Identity Credential changes for Android 12

- Add IIdentityCredential.deleteCredentialWithChallenge() - Deprecate IIdentityCredential.deleteCredential() - Add IIdentityCredential.proveOwership() - Add IIdentityCredential.updateCredential() - Add ProofOfBinding CBOR to AuthenticationKey X.509 certificate - Document which API versions new methods/features appeared in. - Mention need to declare android.hardware.identity_credential system feature (w/ feature version number) and do this for the default implementation. Bug: 170146643 Test: atest VtsHalIdentityTargetTest Change-Id: Ib47c7caa5f3d6fff6919f019eee44a735dba9cf8
author: David Zeuthen <zeuthen@google.com> 2020-10-16 11:27:24 -0400
committer: David Zeuthen <zeuthen@google.com> 2021-01-23 13:35:57 -0500
commit: 49f2d2558ac417d090dfae9c78ab372d71e5140c (patch)
tree: be240ccdfb0fa1e45aa03648cb385ff7ce82d84f /identity/aidl/default/FakeSecureHardwareProxy.cpp
parent: eafa06164d1e1bafbe20562d540ab5420bb0f825 (diff)
1 files changed, 29 insertions, 6 deletions
diff --git a/identity/aidl/default/FakeSecureHardwareProxy.cpp b/identity/aidl/default/FakeSecureHardwareProxy.cpp
index de6762fc2e..287ffb82e1 100644
--- a/identity/aidl/default/FakeSecureHardwareProxy.cpp
+++ b/identity/aidl/default/FakeSecureHardwareProxy.cpp
@@ -67,6 +67,13 @@ bool FakeSecureHardwareProvisioningProxy::initialize(bool testCredential) {
     return eicProvisioningInit(&ctx_, testCredential);
 }
 
+bool FakeSecureHardwareProvisioningProxy::initializeForUpdate(
+        bool testCredential, string docType, vector<uint8_t> encryptedCredentialKeys) {
+    return eicProvisioningInitForUpdate(&ctx_, testCredential, docType.c_str(),
+                                        encryptedCredentialKeys.data(),
+                                        encryptedCredentialKeys.size());
+}
+
 // Returns public key certificate.
 optional<vector<uint8_t>> FakeSecureHardwareProvisioningProxy::createCredentialKey(
         const vector<uint8_t>& challenge, const vector<uint8_t>& applicationId) {
@@ -140,14 +147,16 @@ optional<vector<uint8_t>> FakeSecureHardwareProvisioningProxy::finishAddingEntri
     return signatureOfToBeSigned;
 }
 
-// Returns encryptedCredentialKeys (80 bytes).
+// Returns encryptedCredentialKeys.
 optional<vector<uint8_t>> FakeSecureHardwareProvisioningProxy::finishGetCredentialData(
         const string& docType) {
-    vector<uint8_t> encryptedCredentialKeys(80);
+    vector<uint8_t> encryptedCredentialKeys(116);
+    size_t size = encryptedCredentialKeys.size();
     if (!eicProvisioningFinishGetCredentialData(&ctx_, docType.c_str(),
-                                                encryptedCredentialKeys.data())) {
+                                                encryptedCredentialKeys.data(), &size)) {
         return {};
     }
+    encryptedCredentialKeys.resize(size);
     return encryptedCredentialKeys;
 }
 
@@ -162,7 +171,7 @@ bool FakeSecureHardwarePresentationProxy::initialize(bool testCredential, string
     LOG(INFO) << "FakeSecureHardwarePresentationProxy created, sizeof(EicPresentation): "
               << sizeof(EicPresentation);
     return eicPresentationInit(&ctx_, testCredential, docType.c_str(),
-                               encryptedCredentialKeys.data());
+                               encryptedCredentialKeys.data(), encryptedCredentialKeys.size());
 }
 
 // Returns publicKeyCert (1st component) and signingKeyBlob (2nd component)
@@ -312,13 +321,27 @@ optional<vector<uint8_t>> FakeSecureHardwarePresentationProxy::finishRetrieval()
 }
 
 optional<vector<uint8_t>> FakeSecureHardwarePresentationProxy::deleteCredential(
-        const string& docType, size_t proofOfDeletionCborSize) {
+        const string& docType, const vector<uint8_t>& challenge, bool includeChallenge,
+        size_t proofOfDeletionCborSize) {
     vector<uint8_t> signatureOfToBeSigned(EIC_ECDSA_P256_SIGNATURE_SIZE);
-    if (!eicPresentationDeleteCredential(&ctx_, docType.c_str(), proofOfDeletionCborSize,
+    if (!eicPresentationDeleteCredential(&ctx_, docType.c_str(), challenge.data(), challenge.size(),
+                                         includeChallenge, proofOfDeletionCborSize,
                                          signatureOfToBeSigned.data())) {
         return {};
     }
     return signatureOfToBeSigned;
 }
 
+optional<vector<uint8_t>> FakeSecureHardwarePresentationProxy::proveOwnership(
+        const string& docType, bool testCredential, const vector<uint8_t>& challenge,
+        size_t proofOfOwnershipCborSize) {
+    vector<uint8_t> signatureOfToBeSigned(EIC_ECDSA_P256_SIGNATURE_SIZE);
+    if (!eicPresentationProveOwnership(&ctx_, docType.c_str(), testCredential, challenge.data(),
+                                       challenge.size(), proofOfOwnershipCborSize,
+                                       signatureOfToBeSigned.data())) {
+        return {};
+    }
+    return signatureOfToBeSigned;
+}
+
 }  // namespace android::hardware::identity
author	David Zeuthen <zeuthen@google.com>	2020-10-16 11:27:24 -0400
committer	David Zeuthen <zeuthen@google.com>	2021-01-23 13:35:57 -0500
commit	49f2d2558ac417d090dfae9c78ab372d71e5140c (patch)
tree	be240ccdfb0fa1e45aa03648cb385ff7ce82d84f /identity/aidl/default/FakeSecureHardwareProxy.cpp
parent	eafa06164d1e1bafbe20562d540ab5420bb0f825 (diff)