59102f388f5eea04504506cdd14535cb51c665be - android_system_security

commit	59102f388f5eea04504506cdd14535cb51c665be	[log] [tgz]
author	David Zeuthen <zeuthen@google.com>	Fri May 08 10:58:09 2020 -0400
committer	David Zeuthen <zeuthen@google.com>	Fri May 08 11:30:49 2020 -0400
tree	9e5c10cbf3015c0d83188bdfa4ada79f7841b7d5
parent	de087d874662c1b1d2fb657e0b474b58c4890016 [diff]

keystore: Pass verification token to credstore along with requested auth token.

This is needed because the Secure Areas backing the Identity
Credential HAL may exist in a different environment from where the
auth token is minted. In this case, the Secure Area needs a
verification token to make sense of the timestamp in the auth token.

Getting a verification token is an asynchronous operation so change
the binder method used by credstore to be asynchronous as well.

Bug: 156076333
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Change-Id: Id6cb6812a31d968069b7d72bd2b39b512d38d241

identity/Credential.cpp[diff]
identity/main.cpp[diff]
keystore/Android.bp[diff]
keystore/binder/android/security/keystore/ICredstoreTokenCallback.aidl[Added - diff]
keystore/binder/android/security/keystore/IKeystoreService.aidl[diff]
keystore/key_store_service.cpp[diff]
keystore/key_store_service.h[diff]
keystore/tests/Android.bp[diff]
keystore/tests/verification_token_seralization_test.cpp[Added - diff]

9 files changed

tree: 9e5c10cbf3015c0d83188bdfa4ada79f7841b7d5

fsverity_init/
identity/
keystore/
keystore-engine/
.clang-format
Android.bp
METADATA
MODULE_LICENSE_APACHE2
NOTICE
OWNERS
PREUPLOAD.cfg