These updates are based on input/experiences implementing this
HAL. There are no API changes.
- Specify that the validity for credentialKey certificate shall be
from current time and expire at the same time as the attestation
batch certificate.
- Require challenge passed to getAttestationCertificate() is
non-empty.
- Fix bug in VTS tests where the startPersonlization() result was not
checked.
- Remove verifyStartPersonalizationZero test since it cannot be
completed.
- Ensure secureUserId is non-zero if user authentication is needed.
- Specify format for signingKeyBlob in generateSigningKeyPair() same
way we do for credentialData in finishAddingEntries().
- Modify EndToEndTest to decrypt/unpack credentialData to obtain
credentialPrivKey and storageKey and do cross-checks on these.
- Modify EndToEndTest to decrypt/unpack signingKeyBlob to obtain
signingKeyPriv and check it matches the public key in the returned
certificate.
- Add new VTS tests for user and reader authentication.
- Relax unnecessary requirements about SessionTranscript structure -
just require it has X and Y of the ephemeral key created earlier.
- Allow calls in VTS tests to v2 HAL to fail - this should allow
these VTS tests to pass on a compliant v1 HAL.
Bug: 156911917
Bug: 158107945
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: I11b79dbd57b1830609c70301fea9c99f9e5080cb
Without this extra information passed upfront it's not practical to
implement a HAL which incrementally builds up cryptographically
authenticated data.
Two new methods are added to facilitate this and the HAL version
number is bumped to 2.
Bug: 154631410
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: Iff63dfa2c4485c8768e06e7f6d70e940cfc8f68e
In order to implement Identity Credential on resource-restricted
secure hardware, we need to limit the number of possible
AccessControlProfile in a credential. A limit of 32 means that such
hardware only need to devote four bytes of RAM for a bitmask with
information about which profiles are authorized.
Document this, add new VTS test, and update the default
implementation.
Bug: 155100967
Test: atest android.security.identity.cts
Test: atest VtsHalIdentityTargetTest
Change-Id: Ia4f2ee0013b330561df744e0595f298a0d156122
Fixed following bugs in WritableIdentityCredential.cpp
- Do not allow startPersonalization to be called more than once per
aidl.
- Do not preceed with beginAddEntry if addAccessControlProfile and
startPersonalization profile count mismatch.
- Verify access control profile ids are unique.
- Do not let empty name space to mess up beginAddEntry.
- Do not allow beginAddEntry to add entries interleaving namespace
groupings. Enforce all entries must be added in namespace "groups"
per aidl.
- Fix counting error that allowed one entries to be added per name
space than startPersonalization limit.
- Do not approve finishAddingEntries if there are more profiles or
entries to be added than startPersonalization set accounting.
- Add testing utilities library for identity credential.
- Refactored end to end tests.
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: I51902681776c6230e49589fc75a8145e79d7d1a6
In native world, byte stream is typically represented in uint8_t[]
or vector<uint8_t>. C++ backend already generates that way. This
change involves NDK backend.
Now NDK backend also uses vector<uint8_t> just like C++ backend.
Bug: 144957764
Test: atest CtsNdkBinderTestCases
Merged-In: I8de348b57cf92dd99b3ee16252f56300ce5f4683
Change-Id: I8de348b57cf92dd99b3ee16252f56300ce5f4683
(cherry picked from commit 9070318462)
Exempt-From-Owner-Approval: cp from internal
This includes add a partial types-only HAL for KeyMaster for
HardwareAuthToken.
Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I7a6254d33200bfd62269aed1957cbb2a84b16272
