diff options
author | Jooyung Han <jooyung@google.com> | 2020-02-21 21:17:06 +0900 |
---|---|---|
committer | Jooyung Han <jooyung@google.com> | 2020-03-24 06:37:11 +0000 |
commit | 17be89b21bfc46b8c0932cb14ce428ebc2986de5 (patch) | |
tree | c8b9bb1f014c8e987d5ddf946b74fd4c92274609 /identity/aidl | |
parent | 3e3e78bf208475c5854c60905628f7c8b6dc110f (diff) | |
download | platform_hardware_interfaces-17be89b21bfc46b8c0932cb14ce428ebc2986de5.tar.gz platform_hardware_interfaces-17be89b21bfc46b8c0932cb14ce428ebc2986de5.tar.bz2 platform_hardware_interfaces-17be89b21bfc46b8c0932cb14ce428ebc2986de5.zip |
use vector<uint8_t> for byte[] in AIDL
In native world, byte stream is typically represented in uint8_t[]
or vector<uint8_t>. C++ backend already generates that way. This
change involves NDK backend.
Now NDK backend also uses vector<uint8_t> just like C++ backend.
Bug: 144957764
Test: atest CtsNdkBinderTestCases
Merged-In: I8de348b57cf92dd99b3ee16252f56300ce5f4683
Change-Id: I8de348b57cf92dd99b3ee16252f56300ce5f4683
(cherry picked from commit 9070318462e5e73acf1509cf7e75ac260e51e43a)
Exempt-From-Owner-Approval: cp from internal
Diffstat (limited to 'identity/aidl')
-rw-r--r-- | identity/aidl/default/IdentityCredential.cpp | 50 | ||||
-rw-r--r-- | identity/aidl/default/IdentityCredential.h | 22 | ||||
-rw-r--r-- | identity/aidl/default/IdentityCredentialStore.cpp | 6 | ||||
-rw-r--r-- | identity/aidl/default/IdentityCredentialStore.h | 2 | ||||
-rw-r--r-- | identity/aidl/default/Util.cpp | 13 | ||||
-rw-r--r-- | identity/aidl/default/Util.h | 4 | ||||
-rw-r--r-- | identity/aidl/default/WritableIdentityCredential.cpp | 26 | ||||
-rw-r--r-- | identity/aidl/default/WritableIdentityCredential.h | 12 |
8 files changed, 57 insertions, 78 deletions
diff --git a/identity/aidl/default/IdentityCredential.cpp b/identity/aidl/default/IdentityCredential.cpp index 341fae6e93..aaae1f6ae5 100644 --- a/identity/aidl/default/IdentityCredential.cpp +++ b/identity/aidl/default/IdentityCredential.cpp @@ -102,7 +102,7 @@ int IdentityCredential::initialize() { } ndk::ScopedAStatus IdentityCredential::deleteCredential( - vector<int8_t>* outProofOfDeletionSignature) { + vector<uint8_t>* outProofOfDeletionSignature) { cppbor::Array array = {"ProofOfDeletion", docType_, testCredential_}; vector<uint8_t> proofOfDeletion = array.encode(); @@ -115,11 +115,11 @@ ndk::ScopedAStatus IdentityCredential::deleteCredential( IIdentityCredentialStore::STATUS_FAILED, "Error signing data")); } - *outProofOfDeletionSignature = byteStringToSigned(signature.value()); + *outProofOfDeletionSignature = signature.value(); return ndk::ScopedAStatus::ok(); } -ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<int8_t>* outKeyPair) { +ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<uint8_t>* outKeyPair) { optional<vector<uint8_t>> kp = support::createEcKeyPair(); if (!kp) { return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage( @@ -135,13 +135,13 @@ ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<int8_t>* ou } ephemeralPublicKey_ = publicKey.value(); - *outKeyPair = byteStringToSigned(kp.value()); + *outKeyPair = kp.value(); return ndk::ScopedAStatus::ok(); } ndk::ScopedAStatus IdentityCredential::setReaderEphemeralPublicKey( - const vector<int8_t>& publicKey) { - readerPublicKey_ = byteStringToUnsigned(publicKey); + const vector<uint8_t>& publicKey) { + readerPublicKey_ = publicKey; return ndk::ScopedAStatus::ok(); } @@ -169,8 +169,8 @@ ndk::ScopedAStatus IdentityCredential::createAuthChallenge(int64_t* outChallenge // ahead of time. bool checkReaderAuthentication(const SecureAccessControlProfile& profile, const vector<uint8_t>& readerCertificateChain) { - optional<vector<uint8_t>> acpPubKey = support::certificateChainGetTopMostKey( - byteStringToUnsigned(profile.readerCertificate.encodedCertificate)); + optional<vector<uint8_t>> acpPubKey = + support::certificateChainGetTopMostKey(profile.readerCertificate.encodedCertificate); if (!acpPubKey) { LOG(ERROR) << "Error extracting public key from readerCertificate in profile"; return false; @@ -255,13 +255,9 @@ bool checkUserAuthentication(const SecureAccessControlProfile& profile, ndk::ScopedAStatus IdentityCredential::startRetrieval( const vector<SecureAccessControlProfile>& accessControlProfiles, - const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequestS, - const vector<int8_t>& signingKeyBlobS, const vector<int8_t>& sessionTranscriptS, - const vector<int8_t>& readerSignatureS, const vector<int32_t>& requestCounts) { - auto sessionTranscript = byteStringToUnsigned(sessionTranscriptS); - auto itemsRequest = byteStringToUnsigned(itemsRequestS); - auto readerSignature = byteStringToUnsigned(readerSignatureS); - + const HardwareAuthToken& authToken, const vector<uint8_t>& itemsRequest, + const vector<uint8_t>& signingKeyBlob, const vector<uint8_t>& sessionTranscript, + const vector<uint8_t>& readerSignature, const vector<int32_t>& requestCounts) { if (sessionTranscript.size() > 0) { auto [item, _, message] = cppbor::parse(sessionTranscript); if (item == nullptr) { @@ -498,7 +494,7 @@ ndk::ScopedAStatus IdentityCredential::startRetrieval( currentNameSpace_ = ""; itemsRequest_ = itemsRequest; - signingKeyBlob_ = byteStringToUnsigned(signingKeyBlobS); + signingKeyBlob_ = signingKeyBlob; numStartRetrievalCalls_ += 1; return ndk::ScopedAStatus::ok(); @@ -605,10 +601,8 @@ ndk::ScopedAStatus IdentityCredential::startRetrieveEntryValue( return ndk::ScopedAStatus::ok(); } -ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<int8_t>& encryptedContentS, - vector<int8_t>* outContent) { - auto encryptedContent = byteStringToUnsigned(encryptedContentS); - +ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<uint8_t>& encryptedContent, + vector<uint8_t>* outContent) { optional<vector<uint8_t>> content = support::decryptAes128Gcm(storageKey_, encryptedContent, entryAdditionalData_); if (!content) { @@ -647,12 +641,12 @@ ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<int8_t>& currentNameSpaceDeviceNameSpacesMap_.add(currentName_, std::move(entryValueItem)); } - *outContent = byteStringToSigned(content.value()); + *outContent = content.value(); return ndk::ScopedAStatus::ok(); } -ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<int8_t>* outMac, - vector<int8_t>* outDeviceNameSpaces) { +ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<uint8_t>* outMac, + vector<uint8_t>* outDeviceNameSpaces) { if (currentNameSpaceDeviceNameSpacesMap_.size() > 0) { deviceNameSpacesMap_.add(currentNameSpace_, std::move(currentNameSpaceDeviceNameSpacesMap_)); @@ -704,13 +698,13 @@ ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<int8_t>* outMac, } } - *outMac = byteStringToSigned(mac.value_or(vector<uint8_t>({}))); - *outDeviceNameSpaces = byteStringToSigned(encodedDeviceNameSpaces); + *outMac = mac.value_or(vector<uint8_t>({})); + *outDeviceNameSpaces = encodedDeviceNameSpaces; return ndk::ScopedAStatus::ok(); } ndk::ScopedAStatus IdentityCredential::generateSigningKeyPair( - vector<int8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) { + vector<uint8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) { string serialDecimal = "0"; // TODO: set serial to something unique string issuer = "Android Open Source Project"; string subject = "Android IdentityCredential Reference Implementation"; @@ -758,9 +752,9 @@ ndk::ScopedAStatus IdentityCredential::generateSigningKeyPair( return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage( IIdentityCredentialStore::STATUS_FAILED, "Error encrypting signingKey")); } - *outSigningKeyBlob = byteStringToSigned(encryptedSigningKey.value()); + *outSigningKeyBlob = encryptedSigningKey.value(); *outSigningKeyCertificate = Certificate(); - outSigningKeyCertificate->encodedCertificate = byteStringToSigned(certificate.value()); + outSigningKeyCertificate->encodedCertificate = certificate.value(); return ndk::ScopedAStatus::ok(); } diff --git a/identity/aidl/default/IdentityCredential.h b/identity/aidl/default/IdentityCredential.h index fc29254f4b..6072afe04f 100644 --- a/identity/aidl/default/IdentityCredential.h +++ b/identity/aidl/default/IdentityCredential.h @@ -47,23 +47,23 @@ class IdentityCredential : public BnIdentityCredential { int initialize(); // Methods from IIdentityCredential follow. - ndk::ScopedAStatus deleteCredential(vector<int8_t>* outProofOfDeletionSignature) override; - ndk::ScopedAStatus createEphemeralKeyPair(vector<int8_t>* outKeyPair) override; - ndk::ScopedAStatus setReaderEphemeralPublicKey(const vector<int8_t>& publicKey) override; + ndk::ScopedAStatus deleteCredential(vector<uint8_t>* outProofOfDeletionSignature) override; + ndk::ScopedAStatus createEphemeralKeyPair(vector<uint8_t>* outKeyPair) override; + ndk::ScopedAStatus setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) override; ndk::ScopedAStatus createAuthChallenge(int64_t* outChallenge) override; ndk::ScopedAStatus startRetrieval( const vector<SecureAccessControlProfile>& accessControlProfiles, - const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequest, - const vector<int8_t>& signingKeyBlob, const vector<int8_t>& sessionTranscript, - const vector<int8_t>& readerSignature, const vector<int32_t>& requestCounts) override; + const HardwareAuthToken& authToken, const vector<uint8_t>& itemsRequest, + const vector<uint8_t>& signingKeyBlob, const vector<uint8_t>& sessionTranscript, + const vector<uint8_t>& readerSignature, const vector<int32_t>& requestCounts) override; ndk::ScopedAStatus startRetrieveEntryValue( const string& nameSpace, const string& name, int32_t entrySize, const vector<int32_t>& accessControlProfileIds) override; - ndk::ScopedAStatus retrieveEntryValue(const vector<int8_t>& encryptedContent, - vector<int8_t>* outContent) override; - ndk::ScopedAStatus finishRetrieval(vector<int8_t>* outMac, - vector<int8_t>* outDeviceNameSpaces) override; - ndk::ScopedAStatus generateSigningKeyPair(vector<int8_t>* outSigningKeyBlob, + ndk::ScopedAStatus retrieveEntryValue(const vector<uint8_t>& encryptedContent, + vector<uint8_t>* outContent) override; + ndk::ScopedAStatus finishRetrieval(vector<uint8_t>* outMac, + vector<uint8_t>* outDeviceNameSpaces) override; + ndk::ScopedAStatus generateSigningKeyPair(vector<uint8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) override; private: diff --git a/identity/aidl/default/IdentityCredentialStore.cpp b/identity/aidl/default/IdentityCredentialStore.cpp index 1efb4b4937..30dc6f330b 100644 --- a/identity/aidl/default/IdentityCredentialStore.cpp +++ b/identity/aidl/default/IdentityCredentialStore.cpp @@ -51,7 +51,7 @@ ndk::ScopedAStatus IdentityCredentialStore::createCredential( } ndk::ScopedAStatus IdentityCredentialStore::getCredential( - CipherSuite cipherSuite, const vector<int8_t>& credentialData, + CipherSuite cipherSuite, const vector<uint8_t>& credentialData, shared_ptr<IIdentityCredential>* outCredential) { // We only support CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256 right now. if (cipherSuite != CipherSuite::CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256) { @@ -60,8 +60,8 @@ ndk::ScopedAStatus IdentityCredentialStore::getCredential( "Unsupported cipher suite")); } - vector<uint8_t> data = vector<uint8_t>(credentialData.begin(), credentialData.end()); - shared_ptr<IdentityCredential> credential = ndk::SharedRefBase::make<IdentityCredential>(data); + shared_ptr<IdentityCredential> credential = + ndk::SharedRefBase::make<IdentityCredential>(credentialData); auto ret = credential->initialize(); if (ret != IIdentityCredentialStore::STATUS_OK) { return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage( diff --git a/identity/aidl/default/IdentityCredentialStore.h b/identity/aidl/default/IdentityCredentialStore.h index a2051130b0..4f3a42139f 100644 --- a/identity/aidl/default/IdentityCredentialStore.h +++ b/identity/aidl/default/IdentityCredentialStore.h @@ -39,7 +39,7 @@ class IdentityCredentialStore : public BnIdentityCredentialStore { const string& docType, bool testCredential, shared_ptr<IWritableIdentityCredential>* outWritableCredential) override; - ndk::ScopedAStatus getCredential(CipherSuite cipherSuite, const vector<int8_t>& credentialData, + ndk::ScopedAStatus getCredential(CipherSuite cipherSuite, const vector<uint8_t>& credentialData, shared_ptr<IIdentityCredential>* outCredential) override; }; diff --git a/identity/aidl/default/Util.cpp b/identity/aidl/default/Util.cpp index a0f86bedcd..66b9f13d89 100644 --- a/identity/aidl/default/Util.cpp +++ b/identity/aidl/default/Util.cpp @@ -39,21 +39,12 @@ const vector<uint8_t>& getHardwareBoundKey() { return hardwareBoundKey; } -vector<uint8_t> byteStringToUnsigned(const vector<int8_t>& value) { - return vector<uint8_t>(value.begin(), value.end()); -} - -vector<int8_t> byteStringToSigned(const vector<uint8_t>& value) { - return vector<int8_t>(value.begin(), value.end()); -} - vector<uint8_t> secureAccessControlProfileEncodeCbor(const SecureAccessControlProfile& profile) { cppbor::Map map; map.add("id", profile.id); if (profile.readerCertificate.encodedCertificate.size() > 0) { - map.add("readerCertificate", - cppbor::Bstr(byteStringToUnsigned(profile.readerCertificate.encodedCertificate))); + map.add("readerCertificate", cppbor::Bstr(profile.readerCertificate.encodedCertificate)); } if (profile.userAuthenticationRequired) { @@ -94,7 +85,7 @@ bool secureAccessControlProfileCheckMac(const SecureAccessControlProfile& profil if (!mac) { return false; } - if (mac.value() != byteStringToUnsigned(profile.mac)) { + if (mac.value() != profile.mac) { return false; } return true; diff --git a/identity/aidl/default/Util.h b/identity/aidl/default/Util.h index ee41ad1aac..9fccba2c72 100644 --- a/identity/aidl/default/Util.h +++ b/identity/aidl/default/Util.h @@ -49,10 +49,6 @@ bool secureAccessControlProfileCheckMac(const SecureAccessControlProfile& profil vector<uint8_t> entryCreateAdditionalData(const string& nameSpace, const string& name, const vector<int32_t> accessControlProfileIds); -vector<uint8_t> byteStringToUnsigned(const vector<int8_t>& value); - -vector<int8_t> byteStringToSigned(const vector<uint8_t>& value); - } // namespace aidl::android::hardware::identity #endif // ANDROID_HARDWARE_IDENTITY_UTIL_H diff --git a/identity/aidl/default/WritableIdentityCredential.cpp b/identity/aidl/default/WritableIdentityCredential.cpp index 89f7f35696..bce913aeec 100644 --- a/identity/aidl/default/WritableIdentityCredential.cpp +++ b/identity/aidl/default/WritableIdentityCredential.cpp @@ -53,8 +53,8 @@ bool WritableIdentityCredential::initialize() { // attestation certificate with current time and expires one year from now. The // certificate shall contain all values as specified in hal. ndk::ScopedAStatus WritableIdentityCredential::getAttestationCertificate( - const vector<int8_t>& attestationApplicationId, // - const vector<int8_t>& attestationChallenge, // + const vector<uint8_t>& attestationApplicationId, // + const vector<uint8_t>& attestationChallenge, // vector<Certificate>* outCertificateChain) { if (!credentialPrivKey_.empty() || !credentialPubKey_.empty() || !certificateChain_.empty()) { return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage( @@ -97,7 +97,7 @@ ndk::ScopedAStatus WritableIdentityCredential::getAttestationCertificate( *outCertificateChain = vector<Certificate>(); for (const vector<uint8_t>& cert : certificateChain_) { Certificate c = Certificate(); - c.encodedCertificate = byteStringToSigned(cert); + c.encodedCertificate = cert; outCertificateChain->push_back(std::move(c)); } return ndk::ScopedAStatus::ok(); @@ -146,14 +146,13 @@ ndk::ScopedAStatus WritableIdentityCredential::addAccessControlProfile( return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage( IIdentityCredentialStore::STATUS_FAILED, "Error calculating MAC for profile")); } - profile.mac = byteStringToSigned(mac.value()); + profile.mac = mac.value(); cppbor::Map profileMap; profileMap.add("id", profile.id); if (profile.readerCertificate.encodedCertificate.size() > 0) { - profileMap.add( - "readerCertificate", - cppbor::Bstr(byteStringToUnsigned(profile.readerCertificate.encodedCertificate))); + profileMap.add("readerCertificate", + cppbor::Bstr(profile.readerCertificate.encodedCertificate)); } if (profile.userAuthenticationRequired) { profileMap.add("userAuthenticationRequired", profile.userAuthenticationRequired); @@ -223,9 +222,8 @@ ndk::ScopedAStatus WritableIdentityCredential::beginAddEntry( return ndk::ScopedAStatus::ok(); } -ndk::ScopedAStatus WritableIdentityCredential::addEntryValue(const vector<int8_t>& contentS, - vector<int8_t>* outEncryptedContent) { - auto content = byteStringToUnsigned(contentS); +ndk::ScopedAStatus WritableIdentityCredential::addEntryValue(const vector<uint8_t>& content, + vector<uint8_t>* outEncryptedContent) { size_t contentSize = content.size(); if (contentSize > IdentityCredentialStore::kGcmChunkSize) { @@ -280,7 +278,7 @@ ndk::ScopedAStatus WritableIdentityCredential::addEntryValue(const vector<int8_t signedDataCurrentNamespace_.add(std::move(entryMap)); } - *outEncryptedContent = byteStringToSigned(encryptedContent.value()); + *outEncryptedContent = encryptedContent.value(); return ndk::ScopedAStatus::ok(); } @@ -329,7 +327,7 @@ bool generateCredentialData(const vector<uint8_t>& hardwareBoundKey, const strin } ndk::ScopedAStatus WritableIdentityCredential::finishAddingEntries( - vector<int8_t>* outCredentialData, vector<int8_t>* outProofOfProvisioningSignature) { + vector<uint8_t>* outCredentialData, vector<uint8_t>* outProofOfProvisioningSignature) { if (signedDataCurrentNamespace_.size() > 0) { signedDataNamespaces_.add(entryNameSpace_, std::move(signedDataCurrentNamespace_)); } @@ -364,8 +362,8 @@ ndk::ScopedAStatus WritableIdentityCredential::finishAddingEntries( IIdentityCredentialStore::STATUS_FAILED, "Error generating CredentialData")); } - *outCredentialData = byteStringToSigned(credentialData); - *outProofOfProvisioningSignature = byteStringToSigned(signature.value()); + *outCredentialData = credentialData; + *outProofOfProvisioningSignature = signature.value(); return ndk::ScopedAStatus::ok(); } diff --git a/identity/aidl/default/WritableIdentityCredential.h b/identity/aidl/default/WritableIdentityCredential.h index b182862862..4b6fca8d91 100644 --- a/identity/aidl/default/WritableIdentityCredential.h +++ b/identity/aidl/default/WritableIdentityCredential.h @@ -37,8 +37,8 @@ class WritableIdentityCredential : public BnWritableIdentityCredential { bool initialize(); // Methods from IWritableIdentityCredential follow. - ndk::ScopedAStatus getAttestationCertificate(const vector<int8_t>& attestationApplicationId, - const vector<int8_t>& attestationChallenge, + ndk::ScopedAStatus getAttestationCertificate(const vector<uint8_t>& attestationApplicationId, + const vector<uint8_t>& attestationChallenge, vector<Certificate>* outCertificateChain) override; ndk::ScopedAStatus startPersonalization(int32_t accessControlProfileCount, @@ -53,12 +53,12 @@ class WritableIdentityCredential : public BnWritableIdentityCredential { const string& nameSpace, const string& name, int32_t entrySize) override; - ndk::ScopedAStatus addEntryValue(const vector<int8_t>& content, - vector<int8_t>* outEncryptedContent) override; + ndk::ScopedAStatus addEntryValue(const vector<uint8_t>& content, + vector<uint8_t>* outEncryptedContent) override; ndk::ScopedAStatus finishAddingEntries( - vector<int8_t>* outCredentialData, - vector<int8_t>* outProofOfProvisioningSignature) override; + vector<uint8_t>* outCredentialData, + vector<uint8_t>* outProofOfProvisioningSignature) override; // private: string docType_; |