tequilaOS/platform_system_security
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
7659 commits 1 branch 0 tags 12 MiB
Commit graph

9 commits

Author SHA1 Message Date
Tri Vo
1054237787 identity: Replace RemotelyProvisionedKey with librkp_support 
Test: m credstore
Change-Id: I0049d5ba59936943336c7a531d1b022d4d64e4a6
 2023-03-09 16:09:23 -08:00
Tri Vo
190a43b979 identity: Remove IRemotelyProvisionedKeyPool usage 
Test: m credstore
Change-Id: I5aa0a389083b28cb51dbd47297403b955104b8a6
 2023-03-03 15:26:16 -08:00
Tri Vo
71e8cc1107 identity: Fix RKPD usage 
Fixes:
- Revert to pre-RKPD behavior of getting an attestation key each time
  a credential is created.
- Revert to pre-RKPD behavior of falling back to factory key.
- Check RKPD feature flag each time before calling into RKPD.
- Correct service name used to call into RKPD.
- Add another thread to handle async responses from RKPD.
- Switch to new RKPD build flag "remote_provisioning.enable_rkpd".

Bug: 261214100
Test: CtsIdentityTestCases
Change-Id: Idc11abb3c0e46de1a77609969e8539e9e96549d5
 2023-01-25 20:42:07 +00:00
Tri Vo
3ab6f05ef6 identity: Migrate to RKPD for attestation keys 
Bug: 261214100
Test: TBD
Change-Id: I760ba8c23be0889e7d01ac6c1513eba348ff96b2
 2022-12-20 13:51:14 +00:00
Seth Moore
81db37894b Add support for RKP to credstore 
Call out to keystore and request remotely provisioned attestation keys.
This reduces our dependence on factory-provisioned attestation keys.

Test: CtsIdentityTestCases
Bug: 194696876
Change-Id: Ief07750ef6b2a465060c64207063568b9a51af68
 2022-02-02 16:17:05 -08:00
David Zeuthen
045a2c87e0 identity: Add multi-document presentation support. 
Also fix a bug so the same AuthKey is used for several getEntries()
calls on a credential. This matches the behavior in the Jetpack.

Bug: 197965513
Test: New CTS tests and new screen in CtsVerifier
Change-Id: I344f44b5655f0977ee650b518ce669e3c8a7b47a
 2022-01-10 17:38:04 -05:00
David Zeuthen
472e6c8e18 Credstore changes for Android 12 
- Add Credential.proveOwership()
- Add Credential.deleteWithChallenge()
- Add Credential.updateCredential()
- Add Credential.storeStaticAuthenticationDataWithExpirationDate()
  - Store this on disk. For entries stored without this parameter
    assume they never expire.
- Add allowUsingExpiredKeys to Credential.selectAuthKey() and
  Credential.getEntries()
  - Unless set to true, never select an expired key
- Introduce ERROR_NOT_SUPPORTED and return this if HAL does not
  support operation

Bug: 170146643
Test: atest android.security.identity.cts
Change-Id: Ic5dafc6498c9c59b82942def9d348d974f008589
 2021-01-22 18:37:03 -05:00
David Zeuthen
a6f9fba382 Port credstore to IdentityCredential AIDL. 
Bug: 111446262
Test: atest android.security.identity.cts
Test: VtsHalIdentityTargetTest
Test: android.hardware.identity-support-lib-test
Change-Id: I338b35f57f2bb7345c3f8f0c608c7a6213a0dc6b
 2020-02-14 13:41:52 -05:00
David Zeuthen
ab3e565511 Add credstore system daemon. 
The credstore system daemon is sitting below the Identity Credential
Framework APIs and on top of the Identity Credential HALs. Its main
job is to store credential data and provide a way for applications to
communicate with the secure hardware abstracted by the HAL.

This daemon runs as an unprivileged user, credstore.

The auth-tokens needed by credstore are supplied by keystore and this
CL includes the requisite changes to keystore for this to work.

Bug: 111446262
Test: CTS tests for Framework APIs
Change-Id: Ieb4d59852a143482436a1c418c25ed96e25c0047
 2020-01-16 13:05:48 -05:00