Clarify requirement for ECDH functionality
The KeyMint HAL requires support for elliptic curves being used for ECDH
key agreement, but it's not mentioned in the headline documentation of
algorithms.
However, it's clear from the rest of the interface specification (e.g.
the KeyPurpose.aidl file), the CDD, and from the VTS/CTS tests that ECDH
support is required, so this is just a documentation clarification, not
a spec change.
Test: none, comment change
Change-Id: Ia1a11fefd6259b0d2ce1f1f15cb6d4b8a6b75089
diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index cafec70..fc703e9 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
@@ -87,12 +87,14 @@
* SHA-2 256.
* - Unpadded, RSAES-OAEP and RSAES-PKCS1-v1_5 padding modes for RSA encryption.
*
- * o ECDSA
+ * o ECDSA and ECDH
*
+ * - IKeyMintDevices must support elliptic curve signing (Purpose::SIGN, Purpose::ATTEST_KEY)
+ * and key agreement operations (Purpose::AGREE_KEY).
* - TRUSTED_ENVIRONMENT IKeyMintDevices must support NIST curves P-224, P-256, P-384 and
* P-521. STRONGBOX IKeyMintDevices must support NIST curve P-256.
- * - TRUSTED_ENVIRONMENT IKeyMintDevices must support SHA1, SHA-2 224, SHA-2 256, SHA-2
- * 384 and SHA-2 512 digest modes. STRONGBOX IKeyMintDevices must support SHA-2 256.
+ * - For signing, TRUSTED_ENVIRONMENT IKeyMintDevices must support SHA1, SHA-2 224, SHA-2 256,
+ * SHA-2 384 and SHA-2 512 digest modes. STRONGBOX IKeyMintDevices must support SHA-2 256.
* - TRUSTED_ENVRIONMENT IKeyMintDevices must support curve 25519 for Purpose::SIGN (Ed25519,
* as specified in RFC 8032), Purpose::ATTEST_KEY (Ed25519) or for KeyPurpose::AGREE_KEY
* (X25519, as specified in RFC 7748). However, a key must have exactly one of these
@@ -302,12 +304,12 @@
* PaddingMode::RSA_OAEP, PaddingMode::RSA_PSS, PaddingMode::RSA_PKCS1_1_5_ENCRYPT and
* PaddingMode::RSA_PKCS1_1_5_SIGN for RSA keys.
*
- * == ECDSA Keys ==
+ * == ECDSA/ECDH Keys ==
*
- * Tag::EC_CURVE must be provided to generate an ECDSA key. If it is not provided, generateKey
- * must return ErrorCode::UNSUPPORTED_KEY_SIZE or ErrorCode::UNSUPPORTED_EC_CURVE. TEE
- * IKeyMintDevice implementations must support all required curves. StrongBox implementations
- * must support P_256 and no other curves.
+ * Tag::EC_CURVE must be provided to generate an elliptic curve key. If it is not provided,
+ * generateKey must return ErrorCode::UNSUPPORTED_KEY_SIZE or ErrorCode::UNSUPPORTED_EC_CURVE.
+ * TEE IKeyMintDevice implementations must support all required curves. StrongBox
+ * implementations must support P_256 and no other curves.
*
* Tag::CERTIFICATE_NOT_BEFORE and Tag::CERTIFICATE_NOT_AFTER must be provided to specify the
* valid date range for the returned X.509 certificate holding the public key. If omitted,
@@ -318,10 +320,10 @@
* than one purpose should be rejected with ErrorCode::INCOMPATIBLE_PURPOSE.
* StrongBox implementation do not support CURVE_25519.
*
- * Tag::DIGEST specifies digest algorithms that may be used with the new key. TEE
- * IKeyMintDevice implementations must support all Digest values (see Digest.aidl) for ECDSA
- * keys; Ed25519 keys only support Digest::NONE. StrongBox IKeyMintDevice implementations must
- * support SHA_2_256.
+ * Tag::DIGEST specifies digest algorithms that may be used with the new key when used for
+ * signing. TEE IKeyMintDevice implementations must support all Digest values (see Digest.aidl)
+ * for ECDSA keys; Ed25519 keys only support Digest::NONE. StrongBox IKeyMintDevice
+ * implementations must support SHA_2_256.
*
* == AES Keys ==
*