Merge "AesInvalidKeySize skip 192 on SB devices" into sc-dev am: f24a66f42a
Original change: https://googleplex-android-review.googlesource.com/c/platform/hardware/interfaces/+/15502083 Change-Id: Iffc28e67c8339d7547b637e099aecc3e1f075e4a
This commit is contained in:
commit
0cf1bf28c9
2 changed files with 6 additions and 1 deletions
|
@ -21,6 +21,7 @@
|
|||
|
||||
#include <android-base/logging.h>
|
||||
#include <android/hidl/manager/1.0/IServiceManager.h>
|
||||
#include <cutils/properties.h>
|
||||
|
||||
#include <keymasterV4_0/key_param_output.h>
|
||||
#include <keymasterV4_0/keymaster_utils.h>
|
||||
|
@ -685,6 +686,9 @@ std::vector<uint32_t> KeymasterHidlTest::InvalidKeySizes(Algorithm algorithm) {
|
|||
case Algorithm::EC:
|
||||
return {224, 384, 521};
|
||||
case Algorithm::AES:
|
||||
// The HAL language was clarified to exclude AES key sizes of 192 for StrongBox
|
||||
// instances on devices launched on API Level 31 and above.
|
||||
if (property_get_int32("ro.board.first_api_level", 0) < 31) return {};
|
||||
return {192};
|
||||
default:
|
||||
return {};
|
||||
|
|
|
@ -96,7 +96,8 @@ import android.hardware.security.secureclock.TimeStampToken;
|
|||
*
|
||||
* o AES
|
||||
*
|
||||
* - 128 and 256-bit keys
|
||||
* - TRUSTED_ENVIRONMENT IKeyMintDevices must support 128, 192 and 256-bit keys.
|
||||
* STRONGBOX IKeyMintDevices must only support 128 and 256-bit keys.
|
||||
* - CBC, CTR, ECB and GCM modes. The GCM mode must not allow the use of tags smaller than 96
|
||||
* bits or nonce lengths other than 96 bits.
|
||||
* - CBC and ECB modes must support unpadded and PKCS7 padding modes. With no padding CBC and
|
||||
|
|
Loading…
Reference in a new issue