Merge changes I32ad8ad2,I86047955

* changes: KeyMint VTS: symmetric import test with bad keylen KeyMint HAL: restore getKeyCharacteristics() docs
2026-02-01 11:36:00 +00:00 · 2021-05-06 05:26:31 +00:00
parent aef2a7562e c9bc2f742d
commit 6d454d5f28
2 changed files with 57 additions and 15 deletions
--- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
+++ b/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl
@@ -505,10 +505,10 @@ enum Tag {

    /**
     * Tag::APPLICATION_ID.  When provided to generateKey or importKey, this tag specifies data
-     * that is necessary during all uses of the key.  In particular, calls to exportKey() must
-     * provide the same value to the clientId parameter, and calls to begin() must provide this
-     * tag and the same associated data as part of the inParams set.  If the correct data is not
-     * provided, the method must return ErrorCode::INVALID_KEY_BLOB.
+     * that is necessary during all uses of the key.  In particular, calls to exportKey() and
+     * getKeyCharacteristics() must provide the same value to the clientId parameter, and calls to
+     * begin() must provide this tag and the same associated data as part of the inParams set.  If
+     * the correct data is not provided, the method must return ErrorCode::INVALID_KEY_BLOB.
     *
     * The content of this tag must be bound to the key cryptographically, meaning it must not be
     * possible for an adversary who has access to all of the secure world secrets but does not have
@@ -573,8 +573,8 @@ enum Tag {
     * Tag::OS_VERSION specifies the system OS version with which the key may be used.  This tag is
     * never sent to the IKeyMintDevice, but is added to the hardware-enforced authorization list
     * by the TA.  Any attempt to use a key with a Tag::OS_VERSION value different from the
-     * currently-running OS version must cause begin() or exportKey() to return
-     * ErrorCode::KEY_REQUIRES_UPGRADE.  See upgradeKey() for details.
+     * currently-running OS version must cause begin(), getKeyCharacteristics() or exportKey() to
+     * return ErrorCode::KEY_REQUIRES_UPGRADE.  See upgradeKey() for details.
     *
     * The value of the tag is an integer of the form MMmmss, where MM is the major version number,
     * mm is the minor version number, and ss is the sub-minor version number.  For example, for a
@@ -596,8 +596,9 @@ enum Tag {
     * Tag::OS_PATCHLEVEL specifies the system security patch level with which the key may be used.
     * This tag is never sent to the keyMint TA, but is added to the hardware-enforced
     * authorization list by the TA.  Any attempt to use a key with a Tag::OS_PATCHLEVEL value
-     * different from the currently-running system patchlevel must cause begin() or
-     * exportKey() to return ErrorCode::KEY_REQUIRES_UPGRADE.  See upgradeKey() for details.
+     * different from the currently-running system patchlevel must cause begin(),
+     * getKeyCharacteristics() or exportKey() to return ErrorCode::KEY_REQUIRES_UPGRADE.  See
+     * upgradeKey() for details.
     *
     * The value of the tag is an integer of the form YYYYMM, where YYYY is the four-digit year of
     * the last update and MM is the two-digit month of the last update.  For example, for a key
@@ -789,8 +790,9 @@ enum Tag {
     * Tag::VENDOR_PATCHLEVEL specifies the vendor image security patch level with which the key may
     * be used.  This tag is never sent to the keyMint TA, but is added to the hardware-enforced
     * authorization list by the TA.  Any attempt to use a key with a Tag::VENDOR_PATCHLEVEL value
-     * different from the currently-running system patchlevel must cause begin() or
-     * exportKey() to return ErrorCode::KEY_REQUIRES_UPGRADE.  See upgradeKey() for details.
+     * different from the currently-running system patchlevel must cause begin(),
+     * getKeyCharacteristics() or exportKey() to return ErrorCode::KEY_REQUIRES_UPGRADE.  See
+     * upgradeKey() for details.
     *
     * The value of the tag is an integer of the form YYYYMMDD, where YYYY is the four-digit year of
     * the last update, MM is the two-digit month and DD is the two-digit day of the last
@@ -811,8 +813,8 @@ enum Tag {
     * key may be used.  This tag is never sent to the keyMint TA, but is added to the
     * hardware-enforced authorization list by the TA.  Any attempt to use a key with a
     * Tag::BOOT_PATCHLEVEL value different from the currently-running system patchlevel must
-     * cause begin() or exportKey() to return ErrorCode::KEY_REQUIRES_UPGRADE.  See upgradeKey() for
-     * details.
+     * cause begin(), getKeyCharacteristics() or exportKey() to return
+     * ErrorCode::KEY_REQUIRES_UPGRADE.  See upgradeKey() for details.
     *
     * The value of the tag is an integer of the form YYYYMMDD, where YYYY is the four-digit year of
     * the last update, MM is the two-digit month and DD is the two-digit day of the last
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@@ -654,7 +654,8 @@ TEST_P(NewKeyGenerationTest, AesInvalidPadding) {
                    }
                    auto result = Begin(KeyPurpose::ENCRYPT, params);
                    EXPECT_TRUE(result == ErrorCode::INCOMPATIBLE_PADDING_MODE ||
-                                result == ErrorCode::INVALID_KEY_BLOB);
+                                result == ErrorCode::INVALID_KEY_BLOB)
+                            << "unexpected result: " << result;
                } else {
                    // The KeyMint implementation detected that the generated key
                    // is unusable.
@@ -3263,6 +3264,7 @@ TEST_P(ImportKeyTest, AesFailure) {
    string key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
    uint32_t bitlen = key.size() * 8;
    for (uint32_t key_size : {bitlen - 1, bitlen + 1, bitlen - 8, bitlen + 8}) {
+        // Explicit key size doesn't match that of the provided key.
        auto result = ImportKey(AuthorizationSetBuilder()
                                    .Authorization(TAG_NO_AUTH_REQUIRED)
                                    .AesEncryptionKey(key_size)
@@ -3270,8 +3272,27 @@ TEST_P(ImportKeyTest, AesFailure) {
                                    .Padding(PaddingMode::PKCS7),
                                KeyFormat::RAW, key);
        ASSERT_TRUE(result == ErrorCode::IMPORT_PARAMETER_MISMATCH ||
-                    result == ErrorCode::UNSUPPORTED_KEY_SIZE);
+                    result == ErrorCode::UNSUPPORTED_KEY_SIZE)
+                << "unexpected result: " << result;
    }
+
+    // Explicit key size matches that of the provided key, but it's not a valid size.
+    string long_key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+    ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .AesEncryptionKey(long_key.size() * 8)
+                                .EcbMode()
+                                .Padding(PaddingMode::PKCS7),
+                        KeyFormat::RAW, long_key));
+    string short_key = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+    ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .AesEncryptionKey(short_key.size() * 8)
+                                .EcbMode()
+                                .Padding(PaddingMode::PKCS7),
+                        KeyFormat::RAW, short_key));
 }

 /*
@@ -3310,6 +3331,7 @@ TEST_P(ImportKeyTest, TripleDesFailure) {
    string key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
    uint32_t bitlen = key.size() * 8;
    for (uint32_t key_size : {bitlen - 1, bitlen + 1, bitlen - 8, bitlen + 8}) {
+        // Explicit key size doesn't match that of the provided key.
        auto result = ImportKey(AuthorizationSetBuilder()
                                    .Authorization(TAG_NO_AUTH_REQUIRED)
                                    .TripleDesEncryptionKey(key_size)
@@ -3317,8 +3339,26 @@ TEST_P(ImportKeyTest, TripleDesFailure) {
                                    .Padding(PaddingMode::PKCS7),
                                KeyFormat::RAW, key);
        ASSERT_TRUE(result == ErrorCode::IMPORT_PARAMETER_MISMATCH ||
-                    result == ErrorCode::UNSUPPORTED_KEY_SIZE);
+                    result == ErrorCode::UNSUPPORTED_KEY_SIZE)
+                << "unexpected result: " << result;
    }
+    // Explicit key size matches that of the provided key, but it's not a valid size.
+    string long_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
+    ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .TripleDesEncryptionKey(long_key.size() * 8)
+                                .EcbMode()
+                                .Padding(PaddingMode::PKCS7),
+                        KeyFormat::RAW, long_key));
+    string short_key = hex2str("a49d7564199e97cb529d2c9d97bf2f98d35edf57ba1f7358");
+    ASSERT_EQ(ErrorCode::UNSUPPORTED_KEY_SIZE,
+              ImportKey(AuthorizationSetBuilder()
+                                .Authorization(TAG_NO_AUTH_REQUIRED)
+                                .TripleDesEncryptionKey(short_key.size() * 8)
+                                .EcbMode()
+                                .Padding(PaddingMode::PKCS7),
+                        KeyFormat::RAW, short_key));
 }

 /*