Loading identity/java/android/security/identity/IdentityCredential.java +8 −19 Original line number Diff line number Diff line Loading @@ -167,25 +167,14 @@ public abstract class IdentityCredential { * IntentToRetain = bool * </pre> * * <p>If the {@code sessionTranscript} parameter is not {@code null}, it must contain CBOR * data conforming to the following CDDL schema: * * <pre> * SessionTranscript = [ * DeviceEngagementBytes, * EReaderKeyBytes * ] * * DeviceEngagementBytes = #6.24(bstr .cbor DeviceEngagement) ; Bytes of DeviceEngagement * EReaderKeyBytes = #6.24(bstr .cbor EReaderKey.Pub) ; Bytes of EReaderKey.pub * * EReaderKey.Pub = COSE_Key ; Ephemeral public key provided by reader * </pre> * * <p>where a {@code COSE_Key} structure for the public part of the key-pair previously * generated by {@link #createEphemeralKeyPair()} must appear somewhere in * {@code DeviceEngagement} and the X and Y coordinates must both be present * in uncompressed form. * <p>If the {@code sessionTranscript} parameter is not {@code null}, the X and Y coordinates * of the public part of the key-pair previously generated by {@link #createEphemeralKeyPair()} * must appear somewhere in the bytes of the CBOR. Each of these coordinates must appear * encoded with the most significant bits first and use the exact amount of bits indicated by * the key size of the ephemeral keys. For example, if the ephemeral key is using the P-256 * curve then the 32 bytes for the X coordinate encoded with the most significant bits first * must appear somewhere in {@code sessionTranscript} and ditto for the 32 bytes for the Y * coordinate. * * <p>If {@code readerAuth} is not {@code null} it must be the bytes of a {@code COSE_Sign1} * structure as defined in RFC 8152. For the payload nil shall be used and the Loading identity/java/android/security/identity/WritableIdentityCredential.java +4 −4 Original line number Diff line number Diff line Loading @@ -56,10 +56,10 @@ public abstract class WritableIdentityCredential { * authority doesn't care about the nature of the security hardware. If called, however, this * method must be called before {@link #personalize(PersonalizationData)}. * * @param challenge is a byte array whose contents should be unique, fresh and provided by * the issuing authority. The value provided is embedded in the attestation * extension and enables the issuing authority to verify that the attestation * certificate is fresh. * @param challenge is a non-empty byte array whose contents should be unique, fresh and * provided by the issuing authority. The value provided is embedded in the * attestation extension and enables the issuing authority to verify that the * attestation certificate is fresh. * @return the X.509 certificate for this credential's CredentialKey. */ public abstract @NonNull Collection<X509Certificate> getCredentialKeyCertificateChain( Loading Loading
identity/java/android/security/identity/IdentityCredential.java +8 −19 Original line number Diff line number Diff line Loading @@ -167,25 +167,14 @@ public abstract class IdentityCredential { * IntentToRetain = bool * </pre> * * <p>If the {@code sessionTranscript} parameter is not {@code null}, it must contain CBOR * data conforming to the following CDDL schema: * * <pre> * SessionTranscript = [ * DeviceEngagementBytes, * EReaderKeyBytes * ] * * DeviceEngagementBytes = #6.24(bstr .cbor DeviceEngagement) ; Bytes of DeviceEngagement * EReaderKeyBytes = #6.24(bstr .cbor EReaderKey.Pub) ; Bytes of EReaderKey.pub * * EReaderKey.Pub = COSE_Key ; Ephemeral public key provided by reader * </pre> * * <p>where a {@code COSE_Key} structure for the public part of the key-pair previously * generated by {@link #createEphemeralKeyPair()} must appear somewhere in * {@code DeviceEngagement} and the X and Y coordinates must both be present * in uncompressed form. * <p>If the {@code sessionTranscript} parameter is not {@code null}, the X and Y coordinates * of the public part of the key-pair previously generated by {@link #createEphemeralKeyPair()} * must appear somewhere in the bytes of the CBOR. Each of these coordinates must appear * encoded with the most significant bits first and use the exact amount of bits indicated by * the key size of the ephemeral keys. For example, if the ephemeral key is using the P-256 * curve then the 32 bytes for the X coordinate encoded with the most significant bits first * must appear somewhere in {@code sessionTranscript} and ditto for the 32 bytes for the Y * coordinate. * * <p>If {@code readerAuth} is not {@code null} it must be the bytes of a {@code COSE_Sign1} * structure as defined in RFC 8152. For the payload nil shall be used and the Loading
identity/java/android/security/identity/WritableIdentityCredential.java +4 −4 Original line number Diff line number Diff line Loading @@ -56,10 +56,10 @@ public abstract class WritableIdentityCredential { * authority doesn't care about the nature of the security hardware. If called, however, this * method must be called before {@link #personalize(PersonalizationData)}. * * @param challenge is a byte array whose contents should be unique, fresh and provided by * the issuing authority. The value provided is embedded in the attestation * extension and enables the issuing authority to verify that the attestation * certificate is fresh. * @param challenge is a non-empty byte array whose contents should be unique, fresh and * provided by the issuing authority. The value provided is embedded in the * attestation extension and enables the issuing authority to verify that the * attestation certificate is fresh. * @return the X.509 certificate for this credential's CredentialKey. */ public abstract @NonNull Collection<X509Certificate> getCredentialKeyCertificateChain( Loading
