Merge "Update Documentation for EPOCH_TIME." into sc-qpr1-dev

commit: 922f2b0bcab28f76f8352f327102516eefcbe022 [log] [tgz]
author: TreeHugger Robot <treehugger-gerrit@google.com> Fri Aug 20 19:29:27 2021 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> Fri Aug 20 19:29:27 2021 +0000
tree: 9f6aa73b8daa1b1c119f3bb503e83c5aef85e414
parent: a9ed99084fab5163cc75e6f597d144fbfd63b199 [diff]
parent: 52799bd05d53e287449d725be81ccd81dc50d6c4 [diff]
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index 476eed8..93fb19d 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp

@@ -940,7 +940,11 @@
  * UNSUPPORTED_KEY_SIZE.
  */
 TEST_P(NewKeyGenerationTest, AesInvalidKeySize) {
+    int32_t firstApiLevel = property_get_int32("ro.board.first_api_level", 0);
     for (auto key_size : InvalidKeySizes(Algorithm::AES)) {
+        if (key_size == 192 && SecLevel() == SecurityLevel::STRONGBOX && firstApiLevel < 31) {
+            continue;
+        }
         ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
                   GenerateKey(AuthorizationSetBuilder()
                                       .Authorization(TAG_NO_AUTH_REQUIRED)

diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
index 2241735..4e81e71 100644
--- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl

@@ -96,7 +96,8 @@
  *
  * o   AES
  *
- *      - 128 and 256-bit keys
+ *      - TRUSTED_ENVIRONMENT IKeyMintDevices must support 128, 192 and 256-bit keys.
+ *        STRONGBOX IKeyMintDevices must only support 128 and 256-bit keys.
  *      - CBC, CTR, ECB and GCM modes.  The GCM mode must not allow the use of tags smaller than 96
  *        bits or nonce lengths other than 96 bits.
  *      - CBC and ECB modes must support unpadded and PKCS7 padding modes.  With no padding CBC and

diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
index 5a87b83..22988c4 100644
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp

@@ -1837,12 +1837,13 @@
     if (SecLevel() == SecurityLevel::STRONGBOX) return;
 
     auto result = GenerateKey(AuthorizationSetBuilder()
+                                      .Authorization(TAG_ALGORITHM, Algorithm::EC)
                                       .Authorization(TAG_KEY_SIZE, 224)
                                       .Authorization(TAG_EC_CURVE, EcCurve::P_256)
+                                      .SigningKey()
                                       .Digest(Digest::NONE)
                                       .SetDefaultValidity());
-    ASSERT_TRUE(result == ErrorCode::INVALID_ARGUMENT ||
-                result == ErrorCode::UNSUPPORTED_ALGORITHM);
+    ASSERT_TRUE(result == ErrorCode::INVALID_ARGUMENT);
 }
 
 /*
commit	922f2b0bcab28f76f8352f327102516eefcbe022	[log] [tgz]
author	TreeHugger Robot <treehugger-gerrit@google.com>	Fri Aug 20 19:29:27 2021 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	Fri Aug 20 19:29:27 2021 +0000
tree	9f6aa73b8daa1b1c119f3bb503e83c5aef85e414
parent	a9ed99084fab5163cc75e6f597d144fbfd63b199 [diff]
parent	52799bd05d53e287449d725be81ccd81dc50d6c4 [diff]