Commit graph

73 commits

Author SHA1 Message Date
David Zeuthen
a7bdc9559a Update Identity Credential HAL docs.
This change contains no actual syntactical or semantic changes, just
clarifications on the inputs and outputs.

Test: N/A
Bug: 151082886
Merged-In: I794b8d0360c1eda37b4dbe757d7a7fadcbdda7bc
Change-Id: I5ad596ec0fa4dac7473d8fd435f538dbb5529846
2020-04-21 16:49:40 -04:00
David Zeuthen
c428692e82 Update Identity Credential HAL docs.
This change contains no actual syntactical or semantic changes, just
clarifications on the inputs and outputs.

Test: N/A
Bug: 151082886

Change-Id: I794b8d0360c1eda37b4dbe757d7a7fadcbdda7bc
2020-04-14 15:14:48 -04:00
Jeongik Cha
a73d6bc97e Freeze vintf aidl interfaces
AIDL interfaces which are vintf-stable have to be frozen in release.
But these interfaces have been never frozen, so freeze them.

- android.hardware.power
- android.hardware.identity
- android.hardware.keymaster
- android.hardware.vibrator
- android.hardware.light
- android.hardware.tests.extension.vibrator

Bug: 153500421
Bug: 153500550
Bug: 153511407
Bug: 153500549
Bug: 153501107
Bug: 153501202
Test: m
Change-Id: I643c25fc695f9d1e874dcceb327d465c49e9cab6
Merged-In: I643c25fc695f9d1e874dcceb327d465c49e9cab6
2020-04-09 08:27:34 +00:00
Treehugger Robot
15664d3f58 Merge "Freeze vintf aidl interfaces" 2020-04-09 07:49:49 +00:00
Jeongik Cha
cfb374895d Freeze vintf aidl interfaces
AIDL interfaces which are vintf-stable have to be frozen in release.
But these interfaces have been never frozen, so freeze them.

- android.hardware.power
- android.hardware.identity
- android.hardware.keymaster
- android.hardware.vibrator
- android.hardware.light
- android.hardware.tests.extension.vibrator

Bug: 153500421
Bug: 153500550
Bug: 153511407
Bug: 153500549
Bug: 153501107
Bug: 153501202
Test: m
Change-Id: I643c25fc695f9d1e874dcceb327d465c49e9cab6
2020-04-08 20:28:40 +09:00
Jiyong Park
d7fcbb00d7 Update the current API dump
All aidl_interface modules should by default considered as stable, in
case it is used across system and vendor partitions, or across modules.
Like other API surfaces, we need to have a dump for the current
(yet-to-be-released) version and update it when there is an API change.
This is done via .

Then the owner of the interface can freeze the current version as a
numbered version via .

This change shal be rejected only when the owner is certain that the
interface is not used across the updatable boundaries.

Bug: 152655547
Test: m
Change-Id: Ia633e3a143b35626c59b2447c38c1710ee270f0c
Merged-In: Ia633e3a143b35626c59b2447c38c1710ee270f0c
2020-04-08 18:27:11 +09:00
Dan Shi
aad51fa000 Rename vts-core to vts
Bug: 151896491
Test: local build
Exempt-From-Owner-Approval: This CL update suite name vts-core to vts as
the suite name is updated. This CL won't change test logic or behavior.

Change-Id: I562b4dc50765e953800a814a8fd84a01c1b9352b
Merged-In: I562b4dc50765e953800a814a8fd84a01c1b9352b
2020-04-07 16:37:40 -07:00
Dan Shi
ba894f81db Rename vts-core to vts
Bug: 151896491
Test: local build
Exempt-From-Owner-Approval: This CL update suite name vts-core to vts as
the suite name is updated. This CL won't change test logic or behavior.

Change-Id: I562b4dc50765e953800a814a8fd84a01c1b9352b
Merged-In: I562b4dc50765e953800a814a8fd84a01c1b9352b
2020-04-07 15:17:02 -07:00
Jiyong Park
cde2dfddc2 Update the current API dump
All aidl_interface modules should by default considered as stable, in
case it is used across system and vendor partitions, or across modules.
Like other API surfaces, we need to have a dump for the current
(yet-to-be-released) version and update it when there is an API change.
This is done via .

Then the owner of the interface can freeze the current version as a
numbered version via .

This change shal be rejected only when the owner is certain that the
interface is not used across the updatable boundaries.

Bug: 152655547
Test: m
Change-Id: Ia633e3a143b35626c59b2447c38c1710ee270f0c
2020-03-30 14:58:46 +09:00
Jooyung Han
17be89b21b use vector<uint8_t> for byte[] in AIDL
In native world, byte stream is typically represented in uint8_t[]
or vector<uint8_t>. C++ backend already generates that way. This
change involves NDK backend.

Now NDK backend also uses vector<uint8_t> just like C++ backend.

Bug: 144957764
Test: atest CtsNdkBinderTestCases
Merged-In: I8de348b57cf92dd99b3ee16252f56300ce5f4683
Change-Id: I8de348b57cf92dd99b3ee16252f56300ce5f4683
(cherry picked from commit 9070318462)

Exempt-From-Owner-Approval: cp from internal
2020-03-24 06:37:11 +00:00
TreeHugger Robot
2cc31a6f4a Merge "Identity: Statically link additional libraries in VtsHalIdentityTargetTest." into rvc-dev 2020-03-10 00:10:39 +00:00
TreeHugger Robot
81e68c71d7 Merge "Identity: Move signingKeyBlob from finishRetrieval() to startRetrieval()." into rvc-dev 2020-03-09 22:07:45 +00:00
David Zeuthen
18be965c7e Identity: Statically link additional libraries in VtsHalIdentityTargetTest.
The problem was that VtsHalIdentityTargetTest was dynamically linking
libraries that (currently) only are pulled in by the default IC HAL
implementaiton. This caused linking problems when copying
VtsHalIdentityTargetTest onto a device a running it.

Fix this by only dynamically linking libbinder and libcrypto.

Bug: 150475275
Test: VtsHalIdentityTargetTest runs on a device without Identity Credential.
Merged-In: I4162cc81ade0373c31c96008f3a2bc95684fd2c2
Change-Id: I7a55a6e602b9902bd725190aa5631644f7639b95
2020-03-09 15:47:01 -04:00
David Zeuthen
b790d97f45 Identity: Move signingKeyBlob from finishRetrieval() to startRetrieval().
The implementation of the Identity Credential TA in constrained
environments may need to incrementally update the HMAC-SHA256 of
DeviceAuthencation CBOR to avoid keeping the entire CBOR structure in
memory. To do this they need to calculate the derived key before
starting to build the CBOR so they need access to the signingKey
earlier on.

Bug: 150390415
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Merged-In: I72ad30ec3ccec0b8161cbea360ef8c9212f8cbbc
Change-Id: I95e28dd46b35bc31dec8d77ee14b5a1b3b5c0391
2020-03-09 15:45:21 -04:00
Selene Huang
ee37ee9252 Add attestation certificate generation and identity credential tags.
Bug: 149908474
Test: atest android.security.identity.cts.AttestationTest
Test: atest VtsHalIdentityCredentialTargetTest
Test: atest android.hardware.identity-support-lib-test
Merged-In: I18c5d05d806d4157c9dce42a398cc89421e26907
Change-Id: Ifaffef3606a6398613e33982ff5db81ade1af0b2
2020-03-09 12:30:11 -04:00
David Zeuthen
27cb4eb4da Identity: Statically link additional libraries in VtsHalIdentityTargetTest.
The problem was that VtsHalIdentityTargetTest was dynamically linking
libraries that (currently) only are pulled in by the default IC HAL
implementaiton. This caused linking problems when copying
VtsHalIdentityTargetTest onto a device a running it.

Fix this by only dynamically linking libbinder and libcrypto.

Bug: 150475275
Test: VtsHalIdentityTargetTest runs on a device without Identity Credential.
Change-Id: I4162cc81ade0373c31c96008f3a2bc95684fd2c2
2020-03-02 10:29:08 -05:00
David Zeuthen
e35797ffca Identity: Move signingKeyBlob from finishRetrieval() to startRetrieval().
The implementation of the Identity Credential TA in constrained
environments may need to incrementally update the HMAC-SHA256 of
DeviceAuthencation CBOR to avoid keeping the entire CBOR structure in
memory. To do this they need to calculate the derived key before
starting to build the CBOR so they need access to the signingKey
earlier on.

Bug: 150390415
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Change-Id: I72ad30ec3ccec0b8161cbea360ef8c9212f8cbbc
2020-02-27 14:31:57 -05:00
Selene Huang
459cb80866 Add attestation certificate generation and identity credential tags.
Bug: 149908474
Test: atest android.security.identity.cts.AttestationTest
Test: atest VtsHalIdentityCredentialTargetTest
Test: atest android.hardware.identity-support-lib-test

Change-Id: I18c5d05d806d4157c9dce42a398cc89421e26907
2020-02-21 16:02:26 -08:00
David Zeuthen
81603155a9 Port IdentityCredential HAL to AIDL.
This includes add a partial types-only HAL for KeyMaster for
HardwareAuthToken.

Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I7a6254d33200bfd62269aed1957cbb2a84b16272
2020-02-14 13:48:55 -05:00
Treehugger Robot
7175150e3f Merge "Identity Credential: Require passing applicationId when generating attestation." 2020-02-04 21:31:31 +00:00
David Zeuthen
87cb07bd08 Identity Credential: Require passing applicationId when generating attestation.
Since the attestation format includes the applicationId, we need this
to be passed from credstore. Also clarify other requirements about
what needs to be in the attestation data.

Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityCredentialTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I623849bd61e55752a573002dc7a97c6658d94c91
2020-01-31 17:42:07 -05:00
Steven Moreland
29b7493eed identity: regenerate makefiles
These were old, and some things are no longer needed.

Bug: N/A
Test: N/A
Change-Id: I0d5f7bb55f574fa8eb32a4696cfee882fbf0b5e0
2020-01-21 18:32:19 -08:00
David Zeuthen
c75ac31ec9 Add Identity Credential HAL, default implementation, and VTS tests.
IIdentityCredentialStore provides an interface to a secure store for
user identity documents.  This HAL is deliberately fairly general and
abstract.  To the extent possible, specification of the message
formats and semantics of communication with credential verification
devices and issuing authorities (IAs) is out of scope for this HAL.

It provides the interface with secure storage but a
credential-specific Android application will be required to implement
the presentation and verification protocols and processes appropriate
for the specific credential type.

Bug: 111446262
Test: VtsHalIdentityCredentialTargetTest
Test: android.hardware.identity-support-lib-test
Test: CtsIdentityTestCases
Change-Id: I64eb50114d645dd475012ad1b889d2177aaf1d37
2020-01-15 09:36:12 -05:00