Merge "Camera: Fix test to use 64 bit pointer in stream use cases" into tm-dev
diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
index 16bbc5c..a4cfb8b 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/KeyCreationResult.aidl
@@ -78,15 +78,16 @@
* provided, otherwise ATTESTATION_APPLICATION_ID_MISSING will be returned.
*
* 3. Asymmetric key non-attestation with signing key. If Tag::ATTESTATION_CHALLENGE is not
- * provided and the generated/imported key has KeyPurpose::SIGN, then the returned
- * certificate chain must contain only a single self-signed certificate with no attestation
- * extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if provided.
+ * provided and the generated/imported key has KeyPurpose::SIGN or KeyPurpose::ATTEST_KEY,
+ * then the returned certificate chain must contain only a single self-signed certificate
+ * with no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if
+ * provided.
*
* 4. Asymmetric key non-attestation with non-signing key. If TAG::ATTESTATION_CHALLENGE is
- * not provided and the generated/imported key does not have KeyPurpose::SIGN, then the
- * returned certificate chain must contain only a single certificate with an empty signature
- * and no attestation extension. Tag::ATTESTATION_APPLICATION_ID will be ignored if
- * provided.
+ * not provided and the generated/imported key does not have KeyPurpose::SIGN nor
+ * KeyPurpose::ATTEST_KEY, then the returned certificate chain must contain only a single
+ * certificate with an empty signature and no attestation extension.
+ * Tag::ATTESTATION_APPLICATION_ID will be ignored if provided.
*
* 5. Symmetric key. If the generated/imported key is symmetric, the certificate chain must
* return empty, any Tag::ATTESTATION_CHALLENGE or Tag::ATTESTATION_APPLICATION_ID inputs,
diff --git a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
index a14fc88..5024400 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/ProtectedData.aidl
@@ -92,8 +92,8 @@
* },
* {}, // Unprotected params
* bstr .size 32, // MAC key
- * bstr PureEd25519(KM_priv, .cbor SignedMac_structure) /
- * ECDSA(KM_priv, bstr .cbor SignedMac_structure)
+ * bstr // PureEd25519(KM_priv, bstr .cbor SignedMac_structure) /
+ * // ECDSA(KM_priv, bstr .cbor SignedMac_structure)
* ]
*
* SignedMac_structure = [
@@ -144,8 +144,8 @@
* },
* unprotected: {},
* payload: bstr .cbor BccPayload,
- * signature: bstr .cbor PureEd25519(SigningKey, bstr .cbor BccEntryInput) /
- * bstr .cbor ECDSA(SigningKey, bstr .cbor BccEntryInput)
+ * signature: bstr // PureEd25519(SigningKey, bstr .cbor BccEntryInput) /
+ * // ECDSA(SigningKey, bstr .cbor BccEntryInput)
* // See RFC 8032 for details of how to encode the signature value for Ed25519.
* ]
*
diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
index 8a26b3c..0bab54c 100644
--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
+++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp
@@ -183,6 +183,14 @@
* This test attempts to create an RSA attestation key that also allows signing.
*/
TEST_P(AttestKeyTest, RsaAttestKeyMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
+
vector<uint8_t> attest_key_blob;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
@@ -453,6 +461,13 @@
* This test attempts to create an EC attestation key that also allows signing.
*/
TEST_P(AttestKeyTest, EcAttestKeyMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
vector<uint8_t> attest_key_blob;
vector<KeyCharacteristics> attest_key_characteristics;
vector<Certificate> attest_key_cert_chain;
diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 056d83a..8a24d25 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -3821,6 +3821,13 @@
* Verifies that importing an RSA key pair with purpose ATTEST_KEY+SIGN fails.
*/
TEST_P(ImportKeyTest, RsaAttestMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
uint32_t key_size = 2048;
string key = rsa_2048_key;
@@ -3959,6 +3966,13 @@
* Verifies that importing and using an ECDSA P-256 key pair with purpose ATTEST_KEY+SIGN fails.
*/
TEST_P(ImportKeyTest, EcdsaAttestMultiPurposeFail) {
+ if (AidlVersion() < 2) {
+ // The KeyMint v1 spec required that KeyPurpose::ATTEST_KEY not be combined
+ // with other key purposes. However, this was not checked at the time
+ // so we can only be strict about checking this for implementations of KeyMint
+ // version 2 and above.
+ GTEST_SKIP() << "Single-purpose for KeyPurpose::ATTEST_KEY only strict since KeyMint v2";
+ }
ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
ImportKey(AuthorizationSetBuilder()
.Authorization(TAG_NO_AUTH_REQUIRED)
diff --git a/wifi/supplicant/aidl/vts/functional/supplicant_sta_iface_aidl_test.cpp b/wifi/supplicant/aidl/vts/functional/supplicant_sta_iface_aidl_test.cpp
index 2ed6a0e..272a427 100644
--- a/wifi/supplicant/aidl/vts/functional/supplicant_sta_iface_aidl_test.cpp
+++ b/wifi/supplicant/aidl/vts/functional/supplicant_sta_iface_aidl_test.cpp
@@ -43,7 +43,6 @@
using aidl::android::hardware::wifi::supplicant::ISupplicantStaIface;
using aidl::android::hardware::wifi::supplicant::ISupplicantStaNetwork;
using aidl::android::hardware::wifi::supplicant::KeyMgmtMask;
-using aidl::android::hardware::wifi::supplicant::RxFilterType;
using aidl::android::hardware::wifi::supplicant::WpaDriverCapabilitiesMask;
using aidl::android::hardware::wifi::supplicant::WpsConfigMethods;
using android::ProcessState;
@@ -544,36 +543,6 @@
}
/*
- * StartRxFilter
- */
-TEST_P(SupplicantStaIfaceAidlTest, StartRxFilter) {
- EXPECT_TRUE(sta_iface_->startRxFilter().isOk());
-}
-
-/*
- * StopRxFilter
- */
-TEST_P(SupplicantStaIfaceAidlTest, StopRxFilter) {
- EXPECT_TRUE(sta_iface_->stopRxFilter().isOk());
-}
-
-/*
- * AddRxFilter
- */
-TEST_P(SupplicantStaIfaceAidlTest, AddRxFilter) {
- EXPECT_TRUE(sta_iface_->addRxFilter(RxFilterType::V4_MULTICAST).isOk());
- EXPECT_TRUE(sta_iface_->addRxFilter(RxFilterType::V6_MULTICAST).isOk());
-}
-
-/*
- * RemoveRxFilter
- */
-TEST_P(SupplicantStaIfaceAidlTest, RemoveRxFilter) {
- EXPECT_TRUE(sta_iface_->removeRxFilter(RxFilterType::V4_MULTICAST).isOk());
- EXPECT_TRUE(sta_iface_->removeRxFilter(RxFilterType::V6_MULTICAST).isOk());
-}
-
-/*
* AddExtRadioWork
*/
TEST_P(SupplicantStaIfaceAidlTest, AddExtRadioWork) {