summaryrefslogtreecommitdiff
path: root/identity/aidl/default/libeic
Commit message (Collapse)AuthorAgeFilesLines
* identity: fix access control checks in libeic.David Zeuthen2021-06-142-0/+12
| | | | | | | | | | | Also add a new libeic_test binary which has a regression test for this vulnerability. Bug: 190757775 Test: atest libeic_test Test: atest VtsHalIdentityTargetTest Test: atest CtsIdentityTestCases Change-Id: I8344655c59930d6bf1baa4e0f8d0f60e4fc9e48d
* identity: fix CBOR 8-byte integer encodingAndrew Scull2021-05-121-1/+1
| | | | | | | | 8-byte intergers are identified by the additional information having the value 27. Test: atest VtsHalIdentityTargetTest Change-Id: I986162c4966275d7589d99c08c7323445e1f9e80
* identity: Check freshness of verification token in TA.David Zeuthen2021-03-041-11/+14
| | | | | | | | | | | | A problem where credstore didn't always use the TA-generated challenge in the verification token was fixed in aosp/1619825. With this bug-fix we can now reliably check that the passed-in verification token is always fresh. Bug: 181893400 Test: atest android.security.identity.cts on emulator Test: atest VtsHalIdentityTargetTest Change-Id: Iffdf026475da6321764561972aae27a82ab94530
* Identity Credential changes for Android 12David Zeuthen2021-01-237-24/+288
| | | | | | | | | | | | | | | | - Add IIdentityCredential.deleteCredentialWithChallenge() - Deprecate IIdentityCredential.deleteCredential() - Add IIdentityCredential.proveOwership() - Add IIdentityCredential.updateCredential() - Add ProofOfBinding CBOR to AuthenticationKey X.509 certificate - Document which API versions new methods/features appeared in. - Mention need to declare android.hardware.identity_credential system feature (w/ feature version number) and do this for the default implementation. Bug: 170146643 Test: atest VtsHalIdentityTargetTest Change-Id: Ib47c7caa5f3d6fff6919f019eee44a735dba9cf8
* Identity Credential: Switch default implementation to use libeic.David Zeuthen2021-01-058-0/+2100
Introduce platform-neutral C library ("libeic") which can be used to implement an Identity Credential Trusted Application/Applet in Secure Hardware. The libeic library is intentionally low-level, has no dependencies (not even libc), uses very little run-time memory (less than 500 bytes during a provisioning or presentation session), and doesn't dynamically allocate any memory. Crypto routines are provided by the library user through a simple crypto interface defined in EicOps. Also provide an Android-side HAL implementation designed to communicate with libeic running in Secure Hardware outside Android. Abstract out communications between HAL and TA in a couple of SecureHardwareProxy* classes which mimic libeic 1:1. The default implementation of the HAL is a combination of the aforementioned HAL using libeic in-process backed by BoringSSL for the crypto bits. Test: atest VtsHalIdentityTargetTest Test: atest android.security.identity.cts Bug: 170146643 Change-Id: I3bf43fa7fd9362f94023052591801f2094a04607
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-21 07:15:05 +0000