(), nullptr, nullptr, nullptr));		return bssl::UniquePtr<X509>(PEM_read_bio_X509(certBio.get(), nullptr, nullptr, nullptr));
	}		}

			bssl::UniquePtr<X509> fromDer(const std::vector<uint8_t>& cert) {
			if (cert.size() > std::numeric_limits<long>::max()) return nullptr;
			const unsigned char* data = cert.data();
			auto expectedEnd = data + cert.size();
			bssl::UniquePtr<X509> ret(d2i_X509(nullptr, &data, static_cast<long>(cert.size())));
			if (data != expectedEnd) {
			ALOGE("%s: %td bytes remaining!", __PRETTY_FUNCTION__, expectedEnd - data);
			return nullptr;
			}
			return ret;
			}

	} // namespace		} // namespace

	bssl::UniquePtr<X509> deserializeCertificate(const std::vector<uint8_t>& cert,		bssl::UniquePtr<X509> deserializeCertificate(const std::vector<uint8_t>& cert,
	@@ -38,6 +50,8 @@ bssl::UniquePtr<X509> deserializeCertificate(const std::vector<uint8_t>& cert,
	switch (format) {		switch (format) {
	case CertificateFormat::PEM:		case CertificateFormat::PEM:
	return fromPem(cert);		return fromPem(cert);
			case CertificateFormat::DER:
			return fromDer(cert);
	}		}
	LOG_ALWAYS_FATAL("Unsupported format %d", static_cast<int>(format));		LOG_ALWAYS_FATAL("Unsupported format %d", static_cast<int>(format));
	}		}
	@@ -48,6 +62,9 @@ std::vector<uint8_t> serializeCertificate(X509* x509, CertificateFormat format)
	case CertificateFormat::PEM: {		case CertificateFormat::PEM: {
	TEST_AND_RETURN({}, PEM_write_bio_X509(certBio.get(), x509));		TEST_AND_RETURN({}, PEM_write_bio_X509(certBio.get(), x509));
	} break;		} break;
			case CertificateFormat::DER: {
			TEST_AND_RETURN({}, i2d_X509_bio(certBio.get(), x509));
			} break;
	default: {		default: {
	LOG_ALWAYS_FATAL("Unsupported format %d", static_cast<int>(format));		LOG_ALWAYS_FATAL("Unsupported format %d", static_cast<int>(format));
	}		}

libs/binder/include/binder/CertificateFormat.h

+3 −1

Original line number	Original line	Diff line number	Diff line
	@@ -24,13 +24,15 @@ namespace android {

	enum class CertificateFormat {		enum class CertificateFormat {
	PEM,		PEM,
	// TODO(b/195166979): support other formats, e.g. DER		DER,
	};		};

	static inline std::string PrintToString(CertificateFormat format) {		static inline std::string PrintToString(CertificateFormat format) {
	switch (format) {		switch (format) {
	case CertificateFormat::PEM:		case CertificateFormat::PEM:
	return "PEM";		return "PEM";
			case CertificateFormat::DER:
			return "DER";
	default:		default:
	return "<unknown>";		return "<unknown>";
	}		}

libs/binder/tests/binderRpcTest.cpp

+1 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1730,6 +1730,7 @@ TEST_P(RpcTransportTest, MaliciousClient) {
	std::vector<CertificateFormat> testCertificateFormats() {		std::vector<CertificateFormat> testCertificateFormats() {
	return {		return {
	CertificateFormat::PEM,		CertificateFormat::PEM,
			CertificateFormat::DER,
	};		};
	}		}