diff options
author | David Zeuthen <zeuthen@google.com> | 2021-09-11 13:52:17 -0400 |
---|---|---|
committer | David Zeuthen <zeuthen@google.com> | 2022-01-10 17:38:04 -0500 |
commit | 045a2c87e0f4450efb7c0c34125b2f06684b4f2d (patch) | |
tree | 9aee00ef7c8f7c6c75c6dc353ec5226a8143c34c /identity/binder | |
parent | edeefe007974927be5c12a6fe7120789ac11de8b (diff) | |
download | security-045a2c87e0f4450efb7c0c34125b2f06684b4f2d.tar.gz |
identity: Add multi-document presentation support.
Also fix a bug so the same AuthKey is used for several getEntries()
calls on a credential. This matches the behavior in the Jetpack.
Bug: 197965513
Test: New CTS tests and new screen in CtsVerifier
Change-Id: I344f44b5655f0977ee650b518ce669e3c8a7b47a
Diffstat (limited to 'identity/binder')
3 files changed, 42 insertions, 2 deletions
diff --git a/identity/binder/android/security/identity/ICredential.aidl b/identity/binder/android/security/identity/ICredential.aidl index 2165810f..e6a9fae0 100644 --- a/identity/binder/android/security/identity/ICredential.aidl +++ b/identity/binder/android/security/identity/ICredential.aidl @@ -49,14 +49,16 @@ interface ICredential { byte[] getCredentialKeyCertificateChain(); long selectAuthKey(in boolean allowUsingExhaustedKeys, - in boolean allowUsingExpiredKeys); + in boolean allowUsingExpiredKeys, + in boolean incrementUsageCount); GetEntriesResultParcel getEntries(in byte[] requestMessage, in RequestNamespaceParcel[] requestNamespaces, in byte[] sessionTranscript, in byte[] readerSignature, in boolean allowUsingExhaustedKeys, - in boolean allowUsingExpiredKeys); + in boolean allowUsingExpiredKeys, + in boolean incrementUsageCount); void setAvailableAuthenticationKeys(in int keyCount, in int maxUsesPerKey); diff --git a/identity/binder/android/security/identity/ICredentialStore.aidl b/identity/binder/android/security/identity/ICredentialStore.aidl index 8357f47b..39b5e5f6 100644 --- a/identity/binder/android/security/identity/ICredentialStore.aidl +++ b/identity/binder/android/security/identity/ICredentialStore.aidl @@ -19,6 +19,7 @@ package android.security.identity; import android.security.identity.IWritableCredential; import android.security.identity.ICredential; import android.security.identity.SecurityHardwareInfoParcel; +import android.security.identity.ISession; /** * @hide @@ -45,6 +46,9 @@ interface ICredentialStore { IWritableCredential createCredential(in @utf8InCpp String credentialName, in @utf8InCpp String docType); + ICredential getCredentialByName(in @utf8InCpp String credentialName, in int cipherSuite); + + ISession createPresentationSession(in int cipherSuite); } diff --git a/identity/binder/android/security/identity/ISession.aidl b/identity/binder/android/security/identity/ISession.aidl new file mode 100644 index 00000000..2139ec1c --- /dev/null +++ b/identity/binder/android/security/identity/ISession.aidl @@ -0,0 +1,34 @@ +/* + * Copyright (c) 2019, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package android.security.identity; + +import android.security.identity.ICredential; + +/** + * @hide + */ +interface ISession { + byte[] getEphemeralKeyPair(); + + long getAuthChallenge(); + + void setReaderEphemeralPublicKey(in byte[] publicKey); + + void setSessionTranscript(in byte[] sessionTranscript); + + ICredential getCredentialForPresentation(in @utf8InCpp String credentialName); +} |