Loading keymaster/4.0/vts/functional/KeymasterHidlTest.cpp +4 −0 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ #include <android-base/logging.h> #include <android/hidl/manager/1.0/IServiceManager.h> #include <cutils/properties.h> #include <keymasterV4_0/key_param_output.h> #include <keymasterV4_0/keymaster_utils.h> Loading Loading @@ -685,6 +686,9 @@ std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) { case Algorithm::EC: return {224, 384, 521}; case Algorithm::AES: // The HAL language was clarified to exclude AES key sizes of 192 for StrongBox // instances on devices launched on API Level 31 and above. if (property_get_int32("ro.board.first_api_level", 0) < 31) return {}; return {192}; default: return {}; Loading security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl +2 −1 Original line number Diff line number Diff line Loading @@ -96,7 +96,8 @@ import android.hardware.security.secureclock.TimeStampToken; * * o AES * * - 128 and 256-bit keys * - TRUSTED_ENVIRONMENT IKeyMintDevices must support 128, 192 and 256-bit keys. * STRONGBOX IKeyMintDevices must only support 128 and 256-bit keys. * - CBC, CTR, ECB and GCM modes. The GCM mode must not allow the use of tags smaller than 96 * bits or nonce lengths other than 96 bits. * - CBC and ECB modes must support unpadded and PKCS7 padding modes. With no padding CBC and Loading Loading
keymaster/4.0/vts/functional/KeymasterHidlTest.cpp +4 −0 Original line number Diff line number Diff line Loading @@ -21,6 +21,7 @@ #include <android-base/logging.h> #include <android/hidl/manager/1.0/IServiceManager.h> #include <cutils/properties.h> #include <keymasterV4_0/key_param_output.h> #include <keymasterV4_0/keymaster_utils.h> Loading Loading @@ -685,6 +686,9 @@ std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) { case Algorithm::EC: return {224, 384, 521}; case Algorithm::AES: // The HAL language was clarified to exclude AES key sizes of 192 for StrongBox // instances on devices launched on API Level 31 and above. if (property_get_int32("ro.board.first_api_level", 0) < 31) return {}; return {192}; default: return {}; Loading
security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl +2 −1 Original line number Diff line number Diff line Loading @@ -96,7 +96,8 @@ import android.hardware.security.secureclock.TimeStampToken; * * o AES * * - 128 and 256-bit keys * - TRUSTED_ENVIRONMENT IKeyMintDevices must support 128, 192 and 256-bit keys. * STRONGBOX IKeyMintDevices must only support 128 and 256-bit keys. * - CBC, CTR, ECB and GCM modes. The GCM mode must not allow the use of tags smaller than 96 * bits or nonce lengths other than 96 bits. * - CBC and ECB modes must support unpadded and PKCS7 padding modes. With no padding CBC and Loading
