Merge "Add keymint_use_latest_hal_aidl_java" into main
diff --git a/nfc/aidl/vts/functional/VtsNfcBehaviorChangesTest.cpp b/nfc/aidl/vts/functional/VtsNfcBehaviorChangesTest.cpp
index e93de95..a61f8ee 100644
--- a/nfc/aidl/vts/functional/VtsNfcBehaviorChangesTest.cpp
+++ b/nfc/aidl/vts/functional/VtsNfcBehaviorChangesTest.cpp
@@ -114,17 +114,26 @@
}
}
-void static nfaVSCallback(uint8_t event, uint16_t /* param_len */, uint8_t* p_param) {
+void static nfaVSCallback(uint8_t event, uint16_t param_len, uint8_t* p_param) {
switch (event & NCI_OID_MASK) {
case NCI_MSG_PROP_ANDROID: {
uint8_t android_sub_opcode = p_param[3];
switch (android_sub_opcode) {
- case NCI_ANDROID_SET_PASSIVE_OBSERVER_TECH:
case NCI_ANDROID_PASSIVE_OBSERVE: {
- sVSCmdStatus = p_param[4];
- LOG(INFO) << StringPrintf("Observe mode RSP: status: %x", sVSCmdStatus);
- SyncEventGuard guard(sNfaVsCommand);
- sNfaVsCommand.notifyOne();
+ if (param_len == 5) {
+ if ((p_param[0] & NCI_MT_MASK) == (NCI_MT_RSP << NCI_MT_SHIFT)) {
+ sVSCmdStatus = p_param[4];
+ LOG(INFO) << StringPrintf("Observe mode RSP: status: %x", sVSCmdStatus);
+ SyncEventGuard guard(sNfaVsCommand);
+ sNfaVsCommand.notifyOne();
+ } else {
+ LOG(WARNING) << StringPrintf(
+ "Observe Mode RSP has incorrect message type: %x", p_param[0]);
+ }
+ } else {
+ LOG(WARNING) << StringPrintf("Observe Mode RSP has incorrect length: %d",
+ param_len);
+ }
} break;
case NCI_ANDROID_POLLING_FRAME_NTF: {
// TODO
@@ -153,8 +162,7 @@
}
}
- uint8_t cmd[] = {(NCI_MT_CMD << NCI_MT_SHIFT) | NCI_GID_PROP, NCI_MSG_PROP_ANDROID,
- NCI_ANDROID_PASSIVE_OBSERVE_PARAM_SIZE, NCI_ANDROID_PASSIVE_OBSERVE,
+ uint8_t cmd[] = {NCI_ANDROID_PASSIVE_OBSERVE,
static_cast<uint8_t>(enable ? NCI_ANDROID_PASSIVE_OBSERVE_PARAM_ENABLE
: NCI_ANDROID_PASSIVE_OBSERVE_PARAM_DISABLE)};
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index cafec70..fc703e9 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -87,12 +87,14 @@
* SHA-2 256.
* - Unpadded, RSAES-OAEP and RSAES-PKCS1-v1_5 padding modes for RSA encryption.
*
- * o ECDSA
+ * o ECDSA and ECDH
*
+ * - IKeyMintDevices must support elliptic curve signing (Purpose::SIGN, Purpose::ATTEST_KEY)
+ * and key agreement operations (Purpose::AGREE_KEY).
* - TRUSTED_ENVIRONMENT IKeyMintDevices must support NIST curves P-224, P-256, P-384 and
* P-521. STRONGBOX IKeyMintDevices must support NIST curve P-256.
- * - TRUSTED_ENVIRONMENT IKeyMintDevices must support SHA1, SHA-2 224, SHA-2 256, SHA-2
- * 384 and SHA-2 512 digest modes. STRONGBOX IKeyMintDevices must support SHA-2 256.
+ * - For signing, TRUSTED_ENVIRONMENT IKeyMintDevices must support SHA1, SHA-2 224, SHA-2 256,
+ * SHA-2 384 and SHA-2 512 digest modes. STRONGBOX IKeyMintDevices must support SHA-2 256.
* - TRUSTED_ENVRIONMENT IKeyMintDevices must support curve 25519 for Purpose::SIGN (Ed25519,
* as specified in RFC 8032), Purpose::ATTEST_KEY (Ed25519) or for KeyPurpose::AGREE_KEY
* (X25519, as specified in RFC 7748). However, a key must have exactly one of these
@@ -302,12 +304,12 @@
* PaddingMode::RSA_OAEP, PaddingMode::RSA_PSS, PaddingMode::RSA_PKCS1_1_5_ENCRYPT and
* PaddingMode::RSA_PKCS1_1_5_SIGN for RSA keys.
*
- * == ECDSA Keys ==
+ * == ECDSA/ECDH Keys ==
*
- * Tag::EC_CURVE must be provided to generate an ECDSA key. If it is not provided, generateKey
- * must return ErrorCode::UNSUPPORTED_KEY_SIZE or ErrorCode::UNSUPPORTED_EC_CURVE. TEE
- * IKeyMintDevice implementations must support all required curves. StrongBox implementations
- * must support P_256 and no other curves.
+ * Tag::EC_CURVE must be provided to generate an elliptic curve key. If it is not provided,
+ * generateKey must return ErrorCode::UNSUPPORTED_KEY_SIZE or ErrorCode::UNSUPPORTED_EC_CURVE.
+ * TEE IKeyMintDevice implementations must support all required curves. StrongBox
+ * implementations must support P_256 and no other curves.
*
* Tag::CERTIFICATE_NOT_BEFORE and Tag::CERTIFICATE_NOT_AFTER must be provided to specify the
* valid date range for the returned X.509 certificate holding the public key. If omitted,
@@ -318,10 +320,10 @@
* than one purpose should be rejected with ErrorCode::INCOMPATIBLE_PURPOSE.
* StrongBox implementation do not support CURVE_25519.
*
- * Tag::DIGEST specifies digest algorithms that may be used with the new key. TEE
- * IKeyMintDevice implementations must support all Digest values (see Digest.aidl) for ECDSA
- * keys; Ed25519 keys only support Digest::NONE. StrongBox IKeyMintDevice implementations must
- * support SHA_2_256.
+ * Tag::DIGEST specifies digest algorithms that may be used with the new key when used for
+ * signing. TEE IKeyMintDevice implementations must support all Digest values (see Digest.aidl)
+ * for ECDSA keys; Ed25519 keys only support Digest::NONE. StrongBox IKeyMintDevice
+ * implementations must support SHA_2_256.
*
* == AES Keys ==
*