diff options
| author | David Zeuthen <zeuthen@google.com> | 2022-10-05 13:21:05 -0400 |
|---|---|---|
| committer | David Zeuthen <zeuthen@google.com> | 2022-12-09 02:57:18 -0500 |
| commit | fdf7f52a1d20e2c1f9bd03e363692f3562d1f287 (patch) | |
| tree | 31c4d404ca141d9f2bb09366e9755a11661781e1 /identity | |
| parent | 670ca4f29dcf767ba2e66718fd1ca36c7f3e6464 (diff) | |
| download | security-fdf7f52a1d20e2c1f9bd03e363692f3562d1f287.tar.gz | |
identity: Add support for ECDSA auth and don't require session encryption.
This change uses new API in Identity Credential HAL version 5 and
later to obtain the mdoc ECDSA authentication signature and pass it to
the framework API.
Bug: 241912421
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: I4bb8ba8c4a46a91791af9e0e48c81894d896a2d0
Diffstat (limited to 'identity')
| -rw-r--r-- | identity/Credential.cpp | 15 | ||||
| -rw-r--r-- | identity/binder/android/security/identity/GetEntriesResultParcel.aidl | 1 |
2 files changed, 13 insertions, 3 deletions
diff --git a/identity/Credential.cpp b/identity/Credential.cpp index c67fe4a3..cbeb5084 100644 --- a/identity/Credential.cpp +++ b/identity/Credential.cpp @@ -554,9 +554,18 @@ Status Credential::getEntries(const vector<uint8_t>& requestMessage, ret.resultNamespaces.push_back(resultNamespaceParcel); } - status = halBinder->finishRetrieval(&ret.mac, &ret.deviceNameSpaces); - if (!status.isOk()) { - return halStatusToGenericError(status); + // API version 5 (feature version 202301) supports both MAC and ECDSA signature. + if (halApiVersion_ >= 5) { + status = halBinder->finishRetrievalWithSignature(&ret.mac, &ret.deviceNameSpaces, + &ret.signature); + if (!status.isOk()) { + return halStatusToGenericError(status); + } + } else { + status = halBinder->finishRetrieval(&ret.mac, &ret.deviceNameSpaces); + if (!status.isOk()) { + return halStatusToGenericError(status); + } } ret.staticAuthenticationData = selectedAuthKeyStaticAuthData_; diff --git a/identity/binder/android/security/identity/GetEntriesResultParcel.aidl b/identity/binder/android/security/identity/GetEntriesResultParcel.aidl index 03b363c9..51281b9e 100644 --- a/identity/binder/android/security/identity/GetEntriesResultParcel.aidl +++ b/identity/binder/android/security/identity/GetEntriesResultParcel.aidl @@ -26,4 +26,5 @@ parcelable GetEntriesResultParcel { byte[] deviceNameSpaces; byte[] mac; byte[] staticAuthenticationData; + byte[] signature; // Added in Android 14 / U } |