Loading identity/aidl/android/hardware/identity/IIdentityCredential.aidl +6 −4 Original line number Diff line number Diff line Loading @@ -438,8 +438,9 @@ interface IIdentityCredential { * If the method is called on an instance obtained via IPresentationSession.getCredential(), * STATUS_FAILED must be returned. * * @param challenge a challenge set by the issuer to ensure freshness. Maximum size is 32 bytes * and it may be empty. Fails with STATUS_INVALID_DATA if bigger than 32 bytes. * @param challenge a challenge set by the issuer to ensure freshness. Implementations must * support challenges that are at least 32 bytes. Fails with STATUS_INVALID_DATA if bigger * than 32 bytes. * @return a COSE_Sign1 signature described above. */ byte[] deleteCredentialWithChallenge(in byte[] challenge); Loading @@ -463,8 +464,9 @@ interface IIdentityCredential { * If the method is called on an instance obtained via IPresentationSession.getCredential(), * STATUS_FAILED must be returned. * * @param challenge a challenge set by the issuer to ensure freshness. Maximum size is 32 bytes * and it may be empty. Fails with STATUS_INVALID_DATA if bigger than 32 bytes. * @param challenge a challenge set by the issuer to ensure freshness. Implementations must * support challenges that are at least 32 bytes. Fails with STATUS_INVALID_DATA if bigger * than 32 bytes. * @return a COSE_Sign1 signature described above. */ byte[] proveOwnership(in byte[] challenge); Loading identity/aidl/android/hardware/identity/IWritableIdentityCredential.aidl +2 −1 Original line number Diff line number Diff line Loading @@ -127,7 +127,8 @@ interface IWritableIdentityCredential { * https://developer.android.com/training/articles/security-key-attestation#certificate_schema_attestationid * * @param attestationChallenge a challenge set by the issuer to ensure freshness. If * this is empty, the call fails with STATUS_INVALID_DATA. * this is empty, the call fails with STATUS_INVALID_DATA. Implementations must * support challenges of at least 32 bytes. * * @return the X.509 certificate chain for the credentialKey */ Loading identity/aidl/vts/DeleteCredentialTests.cpp +10 −3 Original line number Diff line number Diff line Loading @@ -146,7 +146,9 @@ TEST_P(DeleteCredentialTests, DeleteWithChallenge) { credentialData_, &credential) .isOk()); vector<uint8_t> challenge = {65, 66, 67}; // Implementations must support at least 32 bytes. string challengeString = "0123456789abcdef0123456789abcdef"; vector<uint8_t> challenge(challengeString.begin(), challengeString.end()); vector<uint8_t> proofOfDeletionSignature; ASSERT_TRUE( credential->deleteCredentialWithChallenge(challenge, &proofOfDeletionSignature).isOk()); Loading @@ -154,7 +156,12 @@ TEST_P(DeleteCredentialTests, DeleteWithChallenge) { support::coseSignGetPayload(proofOfDeletionSignature); ASSERT_TRUE(proofOfDeletion); string cborPretty = cppbor::prettyPrint(proofOfDeletion.value(), 32, {}); EXPECT_EQ("['ProofOfDeletion', 'org.iso.18013-5.2019.mdl', {0x41, 0x42, 0x43}, true, ]", EXPECT_EQ( "['ProofOfDeletion', 'org.iso.18013-5.2019.mdl', {" "0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, " "0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, " "0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, " "0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66}, true, ]", cborPretty); EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfDeletionSignature, {}, // Additional data credentialPubKey_)); Loading identity/aidl/vts/ProveOwnershipTests.cpp +10 −2 Original line number Diff line number Diff line Loading @@ -125,14 +125,22 @@ TEST_P(ProveOwnershipTests, proveOwnership) { credentialData_, &credential) .isOk()); vector<uint8_t> challenge = {17, 18}; // Implementations must support at least 32 bytes. string challengeString = "0123456789abcdef0123456789abcdef"; vector<uint8_t> challenge(challengeString.begin(), challengeString.end()); vector<uint8_t> proofOfOwnershipSignature; ASSERT_TRUE(credential->proveOwnership(challenge, &proofOfOwnershipSignature).isOk()); optional<vector<uint8_t>> proofOfOwnership = support::coseSignGetPayload(proofOfOwnershipSignature); ASSERT_TRUE(proofOfOwnership); string cborPretty = cppbor::prettyPrint(proofOfOwnership.value(), 32, {}); EXPECT_EQ("['ProofOfOwnership', 'org.iso.18013-5.2019.mdl', {0x11, 0x12}, true, ]", cborPretty); EXPECT_EQ( "['ProofOfOwnership', 'org.iso.18013-5.2019.mdl', {" "0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, " "0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, " "0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, " "0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66}, true, ]", cborPretty); EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfOwnershipSignature, {}, // Additional data credentialPubKey_)); } Loading identity/aidl/vts/VtsAttestationTests.cpp +2 −1 Original line number Diff line number Diff line Loading @@ -66,7 +66,8 @@ TEST_P(VtsAttestationTests, verifyAttestationWithNonemptyChallengeNonemptyId) { ASSERT_TRUE(setupWritableCredential(writableCredential, credentialStore_, false /* testCredential */)); string challenge = "NotSoRandomChallenge1NotSoRandomChallenge1NotSoRandomChallenge1"; // Must support at least 32 bytes. string challenge = "0123456789abcdef0123456789abcdef"; vector<uint8_t> attestationChallenge(challenge.begin(), challenge.end()); vector<Certificate> attestationCertificate; string applicationId = "Attestation Verification"; Loading Loading
identity/aidl/android/hardware/identity/IIdentityCredential.aidl +6 −4 Original line number Diff line number Diff line Loading @@ -438,8 +438,9 @@ interface IIdentityCredential { * If the method is called on an instance obtained via IPresentationSession.getCredential(), * STATUS_FAILED must be returned. * * @param challenge a challenge set by the issuer to ensure freshness. Maximum size is 32 bytes * and it may be empty. Fails with STATUS_INVALID_DATA if bigger than 32 bytes. * @param challenge a challenge set by the issuer to ensure freshness. Implementations must * support challenges that are at least 32 bytes. Fails with STATUS_INVALID_DATA if bigger * than 32 bytes. * @return a COSE_Sign1 signature described above. */ byte[] deleteCredentialWithChallenge(in byte[] challenge); Loading @@ -463,8 +464,9 @@ interface IIdentityCredential { * If the method is called on an instance obtained via IPresentationSession.getCredential(), * STATUS_FAILED must be returned. * * @param challenge a challenge set by the issuer to ensure freshness. Maximum size is 32 bytes * and it may be empty. Fails with STATUS_INVALID_DATA if bigger than 32 bytes. * @param challenge a challenge set by the issuer to ensure freshness. Implementations must * support challenges that are at least 32 bytes. Fails with STATUS_INVALID_DATA if bigger * than 32 bytes. * @return a COSE_Sign1 signature described above. */ byte[] proveOwnership(in byte[] challenge); Loading
identity/aidl/android/hardware/identity/IWritableIdentityCredential.aidl +2 −1 Original line number Diff line number Diff line Loading @@ -127,7 +127,8 @@ interface IWritableIdentityCredential { * https://developer.android.com/training/articles/security-key-attestation#certificate_schema_attestationid * * @param attestationChallenge a challenge set by the issuer to ensure freshness. If * this is empty, the call fails with STATUS_INVALID_DATA. * this is empty, the call fails with STATUS_INVALID_DATA. Implementations must * support challenges of at least 32 bytes. * * @return the X.509 certificate chain for the credentialKey */ Loading
identity/aidl/vts/DeleteCredentialTests.cpp +10 −3 Original line number Diff line number Diff line Loading @@ -146,7 +146,9 @@ TEST_P(DeleteCredentialTests, DeleteWithChallenge) { credentialData_, &credential) .isOk()); vector<uint8_t> challenge = {65, 66, 67}; // Implementations must support at least 32 bytes. string challengeString = "0123456789abcdef0123456789abcdef"; vector<uint8_t> challenge(challengeString.begin(), challengeString.end()); vector<uint8_t> proofOfDeletionSignature; ASSERT_TRUE( credential->deleteCredentialWithChallenge(challenge, &proofOfDeletionSignature).isOk()); Loading @@ -154,7 +156,12 @@ TEST_P(DeleteCredentialTests, DeleteWithChallenge) { support::coseSignGetPayload(proofOfDeletionSignature); ASSERT_TRUE(proofOfDeletion); string cborPretty = cppbor::prettyPrint(proofOfDeletion.value(), 32, {}); EXPECT_EQ("['ProofOfDeletion', 'org.iso.18013-5.2019.mdl', {0x41, 0x42, 0x43}, true, ]", EXPECT_EQ( "['ProofOfDeletion', 'org.iso.18013-5.2019.mdl', {" "0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, " "0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, " "0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, " "0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66}, true, ]", cborPretty); EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfDeletionSignature, {}, // Additional data credentialPubKey_)); Loading
identity/aidl/vts/ProveOwnershipTests.cpp +10 −2 Original line number Diff line number Diff line Loading @@ -125,14 +125,22 @@ TEST_P(ProveOwnershipTests, proveOwnership) { credentialData_, &credential) .isOk()); vector<uint8_t> challenge = {17, 18}; // Implementations must support at least 32 bytes. string challengeString = "0123456789abcdef0123456789abcdef"; vector<uint8_t> challenge(challengeString.begin(), challengeString.end()); vector<uint8_t> proofOfOwnershipSignature; ASSERT_TRUE(credential->proveOwnership(challenge, &proofOfOwnershipSignature).isOk()); optional<vector<uint8_t>> proofOfOwnership = support::coseSignGetPayload(proofOfOwnershipSignature); ASSERT_TRUE(proofOfOwnership); string cborPretty = cppbor::prettyPrint(proofOfOwnership.value(), 32, {}); EXPECT_EQ("['ProofOfOwnership', 'org.iso.18013-5.2019.mdl', {0x11, 0x12}, true, ]", cborPretty); EXPECT_EQ( "['ProofOfOwnership', 'org.iso.18013-5.2019.mdl', {" "0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, " "0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, " "0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, " "0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66}, true, ]", cborPretty); EXPECT_TRUE(support::coseCheckEcDsaSignature(proofOfOwnershipSignature, {}, // Additional data credentialPubKey_)); } Loading
identity/aidl/vts/VtsAttestationTests.cpp +2 −1 Original line number Diff line number Diff line Loading @@ -66,7 +66,8 @@ TEST_P(VtsAttestationTests, verifyAttestationWithNonemptyChallengeNonemptyId) { ASSERT_TRUE(setupWritableCredential(writableCredential, credentialStore_, false /* testCredential */)); string challenge = "NotSoRandomChallenge1NotSoRandomChallenge1NotSoRandomChallenge1"; // Must support at least 32 bytes. string challenge = "0123456789abcdef0123456789abcdef"; vector<uint8_t> attestationChallenge(challenge.begin(), challenge.end()); vector<Certificate> attestationCertificate; string applicationId = "Attestation Verification"; Loading
