Merge "use vector<uint8_t> for byte[] in AIDL" am: 067662581f (f4961101) · Commits · e / os / android_hardware_interfaces

identity/aidl/default/IdentityCredential.cpp

+22 −28

Original line number	Diff line number	Diff line
		@@ -102,7 +102,7 @@ int IdentityCredential::initialize() {
		}

		ndk::ScopedAStatus IdentityCredential::deleteCredential(
		vector<int8_t>* outProofOfDeletionSignature) {
		vector<uint8_t>* outProofOfDeletionSignature) {
		cppbor::Array array = {"ProofOfDeletion", docType_, testCredential_};
		vector<uint8_t> proofOfDeletion = array.encode();

		@@ -115,11 +115,11 @@ ndk::ScopedAStatus IdentityCredential::deleteCredential(
		IIdentityCredentialStore::STATUS_FAILED, "Error signing data"));
		}

		*outProofOfDeletionSignature = byteStringToSigned(signature.value());
		*outProofOfDeletionSignature = signature.value();
		return ndk::ScopedAStatus::ok();
		}

		ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<int8_t>* outKeyPair) {
		ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<uint8_t>* outKeyPair) {
		optional<vector<uint8_t>> kp = support::createEcKeyPair();
		if (!kp) {
		return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
		@@ -135,13 +135,13 @@ ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<int8_t>* ou
		}
		ephemeralPublicKey_ = publicKey.value();

		*outKeyPair = byteStringToSigned(kp.value());
		*outKeyPair = kp.value();
		return ndk::ScopedAStatus::ok();
		}

		ndk::ScopedAStatus IdentityCredential::setReaderEphemeralPublicKey(
		const vector<int8_t>& publicKey) {
		readerPublicKey_ = byteStringToUnsigned(publicKey);
		const vector<uint8_t>& publicKey) {
		readerPublicKey_ = publicKey;
		return ndk::ScopedAStatus::ok();
		}

		@@ -169,8 +169,8 @@ ndk::ScopedAStatus IdentityCredential::createAuthChallenge(int64_t* outChallenge
		// ahead of time.
		bool checkReaderAuthentication(const SecureAccessControlProfile& profile,
		const vector<uint8_t>& readerCertificateChain) {
		optional<vector<uint8_t>> acpPubKey = support::certificateChainGetTopMostKey(
		byteStringToUnsigned(profile.readerCertificate.encodedCertificate));
		optional<vector<uint8_t>> acpPubKey =
		support::certificateChainGetTopMostKey(profile.readerCertificate.encodedCertificate);
		if (!acpPubKey) {
		LOG(ERROR) << "Error extracting public key from readerCertificate in profile";
		return false;
		@@ -255,13 +255,9 @@ bool checkUserAuthentication(const SecureAccessControlProfile& profile,

		ndk::ScopedAStatus IdentityCredential::startRetrieval(
		const vector<SecureAccessControlProfile>& accessControlProfiles,
		const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequestS,
		const vector<int8_t>& signingKeyBlobS, const vector<int8_t>& sessionTranscriptS,
		const vector<int8_t>& readerSignatureS, const vector<int32_t>& requestCounts) {
		auto sessionTranscript = byteStringToUnsigned(sessionTranscriptS);
		auto itemsRequest = byteStringToUnsigned(itemsRequestS);
		auto readerSignature = byteStringToUnsigned(readerSignatureS);

		const HardwareAuthToken& authToken, const vector<uint8_t>& itemsRequest,
		const vector<uint8_t>& signingKeyBlob, const vector<uint8_t>& sessionTranscript,
		const vector<uint8_t>& readerSignature, const vector<int32_t>& requestCounts) {
		if (sessionTranscript.size() > 0) {
		auto [item, _, message] = cppbor::parse(sessionTranscript);
		if (item == nullptr) {
		@@ -498,7 +494,7 @@ ndk::ScopedAStatus IdentityCredential::startRetrieval(
		currentNameSpace_ = "";

		itemsRequest_ = itemsRequest;
		signingKeyBlob_ = byteStringToUnsigned(signingKeyBlobS);
		signingKeyBlob_ = signingKeyBlob;

		numStartRetrievalCalls_ += 1;
		return ndk::ScopedAStatus::ok();
		@@ -605,10 +601,8 @@ ndk::ScopedAStatus IdentityCredential::startRetrieveEntryValue(
		return ndk::ScopedAStatus::ok();
		}

		ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<int8_t>& encryptedContentS,
		vector<int8_t>* outContent) {
		auto encryptedContent = byteStringToUnsigned(encryptedContentS);

		ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<uint8_t>& encryptedContent,
		vector<uint8_t>* outContent) {
		optional<vector<uint8_t>> content =
		support::decryptAes128Gcm(storageKey_, encryptedContent, entryAdditionalData_);
		if (!content) {
		@@ -647,12 +641,12 @@ ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<int8_t>&
		currentNameSpaceDeviceNameSpacesMap_.add(currentName_, std::move(entryValueItem));
		}

		*outContent = byteStringToSigned(content.value());
		*outContent = content.value();
		return ndk::ScopedAStatus::ok();
		}

		ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<int8_t>* outMac,
		vector<int8_t>* outDeviceNameSpaces) {
		ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<uint8_t>* outMac,
		vector<uint8_t>* outDeviceNameSpaces) {
		if (currentNameSpaceDeviceNameSpacesMap_.size() > 0) {
		deviceNameSpacesMap_.add(currentNameSpace_,
		std::move(currentNameSpaceDeviceNameSpacesMap_));
		@@ -704,13 +698,13 @@ ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<int8_t>* outMac,
		}
		}

		*outMac = byteStringToSigned(mac.value_or(vector<uint8_t>({})));
		*outDeviceNameSpaces = byteStringToSigned(encodedDeviceNameSpaces);
		*outMac = mac.value_or(vector<uint8_t>({}));
		*outDeviceNameSpaces = encodedDeviceNameSpaces;
		return ndk::ScopedAStatus::ok();
		}

		ndk::ScopedAStatus IdentityCredential::generateSigningKeyPair(
		vector<int8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) {
		vector<uint8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) {
		string serialDecimal = "0"; // TODO: set serial to something unique
		string issuer = "Android Open Source Project";
		string subject = "Android IdentityCredential Reference Implementation";
		@@ -758,9 +752,9 @@ ndk::ScopedAStatus IdentityCredential::generateSigningKeyPair(
		return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
		IIdentityCredentialStore::STATUS_FAILED, "Error encrypting signingKey"));
		}
		*outSigningKeyBlob = byteStringToSigned(encryptedSigningKey.value());
		*outSigningKeyBlob = encryptedSigningKey.value();
		*outSigningKeyCertificate = Certificate();
		outSigningKeyCertificate->encodedCertificate = byteStringToSigned(certificate.value());
		outSigningKeyCertificate->encodedCertificate = certificate.value();
		return ndk::ScopedAStatus::ok();
		}

identity/aidl/default/IdentityCredential.h

+11 −11

Original line number	Diff line number	Diff line
		@@ -47,23 +47,23 @@ class IdentityCredential : public BnIdentityCredential {
		int initialize();

		// Methods from IIdentityCredential follow.
		ndk::ScopedAStatus deleteCredential(vector<int8_t>* outProofOfDeletionSignature) override;
		ndk::ScopedAStatus createEphemeralKeyPair(vector<int8_t>* outKeyPair) override;
		ndk::ScopedAStatus setReaderEphemeralPublicKey(const vector<int8_t>& publicKey) override;
		ndk::ScopedAStatus deleteCredential(vector<uint8_t>* outProofOfDeletionSignature) override;
		ndk::ScopedAStatus createEphemeralKeyPair(vector<uint8_t>* outKeyPair) override;
		ndk::ScopedAStatus setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) override;
		ndk::ScopedAStatus createAuthChallenge(int64_t* outChallenge) override;
		ndk::ScopedAStatus startRetrieval(
		const vector<SecureAccessControlProfile>& accessControlProfiles,
		const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequest,
		const vector<int8_t>& signingKeyBlob, const vector<int8_t>& sessionTranscript,
		const vector<int8_t>& readerSignature, const vector<int32_t>& requestCounts) override;
		const HardwareAuthToken& authToken, const vector<uint8_t>& itemsRequest,
		const vector<uint8_t>& signingKeyBlob, const vector<uint8_t>& sessionTranscript,
		const vector<uint8_t>& readerSignature, const vector<int32_t>& requestCounts) override;
		ndk::ScopedAStatus startRetrieveEntryValue(
		const string& nameSpace, const string& name, int32_t entrySize,
		const vector<int32_t>& accessControlProfileIds) override;
		ndk::ScopedAStatus retrieveEntryValue(const vector<int8_t>& encryptedContent,
		vector<int8_t>* outContent) override;
		ndk::ScopedAStatus finishRetrieval(vector<int8_t>* outMac,
		vector<int8_t>* outDeviceNameSpaces) override;
		ndk::ScopedAStatus generateSigningKeyPair(vector<int8_t>* outSigningKeyBlob,
		ndk::ScopedAStatus retrieveEntryValue(const vector<uint8_t>& encryptedContent,
		vector<uint8_t>* outContent) override;
		ndk::ScopedAStatus finishRetrieval(vector<uint8_t>* outMac,
		vector<uint8_t>* outDeviceNameSpaces) override;
		ndk::ScopedAStatus generateSigningKeyPair(vector<uint8_t>* outSigningKeyBlob,
		Certificate* outSigningKeyCertificate) override;

		private:

identity/aidl/default/IdentityCredentialStore.cpp

+3 −3

Original line number	Diff line number	Diff line
		@@ -51,7 +51,7 @@ ndk::ScopedAStatus IdentityCredentialStore::createCredential(
		}

		ndk::ScopedAStatus IdentityCredentialStore::getCredential(
		CipherSuite cipherSuite, const vector<int8_t>& credentialData,
		CipherSuite cipherSuite, const vector<uint8_t>& credentialData,
		shared_ptr<IIdentityCredential>* outCredential) {
		// We only support CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256 right now.
		if (cipherSuite != CipherSuite::CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256) {
		@@ -60,8 +60,8 @@ ndk::ScopedAStatus IdentityCredentialStore::getCredential(
		"Unsupported cipher suite"));
		}

		vector<uint8_t> data = vector<uint8_t>(credentialData.begin(), credentialData.end());
		shared_ptr<IdentityCredential> credential = ndk::SharedRefBase::make<IdentityCredential>(data);
		shared_ptr<IdentityCredential> credential =
		ndk::SharedRefBase::make<IdentityCredential>(credentialData);
		auto ret = credential->initialize();
		if (ret != IIdentityCredentialStore::STATUS_OK) {
		return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(

identity/aidl/default/IdentityCredentialStore.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -39,7 +39,7 @@ class IdentityCredentialStore : public BnIdentityCredentialStore {
		const string& docType, bool testCredential,
		shared_ptr<IWritableIdentityCredential>* outWritableCredential) override;

		ndk::ScopedAStatus getCredential(CipherSuite cipherSuite, const vector<int8_t>& credentialData,
		ndk::ScopedAStatus getCredential(CipherSuite cipherSuite, const vector<uint8_t>& credentialData,
		shared_ptr<IIdentityCredential>* outCredential) override;
		};

identity/aidl/default/Util.cpp

+2 −11

Original line number	Diff line number	Diff line
		@@ -39,21 +39,12 @@ const vector<uint8_t>& getHardwareBoundKey() {
		return hardwareBoundKey;
		}

		vector<uint8_t> byteStringToUnsigned(const vector<int8_t>& value) {
		return vector<uint8_t>(value.begin(), value.end());
		}

		vector<int8_t> byteStringToSigned(const vector<uint8_t>& value) {
		return vector<int8_t>(value.begin(), value.end());
		}

		vector<uint8_t> secureAccessControlProfileEncodeCbor(const SecureAccessControlProfile& profile) {
		cppbor::Map map;
		map.add("id", profile.id);

		if (profile.readerCertificate.encodedCertificate.size() > 0) {
		map.add("readerCertificate",
		cppbor::Bstr(byteStringToUnsigned(profile.readerCertificate.encodedCertificate)));
		map.add("readerCertificate", cppbor::Bstr(profile.readerCertificate.encodedCertificate));
		}

		if (profile.userAuthenticationRequired) {
		@@ -94,7 +85,7 @@ bool secureAccessControlProfileCheckMac(const SecureAccessControlProfile& profil
		if (!mac) {
		return false;
		}
		if (mac.value() != byteStringToUnsigned(profile.mac)) {
		if (mac.value() != profile.mac) {
		return false;
		}
		return true;