binder: Support DER format certificates.

Test: binderRpcTest Bug: 195166979 Change-Id: I78b4d2b1207819a9cf9eadf099e2c44cfaac8096
author: Yifan Hong <elsk@google.com> 2021-08-16 16:59:37 -0700
committer: Yifan Hong <elsk@google.com> 2021-09-13 16:22:18 -0700
commit: 2c23db1413c82db2b1fea13ba9ad5bb1bfd0fedf (patch)
tree: 990c1278ea164c20d22387d88b02e44b67194102
parent: 1deca4b9eb224f704dc3ab4b17053ff94f49d6c5 (diff)
3 files changed, 21 insertions, 1 deletions
diff --git a/libs/binder/RpcCertificateUtils.cpp b/libs/binder/RpcCertificateUtils.cpp
index d0ea3c71ad..2aec2f6f57 100644
--- a/libs/binder/RpcCertificateUtils.cpp
+++ b/libs/binder/RpcCertificateUtils.cpp
@@ -31,6 +31,18 @@ bssl::UniquePtr<X509> fromPem(const std::vector<uint8_t>& cert) {
     return bssl::UniquePtr<X509>(PEM_read_bio_X509(certBio.get(), nullptr, nullptr, nullptr));
 }
 
+bssl::UniquePtr<X509> fromDer(const std::vector<uint8_t>& cert) {
+    if (cert.size() > std::numeric_limits<long>::max()) return nullptr;
+    const unsigned char* data = cert.data();
+    auto expectedEnd = data + cert.size();
+    bssl::UniquePtr<X509> ret(d2i_X509(nullptr, &data, static_cast<long>(cert.size())));
+    if (data != expectedEnd) {
+        ALOGE("%s: %td bytes remaining!", __PRETTY_FUNCTION__, expectedEnd - data);
+        return nullptr;
+    }
+    return ret;
+}
+
 } // namespace
 
 bssl::UniquePtr<X509> deserializeCertificate(const std::vector<uint8_t>& cert,
@@ -38,6 +50,8 @@ bssl::UniquePtr<X509> deserializeCertificate(const std::vector<uint8_t>& cert,
     switch (format) {
         case CertificateFormat::PEM:
             return fromPem(cert);
+        case CertificateFormat::DER:
+            return fromDer(cert);
     }
     LOG_ALWAYS_FATAL("Unsupported format %d", static_cast<int>(format));
 }
@@ -48,6 +62,9 @@ std::vector<uint8_t> serializeCertificate(X509* x509, CertificateFormat format)
         case CertificateFormat::PEM: {
             TEST_AND_RETURN({}, PEM_write_bio_X509(certBio.get(), x509));
         } break;
+        case CertificateFormat::DER: {
+            TEST_AND_RETURN({}, i2d_X509_bio(certBio.get(), x509));
+        } break;
         default: {
             LOG_ALWAYS_FATAL("Unsupported format %d", static_cast<int>(format));
         }
diff --git a/libs/binder/include/binder/CertificateFormat.h b/libs/binder/include/binder/CertificateFormat.h
index d33ee7e484..22a8e47270 100644
--- a/libs/binder/include/binder/CertificateFormat.h
+++ b/libs/binder/include/binder/CertificateFormat.h
@@ -24,13 +24,15 @@ namespace android {
 
 enum class CertificateFormat {
     PEM,
-    // TODO(b/195166979): support other formats, e.g. DER
+    DER,
 };
 
 static inline std::string PrintToString(CertificateFormat format) {
     switch (format) {
         case CertificateFormat::PEM:
             return "PEM";
+        case CertificateFormat::DER:
+            return "DER";
         default:
             return "<unknown>";
     }
diff --git a/libs/binder/tests/binderRpcTest.cpp b/libs/binder/tests/binderRpcTest.cpp
index 8c805bb6cc..8ffd68d278 100644
--- a/libs/binder/tests/binderRpcTest.cpp
+++ b/libs/binder/tests/binderRpcTest.cpp
@@ -1730,6 +1730,7 @@ TEST_P(RpcTransportTest, MaliciousClient) {
 std::vector<CertificateFormat> testCertificateFormats() {
     return {
             CertificateFormat::PEM,
+            CertificateFormat::DER,
     };
 }
author	Yifan Hong <elsk@google.com>	2021-08-16 16:59:37 -0700
committer	Yifan Hong <elsk@google.com>	2021-09-13 16:22:18 -0700
commit	2c23db1413c82db2b1fea13ba9ad5bb1bfd0fedf (patch)
tree	990c1278ea164c20d22387d88b02e44b67194102
parent	1deca4b9eb224f704dc3ab4b17053ff94f49d6c5 (diff)