summaryrefslogtreecommitdiff
path: root/identity/aidl/default/WritableIdentityCredential.cpp
AgeCommit message (Collapse)Author
2021-01-05Identity Credential: Switch default implementation to use libeic.David Zeuthen
Introduce platform-neutral C library ("libeic") which can be used to implement an Identity Credential Trusted Application/Applet in Secure Hardware. The libeic library is intentionally low-level, has no dependencies (not even libc), uses very little run-time memory (less than 500 bytes during a provisioning or presentation session), and doesn't dynamically allocate any memory. Crypto routines are provided by the library user through a simple crypto interface defined in EicOps. Also provide an Android-side HAL implementation designed to communicate with libeic running in Secure Hardware outside Android. Abstract out communications between HAL and TA in a couple of SecureHardwareProxy* classes which mimic libeic 1:1. The default implementation of the HAL is a combination of the aforementioned HAL using libeic in-process backed by BoringSSL for the crypto bits. Test: atest VtsHalIdentityTargetTest Test: atest android.security.identity.cts Bug: 170146643 Change-Id: I3bf43fa7fd9362f94023052591801f2094a04607
2020-11-17identity: Fix attestation and documentation problems.David Zeuthen
- The docs said that IdentityCredential.createEphemeralKey() returned data encoded PKCS#8 which is wrong. It's supposed to be in DER format which is also what the VTS tests and credstore expects. - Clarify that createEphemeralKeyPair(), setReaderEphemeralPublicKey(), and createAuthChallenge() are all optional. - Avoid passing an invalid profile ID in the IdentityCredentialTests. verifyOneProfileAndEntryPass test. - Update requirements for which tags must be present in the attestation for CredentialKey as well as the requirements on expiration date and the issuer name. Update default implementation to satisfy these requirements. Update VTS tests to carefully verify these requrements are met. - Clarify requirements for X.509 cert for AuthenticationKey. Add VTS test to verify. - Mandate that TAG_IDENTITY_CREDENTIAL_KEY must not be set for test credentials. Add VTS test to verify this. - Make default implementation pretend to be implemented in a trusted environment and streamline VTS tests to not special-case for the default implementation. - Switch to using the attestation extension parser from the KM 4.1 support library instead of the one from system/keymaster. The latter one did not support the latest attestation extension and thus would fail for pretty much anything that wasn't the default HAL impl. - Fix a couple of bugs in keymaster::V4_1::parse_attestation_record(): - Report root_of_trust.security_level - Add support for Tag::IDENTITY_CREDENTIAL_KEY - Fix how EMacKey is calculated. - Add test vectors to verify how EMacKey and DeviceMac is calculated. Test: atest VtsHalIdentityTargetTest Test: atest android.security.identity.cts Bug: 171745570 Change-Id: I2f8bd772de078556733f769cec2021918d1d7de6
2020-06-04Update Identity Credential VTS tests.David Zeuthen
These updates are based on input/experiences implementing this HAL. There are no API changes. - Specify that the validity for credentialKey certificate shall be from current time and expire at the same time as the attestation batch certificate. - Require challenge passed to getAttestationCertificate() is non-empty. - Fix bug in VTS tests where the startPersonlization() result was not checked. - Remove verifyStartPersonalizationZero test since it cannot be completed. - Ensure secureUserId is non-zero if user authentication is needed. - Specify format for signingKeyBlob in generateSigningKeyPair() same way we do for credentialData in finishAddingEntries(). - Modify EndToEndTest to decrypt/unpack credentialData to obtain credentialPrivKey and storageKey and do cross-checks on these. - Modify EndToEndTest to decrypt/unpack signingKeyBlob to obtain signingKeyPriv and check it matches the public key in the returned certificate. - Add new VTS tests for user and reader authentication. - Relax unnecessary requirements about SessionTranscript structure - just require it has X and Y of the ephemeral key created earlier. - Allow calls in VTS tests to v2 HAL to fail - this should allow these VTS tests to pass on a compliant v1 HAL. Bug: 156911917 Bug: 158107945 Test: atest VtsHalIdentityTargetTest Test: atest android.security.identity.cts Change-Id: I11b79dbd57b1830609c70301fea9c99f9e5080cb
2020-04-29Identity Credential: Pass additional information to HAL.David Zeuthen
Without this extra information passed upfront it's not practical to implement a HAL which incrementally builds up cryptographically authenticated data. Two new methods are added to facilitate this and the HAL version number is bumped to 2. Bug: 154631410 Test: atest VtsHalIdentityTargetTest Test: atest android.security.identity.cts Change-Id: Iff63dfa2c4485c8768e06e7f6d70e940cfc8f68e
2020-04-27Identity Credential: Restrict AccessControlProfile identifiers to 32.David Zeuthen
In order to implement Identity Credential on resource-restricted secure hardware, we need to limit the number of possible AccessControlProfile in a credential. A limit of 32 means that such hardware only need to devote four bytes of RAM for a bitmask with information about which profiles are authorized. Document this, add new VTS test, and update the default implementation. Bug: 155100967 Test: atest android.security.identity.cts Test: atest VtsHalIdentityTargetTest Change-Id: Ia4f2ee0013b330561df744e0595f298a0d156122
2020-04-24Fix IC vts bugs and add tests for IC IWritableIdentityCredential.aidl interface.Selene Huang
Fixed following bugs in WritableIdentityCredential.cpp - Do not allow startPersonalization to be called more than once per aidl. - Do not preceed with beginAddEntry if addAccessControlProfile and startPersonalization profile count mismatch. - Verify access control profile ids are unique. - Do not let empty name space to mess up beginAddEntry. - Do not allow beginAddEntry to add entries interleaving namespace groupings. Enforce all entries must be added in namespace "groups" per aidl. - Fix counting error that allowed one entries to be added per name space than startPersonalization limit. - Do not approve finishAddingEntries if there are more profiles or entries to be added than startPersonalization set accounting. - Add testing utilities library for identity credential. - Refactored end to end tests. Test: atest VtsHalIdentityTargetTest Test: atest android.security.identity.cts Change-Id: I51902681776c6230e49589fc75a8145e79d7d1a6
2020-03-24use vector<uint8_t> for byte[] in AIDLJooyung Han
In native world, byte stream is typically represented in uint8_t[] or vector<uint8_t>. C++ backend already generates that way. This change involves NDK backend. Now NDK backend also uses vector<uint8_t> just like C++ backend. Bug: 144957764 Test: atest CtsNdkBinderTestCases Merged-In: I8de348b57cf92dd99b3ee16252f56300ce5f4683 Change-Id: I8de348b57cf92dd99b3ee16252f56300ce5f4683 (cherry picked from commit 9070318462e5e73acf1509cf7e75ac260e51e43a) Exempt-From-Owner-Approval: cp from internal
2020-02-21Add attestation certificate generation and identity credential tags.Selene Huang
Bug: 149908474 Test: atest android.security.identity.cts.AttestationTest Test: atest VtsHalIdentityCredentialTargetTest Test: atest android.hardware.identity-support-lib-test Change-Id: I18c5d05d806d4157c9dce42a398cc89421e26907
2020-02-14Port IdentityCredential HAL to AIDL.David Zeuthen
This includes add a partial types-only HAL for KeyMaster for HardwareAuthToken. Bug: 111446262 Test: atest android.security.identity.cts Test: VtsHalIdentityTargetTest Test: android.hardware.identity-support-lib-test Change-Id: I7a6254d33200bfd62269aed1957cbb2a84b16272
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 19:05:51 +0000