Merge "Extend the default implementation of the secure element AIDL interface"
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 342b926..2440977 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -1136,8 +1136,8 @@
* that has been generated using an associate IRemotelyProvisionedComponent.
*/
TEST_P(NewKeyGenerationTest, RsaWithRkpAttestation) {
- if (AidlVersion() < 2) {
- GTEST_SKIP() << "Only required starting with KeyMint v2";
+ if (get_vsr_api_level() < 32 || AidlVersion() < 2) {
+ GTEST_SKIP() << "Only required for VSR 12+ and KeyMint 2+";
}
// There should be an IRemotelyProvisionedComponent instance associated with the KeyMint
@@ -1214,8 +1214,8 @@
* that has been generated using an associate IRemotelyProvisionedComponent.
*/
TEST_P(NewKeyGenerationTest, EcdsaWithRkpAttestation) {
- if (AidlVersion() < 2) {
- GTEST_SKIP() << "Only required starting with KeyMint v2";
+ if (get_vsr_api_level() < 32 || AidlVersion() < 2) {
+ GTEST_SKIP() << "Only required for VSR 12+ and KeyMint 2+";
}
// There should be an IRemotelyProvisionedComponent instance associated with the KeyMint
diff --git a/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl b/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
index 5485db3..c506667 100644
--- a/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
+++ b/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
@@ -115,11 +115,9 @@
interface IRemotelyProvisionedComponent {
const int STATUS_FAILED = 1;
const int STATUS_INVALID_MAC = 2;
- // --------- START: Versions 1 and 2 Only ----------
- const int STATUS_PRODUCTION_KEY_IN_TEST_REQUEST = 3;
+ const int STATUS_PRODUCTION_KEY_IN_TEST_REQUEST = 3; // Versions 1 and 2 Only
const int STATUS_TEST_KEY_IN_PRODUCTION_REQUEST = 4;
- const int STATUS_INVALID_EEK = 5;
- // --------- END: Versions 1 and 2 Only ------------
+ const int STATUS_INVALID_EEK = 5; // Versions 1 and 2 Only
const int STATUS_REMOVED = 6;
/**
@@ -347,8 +345,8 @@
* protected: bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
* unprotected: {},
* payload: bstr .cbor Data / nil,
- * signature: bstr ; PureEd25519(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct<Data>) /
- * ; ECDSA(CDI_Leaf_Priv, bstr .cbor SignedDataSigStruct<Data>)
+ * signature: bstr ; PureEd25519(CDI_Leaf_Priv, SignedDataSigStruct<Data>) /
+ * ; ECDSA(CDI_Leaf_Priv, SignedDataSigStruct<Data>)
* ]
*
* ; Sig_structure for SignedData
@@ -427,8 +425,8 @@
* protected : bstr .cbor { 1 : AlgorithmEdDSA / AlgorithmES256 },
* unprotected: {},
* payload: bstr .cbor DiceChainEntryPayload,
- * signature: bstr ; PureEd25519(SigningKey, bstr .cbor DiceChainEntryInput) /
- * ; ECDSA(SigningKey, bstr .cbor DiceChainEntryInput)
+ * signature: bstr ; PureEd25519(SigningKey, DiceChainEntryInput) /
+ * ; ECDSA(SigningKey, DiceChainEntryInput)
* ; See RFC 8032 for details of how to encode the signature value
* ; for Ed25519.
* ]
@@ -442,12 +440,6 @@
*
* ; The following section defines some types that are reused throughout the above
* ; data structures.
- * PubKeyX25519 = { ; COSE_Key
- * 1 : 1, ; Key type : Octet Key Pair
- * -1 : 4, ; Curve : X25519
- * -2 : bstr ; Sender X25519 public key
- * }
- *
* PubKeyEd25519 = { ; COSE_Key
* 1 : 1, ; Key type : octet key pair
* 3 : AlgorithmEdDSA, ; Algorithm : EdDSA
@@ -455,13 +447,6 @@
* -2 : bstr ; X coordinate, little-endian
* }
*
- * PubKeyEcdhP256 = { ; COSE_Key
- * 1 : 2, ; Key type : EC2
- * -1 : 1, ; Curve : P256
- * -2 : bstr ; Sender X coordinate
- * -3 : bstr ; Sender Y coordinate
- * }
- *
* PubKeyECDSA256 = { ; COSE_Key
* 1 : 2, ; Key type : EC2
* 3 : AlgorithmES256, ; Algorithm : ECDSA w/ SHA-256