Skip to content

android,libtailscale: implement key.HardwareAttestationKey #694

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 15, 2025
Merged

android,libtailscale: implement key.HardwareAttestationKey #694

merged 1 commit into from
Sep 15, 2025

Conversation

awly
Copy link
Member

@awly awly commented Aug 29, 2025

Use a KeyStore-backed key to store a hardware-bound private key.

Updates tailscale/tailscale#15830

@awly awly requested a review from patrickod August 29, 2025 22:09
@awly awly force-pushed the awly/hardware-attestation-key branch from 39758eb to 67a2b0b Compare August 29, 2025 22:09
dblohm7
dblohm7 requested changes Sep 2, 2025
View reviewed changes
Copy link
Member

@dblohm7 dblohm7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll defer to @patrickod for the rest, but I do have an ask:

android/src/main/java/com/tailscale/ipn/util/HardwareKeyStore.kt
// HardwareKeyStore implements the callbacks necessary to implement key.HardwareAttestationKey on
// the Go side. It uses KeyStore with a StrongBox processor.
class HardwareKeyStore() {
var keyStoreKeys = HashMap<String, KeyPair>();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we only instantiate this HashMap when the feature is actually available?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ooc is this a memory optimization or a compatibility concern?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made the whole class instantiation conditional in https://github.com/tailscale/tailscale-android/pull/694/files#diff-c4efae6d7bd6aa6cee62e464f666eee2c22556ca45aeb390c46b2eb6580d0dcdR375-R381
(hopefully that's the correct way to do it 😅 )

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@patrickod memory optimization -- in the sense that my rule of thumb for mobile is "don't hang onto resources any longer than you need them"

@awly awly force-pushed the awly/hardware-attestation-key branch from 67a2b0b to 7e8548c Compare September 11, 2025 22:07
@awly
android,libtailscale: implement key.HardwareAttestationKey
a78c07a 
Use a KeyStore-backed key to store a hardware-bound private key.

Updates tailscale/tailscale#15830

Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
@awly awly force-pushed the awly/hardware-attestation-key branch from 7e8548c to a78c07a Compare September 11, 2025 22:12
@awly awly requested a review from dblohm7 September 11, 2025 22:41
@awly awly merged commit 11869b0 into main Sep 15, 2025
4 checks passed
@awly awly deleted the awly/hardware-attestation-key branch September 15, 2025 17:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dblohm7 dblohm7 dblohm7 approved these changes

@patrickod patrickod Awaiting requested review from patrickod

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@awly @patrickod @dblohm7