Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 0bc1f92d authored by Treehugger Robot's avatar Treehugger Robot Committed by Automerger Merge Worker
Browse files

Merge "Identity: Update requirements about SessionTranscript CBOR and... 

Merge "Identity: Update requirements about SessionTranscript CBOR and provisioning challenge." am: 652b2a99 am: 1332fd3a am: 4bc5d31c am: 507b80f7 am: b09aa802

Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/1323356

Change-Id: I5e000e9f25bea562260cb11aa95491ab51aeab9f
parents 1b90fbd6 b09aa802

identity/java/android/security/identity/IdentityCredential.java

+8 −19
Original line number Diff line number Diff line
@@ -167,25 +167,14 @@ public abstract class IdentityCredential { 
     *   IntentToRetain = bool

     * </pre>

     *

     * <p>If the {@code sessionTranscript} parameter is not {@code null}, it must contain CBOR

     * data conforming to the following CDDL schema:

     *

     * <pre>

     *   SessionTranscript = [

     *     DeviceEngagementBytes,

     *     EReaderKeyBytes

     *   ]

     *

     *   DeviceEngagementBytes = #6.24(bstr .cbor DeviceEngagement)  ; Bytes of DeviceEngagement

     *   EReaderKeyBytes = #6.24(bstr .cbor EReaderKey.Pub)  ; Bytes of EReaderKey.pub

     *

     *   EReaderKey.Pub = COSE_Key    ; Ephemeral public key provided by reader

     * </pre>

     *

     * <p>where a {@code COSE_Key} structure for the public part of the key-pair previously

     * generated by {@link #createEphemeralKeyPair()} must appear somewhere in

     * {@code DeviceEngagement} and the X and Y coordinates must both be present

     * in uncompressed form.

     * <p>If the {@code sessionTranscript} parameter is not {@code null}, the X and Y coordinates

     * of the public part of the key-pair previously generated by {@link #createEphemeralKeyPair()}

     * must appear somewhere in the bytes of the CBOR. Each of these coordinates must appear

     * encoded with the most significant bits first and use the exact amount of bits indicated by

     * the key size of the ephemeral keys. For example, if the ephemeral key is using the P-256

     * curve then the 32 bytes for the X coordinate encoded with the most significant bits first

     * must appear somewhere in {@code sessionTranscript} and ditto for the 32 bytes for the Y

     * coordinate.

     *

     * <p>If {@code readerAuth} is not {@code null} it must be the bytes of a {@code COSE_Sign1}

     * structure as defined in RFC 8152. For the payload nil shall be used and the

identity/java/android/security/identity/WritableIdentityCredential.java

+4 −4
Original line number Diff line number Diff line
@@ -56,10 +56,10 @@ public abstract class WritableIdentityCredential { 
     * authority doesn't care about the nature of the security hardware. If called, however, this

     * method must be called before {@link #personalize(PersonalizationData)}.

     *

     * @param challenge is a byte array whose contents should be unique, fresh and provided by

     *                  the issuing authority. The value provided is embedded in the attestation

     *                  extension and enables the issuing authority to verify that the attestation

     *                  certificate is fresh.

     * @param challenge is a non-empty byte array whose contents should be unique, fresh and

     *                  provided by the issuing authority. The value provided is embedded in the

     *                  attestation extension and enables the issuing authority to verify that the

     *                  attestation certificate is fresh.

     * @return the X.509 certificate for this credential's CredentialKey.

     */

    public abstract @NonNull Collection<X509Certificate> getCredentialKeyCertificateChain(