Merge "Separate updateAad from update & other cleanups"
diff --git a/compatibility_matrices/build/vintf_compatibility_matrix.go b/compatibility_matrices/build/vintf_compatibility_matrix.go
index 2772ba3..f1bd0ae 100644
--- a/compatibility_matrices/build/vintf_compatibility_matrix.go
+++ b/compatibility_matrices/build/vintf_compatibility_matrix.go
@@ -41,7 +41,7 @@
}, "inputs")
xmllintXsd = pctx.AndroidStaticRule("xmllint-xsd", blueprint.RuleParams{
- Command: `$XmlLintCmd --schema $xsd $in > /dev/null && touch -a $out`,
+ Command: `$XmlLintCmd --quiet --schema $xsd $in > /dev/null && touch -a $out`,
CommandDeps: []string{"$XmlLintCmd"},
Restat: true,
}, "xsd")
diff --git a/radio/1.6/IRadio.hal b/radio/1.6/IRadio.hal
index c83de29..da81317 100644
--- a/radio/1.6/IRadio.hal
+++ b/radio/1.6/IRadio.hal
@@ -496,4 +496,20 @@
* Response function is IRadioResponse.getCurrentCallsResponse_1_6()
*/
oneway getCurrentCalls_1_6(int32_t serial);
+
+ /**
+ * Provide Carrier specific information to the modem that must be used to
+ * encrypt the IMSI and IMPI. Sent by the framework during boot, carrier
+ * switch and everytime the framework receives a new certificate.
+ *
+ * @param serial Serial number of request.
+ * @param imsiEncryptionInfo ImsiEncryptionInfo as defined in types.hal.
+ *
+ * Response callback is
+ * IRadioResponse.setCarrierInfoForImsiEncryptionResponse()
+ *
+ * Note this API is the same as the 1.1 version except using the 1.6 ImsiEncryptionInfo
+ * as the input param.
+ */
+ oneway setCarrierInfoForImsiEncryption_1_6(int32_t serial, @1.6::ImsiEncryptionInfo imsiEncryptionInfo);
};
diff --git a/radio/1.6/types.hal b/radio/1.6/types.hal
index 875d40a..238ffb4 100644
--- a/radio/1.6/types.hal
+++ b/radio/1.6/types.hal
@@ -27,6 +27,7 @@
import @1.1::GeranBands;
import @1.1::ScanStatus;
import @1.1::UtranBands;
+import @1.1::ImsiEncryptionInfo;
import @1.2::Call;
import @1.2::CellInfoCdma;
import @1.2::CellConnectionStatus;
@@ -898,3 +899,20 @@
*/
SLICE_REJECTED = 0x8CC,
};
+
+/**
+ * Public key type from carrier certificate.
+ */
+enum PublicKeyType : int32_t {
+ EPDG = 1, // Key type to be used for ePDG
+ WLAN = 2, // Key type to be used for WLAN
+};
+
+/**
+ * Carrier specific Information sent by the carrier,
+ * which will be used to encrypt the IMSI and IMPI.
+ */
+struct ImsiEncryptionInfo {
+ @1.1::ImsiEncryptionInfo base;
+ PublicKeyType keyType; // Public key type
+};
diff --git a/radio/1.6/vts/functional/radio_hidl_hal_api.cpp b/radio/1.6/vts/functional/radio_hidl_hal_api.cpp
index 44900b8..1b476a4 100644
--- a/radio/1.6/vts/functional/radio_hidl_hal_api.cpp
+++ b/radio/1.6/vts/functional/radio_hidl_hal_api.cpp
@@ -583,3 +583,29 @@
EXPECT_EQ(serial, radioRsp_v1_6->rspInfo.serial);
EXPECT_EQ(::android::hardware::radio::V1_6::RadioError::NONE, radioRsp_v1_6->rspInfo.error);
}
+
+/*
+ * Test IRadio.setCarrierInfoForImsiEncryption_1_6() for the response returned.
+ */
+TEST_P(RadioHidlTest_v1_6, setCarrierInfoForImsiEncryption_1_6) {
+ serial = GetRandomSerialNumber();
+ ::android::hardware::radio::V1_6::ImsiEncryptionInfo imsiInfo;
+ imsiInfo.base.mcc = "310";
+ imsiInfo.base.mnc = "004";
+ imsiInfo.base.carrierKey = (std::vector<uint8_t>){1, 2, 3, 4, 5, 6};
+ imsiInfo.base.keyIdentifier = "Test";
+ imsiInfo.base.expirationTime = 20180101;
+ imsiInfo.keyType = PublicKeyType::EPDG;
+
+ radio_v1_6->setCarrierInfoForImsiEncryption_1_6(serial, imsiInfo);
+ EXPECT_EQ(std::cv_status::no_timeout, wait());
+ EXPECT_EQ(RadioResponseType::SOLICITED, radioRsp_v1_6->rspInfo.type);
+ EXPECT_EQ(serial, radioRsp_v1_6->rspInfo.serial);
+
+ if (cardStatus.base.base.base.cardState == CardState::ABSENT) {
+ ASSERT_TRUE(CheckAnyOfErrors(
+ radioRsp_v1_6->rspInfo.error,
+ {::android::hardware::radio::V1_6::RadioError::NONE,
+ ::android::hardware::radio::V1_6::RadioError::REQUEST_NOT_SUPPORTED}));
+ }
+}
diff --git a/radio/config/1.3/types.hal b/radio/config/1.3/types.hal
index ba964bf..8915970 100644
--- a/radio/config/1.3/types.hal
+++ b/radio/config/1.3/types.hal
@@ -21,8 +21,14 @@
*/
struct HalDeviceCapabilities {
/**
- * True indicates that the modem is missing features within the current
- * version of the Radio HAL.
+ * True indicates that the modem does NOT support the following features:
+ * <ul>
+ * <li>Providing either
+ * android.hardware.radio@1.6::LinkCapacityEstimate:secondaryDownlinkCapacityKbps
+ * or android.hardware.radio@1.6::LinkCapacityEstimate:secondaryUplinkCapacityKbps
+ * when given from android.hardware.radio@1.6::RadioIndication:currentLinkCapacityEstimate
+ * </li>
+ * </ul>
*/
bool modemReducedFeatureSet1;
};
diff --git a/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp b/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp
index f2651fb..2373b26 100644
--- a/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp
+++ b/security/keymint/aidl/default/RemotelyProvisionedComponent.cpp
@@ -259,8 +259,9 @@
}
static keymaster_key_param_t kKeyMintEcdsaP256Params[] = {
- Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN), Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC),
- Authorization(TAG_KEY_SIZE, 256), Authorization(TAG_DIGEST, KM_DIGEST_SHA_2_256),
+ Authorization(TAG_PURPOSE, KM_PURPOSE_ATTEST_KEY),
+ Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC), Authorization(TAG_KEY_SIZE, 256),
+ Authorization(TAG_DIGEST, KM_DIGEST_SHA_2_256),
Authorization(TAG_EC_CURVE, KM_EC_CURVE_P_256), Authorization(TAG_NO_AUTH_REQUIRED),
// The certificate generated by KM will be discarded, these values don't matter.
Authorization(TAG_CERTIFICATE_NOT_BEFORE, 0), Authorization(TAG_CERTIFICATE_NOT_AFTER, 0)};
diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
index 45f9df6..db53a8f 100644
--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
+++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp
@@ -80,7 +80,7 @@
/**
* Generate and validate a production-mode key. MAC tag can't be verified.
*/
-TEST_P(GenerateKeyTests, DISABLED_generateEcdsaP256Key_prodMode) {
+TEST_P(GenerateKeyTests, generateEcdsaP256Key_prodMode) {
MacedPublicKey macedPubKey;
bytevec privateKeyBlob;
bool testMode = false;
@@ -133,7 +133,7 @@
/**
* Generate and validate a test-mode key.
*/
-TEST_P(GenerateKeyTests, DISABLED_generateEcdsaP256Key_testMode) {
+TEST_P(GenerateKeyTests, generateEcdsaP256Key_testMode) {
MacedPublicKey macedPubKey;
bytevec privateKeyBlob;
bool testMode = true;
@@ -224,7 +224,7 @@
* Generate an empty certificate request in test mode, and decrypt and verify the structure and
* content.
*/
-TEST_P(CertificateRequestTest, DISABLED_EmptyRequest_testMode) {
+TEST_P(CertificateRequestTest, EmptyRequest_testMode) {
bool testMode = true;
bytevec keysToSignMac;
ProtectedData protectedData;
@@ -294,7 +294,7 @@
* TODO(swillden): Get a valid GEEK and use it so the generation can succeed, though we won't be
* able to decrypt.
*/
-TEST_P(CertificateRequestTest, DISABLED_EmptyRequest_prodMode) {
+TEST_P(CertificateRequestTest, EmptyRequest_prodMode) {
bool testMode = false;
bytevec keysToSignMac;
ProtectedData protectedData;
@@ -309,7 +309,7 @@
/**
* Generate a non-empty certificate request in test mode. Decrypt, parse and validate the contents.
*/
-TEST_P(CertificateRequestTest, DISABLED_NonEmptyRequest_testMode) {
+TEST_P(CertificateRequestTest, NonEmptyRequest_testMode) {
bool testMode = true;
generateKeys(testMode, 4 /* numKeys */);
@@ -379,7 +379,7 @@
* TODO(swillden): Get a valid GEEK and use it so the generation can succeed, though we won't be
* able to decrypt.
*/
-TEST_P(CertificateRequestTest, DISABLED_NonEmptyRequest_prodMode) {
+TEST_P(CertificateRequestTest, NonEmptyRequest_prodMode) {
bool testMode = false;
generateKeys(testMode, 4 /* numKeys */);
@@ -396,7 +396,7 @@
* Generate a non-empty certificate request in test mode, with prod keys. Must fail with
* STATUS_PRODUCTION_KEY_IN_TEST_REQUEST.
*/
-TEST_P(CertificateRequestTest, DISABLED_NonEmptyRequest_prodKeyInTestCert) {
+TEST_P(CertificateRequestTest, NonEmptyRequest_prodKeyInTestCert) {
generateKeys(false /* testMode */, 2 /* numKeys */);
bytevec keysToSignMac;
@@ -414,7 +414,7 @@
* Generate a non-empty certificate request in prod mode, with test keys. Must fail with
* STATUS_TEST_KEY_IN_PRODUCTION_REQUEST.
*/
-TEST_P(CertificateRequestTest, DISABLED_NonEmptyRequest_testKeyInProdCert) {
+TEST_P(CertificateRequestTest, NonEmptyRequest_testKeyInProdCert) {
generateKeys(true /* testMode */, 2 /* numKeys */);
bytevec keysToSignMac;