Commit graph

91 commits

Author SHA1 Message Date
Treehugger Robot
e21691aafe Merge "identity: Set testMode to false for RKP." am: 087b29d75a am: 8ff617bdd0 am: 6c1c507c6b
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2603749

Change-Id: Id00e38234b267d7a8cb5ba02d31626ecfe71b51d
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-25 00:52:17 +00:00
David Zeuthen
50001471e5 identity: Set testMode to false for RKP.
Bug: 283196184
Test: atest VtsHalIdentityTargetTest
Change-Id: Iabe0f4cf14d96aa2cf48fac4709640495e4c522a
2023-05-24 17:13:29 -04:00
Joseph Jang
117492ea4d Merge "Add support testMode=false since KM RPC version 3" am: 7283acfd9b am: 8e9eaa9665 am: f469fc93bc
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2584691

Change-Id: Ie34b8bf7f2f63bfdd4084a4beff3cc3098d6fb3e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2023-05-15 04:42:42 +00:00
Joseph Jang
5c15cfc8ec Add support testMode=false since KM RPC version 3
Bug: 281661155
Change-Id: Ie727c327c10c6c48d72f9dc9689560f75e3d0131
2023-05-11 08:30:01 +00:00
Alex Buynytskyy
ec1198d941 UpsideDownCake is now 34
Ignore-AOSP-First: UpsideDownCake Finalization
Bug: 275409981
Test: build
Change-Id: I832ab7a8b5445ba85e27bbcf5be64906bfa0e5be
2023-04-07 23:41:20 +00:00
David Zeuthen
4285aa8a5e identity: Remove IdentityCredentialImplementedTest.
Android 14 VSR no longer requires Identity Credential at feature
version 202301 or later. Remove the test which was added to verify
this.

Test: m
Bug: 249767070
Change-Id: Id767e7b9ee97a30741899afcec6895f57993642e
2023-03-28 17:22:33 -04:00
Steven Moreland
8010fcdc17 remove unused vts-core-tradefed harness
Bug: 272210842 # this test is already failing
Bug: 274790216
Test: build
Change-Id: I0c3474d7dc175c49b1a29412106e3db9417ccfa3
2023-03-22 23:01:10 +00:00
David Zeuthen
719920700e identity: VTS: allow for multiple interpretations of AuthKey validity.
Bug: 271948315
Test: atest VtsHalIdentityTargetTest
Change-Id: Iedb9caad933b0df2b190915f5cc7177e507f15b5
2023-03-13 11:32:01 -04:00
David Zeuthen
ecb4a83214 identity: Clarify validity period for auth keys.
The AIDL said "one year in the future (365 days)" which is not a
constant amount of time given that leap years and leap seconds may
exist. Change this to be a constant amount of seconds instead.

Bug: 271948315
Test: atest VtsHalIdentityTargetTest
Change-Id: I324a809900feb898d2343e02066f2fb237a46e86
2023-03-07 11:52:33 -05:00
David Zeuthen
f3e0600395 identity: Add support for ECDSA auth and don't require session encryption.
This adds a new method which allows applications to use mdoc ECDSA
authentication instead of mdoc MAC authentication. Additionally, also
relax requirements on SessionTranscript so the APIs can be used even
when mdoc session encryption isn't being used.

Also add new VTS test to check for this.

Since this is new API, bump API version to 5 and the Identity
Credential feature version to 202301.

Bug: 241912421
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: I4085a89be0382c10f5449e13c6a92a46c74c225d
2022-12-09 02:57:09 -05:00
Chih-Hung Hsieh
494ef7f133 Fix array-parameter warning
Bug: 241941550
Test: presubmit
Change-Id: I03ede7721fbbe027598e0491b405faee8029fadc
2022-11-17 18:41:21 +00:00
Steven Moreland
48b194d550 switch identity back to V4
V5 was a temporary version, to handle mismatched import versions,
but now that the temporary version (and differences) are removed,
it's causing an error.

Bug: 259146177
Change-Id: I0595c4e414701918a6f51128bbbb596633330c4c
Test: N/A
2022-11-14 23:47:46 +00:00
Seth Moore
41e97f0bbf Update the RKP aidl dependency
Bug: 254112961
Test: vts_treble_vintf_vendor_test
Merged-In: I86f864003e38224936375930891abb38f7d55d3d
Change-Id: I86f864003e38224936375930891abb38f7d55d3d
2022-11-10 01:57:10 +00:00
Steven Moreland
9624940b40 Merge "Revert "identity - temp interface change"" 2022-11-03 20:38:46 +00:00
Steven Moreland
737ec297f4 Revert "identity - temp interface change"
This reverts commit d3cedfe83d.

Reason for revert: we have 'frozen bool' support now

Change-Id: Ie7e90b1e7d6501561ea042785d77ab77072e2577
2022-11-03 01:44:43 +00:00
Steven Moreland
7b75d4bd66 Merge "identity - temp interface change" 2022-10-27 00:53:00 +00:00
David Zeuthen
078acde569 identity: Add VTS test to check that Identity Credential is implemented.
Android 14 VSR requires Identity Credential at feature version 202301
or later. This adds a test which verifies this.

Also bump the feature version of the default implementation to 202301.

Bug: 249767070
Test: atest IdentityCredentialImplementedTest
Change-Id: Ifdbaba764e457ceb84fe6347c9992608ed4ba651
2022-10-26 13:05:25 -04:00
Steven Moreland
d3cedfe83d identity - temp interface change
Import versions are changed, but the build system
doesn't currently have a way to recognize this.

Adding an extra bug enum for now, to be reverted,
until the build support lands.

Bug: 231903487
Bug: 254774724
Test: N/A
Change-Id: I3d0231e9d69cf95a028e47b7a9fe557910f6b45a
2022-10-25 23:21:10 +00:00
Steven Moreland
6ff0294d51 identity explicit keymint version
Bug: 254774724
Change-Id: I11022ab9e20b3626c0a8fc24cb8cbd73426228a9
Test: finalization using ABTD - see bug
2022-10-21 17:15:32 +00:00
Tri Vo
f48a2a7bbf Bump Identity and KM AIDL API versions
Imported interfaces are versioned, i.e. bumping an interface version
necessiates bumping the version of importing interfaces.

Keystore and Identity import KM. We are uprevving KM, so all three need
to be bumped at the same time.

Test: m
Change-Id: I46b253e72f2f245bd628ed2ae1f2f4e0572827e7
2022-10-17 15:04:59 -07:00
Tri Vo
680cb1d665 Use latest Identity and KM AIDL API
Test: m
Change-Id: I9ea60203d0d0794372898724805b6b1c15f63d59
2022-09-06 17:49:43 -07:00
Tri Vo
25df1037d1 Add defaults for current Identity AIDL API version
This makes it easier to bump the version of this interface.

Test: m
Change-Id: If0d4e405ae2f11da2e540800766ef9ed9b399663
2022-09-06 17:46:04 -07:00
Liening.Liu
1aa1cf155e Release the memory allocated in the algorithm to prevent memory leaks
In the reference implementation of the identity function, there are two places where the memory requested in the openssl algorithm is not released. This memory should be freed.

Test: Vts/Cts

Bug: 242927524
Change-Id: I88ffba39cb6ec887f395122e4670bf9f1a2d8e12
2022-08-18 02:38:04 +00:00
Jooyung Han
c0b24f4f13 Remove AIDL-libs from VNDK
Some are still in VNDK because they are used in other VNDK libs.

Ignore-AOSP-First: some libs are still in internal master only.

Bug: 234181591
Test: m
Merged-In: If999df9c78a20df931177da11742b1c5de19bc08
Change-Id: If999df9c78a20df931177da11742b1c5de19bc08
(cherry picked from commit 5527adfd7f)
2022-06-14 14:08:59 +09:00
Joseph Jang
6373a79d67 identity: Add AndroidTest.xml to customize tradefed test config am: a3e3ab14cc am: f798d90f14
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2107792

Change-Id: Ifc7b5bdab49ce96e1600e958047d4949ab32f60e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-27 17:11:01 +00:00
Joseph Jang
a3e3ab14cc identity: Add AndroidTest.xml to customize tradefed test config
Bug: 228806698
Change-Id: I8cc5ce1ad138fab751847725026f49c963c47a6d
2022-05-27 06:32:22 +00:00
David Zeuthen
47b3ba591d identity: Remove test to check if Identity Credential is implemented. am: 52a6780b93 am: ce10d3f01c
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2097510

Change-Id: Iaf67936f5b6937bf373cc019a30d22f04615e26b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-05-18 02:49:35 +00:00
David Zeuthen
52a6780b93 identity: Remove test to check if Identity Credential is implemented.
This requirement has been punted to Android 14.

Bug: 217197568
Test: N/A
Change-Id: I93f6db2a32a6bf093c1af53e0ae2f4a8a49aca53
2022-05-17 16:48:24 -04:00
Joseph Jang
5bab43de51 identity: Add require_root to allow tradefed system auto run am: 7f923b326b am: 1b63aa66f4 am: 2acdc0c5f0
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2067311

Change-Id: I7d056bff01c7161777366e52a698d2521ad1c98b
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-04-20 14:31:39 +00:00
Joseph Jang
7f923b326b identity: Add require_root to allow tradefed system auto run
Bug: 228806698
Change-Id: I50fa7d70b4fb327a4b77f43e1c88810e104a4a26
2022-04-20 06:02:10 +00:00
Jiyong Park
3c4b1725fa V3 is the latest version of keymaster HAL interface
Bug: 225941299
Test: m
Change-Id: I653ab8fd188228439128a75a58363da211e4b79f
2022-03-31 12:01:43 +09:00
Jiyong Park
703e97920e Freeze AIDL APIs for TM
Bug: 225941299
Test: m
Change-Id: Ie41cc0797710f813f92c65c387f247c7806d8394
2022-03-31 12:01:39 +09:00
David Zeuthen
3ba59bc5cc identity: Fix API level used for Android 13.
Android 13 will be API level 32, not API level 31.

Bug: None
Test: atest IdentityCredentialImplementedTest
Change-Id: I1102970895b9a0fdf9ec7178b42d33c66bfe7616
2022-02-02 10:34:31 -05:00
Treehugger Robot
3ca6856eab Merge "identity: Add VTS test to check that Identity Credential is implemented." 2022-02-01 20:14:17 +00:00
David Zeuthen
9699aa5aad identity: Add VTS test to check that Identity Credential is implemented.
Chipsets launching with Android 13 must support Identity Credential at
feature version 202201 or later. Verify this.

Bug: 217197568
Test: atest IdentityCredentialImplementedTest
Change-Id: Icddb2c63571a4a69213bd9796ba78f5b384f7d5d
2022-02-01 13:04:37 -05:00
David Zeuthen
834f32215f identity: Add tests to check that implementations support 32 bytes for challenges.
Also update AIDL docs for this.

Bug: 216177025
Test: atest VtsHalIdentityTargetTest
Change-Id: I45cd0cc54f7e9f0d1f9c61d0649f7b7e7f6297a3
2022-01-31 11:53:43 -05:00
Seth Moore
1bf823ce75 Revert^2 "Add remote key provisioning to the IC HAL"
be32113307

Change-Id: I55ddbddd0bc317f1f077a63b0275c4d55fd9c76f
2022-01-25 23:04:37 +00:00
Seth Moore
3fc3c4cc63 Revert^2 "Log to logd in the default identity service"
5502a1fa35

Change-Id: Iee5fb393555195be682982161ecb716ff28fa3a9
2022-01-25 23:04:37 +00:00
Seth Moore
801695e626 Revert^2 "Fix formatting of identity credential aidl"
78063761fa

Change-Id: Ib0264d155482a06e078123eaea4712c67c61e161
2022-01-25 23:04:37 +00:00
Seth Moore
78063761fa Revert "Fix formatting of identity credential aidl"
Revert "Add dependency on keymint cpp lib"

Revert "Allow default identity service to call keymint"

Revert submission 1956689-add rkp to identity-default

Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint

Change-Id: I36a012ca72d7b214bde813fd3a1c08a99101f607
2022-01-25 22:44:24 +00:00
Seth Moore
5502a1fa35 Revert "Log to logd in the default identity service"
Revert "Add dependency on keymint cpp lib"

Revert "Allow default identity service to call keymint"

Revert submission 1956689-add rkp to identity-default

Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint

Change-Id: I051e97b4b7ec8c060b46de42092c049f12379ea5
2022-01-25 22:44:24 +00:00
Seth Moore
be32113307 Revert "Add remote key provisioning to the IC HAL"
Revert "Add dependency on keymint cpp lib"

Revert "Allow default identity service to call keymint"

Revert submission 1956689-add rkp to identity-default

Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint

Change-Id: I76a898c04090c5befe5fb5a5d07ec2e397fdd8b3
2022-01-25 22:44:24 +00:00
Seth Moore
b5b69f0e00 Add remote key provisioning to the IC HAL
The IIdentityCredentialStore can now advertise the correct
IRemotelyProvisionedComponent that is used for getting remotely
provisioned attestation keys.

IWritableIdentityCredential has a new method so it can accept remotely
provisioned keys.

Update the VTS tests to check the new RKP functionality.

Support RKP in the default identity cred service

Test: VtsHalIdentityTargetTest
Bug: 194696876
Change-Id: I96dcf3027e0f21790c35900ddf8cc0953bd3b1ca
2022-01-24 16:19:21 -08:00
Seth Moore
51efd9e0e4 Log to logd in the default identity service
This allows us to see logs in logcat for the default service.

Test: VtsHalIdentityTargetTest
Bug: 194696876
Change-Id: Ib368a2a0021f72b457fc5e4717e34bb696dfb0fb
2022-01-24 16:19:21 -08:00
Seth Moore
3b9abd3b9a Fix formatting of identity credential aidl
Fix formatting errors to keep file in compliance with the aidl style.
This allows the aidl to pass the presubmit hook.

Test: n/a
Change-Id: Iae0f14f1c0662c862d658b38465467f7f8e036ec
2022-01-24 16:19:21 -08:00
David Zeuthen
1eb12b2972 identity: Add multi-document presentation support.
This new IPresentationSession interface enables an application to do a
multi-document presentation, something which isn't possible with the
existing API. As a practical example of this consider presenting both
your Mobile Driving License and your Vaccination Certificate in a single
transaction.

Bug: 197965513
Test: New CTS tests and new screen in CtsVerifier
Change-Id: I11712dca35df7f1224debf454731bc17ea9bfb37
2022-01-10 15:12:33 -05:00
Steven Moreland
ffb03995e6 CHECK -> CHECK_EQ copy pasta
Hey did I start this? We can take a little bit better errors. :)

Bug: N/A
Test: N/A
Change-Id: I0e96f7f49dae9968904333da9b8269694058c11c
2021-12-14 01:45:47 +00:00
Treehugger Robot
0ccb375b7d Merge "identity: Make NoS libeic and AOSP libeic align" am: c9cb222b2c
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1816779

Change-Id: Ic5cf6fc84862a7f795ec2d084260bbfffa6f81c8
2021-09-07 13:10:02 +00:00
Joseph Jang
dabb3c515f identity: Make NoS libeic and AOSP libeic align
1. Add input parameter buffer size for CBOR data encoding
   because Nugget OS protobuf buffer is not null terminated.
2. Modify some libeic APIs to align with NoS libeic.

Bug: 198403263
Test: atest VtsHalIdentityTargetTest
      atest android.security.identity.cts
Change-Id: I9bc3689da2571c0925972f33b7314cbaaad0e28d
2021-09-06 18:27:08 +08:00
Jiyong Park
48131c0ace Merge "Remove ndk_platform backend. Use the ndk backend." am: 2346a4c6b9 am: 4ef9aa49dc
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1778908

Change-Id: Ib35b7b0ddc0bebd0714d290b1ac2fab8d5a1893e
2021-07-28 12:39:05 +00:00