Merge "use vector<uint8_t> for byte[] in AIDL" am: 067662581f (f4961101) · Commits · e / os / android_hardware_interfaces

identity/aidl/default/IdentityCredential.cpp

+22 −28

Original line number	Original line	Diff line number	Diff line
	@@ -102,7 +102,7 @@ int IdentityCredential::initialize() {
	}		}

	ndk::ScopedAStatus IdentityCredential::deleteCredential(		ndk::ScopedAStatus IdentityCredential::deleteCredential(
	vector<int8_t>* outProofOfDeletionSignature) {		vector<uint8_t>* outProofOfDeletionSignature) {
	cppbor::Array array = {"ProofOfDeletion", docType_, testCredential_};		cppbor::Array array = {"ProofOfDeletion", docType_, testCredential_};
	vector<uint8_t> proofOfDeletion = array.encode();		vector<uint8_t> proofOfDeletion = array.encode();

	@@ -115,11 +115,11 @@ ndk::ScopedAStatus IdentityCredential::deleteCredential(
	IIdentityCredentialStore::STATUS_FAILED, "Error signing data"));		IIdentityCredentialStore::STATUS_FAILED, "Error signing data"));
	}		}

	*outProofOfDeletionSignature = byteStringToSigned(signature.value());		*outProofOfDeletionSignature = signature.value();
	return ndk::ScopedAStatus::ok();		return ndk::ScopedAStatus::ok();
	}		}

	ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<int8_t>* outKeyPair) {		ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<uint8_t>* outKeyPair) {
	optional<vector<uint8_t>> kp = support::createEcKeyPair();		optional<vector<uint8_t>> kp = support::createEcKeyPair();
	if (!kp) {		if (!kp) {
	return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(		return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
	@@ -135,13 +135,13 @@ ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<int8_t>* ou
	}		}
	ephemeralPublicKey_ = publicKey.value();		ephemeralPublicKey_ = publicKey.value();

	*outKeyPair = byteStringToSigned(kp.value());		*outKeyPair = kp.value();
	return ndk::ScopedAStatus::ok();		return ndk::ScopedAStatus::ok();
	}		}

	ndk::ScopedAStatus IdentityCredential::setReaderEphemeralPublicKey(		ndk::ScopedAStatus IdentityCredential::setReaderEphemeralPublicKey(
	const vector<int8_t>& publicKey) {		const vector<uint8_t>& publicKey) {
	readerPublicKey_ = byteStringToUnsigned(publicKey);		readerPublicKey_ = publicKey;
	return ndk::ScopedAStatus::ok();		return ndk::ScopedAStatus::ok();
	}		}

	@@ -169,8 +169,8 @@ ndk::ScopedAStatus IdentityCredential::createAuthChallenge(int64_t* outChallenge
	// ahead of time.		// ahead of time.
	bool checkReaderAuthentication(const SecureAccessControlProfile& profile,		bool checkReaderAuthentication(const SecureAccessControlProfile& profile,
	const vector<uint8_t>& readerCertificateChain) {		const vector<uint8_t>& readerCertificateChain) {
	optional<vector<uint8_t>> acpPubKey = support::certificateChainGetTopMostKey(		optional<vector<uint8_t>> acpPubKey =
	byteStringToUnsigned(profile.readerCertificate.encodedCertificate));		support::certificateChainGetTopMostKey(profile.readerCertificate.encodedCertificate);
	if (!acpPubKey) {		if (!acpPubKey) {
	LOG(ERROR) << "Error extracting public key from readerCertificate in profile";		LOG(ERROR) << "Error extracting public key from readerCertificate in profile";
	return false;		return false;
	@@ -255,13 +255,9 @@ bool checkUserAuthentication(const SecureAccessControlProfile& profile,

	ndk::ScopedAStatus IdentityCredential::startRetrieval(		ndk::ScopedAStatus IdentityCredential::startRetrieval(
	const vector<SecureAccessControlProfile>& accessControlProfiles,		const vector<SecureAccessControlProfile>& accessControlProfiles,
	const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequestS,		const HardwareAuthToken& authToken, const vector<uint8_t>& itemsRequest,
	const vector<int8_t>& signingKeyBlobS, const vector<int8_t>& sessionTranscriptS,		const vector<uint8_t>& signingKeyBlob, const vector<uint8_t>& sessionTranscript,
	const vector<int8_t>& readerSignatureS, const vector<int32_t>& requestCounts) {		const vector<uint8_t>& readerSignature, const vector<int32_t>& requestCounts) {
	auto sessionTranscript = byteStringToUnsigned(sessionTranscriptS);
	auto itemsRequest = byteStringToUnsigned(itemsRequestS);
	auto readerSignature = byteStringToUnsigned(readerSignatureS);

	if (sessionTranscript.size() > 0) {		if (sessionTranscript.size() > 0) {
	auto [item, _, message] = cppbor::parse(sessionTranscript);		auto [item, _, message] = cppbor::parse(sessionTranscript);
	if (item == nullptr) {		if (item == nullptr) {
	@@ -498,7 +494,7 @@ ndk::ScopedAStatus IdentityCredential::startRetrieval(
	currentNameSpace_ = "";		currentNameSpace_ = "";

	itemsRequest_ = itemsRequest;		itemsRequest_ = itemsRequest;
	signingKeyBlob_ = byteStringToUnsigned(signingKeyBlobS);		signingKeyBlob_ = signingKeyBlob;

	numStartRetrievalCalls_ += 1;		numStartRetrievalCalls_ += 1;
	return ndk::ScopedAStatus::ok();		return ndk::ScopedAStatus::ok();
	@@ -605,10 +601,8 @@ ndk::ScopedAStatus IdentityCredential::startRetrieveEntryValue(
	return ndk::ScopedAStatus::ok();		return ndk::ScopedAStatus::ok();
	}		}

	ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<int8_t>& encryptedContentS,		ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<uint8_t>& encryptedContent,
	vector<int8_t>* outContent) {		vector<uint8_t>* outContent) {
	auto encryptedContent = byteStringToUnsigned(encryptedContentS);

	optional<vector<uint8_t>> content =		optional<vector<uint8_t>> content =
	support::decryptAes128Gcm(storageKey_, encryptedContent, entryAdditionalData_);		support::decryptAes128Gcm(storageKey_, encryptedContent, entryAdditionalData_);
	if (!content) {		if (!content) {
	@@ -647,12 +641,12 @@ ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<int8_t>&
	currentNameSpaceDeviceNameSpacesMap_.add(currentName_, std::move(entryValueItem));		currentNameSpaceDeviceNameSpacesMap_.add(currentName_, std::move(entryValueItem));
	}		}

	*outContent = byteStringToSigned(content.value());		*outContent = content.value();
	return ndk::ScopedAStatus::ok();		return ndk::ScopedAStatus::ok();
	}		}

	ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<int8_t>* outMac,		ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<uint8_t>* outMac,
	vector<int8_t>* outDeviceNameSpaces) {		vector<uint8_t>* outDeviceNameSpaces) {
	if (currentNameSpaceDeviceNameSpacesMap_.size() > 0) {		if (currentNameSpaceDeviceNameSpacesMap_.size() > 0) {
	deviceNameSpacesMap_.add(currentNameSpace_,		deviceNameSpacesMap_.add(currentNameSpace_,
	std::move(currentNameSpaceDeviceNameSpacesMap_));		std::move(currentNameSpaceDeviceNameSpacesMap_));
	@@ -704,13 +698,13 @@ ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<int8_t>* outMac,
	}		}
	}		}

	*outMac = byteStringToSigned(mac.value_or(vector<uint8_t>({})));		*outMac = mac.value_or(vector<uint8_t>({}));
	*outDeviceNameSpaces = byteStringToSigned(encodedDeviceNameSpaces);		*outDeviceNameSpaces = encodedDeviceNameSpaces;
	return ndk::ScopedAStatus::ok();		return ndk::ScopedAStatus::ok();
	}		}

	ndk::ScopedAStatus IdentityCredential::generateSigningKeyPair(		ndk::ScopedAStatus IdentityCredential::generateSigningKeyPair(
	vector<int8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) {		vector<uint8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) {
	string serialDecimal = "0"; // TODO: set serial to something unique		string serialDecimal = "0"; // TODO: set serial to something unique
	string issuer = "Android Open Source Project";		string issuer = "Android Open Source Project";
	string subject = "Android IdentityCredential Reference Implementation";		string subject = "Android IdentityCredential Reference Implementation";
	@@ -758,9 +752,9 @@ ndk::ScopedAStatus IdentityCredential::generateSigningKeyPair(
	return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(		return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
	IIdentityCredentialStore::STATUS_FAILED, "Error encrypting signingKey"));		IIdentityCredentialStore::STATUS_FAILED, "Error encrypting signingKey"));
	}		}
	*outSigningKeyBlob = byteStringToSigned(encryptedSigningKey.value());		*outSigningKeyBlob = encryptedSigningKey.value();
	*outSigningKeyCertificate = Certificate();		*outSigningKeyCertificate = Certificate();
	outSigningKeyCertificate->encodedCertificate = byteStringToSigned(certificate.value());		outSigningKeyCertificate->encodedCertificate = certificate.value();
	return ndk::ScopedAStatus::ok();		return ndk::ScopedAStatus::ok();
	}		}

identity/aidl/default/IdentityCredential.h

+11 −11

identity/aidl/default/IdentityCredentialStore.cpp

+3 −3

Original line number	Original line	Diff line number	Diff line
	@@ -51,7 +51,7 @@ ndk::ScopedAStatus IdentityCredentialStore::createCredential(
	}		}

	ndk::ScopedAStatus IdentityCredentialStore::getCredential(		ndk::ScopedAStatus IdentityCredentialStore::getCredential(
	CipherSuite cipherSuite, const vector<int8_t>& credentialData,		CipherSuite cipherSuite, const vector<uint8_t>& credentialData,
	shared_ptr<IIdentityCredential>* outCredential) {		shared_ptr<IIdentityCredential>* outCredential) {
	// We only support CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256 right now.		// We only support CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256 right now.
	if (cipherSuite != CipherSuite::CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256) {		if (cipherSuite != CipherSuite::CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256) {
	@@ -60,8 +60,8 @@ ndk::ScopedAStatus IdentityCredentialStore::getCredential(
	"Unsupported cipher suite"));		"Unsupported cipher suite"));
	}		}

	vector<uint8_t> data = vector<uint8_t>(credentialData.begin(), credentialData.end());		shared_ptr<IdentityCredential> credential =
	shared_ptr<IdentityCredential> credential = ndk::SharedRefBase::make<IdentityCredential>(data);		ndk::SharedRefBase::make<IdentityCredential>(credentialData);
	auto ret = credential->initialize();		auto ret = credential->initialize();
	if (ret != IIdentityCredentialStore::STATUS_OK) {		if (ret != IIdentityCredentialStore::STATUS_OK) {
	return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(		return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(

identity/aidl/default/IdentityCredentialStore.h

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -39,7 +39,7 @@ class IdentityCredentialStore : public BnIdentityCredentialStore {
	const string& docType, bool testCredential,		const string& docType, bool testCredential,
	shared_ptr<IWritableIdentityCredential>* outWritableCredential) override;		shared_ptr<IWritableIdentityCredential>* outWritableCredential) override;

	ndk::ScopedAStatus getCredential(CipherSuite cipherSuite, const vector<int8_t>& credentialData,		ndk::ScopedAStatus getCredential(CipherSuite cipherSuite, const vector<uint8_t>& credentialData,
	shared_ptr<IIdentityCredential>* outCredential) override;		shared_ptr<IIdentityCredential>* outCredential) override;
	};		};

identity/aidl/default/Util.cpp

+2 −11

Original line number	Original line	Diff line number	Diff line
	@@ -39,21 +39,12 @@ const vector<uint8_t>& getHardwareBoundKey() {
	return hardwareBoundKey;		return hardwareBoundKey;
	}		}

	vector<uint8_t> byteStringToUnsigned(const vector<int8_t>& value) {
	return vector<uint8_t>(value.begin(), value.end());
	}

	vector<int8_t> byteStringToSigned(const vector<uint8_t>& value) {
	return vector<int8_t>(value.begin(), value.end());
	}

	vector<uint8_t> secureAccessControlProfileEncodeCbor(const SecureAccessControlProfile& profile) {		vector<uint8_t> secureAccessControlProfileEncodeCbor(const SecureAccessControlProfile& profile) {
	cppbor::Map map;		cppbor::Map map;
	map.add("id", profile.id);		map.add("id", profile.id);

	if (profile.readerCertificate.encodedCertificate.size() > 0) {		if (profile.readerCertificate.encodedCertificate.size() > 0) {
	map.add("readerCertificate",		map.add("readerCertificate", cppbor::Bstr(profile.readerCertificate.encodedCertificate));
	cppbor::Bstr(byteStringToUnsigned(profile.readerCertificate.encodedCertificate)));
	}		}

	if (profile.userAuthenticationRequired) {		if (profile.userAuthenticationRequired) {
	@@ -94,7 +85,7 @@ bool secureAccessControlProfileCheckMac(const SecureAccessControlProfile& profil
	if (!mac) {		if (!mac) {
	return false;		return false;
	}		}
	if (mac.value() != byteStringToUnsigned(profile.mac)) {		if (mac.value() != profile.mac) {
	return false;		return false;
	}		}
	return true;		return true;