Merge "identity: Add tests to check that implementations support 32 bytes for... (e2475539) · Commits · e / os / android_hardware_interfaces

identity/aidl/android/hardware/identity/IIdentityCredential.aidl

+6 −4

Original line number	Diff line number	Diff line
		@@ -438,8 +438,9 @@ interface IIdentityCredential {
		* If the method is called on an instance obtained via IPresentationSession.getCredential(),
		* STATUS_FAILED must be returned.
		*
		* @param challenge a challenge set by the issuer to ensure freshness. Maximum size is 32 bytes
		* and it may be empty. Fails with STATUS_INVALID_DATA if bigger than 32 bytes.
		* @param challenge a challenge set by the issuer to ensure freshness. Implementations must
		* support challenges that are at least 32 bytes. Fails with STATUS_INVALID_DATA if bigger
		* than 32 bytes.
		* @return a COSE_Sign1 signature described above.
		*/
		byte[] deleteCredentialWithChallenge(in byte[] challenge);
		@@ -463,8 +464,9 @@ interface IIdentityCredential {
		* If the method is called on an instance obtained via IPresentationSession.getCredential(),
		* STATUS_FAILED must be returned.
		*
		* @param challenge a challenge set by the issuer to ensure freshness. Maximum size is 32 bytes
		* and it may be empty. Fails with STATUS_INVALID_DATA if bigger than 32 bytes.
		* @param challenge a challenge set by the issuer to ensure freshness. Implementations must
		* support challenges that are at least 32 bytes. Fails with STATUS_INVALID_DATA if bigger
		* than 32 bytes.
		* @return a COSE_Sign1 signature described above.
		*/
		byte[] proveOwnership(in byte[] challenge);

+2 −1

Original line number	Diff line number	Diff line
		@@ -127,7 +127,8 @@ interface IWritableIdentityCredential {
		* https://developer.android.com/training/articles/security-key-attestation#certificate_schema_attestationid
		*
		* @param attestationChallenge a challenge set by the issuer to ensure freshness. If
		* this is empty, the call fails with STATUS_INVALID_DATA.
		* this is empty, the call fails with STATUS_INVALID_DATA. Implementations must
		* support challenges of at least 32 bytes.
		*
		* @return the X.509 certificate chain for the credentialKey
		*/

+10 −3

Original line number	Diff line number	Diff line
		@@ -146,7 +146,9 @@ TEST_P(DeleteCredentialTests, DeleteWithChallenge) {
		credentialData_, &credential)
		.isOk());

		vector<uint8_t> challenge = {65, 66, 67};
		// Implementations must support at least 32 bytes.
		string challengeString = "0123456789abcdef0123456789abcdef";
		vector<uint8_t> challenge(challengeString.begin(), challengeString.end());
		vector<uint8_t> proofOfDeletionSignature;
		ASSERT_TRUE(
		credential->deleteCredentialWithChallenge(challenge, &proofOfDeletionSignature).isOk());
		@@ -154,7 +156,12 @@ TEST_P(DeleteCredentialTests, DeleteWithChallenge) {
		support::coseSignGetPayload(proofOfDeletionSignature);
		ASSERT_TRUE(proofOfDeletion);
		string cborPretty = cppbor::prettyPrint(proofOfDeletion.value(), 32, {});
		EXPECT_EQ("['ProofOfDeletion', 'org.iso.18013-5.2019.mdl', {0x41, 0x42, 0x43}, true, ]",
		EXPECT_EQ(
		"['ProofOfDeletion', 'org.iso.18013-5.2019.mdl', {"
		"0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, "
		"0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, "
		"0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, "
		"0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66}, true, ]",
		cborPretty);
		EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfDeletionSignature, {}, // Additional data
		credentialPubKey_));

+10 −2

Original line number	Diff line number	Diff line
		@@ -125,14 +125,22 @@ TEST_P(ProveOwnershipTests, proveOwnership) {
		credentialData_, &credential)
		.isOk());

		vector<uint8_t> challenge = {17, 18};
		// Implementations must support at least 32 bytes.
		string challengeString = "0123456789abcdef0123456789abcdef";
		vector<uint8_t> challenge(challengeString.begin(), challengeString.end());
		vector<uint8_t> proofOfOwnershipSignature;
		ASSERT_TRUE(credential->proveOwnership(challenge, &proofOfOwnershipSignature).isOk());
		optional<vector<uint8_t>> proofOfOwnership =
		support::coseSignGetPayload(proofOfOwnershipSignature);
		ASSERT_TRUE(proofOfOwnership);
		string cborPretty = cppbor::prettyPrint(proofOfOwnership.value(), 32, {});
		EXPECT_EQ("['ProofOfOwnership', 'org.iso.18013-5.2019.mdl', {0x11, 0x12}, true, ]", cborPretty);
		EXPECT_EQ(
		"['ProofOfOwnership', 'org.iso.18013-5.2019.mdl', {"
		"0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, "
		"0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, "
		"0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, "
		"0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66}, true, ]",
		cborPretty);
		EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfOwnershipSignature, {}, // Additional data
		credentialPubKey_));
		}

+2 −1

Original line number	Diff line number	Diff line
		@@ -66,7 +66,8 @@ TEST_P(VtsAttestationTests, verifyAttestationWithNonemptyChallengeNonemptyId) {
		ASSERT_TRUE(setupWritableCredential(writableCredential, credentialStore_,
		false /* testCredential */));

		string challenge = "NotSoRandomChallenge1NotSoRandomChallenge1NotSoRandomChallenge1";
		// Must support at least 32 bytes.
		string challenge = "0123456789abcdef0123456789abcdef";
		vector<uint8_t> attestationChallenge(challenge.begin(), challenge.end());
		vector<Certificate> attestationCertificate;
		string applicationId = "Attestation Verification";