Merge "Clarify requirement for ECDH functionality" into main

 *        SHA-2 256.

 *      - Unpadded, RSAES-OAEP and RSAES-PKCS1-v1_5 padding modes for RSA encryption.

 *

 * o   ECDSA

 * o   ECDSA and ECDH

 *

 *      - IKeyMintDevices must support elliptic curve signing (Purpose::SIGN, Purpose::ATTEST_KEY)

 *        and key agreement operations (Purpose::AGREE_KEY).

 *      - TRUSTED_ENVIRONMENT IKeyMintDevices must support NIST curves P-224, P-256, P-384 and

 *        P-521.  STRONGBOX IKeyMintDevices must support NIST curve P-256.

 *      - TRUSTED_ENVIRONMENT IKeyMintDevices must support SHA1, SHA-2 224, SHA-2 256, SHA-2

 *        384 and SHA-2 512 digest modes.  STRONGBOX IKeyMintDevices must support SHA-2 256.

 *      - For signing, TRUSTED_ENVIRONMENT IKeyMintDevices must support SHA1, SHA-2 224, SHA-2 256,

 *        SHA-2 384 and SHA-2 512 digest modes.  STRONGBOX IKeyMintDevices must support SHA-2 256.

 *      - TRUSTED_ENVRIONMENT IKeyMintDevices must support curve 25519 for Purpose::SIGN (Ed25519,

 *        as specified in RFC 8032), Purpose::ATTEST_KEY (Ed25519) or for KeyPurpose::AGREE_KEY

 *        (X25519, as specified in RFC 7748).  However, a key must have exactly one of these

     *   PaddingMode::RSA_OAEP, PaddingMode::RSA_PSS, PaddingMode::RSA_PKCS1_1_5_ENCRYPT and

     *   PaddingMode::RSA_PKCS1_1_5_SIGN for RSA keys.

     *

     * == ECDSA Keys ==

     * == ECDSA/ECDH Keys ==

     *

     * Tag::EC_CURVE must be provided to generate an ECDSA key.  If it is not provided, generateKey

     * must return ErrorCode::UNSUPPORTED_KEY_SIZE or ErrorCode::UNSUPPORTED_EC_CURVE. TEE

     * IKeyMintDevice implementations must support all required curves.  StrongBox implementations

     * must support P_256 and no other curves.

     * Tag::EC_CURVE must be provided to generate an elliptic curve key.  If it is not provided,

     * generateKey must return ErrorCode::UNSUPPORTED_KEY_SIZE or ErrorCode::UNSUPPORTED_EC_CURVE.

     * TEE IKeyMintDevice implementations must support all required curves.  StrongBox

     * implementations must support P_256 and no other curves.

     *

     * Tag::CERTIFICATE_NOT_BEFORE and Tag::CERTIFICATE_NOT_AFTER must be provided to specify the

     * valid date range for the returned X.509 certificate holding the public key. If omitted,

     * than one purpose should be rejected with ErrorCode::INCOMPATIBLE_PURPOSE.

     * StrongBox implementation do not support CURVE_25519.

     *

     * Tag::DIGEST specifies digest algorithms that may be used with the new key.  TEE

     * IKeyMintDevice implementations must support all Digest values (see Digest.aidl) for ECDSA

     * keys; Ed25519 keys only support Digest::NONE. StrongBox IKeyMintDevice implementations must

     * support SHA_2_256.

     * Tag::DIGEST specifies digest algorithms that may be used with the new key when used for

     * signing.  TEE IKeyMintDevice implementations must support all Digest values (see Digest.aidl)

     * for ECDSA keys; Ed25519 keys only support Digest::NONE. StrongBox IKeyMintDevice

     * implementations must support SHA_2_256.

     *

     * == AES Keys ==

     *