Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f0394173 authored by Max Bires's avatar Max Bires Committed by Android (Google) Code Review
Browse files

Merge "AesInvalidKeySize skip 192 on SB devices" into sc-dev

parents ca76a750 5b7f78d4

keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp

+4 −0
Original line number Diff line number Diff line
@@ -940,7 +940,11 @@ TEST_P(NewKeyGenerationTest, HmacDigestNone) { 
 * UNSUPPORTED_KEY_SIZE.

 */

TEST_P(NewKeyGenerationTest, AesInvalidKeySize) {

    int32_t firstApiLevel = property_get_int32("ro.board.first_api_level", 0);

    for (auto key_size : InvalidKeySizes(Algorithm::AES)) {

        if (key_size == 192 && SecLevel() == SecurityLevel::STRONGBOX && firstApiLevel < 31) {

            continue;

        }

        ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,

                  GenerateKey(AuthorizationSetBuilder()

                                      .Authorization(TAG_NO_AUTH_REQUIRED)

security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl

+2 −1
Original line number Diff line number Diff line
@@ -96,7 +96,8 @@ import android.hardware.security.secureclock.TimeStampToken; 
 *

 * o   AES

 *

 *      - 128 and 256-bit keys

 *      - TRUSTED_ENVIRONMENT IKeyMintDevices must support 128, 192 and 256-bit keys.

 *        STRONGBOX IKeyMintDevices must only support 128 and 256-bit keys.

 *      - CBC, CTR, ECB and GCM modes.  The GCM mode must not allow the use of tags smaller than 96

 *        bits or nonce lengths other than 96 bits.

 *      - CBC and ECB modes must support unpadded and PKCS7 padding modes.  With no padding CBC and