Commit graph

131 commits

Author SHA1 Message Date
David Zeuthen
719920700e identity: VTS: allow for multiple interpretations of AuthKey validity.
Bug: 271948315
Test: atest VtsHalIdentityTargetTest
Change-Id: Iedb9caad933b0df2b190915f5cc7177e507f15b5
2023-03-13 11:32:01 -04:00
David Zeuthen
ecb4a83214 identity: Clarify validity period for auth keys.
The AIDL said "one year in the future (365 days)" which is not a
constant amount of time given that leap years and leap seconds may
exist. Change this to be a constant amount of seconds instead.

Bug: 271948315
Test: atest VtsHalIdentityTargetTest
Change-Id: I324a809900feb898d2343e02066f2fb237a46e86
2023-03-07 11:52:33 -05:00
Vikram Gaur
dc34dfe8ed Merge "Remove obsolete libcppbor code from identity module" 2022-12-19 15:57:25 +00:00
David Zeuthen
f3e0600395 identity: Add support for ECDSA auth and don't require session encryption.
This adds a new method which allows applications to use mdoc ECDSA
authentication instead of mdoc MAC authentication. Additionally, also
relax requirements on SessionTranscript so the APIs can be used even
when mdoc session encryption isn't being used.

Also add new VTS test to check for this.

Since this is new API, bump API version to 5 and the Identity
Credential feature version to 202301.

Bug: 241912421
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: I4085a89be0382c10f5449e13c6a92a46c74c225d
2022-12-09 02:57:09 -05:00
Chih-Hung Hsieh
494ef7f133 Fix array-parameter warning
Bug: 241941550
Test: presubmit
Change-Id: I03ede7721fbbe027598e0491b405faee8029fadc
2022-11-17 18:41:21 +00:00
Steven Moreland
48b194d550 switch identity back to V4
V5 was a temporary version, to handle mismatched import versions,
but now that the temporary version (and differences) are removed,
it's causing an error.

Bug: 259146177
Change-Id: I0595c4e414701918a6f51128bbbb596633330c4c
Test: N/A
2022-11-14 23:47:46 +00:00
Seth Moore
41e97f0bbf Update the RKP aidl dependency
Bug: 254112961
Test: vts_treble_vintf_vendor_test
Merged-In: I86f864003e38224936375930891abb38f7d55d3d
Change-Id: I86f864003e38224936375930891abb38f7d55d3d
2022-11-10 01:57:10 +00:00
Steven Moreland
9624940b40 Merge "Revert "identity - temp interface change"" 2022-11-03 20:38:46 +00:00
Steven Moreland
737ec297f4 Revert "identity - temp interface change"
This reverts commit d3cedfe83d.

Reason for revert: we have 'frozen bool' support now

Change-Id: Ie7e90b1e7d6501561ea042785d77ab77072e2577
2022-11-03 01:44:43 +00:00
Steven Moreland
7b75d4bd66 Merge "identity - temp interface change" 2022-10-27 00:53:00 +00:00
David Zeuthen
078acde569 identity: Add VTS test to check that Identity Credential is implemented.
Android 14 VSR requires Identity Credential at feature version 202301
or later. This adds a test which verifies this.

Also bump the feature version of the default implementation to 202301.

Bug: 249767070
Test: atest IdentityCredentialImplementedTest
Change-Id: Ifdbaba764e457ceb84fe6347c9992608ed4ba651
2022-10-26 13:05:25 -04:00
Steven Moreland
d3cedfe83d identity - temp interface change
Import versions are changed, but the build system
doesn't currently have a way to recognize this.

Adding an extra bug enum for now, to be reverted,
until the build support lands.

Bug: 231903487
Bug: 254774724
Test: N/A
Change-Id: I3d0231e9d69cf95a028e47b7a9fe557910f6b45a
2022-10-25 23:21:10 +00:00
Steven Moreland
6ff0294d51 identity explicit keymint version
Bug: 254774724
Change-Id: I11022ab9e20b3626c0a8fc24cb8cbd73426228a9
Test: finalization using ABTD - see bug
2022-10-21 17:15:32 +00:00
Tri Vo
f48a2a7bbf Bump Identity and KM AIDL API versions
Imported interfaces are versioned, i.e. bumping an interface version
necessiates bumping the version of importing interfaces.

Keystore and Identity import KM. We are uprevving KM, so all three need
to be bumped at the same time.

Test: m
Change-Id: I46b253e72f2f245bd628ed2ae1f2f4e0572827e7
2022-10-17 15:04:59 -07:00
Vikram Gaur
45f4105753 Remove obsolete libcppbor code from identity module
Change-Id: I618efbf072000ea250c14ec94ddd16550baa7b01
Test: TH
2022-09-20 12:30:50 +00:00
Tri Vo
680cb1d665 Use latest Identity and KM AIDL API
Test: m
Change-Id: I9ea60203d0d0794372898724805b6b1c15f63d59
2022-09-06 17:49:43 -07:00
Tri Vo
25df1037d1 Add defaults for current Identity AIDL API version
This makes it easier to bump the version of this interface.

Test: m
Change-Id: If0d4e405ae2f11da2e540800766ef9ed9b399663
2022-09-06 17:46:04 -07:00
Liening.Liu
1aa1cf155e Release the memory allocated in the algorithm to prevent memory leaks
In the reference implementation of the identity function, there are two places where the memory requested in the openssl algorithm is not released. This memory should be freed.

Test: Vts/Cts

Bug: 242927524
Change-Id: I88ffba39cb6ec887f395122e4670bf9f1a2d8e12
2022-08-18 02:38:04 +00:00
Jooyung Han
c0b24f4f13 Remove AIDL-libs from VNDK
Some are still in VNDK because they are used in other VNDK libs.

Ignore-AOSP-First: some libs are still in internal master only.

Bug: 234181591
Test: m
Merged-In: If999df9c78a20df931177da11742b1c5de19bc08
Change-Id: If999df9c78a20df931177da11742b1c5de19bc08
(cherry picked from commit 5527adfd7f)
2022-06-14 14:08:59 +09:00
Joseph Jang
6373a79d67 identity: Add AndroidTest.xml to customize tradefed test config am: a3e3ab14cc am: f798d90f14
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2107792

Change-Id: Ifc7b5bdab49ce96e1600e958047d4949ab32f60e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-27 17:11:01 +00:00
Joseph Jang
a3e3ab14cc identity: Add AndroidTest.xml to customize tradefed test config
Bug: 228806698
Change-Id: I8cc5ce1ad138fab751847725026f49c963c47a6d
2022-05-27 06:32:22 +00:00
David Zeuthen
47b3ba591d identity: Remove test to check if Identity Credential is implemented. am: 52a6780b93 am: ce10d3f01c
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2097510

Change-Id: Iaf67936f5b6937bf373cc019a30d22f04615e26b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-18 02:49:35 +00:00
David Zeuthen
52a6780b93 identity: Remove test to check if Identity Credential is implemented.
This requirement has been punted to Android 14.

Bug: 217197568
Test: N/A
Change-Id: I93f6db2a32a6bf093c1af53e0ae2f4a8a49aca53
2022-05-17 16:48:24 -04:00
Joseph Jang
5bab43de51 identity: Add require_root to allow tradefed system auto run am: 7f923b326b am: 1b63aa66f4 am: 2acdc0c5f0
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2067311

Change-Id: I7d056bff01c7161777366e52a698d2521ad1c98b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 14:31:39 +00:00
Joseph Jang
7f923b326b identity: Add require_root to allow tradefed system auto run
Bug: 228806698
Change-Id: I50fa7d70b4fb327a4b77f43e1c88810e104a4a26
2022-04-20 06:02:10 +00:00
Jiyong Park
3c4b1725fa V3 is the latest version of keymaster HAL interface
Bug: 225941299
Test: m
Change-Id: I653ab8fd188228439128a75a58363da211e4b79f
2022-03-31 12:01:43 +09:00
Jiyong Park
703e97920e Freeze AIDL APIs for TM
Bug: 225941299
Test: m
Change-Id: Ie41cc0797710f813f92c65c387f247c7806d8394
2022-03-31 12:01:39 +09:00
Joseph Jang
a66f64d05d Merge "Export extractDerSubjectFromCertificate() utility API for oem Hal usage" 2022-02-25 07:27:06 +00:00
Joseph Jang
5341ebba50 Export extractDerSubjectFromCertificate() utility API for oem Hal usage
mDL oem Hal may need X509 utility API to extract subject name from certificate.

Bug: 218613398
Change-Id: I6316dfb3f1c50394af2d3d35c95d616bd6a2106b
2022-02-23 07:39:03 +00:00
Chih-Hung Hsieh
ad1bf31b78 Add timed out test files to tidy_timeout_srcs
* Timed out runs do not show any warning messages.
* These test files cannot finish clang-tidy runs with
  the following settings:
    TIDY_TIMEOUT=90
    WITH_TIDY=1
    CLANG_ANALYZER_CHECKS=1
* When TIDY_TIMEOUT is set, in Android continuous builds,
  tidy_timeout_srcs files will not be compiled by clang-tidy.
  When developers build locally without TIDY_TIMEOUT,
  tidy_timeout_srcs files will be compiled.
* Some of these test modules may be split into smaller ones,
  or disable some time consuming checks, and then
  enable clang-tidy to run within limited time.

Bug: 201099167
Test: make droid tidy-hardware-interfaces_subset
Change-Id: I1de28f1572fff368f67eab512fffec9f2e5c2a9b
2022-02-18 17:25:41 -08:00
Chih-Hung Hsieh
4f4d365aa5 Fix cert-dcl16-c warnings
Bug: 120614316
Test: make tidy-hardware-interfaces_subset
Change-Id: I6bbeddb9990e4771155ec7d49a68f0e161789030
2022-02-09 15:38:45 -08:00
David Zeuthen
3ba59bc5cc identity: Fix API level used for Android 13.
Android 13 will be API level 32, not API level 31.

Bug: None
Test: atest IdentityCredentialImplementedTest
Change-Id: I1102970895b9a0fdf9ec7178b42d33c66bfe7616
2022-02-02 10:34:31 -05:00
Treehugger Robot
3ca6856eab Merge "identity: Add VTS test to check that Identity Credential is implemented." 2022-02-01 20:14:17 +00:00
David Zeuthen
9699aa5aad identity: Add VTS test to check that Identity Credential is implemented.
Chipsets launching with Android 13 must support Identity Credential at
feature version 202201 or later. Verify this.

Bug: 217197568
Test: atest IdentityCredentialImplementedTest
Change-Id: Icddb2c63571a4a69213bd9796ba78f5b384f7d5d
2022-02-01 13:04:37 -05:00
David Zeuthen
834f32215f identity: Add tests to check that implementations support 32 bytes for challenges.
Also update AIDL docs for this.

Bug: 216177025
Test: atest VtsHalIdentityTargetTest
Change-Id: I45cd0cc54f7e9f0d1f9c61d0649f7b7e7f6297a3
2022-01-31 11:53:43 -05:00
Seth Moore
1bf823ce75 Revert^2 "Add remote key provisioning to the IC HAL"
be32113307

Change-Id: I55ddbddd0bc317f1f077a63b0275c4d55fd9c76f
2022-01-25 23:04:37 +00:00
Seth Moore
ff3df54c39 Revert^2 "Refactor IC support for RKP"
201e6abbd0

Change-Id: I52171d7d5253b415cdcdfcf09061629e9a20ee1a
2022-01-25 23:04:37 +00:00
Seth Moore
3fc3c4cc63 Revert^2 "Log to logd in the default identity service"
5502a1fa35

Change-Id: Iee5fb393555195be682982161ecb716ff28fa3a9
2022-01-25 23:04:37 +00:00
Seth Moore
801695e626 Revert^2 "Fix formatting of identity credential aidl"
78063761fa

Change-Id: Ib0264d155482a06e078123eaea4712c67c61e161
2022-01-25 23:04:37 +00:00
Seth Moore
78063761fa Revert "Fix formatting of identity credential aidl"
Revert "Add dependency on keymint cpp lib"

Revert "Allow default identity service to call keymint"

Revert submission 1956689-add rkp to identity-default

Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint

Change-Id: I36a012ca72d7b214bde813fd3a1c08a99101f607
2022-01-25 22:44:24 +00:00
Seth Moore
5502a1fa35 Revert "Log to logd in the default identity service"
Revert "Add dependency on keymint cpp lib"

Revert "Allow default identity service to call keymint"

Revert submission 1956689-add rkp to identity-default

Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint

Change-Id: I051e97b4b7ec8c060b46de42092c049f12379ea5
2022-01-25 22:44:24 +00:00
Seth Moore
201e6abbd0 Revert "Refactor IC support for RKP"
Revert "Add dependency on keymint cpp lib"

Revert "Allow default identity service to call keymint"

Revert submission 1956689-add rkp to identity-default

Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint

Change-Id: I0bbce79b86e1bbbc2526288072289478744d7613
2022-01-25 22:44:24 +00:00
Seth Moore
be32113307 Revert "Add remote key provisioning to the IC HAL"
Revert "Add dependency on keymint cpp lib"

Revert "Allow default identity service to call keymint"

Revert submission 1956689-add rkp to identity-default

Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint

Change-Id: I76a898c04090c5befe5fb5a5d07ec2e397fdd8b3
2022-01-25 22:44:24 +00:00
Seth Moore
b5b69f0e00 Add remote key provisioning to the IC HAL
The IIdentityCredentialStore can now advertise the correct
IRemotelyProvisionedComponent that is used for getting remotely
provisioned attestation keys.

IWritableIdentityCredential has a new method so it can accept remotely
provisioned keys.

Update the VTS tests to check the new RKP functionality.

Support RKP in the default identity cred service

Test: VtsHalIdentityTargetTest
Bug: 194696876
Change-Id: I96dcf3027e0f21790c35900ddf8cc0953bd3b1ca
2022-01-24 16:19:21 -08:00
Seth Moore
3200496e75 Refactor IC support for RKP
Remote key provisioning means that attestation keys and certs are
passed in, and not pulled directly from the factory-provisioned data.

In anticipation of RKP support, parameterize/refactor some existing
functions so that we can pass keys to them. Also new extern functions
for generating an RKP-attested key as well as keypair/cert for testing.

Test: VtsHalIdentityTargetTest
Bug: 194696876
Change-Id: I7d2906de04835906682455952ebe238c3fa57321
2022-01-24 16:19:21 -08:00
Seth Moore
51efd9e0e4 Log to logd in the default identity service
This allows us to see logs in logcat for the default service.

Test: VtsHalIdentityTargetTest
Bug: 194696876
Change-Id: Ib368a2a0021f72b457fc5e4717e34bb696dfb0fb
2022-01-24 16:19:21 -08:00
Seth Moore
3b9abd3b9a Fix formatting of identity credential aidl
Fix formatting errors to keep file in compliance with the aidl style.
This allows the aidl to pass the presubmit hook.

Test: n/a
Change-Id: Iae0f14f1c0662c862d658b38465467f7f8e036ec
2022-01-24 16:19:21 -08:00
David Zeuthen
1eb12b2972 identity: Add multi-document presentation support.
This new IPresentationSession interface enables an application to do a
multi-document presentation, something which isn't possible with the
existing API. As a practical example of this consider presenting both
your Mobile Driving License and your Vaccination Certificate in a single
transaction.

Bug: 197965513
Test: New CTS tests and new screen in CtsVerifier
Change-Id: I11712dca35df7f1224debf454731bc17ea9bfb37
2022-01-10 15:12:33 -05:00
Steven Moreland
ffb03995e6 CHECK -> CHECK_EQ copy pasta
Hey did I start this? We can take a little bit better errors. :)

Bug: N/A
Test: N/A
Change-Id: I0e96f7f49dae9968904333da9b8269694058c11c
2021-12-14 01:45:47 +00:00
Treehugger Robot
0ccb375b7d Merge "identity: Make NoS libeic and AOSP libeic align" am: c9cb222b2c
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1816779

Change-Id: Ic5cf6fc84862a7f795ec2d084260bbfffa6f81c8
2021-09-07 13:10:02 +00:00