Software operations now track finalization state and reject calls after
finish/abort with INVALID_OPERATION_HANDLE, matching AOSP operation.rs
outcome tracking. Errors during update/updateAad also finalize the
operation.

SoftwareOperationBinder wraps all methods in synchronized blocks to
prevent concurrent access, matching AOSP's Mutex-protected
KeystoreOperation wrapper that returns OPERATION_BUSY.

Input data is validated against MAX_RECEIVE_DATA (32KB) on update,
updateAad, and finish to match the AOSP-enforced limit.

CryptoPrimitive gains getBeginParameters() for exposing begin-phase
output (e.g. GCM nonce/IV) via CreateOperationResponse.parameters.

(cherry picked from commit 962cef6)

AOSP returns begin_result.params in CreateOperationResponse.parameters,
which contains the IV/nonce for AES-GCM encryption operations. Software
operations previously left this field null, so clients expecting the
server-generated IV from the response would not receive it.

CipherPrimitive now exposes cipher.iv as a NONCE KeyParameter via
getBeginParameters(), surfaced through SoftwareOperation.beginParameters
and into the CreateOperationResponse.

(cherry picked from commit da452cf)

Replace ad-hoc operation exceptions with ServiceSpecificException so the
software-backed binder path returns AOSP-compatible error codes.

This commit also folds in the follow-up error-code cleanup:
- set TOO_MUCH_DATA to the correct keystore2 response value (21)
- add the missing AOSP error-code constants used by the software operation path
- align finish/update/updateAad failure propagation with the later
  usage-limit and onFinishCallback flow

(cherry picked from commit 0ebdded)
(cherry picked from commit 60d978d)

Software-generated keys now enforce the same operation policies as
AOSP keystore2 authorize_create().

- Missing PURPOSE rejected with INVALID_ARGUMENT (-38)
- Incompatible PURPOSE rejected with INCOMPATIBLE_PURPOSE (-3)
- Forced operations rejected with PERMISSION_DENIED (6)
- ACTIVE_DATETIME in future rejected with KEY_NOT_YET_VALID (-24)
- ORIGINATION_EXPIRE past rejected with KEY_EXPIRED (-25) for SIGN/ENCRYPT
- USAGE_EXPIRE past rejected with KEY_EXPIRED (-25) for DECRYPT/VERIFY
- CALLER_NONCE without permission rejected with CALLER_NONCE_PROHIBITED (-55)
- USAGE_COUNT_LIMIT enforced on finish via callback; key deleted on exhaustion

Store KeyMintAttestation in GeneratedKeyInfo so enforcement checks can
access the original key parameters during createOperation.

This commit combines four steps from the same authorize_create
evolution path:
- 3078ea9 introduced the main AOSP authorize_create enforcement flow.
- 50cd77f added the earlier purpose validation and caller-provided
  CREATION_DATETIME rejection that were later folded into the aligned
  validation path.
- 07c98bc contributed the follow-up fixes around operation parameter
  handling and usage tracking that now live in the final createOperation
  enforcement implementation.
- 2bc46be refined the unsupported-purpose and usage-count-limit
  enforcement edge cases.

(cherry picked from commit 3078ea9)
(cherry picked from commit 50cd77f)
(cherry picked from commit 07c98bc)
(cherry picked from commit 2bc46be)

handleCreateOperation only accepted Domain.KEY_ID descriptors, rejecting
Domain.APP with ContinueAndSkipPost. Native callers and the Android
framework can call createOperation with Domain.APP + alias, which was
being forwarded to hardware where the software-generated key doesn't
exist, resulting in KEY_NOT_FOUND for all operation enforcement tests.

Add alias-based lookup from generatedKeys when domain is APP, matching
AOSP's create_operation which resolves all domain types via database.

(cherry picked from commit 890ee70)

…hecks

This commit combines two related pieces of plumbing around the
keystore2 interception path:
- filter binder transaction codes at native registration time to avoid
  unnecessary Java round-trips on unintercepted calls
- add READ_PRIVILEGED_PHONE_STATE-based permission checks before rejecting
  device ID attestation tags during generateKey

The native filtering applies to IKeystoreService, IKeystoreSecurityLevel,
and IKeystoreOperation registrations. The permission gating adds
ConfigurationManager.hasPermissionForUid(), the IPackageManager
checkPermission() stub, and the generateKey-side device-ID attestation
validation path.

(cherry picked from commit ca3fcbc)
(cherry picked from commit ed98768)

AOSP enforcements.rs rejects AGREE_KEY for any algorithm that is not
EC, not just RSA. Restructure the unsupported purpose check to match
the exact authorize_create decision tree.

(cherry picked from commit 509d157)

AES and HMAC keys were failing in GENERATE mode because
doSoftwareGeneration only handled asymmetric key pairs. Generate
symmetric keys via javax.crypto.KeyGenerator and return KeyMetadata
without certificates (symmetric keys have no cert chain).

Store SecretKey in GeneratedKeyInfo alongside KeyPair. Update
SoftwareOperation and CipherPrimitive to accept either key type.

(cherry picked from commit d3bf3c8)

(cherry picked from commit 492d6dc)

…tions

(cherry picked from commit 25538da)

(cherry picked from commit d839b69)

(cherry picked from commit 7a7e362)

Software-generated KeyMetadata now skips OS/VENDOR/BOOT patch level authorizations when the configured value is DO_NOT_REPORT, matching the existing certificate-patching behavior and the later aligned metadata semantics.

- OS_PATCHLEVEL is omitted when configured to not report
- VENDOR_PATCHLEVEL is omitted when configured to not report
- BOOT_PATCHLEVEL is omitted when configured to not report

This commit aligns the generated metadata path with the same patch-level hiding semantics already applied when patching certificate chains.

(cherry picked from commit 492d6dc)

Co-authored-by: Mohammed Riad <52679407+MhmRdd@users.noreply.github.com>