Project-1CE/hardware_interfaces - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2022-01-25	Revert^2 "Add remote key provisioning to the IC HAL"	Seth Moore
	be32113307d67f54e594e5322f85b65e4e2c4fdb Change-Id: I55ddbddd0bc317f1f077a63b0275c4d55fd9c76f
2022-01-25	Revert "Add remote key provisioning to the IC HAL"	Seth Moore
	Revert "Add dependency on keymint cpp lib" Revert "Allow default identity service to call keymint" Revert submission 1956689-add rkp to identity-default Reason for revert: Broke git-master. Will resubmit later. Reverted Changes: I96dcf3027:Add remote key provisioning to the IC HAL Id686ac33a:Add dependency on keymint cpp lib Ib368a2a00:Log to logd in the default identity service I7d2906de0:Refactor IC support for RKP Iae0f14f1c:Fix formatting of identity credential aidl I01d086a4b:Allow default identity service to call keymint Change-Id: I76a898c04090c5befe5fb5a5d07ec2e397fdd8b3
2022-01-24	Add remote key provisioning to the IC HAL	Seth Moore
	The IIdentityCredentialStore can now advertise the correct IRemotelyProvisionedComponent that is used for getting remotely provisioned attestation keys. IWritableIdentityCredential has a new method so it can accept remotely provisioned keys. Update the VTS tests to check the new RKP functionality. Support RKP in the default identity cred service Test: VtsHalIdentityTargetTest Bug: 194696876 Change-Id: I96dcf3027e0f21790c35900ddf8cc0953bd3b1ca
2022-01-10	identity: Add multi-document presentation support.	David Zeuthen
	This new IPresentationSession interface enables an application to do a multi-document presentation, something which isn't possible with the existing API. As a practical example of this consider presenting both your Mobile Driving License and your Vaccination Certificate in a single transaction. Bug: 197965513 Test: New CTS tests and new screen in CtsVerifier Change-Id: I11712dca35df7f1224debf454731bc17ea9bfb37
2021-09-06	identity: Make NoS libeic and AOSP libeic align	Joseph Jang
	1. Add input parameter buffer size for CBOR data encoding because Nugget OS protobuf buffer is not null terminated. 2. Modify some libeic APIs to align with NoS libeic. Bug: 198403263 Test: atest VtsHalIdentityTargetTest atest android.security.identity.cts Change-Id: I9bc3689da2571c0925972f33b7314cbaaad0e28d
2021-06-21	identity: fix access control checks in libeic.	David Zeuthen
	Also add a new libeic_test binary which has a regression test for this vulnerability. Bug: 190757775 Test: atest libeic_test Test: atest VtsHalIdentityTargetTest Test: atest CtsIdentityTestCases Merged-In: I8344655c59930d6bf1baa4e0f8d0f60e4fc9e48d Change-Id: I8344655c59930d6bf1baa4e0f8d0f60e4fc9e48d
2021-05-12	identity: fix CBOR 8-byte integer encoding	Andrew Scull
	8-byte intergers are identified by the additional information having the value 27. Test: atest VtsHalIdentityTargetTest Change-Id: I986162c4966275d7589d99c08c7323445e1f9e80
2021-03-04	identity: Check freshness of verification token in TA.	David Zeuthen
	A problem where credstore didn't always use the TA-generated challenge in the verification token was fixed in aosp/1619825. With this bug-fix we can now reliably check that the passed-in verification token is always fresh. Bug: 181893400 Test: atest android.security.identity.cts on emulator Test: atest VtsHalIdentityTargetTest Change-Id: Iffdf026475da6321764561972aae27a82ab94530
2021-01-23	Identity Credential changes for Android 12	David Zeuthen
	- Add IIdentityCredential.deleteCredentialWithChallenge() - Deprecate IIdentityCredential.deleteCredential() - Add IIdentityCredential.proveOwership() - Add IIdentityCredential.updateCredential() - Add ProofOfBinding CBOR to AuthenticationKey X.509 certificate - Document which API versions new methods/features appeared in. - Mention need to declare android.hardware.identity_credential system feature (w/ feature version number) and do this for the default implementation. Bug: 170146643 Test: atest VtsHalIdentityTargetTest Change-Id: Ib47c7caa5f3d6fff6919f019eee44a735dba9cf8
2021-01-05	Identity Credential: Switch default implementation to use libeic.	David Zeuthen
	Introduce platform-neutral C library ("libeic") which can be used to implement an Identity Credential Trusted Application/Applet in Secure Hardware. The libeic library is intentionally low-level, has no dependencies (not even libc), uses very little run-time memory (less than 500 bytes during a provisioning or presentation session), and doesn't dynamically allocate any memory. Crypto routines are provided by the library user through a simple crypto interface defined in EicOps. Also provide an Android-side HAL implementation designed to communicate with libeic running in Secure Hardware outside Android. Abstract out communications between HAL and TA in a couple of SecureHardwareProxy* classes which mimic libeic 1:1. The default implementation of the HAL is a combination of the aforementioned HAL using libeic in-process backed by BoringSSL for the crypto bits. Test: atest VtsHalIdentityTargetTest Test: atest android.security.identity.cts Bug: 170146643 Change-Id: I3bf43fa7fd9362f94023052591801f2094a04607