Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fbb1cca0 authored by David Zeuthen's avatar David Zeuthen
Browse files

identity: Specify that challenges can be up to 32 bytes in length. 

Bug: 216177025
Test: atest CtsIdentityTestCases
Change-Id: I507ab6b9ecd095ec53caaf859b236a8fdc7bfce9
parent 3789826e

identity/java/android/security/identity/IdentityCredential.java

+4 −2
Original line number Diff line number Diff line
@@ -454,7 +454,8 @@ public abstract class IdentityCredential { 
     * @param challenge is a non-empty byte array whose contents should be unique, fresh and

     *                  provided by the issuing authority. The value provided is embedded in the

     *                  generated CBOR and enables the issuing authority to verify that the

     *                  returned proof is fresh.

     *                  returned proof is fresh. Implementations are required to support

     *                  challenges at least 32 bytes of length.

     * @return the COSE_Sign1 data structure above

     */

    public @NonNull byte[] proveOwnership(@NonNull byte[] challenge)  {
@@ -485,7 +486,8 @@ public abstract class IdentityCredential { 
     * @param challenge is a non-empty byte array whose contents should be unique, fresh and

     *                  provided by the issuing authority. The value provided is embedded in the

     *                  generated CBOR and enables the issuing authority to verify that the

     *                  returned proof is fresh.

     *                  returned proof is fresh. Implementations are required to support

     *                  challenges at least 32 bytes of length.

     * @return the COSE_Sign1 data structure above

     */

    public @NonNull byte[] delete(@NonNull byte[] challenge)  {

identity/java/android/security/identity/WritableIdentityCredential.java

+2 −1
Original line number Diff line number Diff line
@@ -59,7 +59,8 @@ public abstract class WritableIdentityCredential { 
     * @param challenge is a non-empty byte array whose contents should be unique, fresh and

     *                  provided by the issuing authority. The value provided is embedded in the

     *                  attestation extension and enables the issuing authority to verify that the

     *                  attestation certificate is fresh.

     *                  attestation certificate is fresh. Implementations are required to support

     *                  challenges at least 32 bytes of length.

     * @return the X.509 certificate for this credential's CredentialKey.

     */

    public abstract @NonNull Collection<X509Certificate> getCredentialKeyCertificateChain(