summaryrefslogtreecommitdiffstats
path: root/identity/aidl
diff options
context:
space:
mode:
authorJooyung Han <jooyung@google.com>2020-02-21 21:17:06 +0900
committerJooyung Han <jooyung@google.com>2020-03-24 06:37:11 +0000
commit17be89b21bfc46b8c0932cb14ce428ebc2986de5 (patch)
treec8b9bb1f014c8e987d5ddf946b74fd4c92274609 /identity/aidl
parent3e3e78bf208475c5854c60905628f7c8b6dc110f (diff)
downloadplatform_hardware_interfaces-17be89b21bfc46b8c0932cb14ce428ebc2986de5.tar.gz
platform_hardware_interfaces-17be89b21bfc46b8c0932cb14ce428ebc2986de5.tar.bz2
platform_hardware_interfaces-17be89b21bfc46b8c0932cb14ce428ebc2986de5.zip
use vector<uint8_t> for byte[] in AIDL
In native world, byte stream is typically represented in uint8_t[] or vector<uint8_t>. C++ backend already generates that way. This change involves NDK backend. Now NDK backend also uses vector<uint8_t> just like C++ backend. Bug: 144957764 Test: atest CtsNdkBinderTestCases Merged-In: I8de348b57cf92dd99b3ee16252f56300ce5f4683 Change-Id: I8de348b57cf92dd99b3ee16252f56300ce5f4683 (cherry picked from commit 9070318462e5e73acf1509cf7e75ac260e51e43a) Exempt-From-Owner-Approval: cp from internal
Diffstat (limited to 'identity/aidl')
-rw-r--r--identity/aidl/default/IdentityCredential.cpp50
-rw-r--r--identity/aidl/default/IdentityCredential.h22
-rw-r--r--identity/aidl/default/IdentityCredentialStore.cpp6
-rw-r--r--identity/aidl/default/IdentityCredentialStore.h2
-rw-r--r--identity/aidl/default/Util.cpp13
-rw-r--r--identity/aidl/default/Util.h4
-rw-r--r--identity/aidl/default/WritableIdentityCredential.cpp26
-rw-r--r--identity/aidl/default/WritableIdentityCredential.h12
8 files changed, 57 insertions, 78 deletions
diff --git a/identity/aidl/default/IdentityCredential.cpp b/identity/aidl/default/IdentityCredential.cpp
index 341fae6e93..aaae1f6ae5 100644
--- a/identity/aidl/default/IdentityCredential.cpp
+++ b/identity/aidl/default/IdentityCredential.cpp
@@ -102,7 +102,7 @@ int IdentityCredential::initialize() {
}
ndk::ScopedAStatus IdentityCredential::deleteCredential(
- vector<int8_t>* outProofOfDeletionSignature) {
+ vector<uint8_t>* outProofOfDeletionSignature) {
cppbor::Array array = {"ProofOfDeletion", docType_, testCredential_};
vector<uint8_t> proofOfDeletion = array.encode();
@@ -115,11 +115,11 @@ ndk::ScopedAStatus IdentityCredential::deleteCredential(
IIdentityCredentialStore::STATUS_FAILED, "Error signing data"));
}
- *outProofOfDeletionSignature = byteStringToSigned(signature.value());
+ *outProofOfDeletionSignature = signature.value();
return ndk::ScopedAStatus::ok();
}
-ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<int8_t>* outKeyPair) {
+ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<uint8_t>* outKeyPair) {
optional<vector<uint8_t>> kp = support::createEcKeyPair();
if (!kp) {
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
@@ -135,13 +135,13 @@ ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<int8_t>* ou
}
ephemeralPublicKey_ = publicKey.value();
- *outKeyPair = byteStringToSigned(kp.value());
+ *outKeyPair = kp.value();
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus IdentityCredential::setReaderEphemeralPublicKey(
- const vector<int8_t>& publicKey) {
- readerPublicKey_ = byteStringToUnsigned(publicKey);
+ const vector<uint8_t>& publicKey) {
+ readerPublicKey_ = publicKey;
return ndk::ScopedAStatus::ok();
}
@@ -169,8 +169,8 @@ ndk::ScopedAStatus IdentityCredential::createAuthChallenge(int64_t* outChallenge
// ahead of time.
bool checkReaderAuthentication(const SecureAccessControlProfile& profile,
const vector<uint8_t>& readerCertificateChain) {
- optional<vector<uint8_t>> acpPubKey = support::certificateChainGetTopMostKey(
- byteStringToUnsigned(profile.readerCertificate.encodedCertificate));
+ optional<vector<uint8_t>> acpPubKey =
+ support::certificateChainGetTopMostKey(profile.readerCertificate.encodedCertificate);
if (!acpPubKey) {
LOG(ERROR) << "Error extracting public key from readerCertificate in profile";
return false;
@@ -255,13 +255,9 @@ bool checkUserAuthentication(const SecureAccessControlProfile& profile,
ndk::ScopedAStatus IdentityCredential::startRetrieval(
const vector<SecureAccessControlProfile>& accessControlProfiles,
- const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequestS,
- const vector<int8_t>& signingKeyBlobS, const vector<int8_t>& sessionTranscriptS,
- const vector<int8_t>& readerSignatureS, const vector<int32_t>& requestCounts) {
- auto sessionTranscript = byteStringToUnsigned(sessionTranscriptS);
- auto itemsRequest = byteStringToUnsigned(itemsRequestS);
- auto readerSignature = byteStringToUnsigned(readerSignatureS);
-
+ const HardwareAuthToken& authToken, const vector<uint8_t>& itemsRequest,
+ const vector<uint8_t>& signingKeyBlob, const vector<uint8_t>& sessionTranscript,
+ const vector<uint8_t>& readerSignature, const vector<int32_t>& requestCounts) {
if (sessionTranscript.size() > 0) {
auto [item, _, message] = cppbor::parse(sessionTranscript);
if (item == nullptr) {
@@ -498,7 +494,7 @@ ndk::ScopedAStatus IdentityCredential::startRetrieval(
currentNameSpace_ = "";
itemsRequest_ = itemsRequest;
- signingKeyBlob_ = byteStringToUnsigned(signingKeyBlobS);
+ signingKeyBlob_ = signingKeyBlob;
numStartRetrievalCalls_ += 1;
return ndk::ScopedAStatus::ok();
@@ -605,10 +601,8 @@ ndk::ScopedAStatus IdentityCredential::startRetrieveEntryValue(
return ndk::ScopedAStatus::ok();
}
-ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<int8_t>& encryptedContentS,
- vector<int8_t>* outContent) {
- auto encryptedContent = byteStringToUnsigned(encryptedContentS);
-
+ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<uint8_t>& encryptedContent,
+ vector<uint8_t>* outContent) {
optional<vector<uint8_t>> content =
support::decryptAes128Gcm(storageKey_, encryptedContent, entryAdditionalData_);
if (!content) {
@@ -647,12 +641,12 @@ ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<int8_t>&
currentNameSpaceDeviceNameSpacesMap_.add(currentName_, std::move(entryValueItem));
}
- *outContent = byteStringToSigned(content.value());
+ *outContent = content.value();
return ndk::ScopedAStatus::ok();
}
-ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<int8_t>* outMac,
- vector<int8_t>* outDeviceNameSpaces) {
+ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<uint8_t>* outMac,
+ vector<uint8_t>* outDeviceNameSpaces) {
if (currentNameSpaceDeviceNameSpacesMap_.size() > 0) {
deviceNameSpacesMap_.add(currentNameSpace_,
std::move(currentNameSpaceDeviceNameSpacesMap_));
@@ -704,13 +698,13 @@ ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<int8_t>* outMac,
}
}
- *outMac = byteStringToSigned(mac.value_or(vector<uint8_t>({})));
- *outDeviceNameSpaces = byteStringToSigned(encodedDeviceNameSpaces);
+ *outMac = mac.value_or(vector<uint8_t>({}));
+ *outDeviceNameSpaces = encodedDeviceNameSpaces;
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus IdentityCredential::generateSigningKeyPair(
- vector<int8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) {
+ vector<uint8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) {
string serialDecimal = "0"; // TODO: set serial to something unique
string issuer = "Android Open Source Project";
string subject = "Android IdentityCredential Reference Implementation";
@@ -758,9 +752,9 @@ ndk::ScopedAStatus IdentityCredential::generateSigningKeyPair(
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
IIdentityCredentialStore::STATUS_FAILED, "Error encrypting signingKey"));
}
- *outSigningKeyBlob = byteStringToSigned(encryptedSigningKey.value());
+ *outSigningKeyBlob = encryptedSigningKey.value();
*outSigningKeyCertificate = Certificate();
- outSigningKeyCertificate->encodedCertificate = byteStringToSigned(certificate.value());
+ outSigningKeyCertificate->encodedCertificate = certificate.value();
return ndk::ScopedAStatus::ok();
}
diff --git a/identity/aidl/default/IdentityCredential.h b/identity/aidl/default/IdentityCredential.h
index fc29254f4b..6072afe04f 100644
--- a/identity/aidl/default/IdentityCredential.h
+++ b/identity/aidl/default/IdentityCredential.h
@@ -47,23 +47,23 @@ class IdentityCredential : public BnIdentityCredential {
int initialize();
// Methods from IIdentityCredential follow.
- ndk::ScopedAStatus deleteCredential(vector<int8_t>* outProofOfDeletionSignature) override;
- ndk::ScopedAStatus createEphemeralKeyPair(vector<int8_t>* outKeyPair) override;
- ndk::ScopedAStatus setReaderEphemeralPublicKey(const vector<int8_t>& publicKey) override;
+ ndk::ScopedAStatus deleteCredential(vector<uint8_t>* outProofOfDeletionSignature) override;
+ ndk::ScopedAStatus createEphemeralKeyPair(vector<uint8_t>* outKeyPair) override;
+ ndk::ScopedAStatus setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) override;
ndk::ScopedAStatus createAuthChallenge(int64_t* outChallenge) override;
ndk::ScopedAStatus startRetrieval(
const vector<SecureAccessControlProfile>& accessControlProfiles,
- const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequest,
- const vector<int8_t>& signingKeyBlob, const vector<int8_t>& sessionTranscript,
- const vector<int8_t>& readerSignature, const vector<int32_t>& requestCounts) override;
+ const HardwareAuthToken& authToken, const vector<uint8_t>& itemsRequest,
+ const vector<uint8_t>& signingKeyBlob, const vector<uint8_t>& sessionTranscript,
+ const vector<uint8_t>& readerSignature, const vector<int32_t>& requestCounts) override;
ndk::ScopedAStatus startRetrieveEntryValue(
const string& nameSpace, const string& name, int32_t entrySize,
const vector<int32_t>& accessControlProfileIds) override;
- ndk::ScopedAStatus retrieveEntryValue(const vector<int8_t>& encryptedContent,
- vector<int8_t>* outContent) override;
- ndk::ScopedAStatus finishRetrieval(vector<int8_t>* outMac,
- vector<int8_t>* outDeviceNameSpaces) override;
- ndk::ScopedAStatus generateSigningKeyPair(vector<int8_t>* outSigningKeyBlob,
+ ndk::ScopedAStatus retrieveEntryValue(const vector<uint8_t>& encryptedContent,
+ vector<uint8_t>* outContent) override;
+ ndk::ScopedAStatus finishRetrieval(vector<uint8_t>* outMac,
+ vector<uint8_t>* outDeviceNameSpaces) override;
+ ndk::ScopedAStatus generateSigningKeyPair(vector<uint8_t>* outSigningKeyBlob,
Certificate* outSigningKeyCertificate) override;
private:
diff --git a/identity/aidl/default/IdentityCredentialStore.cpp b/identity/aidl/default/IdentityCredentialStore.cpp
index 1efb4b4937..30dc6f330b 100644
--- a/identity/aidl/default/IdentityCredentialStore.cpp
+++ b/identity/aidl/default/IdentityCredentialStore.cpp
@@ -51,7 +51,7 @@ ndk::ScopedAStatus IdentityCredentialStore::createCredential(
}
ndk::ScopedAStatus IdentityCredentialStore::getCredential(
- CipherSuite cipherSuite, const vector<int8_t>& credentialData,
+ CipherSuite cipherSuite, const vector<uint8_t>& credentialData,
shared_ptr<IIdentityCredential>* outCredential) {
// We only support CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256 right now.
if (cipherSuite != CipherSuite::CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256) {
@@ -60,8 +60,8 @@ ndk::ScopedAStatus IdentityCredentialStore::getCredential(
"Unsupported cipher suite"));
}
- vector<uint8_t> data = vector<uint8_t>(credentialData.begin(), credentialData.end());
- shared_ptr<IdentityCredential> credential = ndk::SharedRefBase::make<IdentityCredential>(data);
+ shared_ptr<IdentityCredential> credential =
+ ndk::SharedRefBase::make<IdentityCredential>(credentialData);
auto ret = credential->initialize();
if (ret != IIdentityCredentialStore::STATUS_OK) {
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
diff --git a/identity/aidl/default/IdentityCredentialStore.h b/identity/aidl/default/IdentityCredentialStore.h
index a2051130b0..4f3a42139f 100644
--- a/identity/aidl/default/IdentityCredentialStore.h
+++ b/identity/aidl/default/IdentityCredentialStore.h
@@ -39,7 +39,7 @@ class IdentityCredentialStore : public BnIdentityCredentialStore {
const string& docType, bool testCredential,
shared_ptr<IWritableIdentityCredential>* outWritableCredential) override;
- ndk::ScopedAStatus getCredential(CipherSuite cipherSuite, const vector<int8_t>& credentialData,
+ ndk::ScopedAStatus getCredential(CipherSuite cipherSuite, const vector<uint8_t>& credentialData,
shared_ptr<IIdentityCredential>* outCredential) override;
};
diff --git a/identity/aidl/default/Util.cpp b/identity/aidl/default/Util.cpp
index a0f86bedcd..66b9f13d89 100644
--- a/identity/aidl/default/Util.cpp
+++ b/identity/aidl/default/Util.cpp
@@ -39,21 +39,12 @@ const vector<uint8_t>& getHardwareBoundKey() {
return hardwareBoundKey;
}
-vector<uint8_t> byteStringToUnsigned(const vector<int8_t>& value) {
- return vector<uint8_t>(value.begin(), value.end());
-}
-
-vector<int8_t> byteStringToSigned(const vector<uint8_t>& value) {
- return vector<int8_t>(value.begin(), value.end());
-}
-
vector<uint8_t> secureAccessControlProfileEncodeCbor(const SecureAccessControlProfile& profile) {
cppbor::Map map;
map.add("id", profile.id);
if (profile.readerCertificate.encodedCertificate.size() > 0) {
- map.add("readerCertificate",
- cppbor::Bstr(byteStringToUnsigned(profile.readerCertificate.encodedCertificate)));
+ map.add("readerCertificate", cppbor::Bstr(profile.readerCertificate.encodedCertificate));
}
if (profile.userAuthenticationRequired) {
@@ -94,7 +85,7 @@ bool secureAccessControlProfileCheckMac(const SecureAccessControlProfile& profil
if (!mac) {
return false;
}
- if (mac.value() != byteStringToUnsigned(profile.mac)) {
+ if (mac.value() != profile.mac) {
return false;
}
return true;
diff --git a/identity/aidl/default/Util.h b/identity/aidl/default/Util.h
index ee41ad1aac..9fccba2c72 100644
--- a/identity/aidl/default/Util.h
+++ b/identity/aidl/default/Util.h
@@ -49,10 +49,6 @@ bool secureAccessControlProfileCheckMac(const SecureAccessControlProfile& profil
vector<uint8_t> entryCreateAdditionalData(const string& nameSpace, const string& name,
const vector<int32_t> accessControlProfileIds);
-vector<uint8_t> byteStringToUnsigned(const vector<int8_t>& value);
-
-vector<int8_t> byteStringToSigned(const vector<uint8_t>& value);
-
} // namespace aidl::android::hardware::identity
#endif // ANDROID_HARDWARE_IDENTITY_UTIL_H
diff --git a/identity/aidl/default/WritableIdentityCredential.cpp b/identity/aidl/default/WritableIdentityCredential.cpp
index 89f7f35696..bce913aeec 100644
--- a/identity/aidl/default/WritableIdentityCredential.cpp
+++ b/identity/aidl/default/WritableIdentityCredential.cpp
@@ -53,8 +53,8 @@ bool WritableIdentityCredential::initialize() {
// attestation certificate with current time and expires one year from now. The
// certificate shall contain all values as specified in hal.
ndk::ScopedAStatus WritableIdentityCredential::getAttestationCertificate(
- const vector<int8_t>& attestationApplicationId, //
- const vector<int8_t>& attestationChallenge, //
+ const vector<uint8_t>& attestationApplicationId, //
+ const vector<uint8_t>& attestationChallenge, //
vector<Certificate>* outCertificateChain) {
if (!credentialPrivKey_.empty() || !credentialPubKey_.empty() || !certificateChain_.empty()) {
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
@@ -97,7 +97,7 @@ ndk::ScopedAStatus WritableIdentityCredential::getAttestationCertificate(
*outCertificateChain = vector<Certificate>();
for (const vector<uint8_t>& cert : certificateChain_) {
Certificate c = Certificate();
- c.encodedCertificate = byteStringToSigned(cert);
+ c.encodedCertificate = cert;
outCertificateChain->push_back(std::move(c));
}
return ndk::ScopedAStatus::ok();
@@ -146,14 +146,13 @@ ndk::ScopedAStatus WritableIdentityCredential::addAccessControlProfile(
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
IIdentityCredentialStore::STATUS_FAILED, "Error calculating MAC for profile"));
}
- profile.mac = byteStringToSigned(mac.value());
+ profile.mac = mac.value();
cppbor::Map profileMap;
profileMap.add("id", profile.id);
if (profile.readerCertificate.encodedCertificate.size() > 0) {
- profileMap.add(
- "readerCertificate",
- cppbor::Bstr(byteStringToUnsigned(profile.readerCertificate.encodedCertificate)));
+ profileMap.add("readerCertificate",
+ cppbor::Bstr(profile.readerCertificate.encodedCertificate));
}
if (profile.userAuthenticationRequired) {
profileMap.add("userAuthenticationRequired", profile.userAuthenticationRequired);
@@ -223,9 +222,8 @@ ndk::ScopedAStatus WritableIdentityCredential::beginAddEntry(
return ndk::ScopedAStatus::ok();
}
-ndk::ScopedAStatus WritableIdentityCredential::addEntryValue(const vector<int8_t>& contentS,
- vector<int8_t>* outEncryptedContent) {
- auto content = byteStringToUnsigned(contentS);
+ndk::ScopedAStatus WritableIdentityCredential::addEntryValue(const vector<uint8_t>& content,
+ vector<uint8_t>* outEncryptedContent) {
size_t contentSize = content.size();
if (contentSize > IdentityCredentialStore::kGcmChunkSize) {
@@ -280,7 +278,7 @@ ndk::ScopedAStatus WritableIdentityCredential::addEntryValue(const vector<int8_t
signedDataCurrentNamespace_.add(std::move(entryMap));
}
- *outEncryptedContent = byteStringToSigned(encryptedContent.value());
+ *outEncryptedContent = encryptedContent.value();
return ndk::ScopedAStatus::ok();
}
@@ -329,7 +327,7 @@ bool generateCredentialData(const vector<uint8_t>& hardwareBoundKey, const strin
}
ndk::ScopedAStatus WritableIdentityCredential::finishAddingEntries(
- vector<int8_t>* outCredentialData, vector<int8_t>* outProofOfProvisioningSignature) {
+ vector<uint8_t>* outCredentialData, vector<uint8_t>* outProofOfProvisioningSignature) {
if (signedDataCurrentNamespace_.size() > 0) {
signedDataNamespaces_.add(entryNameSpace_, std::move(signedDataCurrentNamespace_));
}
@@ -364,8 +362,8 @@ ndk::ScopedAStatus WritableIdentityCredential::finishAddingEntries(
IIdentityCredentialStore::STATUS_FAILED, "Error generating CredentialData"));
}
- *outCredentialData = byteStringToSigned(credentialData);
- *outProofOfProvisioningSignature = byteStringToSigned(signature.value());
+ *outCredentialData = credentialData;
+ *outProofOfProvisioningSignature = signature.value();
return ndk::ScopedAStatus::ok();
}
diff --git a/identity/aidl/default/WritableIdentityCredential.h b/identity/aidl/default/WritableIdentityCredential.h
index b182862862..4b6fca8d91 100644
--- a/identity/aidl/default/WritableIdentityCredential.h
+++ b/identity/aidl/default/WritableIdentityCredential.h
@@ -37,8 +37,8 @@ class WritableIdentityCredential : public BnWritableIdentityCredential {
bool initialize();
// Methods from IWritableIdentityCredential follow.
- ndk::ScopedAStatus getAttestationCertificate(const vector<int8_t>& attestationApplicationId,
- const vector<int8_t>& attestationChallenge,
+ ndk::ScopedAStatus getAttestationCertificate(const vector<uint8_t>& attestationApplicationId,
+ const vector<uint8_t>& attestationChallenge,
vector<Certificate>* outCertificateChain) override;
ndk::ScopedAStatus startPersonalization(int32_t accessControlProfileCount,
@@ -53,12 +53,12 @@ class WritableIdentityCredential : public BnWritableIdentityCredential {
const string& nameSpace, const string& name,
int32_t entrySize) override;
- ndk::ScopedAStatus addEntryValue(const vector<int8_t>& content,
- vector<int8_t>* outEncryptedContent) override;
+ ndk::ScopedAStatus addEntryValue(const vector<uint8_t>& content,
+ vector<uint8_t>* outEncryptedContent) override;
ndk::ScopedAStatus finishAddingEntries(
- vector<int8_t>* outCredentialData,
- vector<int8_t>* outProofOfProvisioningSignature) override;
+ vector<uint8_t>* outCredentialData,
+ vector<uint8_t>* outProofOfProvisioningSignature) override;
// private:
string docType_;