use vector<uint8_t> for byte[] in AIDL
In native world, byte stream is typically represented in uint8_t[]
or vector<uint8_t>. C++ backend already generates that way. This
change involves NDK backend.
Now NDK backend also uses vector<uint8_t> just like C++ backend.
Bug: 144957764
Test: atest CtsNdkBinderTestCases
Change-Id: I8de348b57cf92dd99b3ee16252f56300ce5f4683
diff --git a/identity/aidl/default/IdentityCredential.cpp b/identity/aidl/default/IdentityCredential.cpp
index 341fae6..aaae1f6 100644
--- a/identity/aidl/default/IdentityCredential.cpp
+++ b/identity/aidl/default/IdentityCredential.cpp
@@ -102,7 +102,7 @@
}
ndk::ScopedAStatus IdentityCredential::deleteCredential(
- vector<int8_t>* outProofOfDeletionSignature) {
+ vector<uint8_t>* outProofOfDeletionSignature) {
cppbor::Array array = {"ProofOfDeletion", docType_, testCredential_};
vector<uint8_t> proofOfDeletion = array.encode();
@@ -115,11 +115,11 @@
IIdentityCredentialStore::STATUS_FAILED, "Error signing data"));
}
- *outProofOfDeletionSignature = byteStringToSigned(signature.value());
+ *outProofOfDeletionSignature = signature.value();
return ndk::ScopedAStatus::ok();
}
-ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<int8_t>* outKeyPair) {
+ndk::ScopedAStatus IdentityCredential::createEphemeralKeyPair(vector<uint8_t>* outKeyPair) {
optional<vector<uint8_t>> kp = support::createEcKeyPair();
if (!kp) {
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
@@ -135,13 +135,13 @@
}
ephemeralPublicKey_ = publicKey.value();
- *outKeyPair = byteStringToSigned(kp.value());
+ *outKeyPair = kp.value();
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus IdentityCredential::setReaderEphemeralPublicKey(
- const vector<int8_t>& publicKey) {
- readerPublicKey_ = byteStringToUnsigned(publicKey);
+ const vector<uint8_t>& publicKey) {
+ readerPublicKey_ = publicKey;
return ndk::ScopedAStatus::ok();
}
@@ -169,8 +169,8 @@
// ahead of time.
bool checkReaderAuthentication(const SecureAccessControlProfile& profile,
const vector<uint8_t>& readerCertificateChain) {
- optional<vector<uint8_t>> acpPubKey = support::certificateChainGetTopMostKey(
- byteStringToUnsigned(profile.readerCertificate.encodedCertificate));
+ optional<vector<uint8_t>> acpPubKey =
+ support::certificateChainGetTopMostKey(profile.readerCertificate.encodedCertificate);
if (!acpPubKey) {
LOG(ERROR) << "Error extracting public key from readerCertificate in profile";
return false;
@@ -255,13 +255,9 @@
ndk::ScopedAStatus IdentityCredential::startRetrieval(
const vector<SecureAccessControlProfile>& accessControlProfiles,
- const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequestS,
- const vector<int8_t>& signingKeyBlobS, const vector<int8_t>& sessionTranscriptS,
- const vector<int8_t>& readerSignatureS, const vector<int32_t>& requestCounts) {
- auto sessionTranscript = byteStringToUnsigned(sessionTranscriptS);
- auto itemsRequest = byteStringToUnsigned(itemsRequestS);
- auto readerSignature = byteStringToUnsigned(readerSignatureS);
-
+ const HardwareAuthToken& authToken, const vector<uint8_t>& itemsRequest,
+ const vector<uint8_t>& signingKeyBlob, const vector<uint8_t>& sessionTranscript,
+ const vector<uint8_t>& readerSignature, const vector<int32_t>& requestCounts) {
if (sessionTranscript.size() > 0) {
auto [item, _, message] = cppbor::parse(sessionTranscript);
if (item == nullptr) {
@@ -498,7 +494,7 @@
currentNameSpace_ = "";
itemsRequest_ = itemsRequest;
- signingKeyBlob_ = byteStringToUnsigned(signingKeyBlobS);
+ signingKeyBlob_ = signingKeyBlob;
numStartRetrievalCalls_ += 1;
return ndk::ScopedAStatus::ok();
@@ -605,10 +601,8 @@
return ndk::ScopedAStatus::ok();
}
-ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<int8_t>& encryptedContentS,
- vector<int8_t>* outContent) {
- auto encryptedContent = byteStringToUnsigned(encryptedContentS);
-
+ndk::ScopedAStatus IdentityCredential::retrieveEntryValue(const vector<uint8_t>& encryptedContent,
+ vector<uint8_t>* outContent) {
optional<vector<uint8_t>> content =
support::decryptAes128Gcm(storageKey_, encryptedContent, entryAdditionalData_);
if (!content) {
@@ -647,12 +641,12 @@
currentNameSpaceDeviceNameSpacesMap_.add(currentName_, std::move(entryValueItem));
}
- *outContent = byteStringToSigned(content.value());
+ *outContent = content.value();
return ndk::ScopedAStatus::ok();
}
-ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<int8_t>* outMac,
- vector<int8_t>* outDeviceNameSpaces) {
+ndk::ScopedAStatus IdentityCredential::finishRetrieval(vector<uint8_t>* outMac,
+ vector<uint8_t>* outDeviceNameSpaces) {
if (currentNameSpaceDeviceNameSpacesMap_.size() > 0) {
deviceNameSpacesMap_.add(currentNameSpace_,
std::move(currentNameSpaceDeviceNameSpacesMap_));
@@ -704,13 +698,13 @@
}
}
- *outMac = byteStringToSigned(mac.value_or(vector<uint8_t>({})));
- *outDeviceNameSpaces = byteStringToSigned(encodedDeviceNameSpaces);
+ *outMac = mac.value_or(vector<uint8_t>({}));
+ *outDeviceNameSpaces = encodedDeviceNameSpaces;
return ndk::ScopedAStatus::ok();
}
ndk::ScopedAStatus IdentityCredential::generateSigningKeyPair(
- vector<int8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) {
+ vector<uint8_t>* outSigningKeyBlob, Certificate* outSigningKeyCertificate) {
string serialDecimal = "0"; // TODO: set serial to something unique
string issuer = "Android Open Source Project";
string subject = "Android IdentityCredential Reference Implementation";
@@ -758,9 +752,9 @@
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
IIdentityCredentialStore::STATUS_FAILED, "Error encrypting signingKey"));
}
- *outSigningKeyBlob = byteStringToSigned(encryptedSigningKey.value());
+ *outSigningKeyBlob = encryptedSigningKey.value();
*outSigningKeyCertificate = Certificate();
- outSigningKeyCertificate->encodedCertificate = byteStringToSigned(certificate.value());
+ outSigningKeyCertificate->encodedCertificate = certificate.value();
return ndk::ScopedAStatus::ok();
}
diff --git a/identity/aidl/default/IdentityCredential.h b/identity/aidl/default/IdentityCredential.h
index fc29254..6072afe 100644
--- a/identity/aidl/default/IdentityCredential.h
+++ b/identity/aidl/default/IdentityCredential.h
@@ -47,23 +47,23 @@
int initialize();
// Methods from IIdentityCredential follow.
- ndk::ScopedAStatus deleteCredential(vector<int8_t>* outProofOfDeletionSignature) override;
- ndk::ScopedAStatus createEphemeralKeyPair(vector<int8_t>* outKeyPair) override;
- ndk::ScopedAStatus setReaderEphemeralPublicKey(const vector<int8_t>& publicKey) override;
+ ndk::ScopedAStatus deleteCredential(vector<uint8_t>* outProofOfDeletionSignature) override;
+ ndk::ScopedAStatus createEphemeralKeyPair(vector<uint8_t>* outKeyPair) override;
+ ndk::ScopedAStatus setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) override;
ndk::ScopedAStatus createAuthChallenge(int64_t* outChallenge) override;
ndk::ScopedAStatus startRetrieval(
const vector<SecureAccessControlProfile>& accessControlProfiles,
- const HardwareAuthToken& authToken, const vector<int8_t>& itemsRequest,
- const vector<int8_t>& signingKeyBlob, const vector<int8_t>& sessionTranscript,
- const vector<int8_t>& readerSignature, const vector<int32_t>& requestCounts) override;
+ const HardwareAuthToken& authToken, const vector<uint8_t>& itemsRequest,
+ const vector<uint8_t>& signingKeyBlob, const vector<uint8_t>& sessionTranscript,
+ const vector<uint8_t>& readerSignature, const vector<int32_t>& requestCounts) override;
ndk::ScopedAStatus startRetrieveEntryValue(
const string& nameSpace, const string& name, int32_t entrySize,
const vector<int32_t>& accessControlProfileIds) override;
- ndk::ScopedAStatus retrieveEntryValue(const vector<int8_t>& encryptedContent,
- vector<int8_t>* outContent) override;
- ndk::ScopedAStatus finishRetrieval(vector<int8_t>* outMac,
- vector<int8_t>* outDeviceNameSpaces) override;
- ndk::ScopedAStatus generateSigningKeyPair(vector<int8_t>* outSigningKeyBlob,
+ ndk::ScopedAStatus retrieveEntryValue(const vector<uint8_t>& encryptedContent,
+ vector<uint8_t>* outContent) override;
+ ndk::ScopedAStatus finishRetrieval(vector<uint8_t>* outMac,
+ vector<uint8_t>* outDeviceNameSpaces) override;
+ ndk::ScopedAStatus generateSigningKeyPair(vector<uint8_t>* outSigningKeyBlob,
Certificate* outSigningKeyCertificate) override;
private:
diff --git a/identity/aidl/default/IdentityCredentialStore.cpp b/identity/aidl/default/IdentityCredentialStore.cpp
index 1efb4b4..30dc6f3 100644
--- a/identity/aidl/default/IdentityCredentialStore.cpp
+++ b/identity/aidl/default/IdentityCredentialStore.cpp
@@ -51,7 +51,7 @@
}
ndk::ScopedAStatus IdentityCredentialStore::getCredential(
- CipherSuite cipherSuite, const vector<int8_t>& credentialData,
+ CipherSuite cipherSuite, const vector<uint8_t>& credentialData,
shared_ptr<IIdentityCredential>* outCredential) {
// We only support CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256 right now.
if (cipherSuite != CipherSuite::CIPHERSUITE_ECDHE_HKDF_ECDSA_WITH_AES_256_GCM_SHA256) {
@@ -60,8 +60,8 @@
"Unsupported cipher suite"));
}
- vector<uint8_t> data = vector<uint8_t>(credentialData.begin(), credentialData.end());
- shared_ptr<IdentityCredential> credential = ndk::SharedRefBase::make<IdentityCredential>(data);
+ shared_ptr<IdentityCredential> credential =
+ ndk::SharedRefBase::make<IdentityCredential>(credentialData);
auto ret = credential->initialize();
if (ret != IIdentityCredentialStore::STATUS_OK) {
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
diff --git a/identity/aidl/default/IdentityCredentialStore.h b/identity/aidl/default/IdentityCredentialStore.h
index a205113..4f3a421 100644
--- a/identity/aidl/default/IdentityCredentialStore.h
+++ b/identity/aidl/default/IdentityCredentialStore.h
@@ -39,7 +39,7 @@
const string& docType, bool testCredential,
shared_ptr<IWritableIdentityCredential>* outWritableCredential) override;
- ndk::ScopedAStatus getCredential(CipherSuite cipherSuite, const vector<int8_t>& credentialData,
+ ndk::ScopedAStatus getCredential(CipherSuite cipherSuite, const vector<uint8_t>& credentialData,
shared_ptr<IIdentityCredential>* outCredential) override;
};
diff --git a/identity/aidl/default/Util.cpp b/identity/aidl/default/Util.cpp
index a0f86be..66b9f13 100644
--- a/identity/aidl/default/Util.cpp
+++ b/identity/aidl/default/Util.cpp
@@ -39,21 +39,12 @@
return hardwareBoundKey;
}
-vector<uint8_t> byteStringToUnsigned(const vector<int8_t>& value) {
- return vector<uint8_t>(value.begin(), value.end());
-}
-
-vector<int8_t> byteStringToSigned(const vector<uint8_t>& value) {
- return vector<int8_t>(value.begin(), value.end());
-}
-
vector<uint8_t> secureAccessControlProfileEncodeCbor(const SecureAccessControlProfile& profile) {
cppbor::Map map;
map.add("id", profile.id);
if (profile.readerCertificate.encodedCertificate.size() > 0) {
- map.add("readerCertificate",
- cppbor::Bstr(byteStringToUnsigned(profile.readerCertificate.encodedCertificate)));
+ map.add("readerCertificate", cppbor::Bstr(profile.readerCertificate.encodedCertificate));
}
if (profile.userAuthenticationRequired) {
@@ -94,7 +85,7 @@
if (!mac) {
return false;
}
- if (mac.value() != byteStringToUnsigned(profile.mac)) {
+ if (mac.value() != profile.mac) {
return false;
}
return true;
diff --git a/identity/aidl/default/Util.h b/identity/aidl/default/Util.h
index ee41ad1..9fccba2 100644
--- a/identity/aidl/default/Util.h
+++ b/identity/aidl/default/Util.h
@@ -49,10 +49,6 @@
vector<uint8_t> entryCreateAdditionalData(const string& nameSpace, const string& name,
const vector<int32_t> accessControlProfileIds);
-vector<uint8_t> byteStringToUnsigned(const vector<int8_t>& value);
-
-vector<int8_t> byteStringToSigned(const vector<uint8_t>& value);
-
} // namespace aidl::android::hardware::identity
#endif // ANDROID_HARDWARE_IDENTITY_UTIL_H
diff --git a/identity/aidl/default/WritableIdentityCredential.cpp b/identity/aidl/default/WritableIdentityCredential.cpp
index 89f7f35..bce913a 100644
--- a/identity/aidl/default/WritableIdentityCredential.cpp
+++ b/identity/aidl/default/WritableIdentityCredential.cpp
@@ -53,8 +53,8 @@
// attestation certificate with current time and expires one year from now. The
// certificate shall contain all values as specified in hal.
ndk::ScopedAStatus WritableIdentityCredential::getAttestationCertificate(
- const vector<int8_t>& attestationApplicationId, //
- const vector<int8_t>& attestationChallenge, //
+ const vector<uint8_t>& attestationApplicationId, //
+ const vector<uint8_t>& attestationChallenge, //
vector<Certificate>* outCertificateChain) {
if (!credentialPrivKey_.empty() || !credentialPubKey_.empty() || !certificateChain_.empty()) {
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
@@ -97,7 +97,7 @@
*outCertificateChain = vector<Certificate>();
for (const vector<uint8_t>& cert : certificateChain_) {
Certificate c = Certificate();
- c.encodedCertificate = byteStringToSigned(cert);
+ c.encodedCertificate = cert;
outCertificateChain->push_back(std::move(c));
}
return ndk::ScopedAStatus::ok();
@@ -146,14 +146,13 @@
return ndk::ScopedAStatus(AStatus_fromServiceSpecificErrorWithMessage(
IIdentityCredentialStore::STATUS_FAILED, "Error calculating MAC for profile"));
}
- profile.mac = byteStringToSigned(mac.value());
+ profile.mac = mac.value();
cppbor::Map profileMap;
profileMap.add("id", profile.id);
if (profile.readerCertificate.encodedCertificate.size() > 0) {
- profileMap.add(
- "readerCertificate",
- cppbor::Bstr(byteStringToUnsigned(profile.readerCertificate.encodedCertificate)));
+ profileMap.add("readerCertificate",
+ cppbor::Bstr(profile.readerCertificate.encodedCertificate));
}
if (profile.userAuthenticationRequired) {
profileMap.add("userAuthenticationRequired", profile.userAuthenticationRequired);
@@ -223,9 +222,8 @@
return ndk::ScopedAStatus::ok();
}
-ndk::ScopedAStatus WritableIdentityCredential::addEntryValue(const vector<int8_t>& contentS,
- vector<int8_t>* outEncryptedContent) {
- auto content = byteStringToUnsigned(contentS);
+ndk::ScopedAStatus WritableIdentityCredential::addEntryValue(const vector<uint8_t>& content,
+ vector<uint8_t>* outEncryptedContent) {
size_t contentSize = content.size();
if (contentSize > IdentityCredentialStore::kGcmChunkSize) {
@@ -280,7 +278,7 @@
signedDataCurrentNamespace_.add(std::move(entryMap));
}
- *outEncryptedContent = byteStringToSigned(encryptedContent.value());
+ *outEncryptedContent = encryptedContent.value();
return ndk::ScopedAStatus::ok();
}
@@ -329,7 +327,7 @@
}
ndk::ScopedAStatus WritableIdentityCredential::finishAddingEntries(
- vector<int8_t>* outCredentialData, vector<int8_t>* outProofOfProvisioningSignature) {
+ vector<uint8_t>* outCredentialData, vector<uint8_t>* outProofOfProvisioningSignature) {
if (signedDataCurrentNamespace_.size() > 0) {
signedDataNamespaces_.add(entryNameSpace_, std::move(signedDataCurrentNamespace_));
}
@@ -364,8 +362,8 @@
IIdentityCredentialStore::STATUS_FAILED, "Error generating CredentialData"));
}
- *outCredentialData = byteStringToSigned(credentialData);
- *outProofOfProvisioningSignature = byteStringToSigned(signature.value());
+ *outCredentialData = credentialData;
+ *outProofOfProvisioningSignature = signature.value();
return ndk::ScopedAStatus::ok();
}
diff --git a/identity/aidl/default/WritableIdentityCredential.h b/identity/aidl/default/WritableIdentityCredential.h
index b182862..4b6fca8 100644
--- a/identity/aidl/default/WritableIdentityCredential.h
+++ b/identity/aidl/default/WritableIdentityCredential.h
@@ -37,8 +37,8 @@
bool initialize();
// Methods from IWritableIdentityCredential follow.
- ndk::ScopedAStatus getAttestationCertificate(const vector<int8_t>& attestationApplicationId,
- const vector<int8_t>& attestationChallenge,
+ ndk::ScopedAStatus getAttestationCertificate(const vector<uint8_t>& attestationApplicationId,
+ const vector<uint8_t>& attestationChallenge,
vector<Certificate>* outCertificateChain) override;
ndk::ScopedAStatus startPersonalization(int32_t accessControlProfileCount,
@@ -53,12 +53,12 @@
const string& nameSpace, const string& name,
int32_t entrySize) override;
- ndk::ScopedAStatus addEntryValue(const vector<int8_t>& content,
- vector<int8_t>* outEncryptedContent) override;
+ ndk::ScopedAStatus addEntryValue(const vector<uint8_t>& content,
+ vector<uint8_t>* outEncryptedContent) override;
ndk::ScopedAStatus finishAddingEntries(
- vector<int8_t>* outCredentialData,
- vector<int8_t>* outProofOfProvisioningSignature) override;
+ vector<uint8_t>* outCredentialData,
+ vector<uint8_t>* outProofOfProvisioningSignature) override;
// private:
string docType_;
diff --git a/rebootescrow/aidl/default/RebootEscrow.cpp b/rebootescrow/aidl/default/RebootEscrow.cpp
index dbc0921..8e5e97c 100644
--- a/rebootescrow/aidl/default/RebootEscrow.cpp
+++ b/rebootescrow/aidl/default/RebootEscrow.cpp
@@ -28,7 +28,7 @@
using ::android::base::unique_fd;
-ndk::ScopedAStatus RebootEscrow::storeKey(const std::vector<int8_t>& kek) {
+ndk::ScopedAStatus RebootEscrow::storeKey(const std::vector<uint8_t>& ukek) {
int rawFd = TEMP_FAILURE_RETRY(::open(devicePath_.c_str(), O_WRONLY | O_NOFOLLOW | O_CLOEXEC));
unique_fd fd(rawFd);
if (fd.get() < 0) {
@@ -36,7 +36,6 @@
return ndk::ScopedAStatus(AStatus_fromExceptionCode(EX_UNSUPPORTED_OPERATION));
}
- std::vector<uint8_t> ukek(kek.begin(), kek.end());
auto encoded = hadamard::EncodeKey(ukek);
if (!::android::base::WriteFully(fd, encoded.data(), encoded.size())) {
@@ -47,7 +46,7 @@
return ndk::ScopedAStatus::ok();
}
-ndk::ScopedAStatus RebootEscrow::retrieveKey(std::vector<int8_t>* _aidl_return) {
+ndk::ScopedAStatus RebootEscrow::retrieveKey(std::vector<uint8_t>* _aidl_return) {
int rawFd = TEMP_FAILURE_RETRY(::open(devicePath_.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC));
unique_fd fd(rawFd);
if (fd.get() < 0) {
@@ -63,8 +62,7 @@
auto keyBytes = hadamard::DecodeKey(encodedBytes);
- std::vector<int8_t> signedKeyBytes(keyBytes.begin(), keyBytes.end());
- *_aidl_return = signedKeyBytes;
+ *_aidl_return = keyBytes;
return ndk::ScopedAStatus::ok();
}
diff --git a/rebootescrow/aidl/default/include/rebootescrow-impl/RebootEscrow.h b/rebootescrow/aidl/default/include/rebootescrow-impl/RebootEscrow.h
index 00ff16b..cdbeb67 100644
--- a/rebootescrow/aidl/default/include/rebootescrow-impl/RebootEscrow.h
+++ b/rebootescrow/aidl/default/include/rebootescrow-impl/RebootEscrow.h
@@ -26,8 +26,8 @@
class RebootEscrow : public BnRebootEscrow {
public:
explicit RebootEscrow(const std::string& devicePath) : devicePath_(devicePath) {}
- ndk::ScopedAStatus storeKey(const std::vector<int8_t>& kek) override;
- ndk::ScopedAStatus retrieveKey(std::vector<int8_t>* _aidl_return) override;
+ ndk::ScopedAStatus storeKey(const std::vector<uint8_t>& kek) override;
+ ndk::ScopedAStatus retrieveKey(std::vector<uint8_t>* _aidl_return) override;
private:
const std::string devicePath_;