Merge remote-tracking branch 'goog/upstream-master' into nos2-2

* goog/upstream-master:
  MockNuggetClient: add Reset method to mock
  Define UPGRADE_EN_FW_FAIL for upgrade state
  sjtag: add new command for sjtag user consent cfg
  identity: Add support NDK version 3 for Andorid 12
  Tweak: fix typos in debug strings
  Refactor NuggetClient a bit

Bug: 170775487
Bug: 178353028
Bug: 181691419
Test: release tests, QMC
Change-Id: I03dc7c270939fc049350eac4ab4625f7f74c37be

11 files changed, 96 insertions, 46 deletions

diff --git a/libnos/NuggetClient.cpp b/libnos/NuggetClient.cpp
index 72a9e9f..c361463 100644
--- a/libnos/NuggetClient.cpp
+++ b/libnos/NuggetClient.cpp
@@ -21,17 +21,15 @@
 
 namespace nos {
 
-NuggetClient::NuggetClient()
-    : NuggetClient("") {
+NuggetClient::NuggetClient(const std::string& name)
+    : device_name_(name), open_(false) {
 }
 
-NuggetClient::NuggetClient(const std::string& device_name)
-    : device_name_(device_name), open_(false) {
+NuggetClient::NuggetClient(const char* name, uint32_t config)
+    : device_name_(name ? name : ""), open_(false) {
+  device_ = { .config = config };
 }
 
-NuggetClient::NuggetClient(const char* device_name)
-    : device_name_(device_name ? device_name : ""), open_(false) {}
-
 NuggetClient::~NuggetClient() {
   Close();
 }
@@ -86,6 +84,14 @@ uint32_t NuggetClient::CallApp(uint32_t appId, uint16_t arg,
   return status_code;
 }
 
+uint32_t NuggetClient::Reset() const {
+
+  if (!open_)
+    return APP_ERROR_NOT_READY;
+
+  return device_.ops.reset(device_.ctx);
+}
+
 nos_device* NuggetClient::Device() {
   return open_ ? &device_ : nullptr;
 }
diff --git a/libnos/NuggetClientDebuggable.cpp b/libnos/NuggetClientDebuggable.cpp
index 5ee86e9..e4a087d 100644
--- a/libnos/NuggetClientDebuggable.cpp
+++ b/libnos/NuggetClientDebuggable.cpp
@@ -21,16 +21,11 @@
 
 namespace nos {
 
-NuggetClientDebuggable::NuggetClientDebuggable(request_cb_t req_fn, response_cb_t resp_fn)
-  : request_cb_(req_fn), response_cb_(resp_fn) {}
-
-NuggetClientDebuggable::NuggetClientDebuggable(const std::string& device_name,
-                                               request_cb_t req_fn, response_cb_t resp_fn)
-  : NuggetClient(device_name), request_cb_(req_fn), response_cb_(resp_fn) {}
-
-NuggetClientDebuggable::NuggetClientDebuggable(const char* device_name,
-                                               request_cb_t req_fn, response_cb_t resp_fn)
-  : NuggetClient(device_name), request_cb_(req_fn), response_cb_(resp_fn) {}
+NuggetClientDebuggable::NuggetClientDebuggable(
+  const char* name, uint32_t config,
+  request_cb_t req_fn, response_cb_t resp_fn)
+  : NuggetClient(name, config),
+    request_cb_(req_fn), response_cb_(resp_fn) {}
 
 uint32_t NuggetClientDebuggable::CallApp(uint32_t appId, uint16_t arg,
                                          const std::vector<uint8_t>& request,
diff --git a/libnos/include/nos/NuggetClient.h b/libnos/include/nos/NuggetClient.h
index 563f532..9484bd8 100644
--- a/libnos/include/nos/NuggetClient.h
+++ b/libnos/include/nos/NuggetClient.h
@@ -32,17 +32,13 @@ namespace nos {
 class NuggetClient : public NuggetClientInterface {
 public:
     /**
-     * Create a client for the default Nugget device.
-     */
-    NuggetClient();
-
-    /**
-     * Create a client for the named Nugget device.
+     * Create a client for the named Nugget device
      *
-     * Passing an empty device name causes the default device to be selected.
+     * An empty device name causes the default device to be selected.
+     * An empty config uses default configurations.
      */
-    NuggetClient(const std::string& device_name);
-    NuggetClient(const char* device_name);
+    NuggetClient(const std::string& name);
+    NuggetClient(const char* name = 0, uint32_t config = 0);
 
     ~NuggetClient() override;
 
@@ -77,6 +73,11 @@ public:
                      std::vector<uint8_t>* response) override;
 
     /**
+     * Reset the device. Use with caution; context may be lost.
+     */
+    uint32_t Reset() const override;
+
+    /**
      * Access the underlying device.
      *
      * NULL is returned if the connection to the device is not open.
diff --git a/libnos/include/nos/NuggetClientDebuggable.h b/libnos/include/nos/NuggetClientDebuggable.h
index 507eb15..ff1f080 100644
--- a/libnos/include/nos/NuggetClientDebuggable.h
+++ b/libnos/include/nos/NuggetClientDebuggable.h
@@ -36,10 +36,7 @@ public:
   using response_cb_t = std::function<void(uint32_t, const std::vector<uint8_t>&)>;
 
   /* Need to pass the base constructor params up */
-  NuggetClientDebuggable(request_cb_t req_cb_ = 0, response_cb_t resp_cb_ = 0);
-  NuggetClientDebuggable(const std::string& device_name,
-                         request_cb_t req_cb_ = 0, response_cb_t resp_cb_ = 0);
-  NuggetClientDebuggable(const char* device_name,
+  NuggetClientDebuggable(const char* name = 0, uint32_t config = 0,
                          request_cb_t req_cb_ = 0, response_cb_t resp_cb_ = 0);
 
   /* We'll override this */
diff --git a/libnos/include/nos/NuggetClientInterface.h b/libnos/include/nos/NuggetClientInterface.h
index da47e50..8d78185 100644
--- a/libnos/include/nos/NuggetClientInterface.h
+++ b/libnos/include/nos/NuggetClientInterface.h
@@ -58,6 +58,10 @@ public:
     virtual uint32_t CallApp(uint32_t appId, uint16_t arg,
                              const std::vector<uint8_t>& request,
                              std::vector<uint8_t>* response) = 0;
+    /**
+     * Reset the device. Use with caution; context may be lost.
+     */
+    virtual uint32_t Reset() const = 0;
 };
 
 } // namespace nos
diff --git a/libnos/test/include/nos/MockNuggetClient.h b/libnos/test/include/nos/MockNuggetClient.h
index 2c30832..48814c9 100644
--- a/libnos/test/include/nos/MockNuggetClient.h
+++ b/libnos/test/include/nos/MockNuggetClient.h
@@ -33,6 +33,7 @@ struct MockNuggetClient : public NuggetClientInterface {
     MOCK_METHOD4(CallApp, uint32_t(uint32_t, uint16_t,
                                    const std::vector<uint8_t>&,
                                    std::vector<uint8_t>*));
+    MOCK_CONST_METHOD0(Reset, uint32_t());
 };
 
 } // namespace nos
diff --git a/libnos_datagram/include/nos/device.h b/libnos_datagram/include/nos/device.h
index 5472156..2ba57e0 100644
--- a/libnos_datagram/include/nos/device.h
+++ b/libnos_datagram/include/nos/device.h
@@ -69,23 +69,12 @@ struct nos_device_ops {
    * The device must not be used after closing.
    */
   void (*close)(void *ctx);
-
-#ifndef ANDROID
-  /**
-   * Get or Set a configuration value. These are opaque, implementation-specific
-   * values useful only for bringup and development. The defaults should be
-   * optimal for production use.
-   *
-   * Return 0 on success and a negative value on failure.
-   */
-  int (*get_config)(void *ctx, uint32_t config_id, void *value);
-  int (*set_config)(void *ctx, uint32_t config_id, void *value);
-#endif
 };
 
 struct nos_device {
   void *ctx;
   struct nos_device_ops ops;
+  uint32_t config;
 };
 
 /*
diff --git a/libnos_transport/transport.c b/libnos_transport/transport.c
index 77a430a..85ba312 100644
--- a/libnos_transport/transport.c
+++ b/libnos_transport/transport.c
@@ -471,7 +471,7 @@ uint32_t nos_call_application(const struct nos_device *dev,
     return APP_ERROR_IO;
   }
 
-  NLOGD("Calling app %d with params 0x%04x", app_id, params);
+  NLOGD("Calling App %d with params 0x%04x", app_id, params);
 
   struct transport_status status;
   uint32_t status_code;
@@ -501,7 +501,7 @@ uint32_t nos_call_application(const struct nos_device *dev,
     NLOGW("App %d request checksum error", app_id);
   }
   if (status_code == APP_ERROR_CHECKSUM) {
-    NLOGE("App %d equest checksum failed too many times", app_id);
+    NLOGE("App %d request checksum failed too many times", app_id);
     status_code = APP_ERROR_IO;
   }
 
diff --git a/nugget/include/app_nugget.h b/nugget/include/app_nugget.h
index e8436eb..6a51365 100644
--- a/nugget/include/app_nugget.h
+++ b/nugget/include/app_nugget.h
@@ -321,6 +321,35 @@ struct nugget_app_board_id {
  * @param reply_len    0
  */
 
+#define FILE_ID_NUGGET_PERSIST 0
+#define NUGGET_PERSIST_VERSION_1 1
+struct nugget_persist_t {
+	uint8_t version;
+	uint8_t user_consent;
+	uint8_t reserved[2];
+};
+
+enum nugget_sjtag_user_consent_cfg {
+  NUGGET_SJTAG_USER_CONSENT_DISALLOW,             /* DISALLOW */
+  NUGGET_SJTAG_USER_CONSENT_ALLOW,                /* ALLOW */
+
+  NUGGET_SJTAG_USER_CONSENT_NUM_CFGS,
+};
+
+#define NUGGET_PARAM_SJTAG_USER_CONSENT 0x0012
+/*
+ * Set/Get the SJTAG USER CONSENT function
+ *
+ * This always returns the current state of the SJTAG USER CONSENT feature.
+ *
+ * @param args         <none>  OR  enum nugget_sjtag_user_consent_cfg
+ * @param arg_len        0     OR   1 byte
+ * @param reply        enum nugget_sjtag_user_consent_cfg
+ * @param reply_len    1 byte
+ *
+ * @errors             APP_ERROR_BOGUS_ARGS
+ */
+
 /****************************************************************************/
 /* Test related commands */
 
diff --git a/nugget/include/citadel_events.h b/nugget/include/citadel_events.h
index 314ca41..3e3a33e 100644
--- a/nugget/include/citadel_events.h
+++ b/nugget/include/citadel_events.h
@@ -72,6 +72,7 @@ enum event_id {
 enum upgrade_state_def {
   UPGRADE_SUCCESS = 0,
   UPGRADE_PW_MISMATCH = 1,
+  UPGRADE_EN_FW_FAIL =2,
 };
 
 /* Please do not change the size of this struct */
diff --git a/nugget/proto/nugget/app/identity/identity.proto b/nugget/proto/nugget/app/identity/identity.proto
index 96548c0..10500cb 100644
--- a/nugget/proto/nugget/app/identity/identity.proto
+++ b/nugget/proto/nugget/app/identity/identity.proto
@@ -34,6 +34,7 @@ service Identity {
 
   // RPCs for the Identity HAL
   rpc WICinitialize (WICinitializeRequest) returns (WICinitializeResponse);
+  rpc WICinitializeForUpdate (WICinitializeForUpdateRequest) returns (WICinitializeForUpdateResponse);
   rpc WICcreateCredentialKey (WICcreateCredentialKeyRequest) returns (WICcreateCredentialKeyResponse);
   rpc WICstartPersonalization (WICstartPersonalizationRequest) returns (WICstartPersonalizationResponse);
   rpc WICaddAccessControlProfile (WICaddAccessControlProfileRequest) returns (WICaddAccessControlProfileResponse);
@@ -54,6 +55,7 @@ service Identity {
   rpc ICretrieveEntryValue (ICretrieveEntryValueRequest) returns (ICretrieveEntryValueResponse);
   rpc ICfinishRetrieval (ICfinishRetrievalRequest) returns (ICfinishRetrievalResponse);
   rpc ICdeleteCredential (ICdeleteCredentialRequest) returns (ICdeleteCredentialResponse);
+  rpc ICproveOwnership (ICproveOwnershipRequest) returns (ICproveOwnershipResponse);
 }
 
 // WICinitialize
@@ -64,6 +66,17 @@ message WICinitializeResponse{
   Result result = 1;
 }
 
+// WICinitializeForUpdate
+message WICinitializeForUpdateRequest{
+  bool testCredential = 1;
+  bytes docType = 2;
+  bytes encryptedCredentialKeys = 3;
+}
+
+message WICinitializeForUpdateResponse{
+  Result result = 1;
+}
+
 // WICcreateCredentialKey
 message WICcreateCredentialKeyRequest{
 }
@@ -295,11 +308,25 @@ message ICfinishRetrievalResponse{
 // ICdeleteCredential
 message ICdeleteCredentialRequest{
   bytes docType = 1;
-  bool testCredential = 2;
-  uint32 proofOfDeletionCborSize =3;
+  bytes challenge = 2;
+  bool includeChallenge = 3;
+  uint32 proofOfDeletionCborSize = 4;
 }
 
 message ICdeleteCredentialResponse{
   Result result = 1;
   bytes signatureOfToBeSigned = 2;
+}
+
+// ICproveOwnership
+message ICproveOwnershipRequest{
+  bytes docType = 1;
+  bool testCredential = 2;
+  bytes challenge = 3;
+  uint32 proofOfOwnershipCborSize = 4;
+}
+
+message ICproveOwnershipResponse{
+  Result result = 1;
+  bytes signatureOfToBeSigned = 2;
 }
\ No newline at end of file