This adds a new method which allows applications to use mdoc ECDSA
authentication instead of mdoc MAC authentication. Additionally, also
relax requirements on SessionTranscript so the APIs can be used even
when mdoc session encryption isn't being used.
Also add new VTS test to check for this.
Since this is new API, bump API version to 5 and the Identity
Credential feature version to 202301.
Bug: 241912421
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: I4085a89be0382c10f5449e13c6a92a46c74c225d
V5 was a temporary version, to handle mismatched import versions,
but now that the temporary version (and differences) are removed,
it's causing an error.
Bug: 259146177
Change-Id: I0595c4e414701918a6f51128bbbb596633330c4c
Test: N/A
Android 14 VSR requires Identity Credential at feature version 202301
or later. This adds a test which verifies this.
Also bump the feature version of the default implementation to 202301.
Bug: 249767070
Test: atest IdentityCredentialImplementedTest
Change-Id: Ifdbaba764e457ceb84fe6347c9992608ed4ba651
Import versions are changed, but the build system
doesn't currently have a way to recognize this.
Adding an extra bug enum for now, to be reverted,
until the build support lands.
Bug: 231903487
Bug: 254774724
Test: N/A
Change-Id: I3d0231e9d69cf95a028e47b7a9fe557910f6b45a
Imported interfaces are versioned, i.e. bumping an interface version
necessiates bumping the version of importing interfaces.
Keystore and Identity import KM. We are uprevving KM, so all three need
to be bumped at the same time.
Test: m
Change-Id: I46b253e72f2f245bd628ed2ae1f2f4e0572827e7
In the reference implementation of the identity function, there are two places where the memory requested in the openssl algorithm is not released. This memory should be freed.
Test: Vts/Cts
Bug: 242927524
Change-Id: I88ffba39cb6ec887f395122e4670bf9f1a2d8e12
Some are still in VNDK because they are used in other VNDK libs.
Ignore-AOSP-First: some libs are still in internal master only.
Bug: 234181591
Test: m
Merged-In: If999df9c78a20df931177da11742b1c5de19bc08
Change-Id: If999df9c78a20df931177da11742b1c5de19bc08
(cherry picked from commit 5527adfd7f)
* Timed out runs do not show any warning messages.
* These test files cannot finish clang-tidy runs with
the following settings:
TIDY_TIMEOUT=90
WITH_TIDY=1
CLANG_ANALYZER_CHECKS=1
* When TIDY_TIMEOUT is set, in Android continuous builds,
tidy_timeout_srcs files will not be compiled by clang-tidy.
When developers build locally without TIDY_TIMEOUT,
tidy_timeout_srcs files will be compiled.
* Some of these test modules may be split into smaller ones,
or disable some time consuming checks, and then
enable clang-tidy to run within limited time.
Bug: 201099167
Test: make droid tidy-hardware-interfaces_subset
Change-Id: I1de28f1572fff368f67eab512fffec9f2e5c2a9b
Android 13 will be API level 32, not API level 31.
Bug: None
Test: atest IdentityCredentialImplementedTest
Change-Id: I1102970895b9a0fdf9ec7178b42d33c66bfe7616
Chipsets launching with Android 13 must support Identity Credential at
feature version 202201 or later. Verify this.
Bug: 217197568
Test: atest IdentityCredentialImplementedTest
Change-Id: Icddb2c63571a4a69213bd9796ba78f5b384f7d5d
Revert "Add dependency on keymint cpp lib"
Revert "Allow default identity service to call keymint"
Revert submission 1956689-add rkp to identity-default
Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint
Change-Id: I36a012ca72d7b214bde813fd3a1c08a99101f607
Revert "Add dependency on keymint cpp lib"
Revert "Allow default identity service to call keymint"
Revert submission 1956689-add rkp to identity-default
Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint
Change-Id: I051e97b4b7ec8c060b46de42092c049f12379ea5
Revert "Add dependency on keymint cpp lib"
Revert "Allow default identity service to call keymint"
Revert submission 1956689-add rkp to identity-default
Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint
Change-Id: I0bbce79b86e1bbbc2526288072289478744d7613
Revert "Add dependency on keymint cpp lib"
Revert "Allow default identity service to call keymint"
Revert submission 1956689-add rkp to identity-default
Reason for revert: Broke git-master. Will resubmit later.
Reverted Changes:
I96dcf3027:Add remote key provisioning to the IC HAL
Id686ac33a:Add dependency on keymint cpp lib
Ib368a2a00:Log to logd in the default identity service
I7d2906de0:Refactor IC support for RKP
Iae0f14f1c:Fix formatting of identity credential aidl
I01d086a4b:Allow default identity service to call keymint
Change-Id: I76a898c04090c5befe5fb5a5d07ec2e397fdd8b3
The IIdentityCredentialStore can now advertise the correct
IRemotelyProvisionedComponent that is used for getting remotely
provisioned attestation keys.
IWritableIdentityCredential has a new method so it can accept remotely
provisioned keys.
Update the VTS tests to check the new RKP functionality.
Support RKP in the default identity cred service
Test: VtsHalIdentityTargetTest
Bug: 194696876
Change-Id: I96dcf3027e0f21790c35900ddf8cc0953bd3b1ca
Remote key provisioning means that attestation keys and certs are
passed in, and not pulled directly from the factory-provisioned data.
In anticipation of RKP support, parameterize/refactor some existing
functions so that we can pass keys to them. Also new extern functions
for generating an RKP-attested key as well as keypair/cert for testing.
Test: VtsHalIdentityTargetTest
Bug: 194696876
Change-Id: I7d2906de04835906682455952ebe238c3fa57321
This allows us to see logs in logcat for the default service.
Test: VtsHalIdentityTargetTest
Bug: 194696876
Change-Id: Ib368a2a0021f72b457fc5e4717e34bb696dfb0fb
Fix formatting errors to keep file in compliance with the aidl style.
This allows the aidl to pass the presubmit hook.
Test: n/a
Change-Id: Iae0f14f1c0662c862d658b38465467f7f8e036ec
This new IPresentationSession interface enables an application to do a
multi-document presentation, something which isn't possible with the
existing API. As a practical example of this consider presenting both
your Mobile Driving License and your Vaccination Certificate in a single
transaction.
Bug: 197965513
Test: New CTS tests and new screen in CtsVerifier
Change-Id: I11712dca35df7f1224debf454731bc17ea9bfb37
1. Add input parameter buffer size for CBOR data encoding
because Nugget OS protobuf buffer is not null terminated.
2. Modify some libeic APIs to align with NoS libeic.
Bug: 198403263
Test: atest VtsHalIdentityTargetTest
atest android.security.identity.cts
Change-Id: I9bc3689da2571c0925972f33b7314cbaaad0e28d