tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

use vector<uint8_t> for byte[] in AIDL

Browse source 
In native world, byte stream is typically represented in uint8_t[]
or vector<uint8_t>. C++ backend already generates that way. This
change involves NDK backend.

Now NDK backend also uses vector<uint8_t> just like C++ backend.

Bug: 144957764
Test: atest CtsNdkBinderTestCases
Merged-In: I8de348b57cf92dd99b3ee16252f56300ce5f4683
Change-Id: I8de348b57cf92dd99b3ee16252f56300ce5f4683
(cherry picked from commit 9070318462)

Exempt-From-Owner-Approval: cp from master to avoid merge-conflict
This commit is contained in:
Jooyung Han 2020-02-21 21:17:06 +09:00
parent 12ec32a8bd
commit 229528a08f
10 changed files with 62 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
identity/aidl/default/IdentityCredential.cpp
View file

@ -102,7 +102,7 @@ int IdentityCredential::initialize() {
}
ndk::ScopedAStatus IdentityCredential::deleteCredential(
vector<int8_t>* outProofOfDeletionSignature) {
vector<uint8_t>* outProofOfDeletionSignature) {
cppbor::Array array = {"ProofOfDeletion", docType_, testCredential_};
vector<uint8_t> proofOfDeletion = array.encode();
@ -115,11 +115,11 @@ ndk::ScopedAStatus IdentityCredential::deleteCredential(
IIdentityCredentialStore::STATUS_FAILED, "Error signing data"));
}
*outProofOfDeletionSignature = byteStringToSigned(signature.value());
*outProofOfDeletionSignature = signature.value();
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<int8_t>* outKeyPair) {
ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<uint8_t>* outKeyPair) {
optional<vector<uint8_t>> kp = support::createEcKeyPair();
if (!kp) {
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
@ -135,13 +135,13 @@ ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<int8_t>* ou
}
ephemeralPublicKey_ = publicKey.value();
*outKeyPair = byteStringToSigned(kp.value());
*outKeyPair = kp.value();
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus IdentityCredential::setReaderEphemeralPublicKey(
const vector<int8_t>& publicKey) {
readerPublicKey_ = byteStringToUnsigned(publicKey);
const vector<uint8_t>& publicKey) {
readerPublicKey_ = publicKey;
return ndk::ScopedAStatus::ok();
}
@ -169,8 +169,8 @@ ndk::ScopedAStatus IdentityCredential::createAuthChallenge(int64_t* outChallenge
// ahead of time.
bool checkReaderAuthentication(const SecureAccessControlProfile& profile,
const vector<uint8_t>& readerCertificateChain) {
optional<vector<uint8_t>> acpPubKey = support::certificateChainGetTopMostKey(
byteStringToUnsigned(profile.readerCertificate.encodedCertificate));
optional<vector<uint8_t>> acpPubKey =
support::certificateChainGetTopMostKey(profile.readerCertificate.encodedCertificate);
if (!acpPubKey) {
LOG(ERROR) << "Error extracting public key from readerCertificate in profile";
return false;
@ -255,13 +255,9 @@ bool checkUserAuthentication(const SecureAccessControlProfile& profile,
ndk::ScopedAStatus IdentityCredential::startRetrieval(
const vector<SecureAccessControlProfile>& accessControlProfiles,
const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequestS,
const vector<int8_t>& signingKeyBlobS, const vector<int8_t>& sessionTranscriptS,
const vector<int8_t>& readerSignatureS, const vector<int32_t>& requestCounts) {
auto sessionTranscript = byteStringToUnsigned(sessionTranscriptS);
auto itemsRequest = byteStringToUnsigned(itemsRequestS);
auto readerSignature = byteStringToUnsigned(readerSignatureS);
const HardwareAuthToken& authToken, const vector<uint8_t>& itemsRequest,
const vector<uint8_t>& signingKeyBlob, const vector<uint8_t>& sessionTranscript,
const vector<uint8_t>& readerSignature, const vector<int32_t>& requestCounts) {
if (sessionTranscript.size() > 0) {
auto [item, _, message] = cppbor::parse(sessionTranscript);
if (item == nullptr) {
@ -498,7 +494,7 @@ ndk::ScopedAStatus IdentityCredential::startRetrieval(
currentNameSpace_ = "";
itemsRequest_ = itemsRequest;
signingKeyBlob_ = byteStringToUnsigned(signingKeyBlobS);
signingKeyBlob_ = signingKeyBlob;
numStartRetrievalCalls_ += 1;
return ndk::ScopedAStatus::ok();
@ -605,10 +601,8 @@ ndk::ScopedAStatus IdentityCredential::startRetrieveEntryValue(
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<int8_t>& encryptedContentS,
vector<int8_t>* outContent) {
auto encryptedContent = byteStringToUnsigned(encryptedContentS);
ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<uint8_t>& encryptedContent,
vector<uint8_t>* outContent) {
optional<vector<uint8_t>> content =
support::decryptAes128Gcm(storageKey_, encryptedContent, entryAdditionalData_);
if (!content) {
@ -647,12 +641,12 @@ ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<int8_t>&
currentNameSpaceDeviceNameSpacesMap_.add(currentName_, std::move(entryValueItem));
}
*outContent = byteStringToSigned(content.value());
*outContent = content.value();
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<int8_t>* outMac,
vector<int8_t>* outDeviceNameSpaces) {
ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<uint8_t>* outMac,
vector<uint8_t>* outDeviceNameSpaces) {
if (currentNameSpaceDeviceNameSpacesMap_.size() > 0) {
deviceNameSpacesMap_.add(currentNameSpace_,
std::move(currentNameSpaceDeviceNameSpacesMap_));
@ -704,13 +698,13 @@ ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<int8_t>* outMac,
}
}
*outMac = byteStringToSigned(mac.value_or(vector<uint8_t>({})));
*outDeviceNameSpaces = byteStringToSigned(encodedDeviceNameSpaces);
*outMac = mac.value_or(vector<uint8_t>({}));
*outDeviceNameSpaces = encodedDeviceNameSpaces;
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus IdentityCredential::generateSigningKeyPair(
vector<int8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) {
vector<uint8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) {
string serialDecimal = "0"; // TODO: set serial to something unique
string issuer = "Android Open Source Project";
string subject = "Android IdentityCredential Reference Implementation";
@ -758,9 +752,9 @@ ndk::ScopedAStatus IdentityCredential::generateSigningKeyPair(
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
IIdentityCredentialStore::STATUS_FAILED, "Error encrypting signingKey"));
}
*outSigningKeyBlob = byteStringToSigned(encryptedSigningKey.value());
*outSigningKeyBlob = encryptedSigningKey.value();
*outSigningKeyCertificate = Certificate();
outSigningKeyCertificate->encodedCertificate = byteStringToSigned(certificate.value());
outSigningKeyCertificate->encodedCertificate = certificate.value();
return ndk::ScopedAStatus::ok();
}

22
identity/aidl/default/IdentityCredential.h
View file

@ -47,23 +47,23 @@ class IdentityCredential : public BnIdentityCredential {
int initialize();
// Methods from IIdentityCredential follow.
ndk::ScopedAStatus deleteCredential(vector<int8_t>* outProofOfDeletionSignature) override;
ndk::ScopedAStatus createEphemeralKeyPair(vector<int8_t>* outKeyPair) override;
ndk::ScopedAStatus setReaderEphemeralPublicKey(const vector<int8_t>& publicKey) override;
ndk::ScopedAStatus deleteCredential(vector<uint8_t>* outProofOfDeletionSignature) override;
ndk::ScopedAStatus createEphemeralKeyPair(vector<uint8_t>* outKeyPair) override;
ndk::ScopedAStatus setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) override;
ndk::ScopedAStatus createAuthChallenge(int64_t* outChallenge) override;
ndk::ScopedAStatus startRetrieval(
const vector<SecureAccessControlProfile>& accessControlProfiles,
const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequest,
const vector<int8_t>& signingKeyBlob, const vector<int8_t>& sessionTranscript,
const vector<int8_t>& readerSignature, const vector<int32_t>& requestCounts) override;
const HardwareAuthToken& authToken, const vector<uint8_t>& itemsRequest,
const vector<uint8_t>& signingKeyBlob, const vector<uint8_t>& sessionTranscript,
const vector<uint8_t>& readerSignature, const vector<int32_t>& requestCounts) override;
ndk::ScopedAStatus startRetrieveEntryValue(
const string& nameSpace, const string& name, int32_t entrySize,
const vector<int32_t>& accessControlProfileIds) override;
ndk::ScopedAStatus retrieveEntryValue(const vector<int8_t>& encryptedContent,
vector<int8_t>* outContent) override;
ndk::ScopedAStatus finishRetrieval(vector<int8_t>* outMac,
vector<int8_t>* outDeviceNameSpaces) override;
ndk::ScopedAStatus generateSigningKeyPair(vector<int8_t>* outSigningKeyBlob,
ndk::ScopedAStatus retrieveEntryValue(const vector<uint8_t>& encryptedContent,
vector<uint8_t>* outContent) override;
ndk::ScopedAStatus finishRetrieval(vector<uint8_t>* outMac,
vector<uint8_t>* outDeviceNameSpaces) override;
ndk::ScopedAStatus generateSigningKeyPair(vector<uint8_t>* outSigningKeyBlob,
Certificate* outSigningKeyCertificate) override;
private:

6
identity/aidl/default/IdentityCredentialStore.cpp
View file

@ -51,7 +51,7 @@ ndk::ScopedAStatus IdentityCredentialStore::createCredential(
}
ndk::ScopedAStatus IdentityCredentialStore::getCredential(
CipherSuite cipherSuite, const vector<int8_t>& credentialData,
CipherSuite cipherSuite, const vector<uint8_t>& credentialData,
shared_ptr<IIdentityCredential>* outCredential) {
// We only support CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256 right now.
if (cipherSuite != CipherSuite::CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256) {
@ -60,8 +60,8 @@ ndk::ScopedAStatus IdentityCredentialStore::getCredential(
"Unsupported cipher suite"));
}
vector<uint8_t> data = vector<uint8_t>(credentialData.begin(), credentialData.end());
shared_ptr<IdentityCredential> credential = ndk::SharedRefBase::make<IdentityCredential>(data);
shared_ptr<IdentityCredential> credential =
ndk::SharedRefBase::make<IdentityCredential>(credentialData);
auto ret = credential->initialize();
if (ret != IIdentityCredentialStore::STATUS_OK) {
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(

2
identity/aidl/default/IdentityCredentialStore.h
View file

@ -39,7 +39,7 @@ class IdentityCredentialStore : public BnIdentityCredentialStore {
const string& docType, bool testCredential,
shared_ptr<IWritableIdentityCredential>* outWritableCredential) override;
ndk::ScopedAStatus getCredential(CipherSuite cipherSuite, const vector<int8_t>& credentialData,
ndk::ScopedAStatus getCredential(CipherSuite cipherSuite, const vector<uint8_t>& credentialData,
shared_ptr<IIdentityCredential>* outCredential) override;
};

13
identity/aidl/default/Util.cpp
View file

@ -39,21 +39,12 @@ const vector<uint8_t>& getHardwareBoundKey() {
return hardwareBoundKey;
}
vector<uint8_t> byteStringToUnsigned(const vector<int8_t>& value) {
return vector<uint8_t>(value.begin(), value.end());
}
vector<int8_t> byteStringToSigned(const vector<uint8_t>& value) {
return vector<int8_t>(value.begin(), value.end());
}
vector<uint8_t> secureAccessControlProfileEncodeCbor(const SecureAccessControlProfile& profile) {
cppbor::Map map;
map.add("id", profile.id);
if (profile.readerCertificate.encodedCertificate.size() > 0) {
map.add("readerCertificate",
cppbor::Bstr(byteStringToUnsigned(profile.readerCertificate.encodedCertificate)));
map.add("readerCertificate", cppbor::Bstr(profile.readerCertificate.encodedCertificate));
}
if (profile.userAuthenticationRequired) {
@ -94,7 +85,7 @@ bool secureAccessControlProfileCheckMac(const SecureAccessControlProfile& profil
if (!mac) {
return false;
}
if (mac.value() != byteStringToUnsigned(profile.mac)) {
if (mac.value() != profile.mac) {
return false;
}
return true;

4
identity/aidl/default/Util.h
View file

@ -49,10 +49,6 @@ bool secureAccessControlProfileCheckMac(const SecureAccessControlProfile& profil
vector<uint8_t> entryCreateAdditionalData(const string& nameSpace, const string& name,
const vector<int32_t> accessControlProfileIds);
vector<uint8_t> byteStringToUnsigned(const vector<int8_t>& value);
vector<int8_t> byteStringToSigned(const vector<uint8_t>& value);
} // namespace aidl::android::hardware::identity
#endif // ANDROID_HARDWARE_IDENTITY_UTIL_H

26
identity/aidl/default/WritableIdentityCredential.cpp
View file

@ -53,8 +53,8 @@ bool WritableIdentityCredential::initialize() {
// attestation certificate with current time and expires one year from now. The
// certificate shall contain all values as specified in hal.
ndk::ScopedAStatus WritableIdentityCredential::getAttestationCertificate(
const vector<int8_t>& attestationApplicationId, //
const vector<int8_t>& attestationChallenge, //
const vector<uint8_t>& attestationApplicationId, //
const vector<uint8_t>& attestationChallenge, //
vector<Certificate>* outCertificateChain) {
if (!credentialPrivKey_.empty() || !credentialPubKey_.empty() || !certificateChain_.empty()) {
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
@ -97,7 +97,7 @@ ndk::ScopedAStatus WritableIdentityCredential::getAttestationCertificate(
*outCertificateChain = vector<Certificate>();
for (const vector<uint8_t>& cert : certificateChain_) {
Certificate c = Certificate();
c.encodedCertificate = byteStringToSigned(cert);
c.encodedCertificate = cert;
outCertificateChain->push_back(std::move(c));
}
return ndk::ScopedAStatus::ok();
@ -146,14 +146,13 @@ ndk::ScopedAStatus WritableIdentityCredential::addAccessControlProfile(
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
IIdentityCredentialStore::STATUS_FAILED, "Error calculating MAC for profile"));
}
profile.mac = byteStringToSigned(mac.value());
profile.mac = mac.value();
cppbor::Map profileMap;
profileMap.add("id", profile.id);
if (profile.readerCertificate.encodedCertificate.size() > 0) {
profileMap.add(
"readerCertificate",
cppbor::Bstr(byteStringToUnsigned(profile.readerCertificate.encodedCertificate)));
profileMap.add("readerCertificate",
cppbor::Bstr(profile.readerCertificate.encodedCertificate));
}
if (profile.userAuthenticationRequired) {
profileMap.add("userAuthenticationRequired", profile.userAuthenticationRequired);
@ -223,9 +222,8 @@ ndk::ScopedAStatus WritableIdentityCredential::beginAddEntry(
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus WritableIdentityCredential::addEntryValue(const vector<int8_t>& contentS,
vector<int8_t>* outEncryptedContent) {
auto content = byteStringToUnsigned(contentS);
ndk::ScopedAStatus WritableIdentityCredential::addEntryValue(const vector<uint8_t>& content,
vector<uint8_t>* outEncryptedContent) {
size_t contentSize = content.size();
if (contentSize > IdentityCredentialStore::kGcmChunkSize) {
@ -280,7 +278,7 @@ ndk::ScopedAStatus WritableIdentityCredential::addEntryValue(const vector<int8_t
signedDataCurrentNamespace_.add(std::move(entryMap));
}
*outEncryptedContent = byteStringToSigned(encryptedContent.value());
*outEncryptedContent = encryptedContent.value();
return ndk::ScopedAStatus::ok();
}
@ -329,7 +327,7 @@ bool generateCredentialData(const vector<uint8_t>& hardwareBoundKey, const strin
}
ndk::ScopedAStatus WritableIdentityCredential::finishAddingEntries(
vector<int8_t>* outCredentialData, vector<int8_t>* outProofOfProvisioningSignature) {
vector<uint8_t>* outCredentialData, vector<uint8_t>* outProofOfProvisioningSignature) {
if (signedDataCurrentNamespace_.size() > 0) {
signedDataNamespaces_.add(entryNameSpace_, std::move(signedDataCurrentNamespace_));
}
@ -364,8 +362,8 @@ ndk::ScopedAStatus WritableIdentityCredential::finishAddingEntries(
IIdentityCredentialStore::STATUS_FAILED, "Error generating CredentialData"));
}
*outCredentialData = byteStringToSigned(credentialData);
*outProofOfProvisioningSignature = byteStringToSigned(signature.value());
*outCredentialData = credentialData;
*outProofOfProvisioningSignature = signature.value();
return ndk::ScopedAStatus::ok();
}

12
identity/aidl/default/WritableIdentityCredential.h
View file

@ -37,8 +37,8 @@ class WritableIdentityCredential : public BnWritableIdentityCredential {
bool initialize();
// Methods from IWritableIdentityCredential follow.
ndk::ScopedAStatus getAttestationCertificate(const vector<int8_t>& attestationApplicationId,
const vector<int8_t>& attestationChallenge,
ndk::ScopedAStatus getAttestationCertificate(const vector<uint8_t>& attestationApplicationId,
const vector<uint8_t>& attestationChallenge,
vector<Certificate>* outCertificateChain) override;
ndk::ScopedAStatus startPersonalization(int32_t accessControlProfileCount,
@ -53,12 +53,12 @@ class WritableIdentityCredential : public BnWritableIdentityCredential {
const string& nameSpace, const string& name,
int32_t entrySize) override;
ndk::ScopedAStatus addEntryValue(const vector<int8_t>& content,
vector<int8_t>* outEncryptedContent) override;
ndk::ScopedAStatus addEntryValue(const vector<uint8_t>& content,
vector<uint8_t>* outEncryptedContent) override;
ndk::ScopedAStatus finishAddingEntries(
vector<int8_t>* outCredentialData,
vector<int8_t>* outProofOfProvisioningSignature) override;
vector<uint8_t>* outCredentialData,
vector<uint8_t>* outProofOfProvisioningSignature) override;
// private:
string docType_;

8
rebootescrow/aidl/default/RebootEscrow.cpp
View file

@ -28,7 +28,7 @@ namespace rebootescrow {
using ::android::base::unique_fd;
ndk::ScopedAStatus RebootEscrow::storeKey(const std::vector<int8_t>& kek) {
ndk::ScopedAStatus RebootEscrow::storeKey(const std::vector<uint8_t>& ukek) {
int rawFd = TEMP_FAILURE_RETRY(::open(devicePath_.c_str(), O_WRONLY | O_NOFOLLOW | O_CLOEXEC));
unique_fd fd(rawFd);
if (fd.get() < 0) {
@ -36,7 +36,6 @@ ndk::ScopedAStatus RebootEscrow::storeKey(const std::vector<int8_t>& kek) {
return ndk::ScopedAStatus(AStatus_fromExceptionCode(EX_UNSUPPORTED_OPERATION));
}
std::vector<uint8_t> ukek(kek.begin(), kek.end());
auto encoded = hadamard::EncodeKey(ukek);
if (!::android::base::WriteFully(fd, encoded.data(), encoded.size())) {
@ -47,7 +46,7 @@ ndk::ScopedAStatus RebootEscrow::storeKey(const std::vector<int8_t>& kek) {
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus RebootEscrow::retrieveKey(std::vector<int8_t>* _aidl_return) {
ndk::ScopedAStatus RebootEscrow::retrieveKey(std::vector<uint8_t>* _aidl_return) {
int rawFd = TEMP_FAILURE_RETRY(::open(devicePath_.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC));
unique_fd fd(rawFd);
if (fd.get() < 0) {
@ -63,8 +62,7 @@ ndk::ScopedAStatus RebootEscrow::retrieveKey(std::vector<int8_t>* _aidl_return)
auto keyBytes = hadamard::DecodeKey(encodedBytes);
std::vector<int8_t> signedKeyBytes(keyBytes.begin(), keyBytes.end());
*_aidl_return = signedKeyBytes;
*_aidl_return = keyBytes;
return ndk::ScopedAStatus::ok();
}

4
rebootescrow/aidl/default/include/rebootescrow-impl/RebootEscrow.h
View file

@ -26,8 +26,8 @@ namespace rebootescrow {
class RebootEscrow : public BnRebootEscrow {
public:
explicit RebootEscrow(const std::string& devicePath) : devicePath_(devicePath) {}
ndk::ScopedAStatus storeKey(const std::vector<int8_t>& kek) override;
ndk::ScopedAStatus retrieveKey(std::vector<int8_t>* _aidl_return) override;
ndk::ScopedAStatus storeKey(const std::vector<uint8_t>& kek) override;
ndk::ScopedAStatus retrieveKey(std::vector<uint8_t>* _aidl_return) override;
private:
const std::string devicePath_;