identity: Specify that challenges can be up to 32 bytes in length.

Bug: 216177025 Test: atest CtsIdentityTestCases Change-Id: I507ab6b9ecd095ec53caaf859b236a8fdc7bfce9
author: David Zeuthen <zeuthen@google.com> 2022-01-24 17:29:43 -0500
committer: David Zeuthen <zeuthen@google.com> 2022-01-31 10:11:45 -0500
commit: fbb1cca01a1140d0fee312e0055cca0dbf32229d (patch)
tree: 3c3ff83d34a2935c04da942846c3cc74d8007c87
parent: 3789826e684f246d8ca4d600994c06009dd6c8d3 (diff)
2 files changed, 6 insertions, 3 deletions
diff --git a/identity/java/android/security/identity/IdentityCredential.java b/identity/java/android/security/identity/IdentityCredential.java
index cdf746fc9900..f440b693a5b3 100644
--- a/identity/java/android/security/identity/IdentityCredential.java
+++ b/identity/java/android/security/identity/IdentityCredential.java
@@ -454,7 +454,8 @@ public abstract class IdentityCredential {
      * @param challenge is a non-empty byte array whose contents should be unique, fresh and
      *                  provided by the issuing authority. The value provided is embedded in the
      *                  generated CBOR and enables the issuing authority to verify that the
-     *                  returned proof is fresh.
+     *                  returned proof is fresh. Implementations are required to support
+     *                  challenges at least 32 bytes of length.
      * @return the COSE_Sign1 data structure above
      */
     public @NonNull byte[] proveOwnership(@NonNull byte[] challenge)  {
@@ -485,7 +486,8 @@ public abstract class IdentityCredential {
      * @param challenge is a non-empty byte array whose contents should be unique, fresh and
      *                  provided by the issuing authority. The value provided is embedded in the
      *                  generated CBOR and enables the issuing authority to verify that the
-     *                  returned proof is fresh.
+     *                  returned proof is fresh. Implementations are required to support
+     *                  challenges at least 32 bytes of length.
      * @return the COSE_Sign1 data structure above
      */
     public @NonNull byte[] delete(@NonNull byte[] challenge)  {
diff --git a/identity/java/android/security/identity/WritableIdentityCredential.java b/identity/java/android/security/identity/WritableIdentityCredential.java
index 305d0ead0652..6d569648f2c6 100644
--- a/identity/java/android/security/identity/WritableIdentityCredential.java
+++ b/identity/java/android/security/identity/WritableIdentityCredential.java
@@ -59,7 +59,8 @@ public abstract class WritableIdentityCredential {
      * @param challenge is a non-empty byte array whose contents should be unique, fresh and
      *                  provided by the issuing authority. The value provided is embedded in the
      *                  attestation extension and enables the issuing authority to verify that the
-     *                  attestation certificate is fresh.
+     *                  attestation certificate is fresh. Implementations are required to support
+     *                  challenges at least 32 bytes of length.
      * @return the X.509 certificate for this credential's CredentialKey.
      */
     public abstract @NonNull Collection<X509Certificate> getCredentialKeyCertificateChain(
author	David Zeuthen <zeuthen@google.com>	2022-01-24 17:29:43 -0500
committer	David Zeuthen <zeuthen@google.com>	2022-01-31 10:11:45 -0500
commit	fbb1cca01a1140d0fee312e0055cca0dbf32229d (patch)
tree	3c3ff83d34a2935c04da942846c3cc74d8007c87
parent	3789826e684f246d8ca4d600994c06009dd6c8d3 (diff)