Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d68a2ef3 authored by Max Bires's avatar Max Bires Committed by Automerger Merge Worker
Browse files

Merge "AesInvalidKeySize skip 192 on SB devices" into sc-dev am: f24a66f4 am: 0cf1bf28 

Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/15502083

Change-Id: I061326f8788c73aa20b501d5d88281ee0d31b863
parents c490c135 0cf1bf28

keymaster/4.0/vts/functional/KeymasterHidlTest.cpp

+4 −0
Original line number Original line Diff line number Diff line
@@ -21,6 +21,7 @@ 




#include <android-base/logging.h>

#include <android-base/logging.h>

#include <android/hidl/manager/1.0/IServiceManager.h>

#include <android/hidl/manager/1.0/IServiceManager.h>

#include <cutils/properties.h>





#include <keymasterV4_0/key_param_output.h>

#include <keymasterV4_0/key_param_output.h>

#include <keymasterV4_0/keymaster_utils.h>

#include <keymasterV4_0/keymaster_utils.h>
@@ -685,6 +686,9 @@ std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) { 
            case Algorithm::EC:

            case Algorithm::EC:

                return {224, 384, 521};

                return {224, 384, 521};

            case Algorithm::AES:

            case Algorithm::AES:

                // The HAL language was clarified to exclude AES key sizes of 192 for StrongBox

                // instances on devices launched on API Level 31 and above.

                if (property_get_int32("ro.board.first_api_level", 0) < 31) return {};

                return {192};

                return {192};

            default:

            default:

                return {};

                return {};

security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl

+2 −1
Original line number Original line Diff line number Diff line
@@ -96,7 +96,8 @@ import android.hardware.security.secureclock.TimeStampToken; 
 *

 *

 * o   AES

 * o   AES

 *

 *

 *      - 128 and 256-bit keys

 *      - TRUSTED_ENVIRONMENT IKeyMintDevices must support 128, 192 and 256-bit keys.

 *        STRONGBOX IKeyMintDevices must only support 128 and 256-bit keys.

 *      - CBC, CTR, ECB and GCM modes.  The GCM mode must not allow the use of tags smaller than 96

 *      - CBC, CTR, ECB and GCM modes.  The GCM mode must not allow the use of tags smaller than 96

 *        bits or nonce lengths other than 96 bits.

 *        bits or nonce lengths other than 96 bits.

 *      - CBC and ECB modes must support unpadded and PKCS7 padding modes.  With no padding CBC and

 *      - CBC and ECB modes must support unpadded and PKCS7 padding modes.  With no padding CBC and