ef7395127f
These updates are based on input/experiences implementing this HAL. There are no API changes. - Specify that the validity for credentialKey certificate shall be from current time and expire at the same time as the attestation batch certificate. - Require challenge passed to getAttestationCertificate() is non-empty. - Fix bug in VTS tests where the startPersonlization() result was not checked. - Remove verifyStartPersonalizationZero test since it cannot be completed. - Ensure secureUserId is non-zero if user authentication is needed. - Specify format for signingKeyBlob in generateSigningKeyPair() same way we do for credentialData in finishAddingEntries(). - Modify EndToEndTest to decrypt/unpack credentialData to obtain credentialPrivKey and storageKey and do cross-checks on these. - Modify EndToEndTest to decrypt/unpack signingKeyBlob to obtain signingKeyPriv and check it matches the public key in the returned certificate. - Add new VTS tests for user and reader authentication. - Relax unnecessary requirements about SessionTranscript structure - just require it has X and Y of the ephemeral key created earlier. - Allow calls in VTS tests to v2 HAL to fail - this should allow these VTS tests to pass on a compliant v1 HAL. Bug: 156911917 Bug: 158107945 Test: atest VtsHalIdentityTargetTest Test: atest android.security.identity.cts Change-Id: I11b79dbd57b1830609c70301fea9c99f9e5080cb |
||
|---|---|---|
| .. | ||
| include | ||
| src | ||
| tests | ||
| Android.bp | ||