diff options
| author | Shawn Willden <swillden@google.com> | 2015-07-16 11:42:48 -0600 |
|---|---|---|
| committer | Shawn Willden <swillden@google.com> | 2015-07-16 11:52:35 -0600 |
| commit | 9972a539acb4d17368ee607465d61b48acd71bde (patch) | |
| tree | 0d641f62085af14b902fc3d4d57919e232dfa7dd | |
| parent | 33ab0389e908b98702806c746e7babc0d46eb452 (diff) | |
| download | android_system_keymaster-9972a539acb4d17368ee607465d61b48acd71bde.tar.gz android_system_keymaster-9972a539acb4d17368ee607465d61b48acd71bde.tar.bz2 android_system_keymaster-9972a539acb4d17368ee607465d61b48acd71bde.zip | |
Report keymaster0 keys as hardware-backed, origin unknown.
Bug: 22511313
Change-Id: I699df8010e27a546b2186896890c0099bfb149ae
| -rw-r--r-- | android_keymaster_test.cpp | 18 | ||||
| -rw-r--r-- | ec_keymaster0_key.cpp | 6 | ||||
| -rw-r--r-- | rsa_keymaster0_key.cpp | 6 |
3 files changed, 21 insertions, 9 deletions
diff --git a/android_keymaster_test.cpp b/android_keymaster_test.cpp index 96fc8b2..3e9d125 100644 --- a/android_keymaster_test.cpp +++ b/android_keymaster_test.cpp @@ -325,7 +325,6 @@ class NewKeyGeneration : public Keymaster1Test { EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301)); // Now check that unspecified, defaulted tags are correct. - EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED)); EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME)); } }; @@ -1674,7 +1673,10 @@ TEST_P(ImportKeyTest, RsaSuccess) { TAG_RSA_PUBLIC_EXPONENT, 65537U)); // And values provided by AndroidKeymaster - EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); + if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA)) + EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN)); + else + EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME)); string message(1024 / 8, 'a'); @@ -1757,7 +1759,10 @@ TEST_P(ImportKeyTest, EcdsaSuccess) { TAG_KEY_SIZE, 256)); // And values provided by AndroidKeymaster - EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); + if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) + EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN)); + else + EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME)); string message(32, 'a'); @@ -1786,7 +1791,10 @@ TEST_P(ImportKeyTest, EcdsaSizeSpecified) { TAG_KEY_SIZE, 256)); // And values provided by AndroidKeymaster - EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); + if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) + EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN)); + else + EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED)); EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME)); string message(32, 'a'); @@ -1964,7 +1972,7 @@ TEST_P(EncryptionOperationsTest, RsaOaepInvalidDigest) { TEST_P(EncryptionOperationsTest, RsaOaepUnauthorizedDigest) { ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder() - .RsaEncryptionKey(512, 3) + .RsaEncryptionKey(512, 3) .Padding(KM_PAD_RSA_OAEP) .Digest(KM_DIGEST_SHA_2_256))); string message = "Hello World!"; diff --git a/ec_keymaster0_key.cpp b/ec_keymaster0_key.cpp index 08e4434..8cea462 100644 --- a/ec_keymaster0_key.cpp +++ b/ec_keymaster0_key.cpp @@ -58,8 +58,9 @@ keymaster_error_t EcdsaKeymaster0KeyFactory::GenerateKey(const AuthorizationSet& // context_->CreateKeyBlob doesn't put them in sw_enforced. hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_EC); hw_enforced->push_back(TAG_KEY_SIZE, key_size); + hw_enforced->push_back(TAG_ORIGIN, KM_ORIGIN_UNKNOWN); - return context_->CreateKeyBlob(key_description, KM_ORIGIN_GENERATED, key_material, key_blob, + return context_->CreateKeyBlob(key_description, KM_ORIGIN_UNKNOWN, key_material, key_blob, hw_enforced, sw_enforced); } @@ -89,8 +90,9 @@ keymaster_error_t EcdsaKeymaster0KeyFactory::ImportKey( // context_->CreateKeyBlob doesn't put them in sw_enforced. hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_EC); hw_enforced->push_back(TAG_KEY_SIZE, key_size); + hw_enforced->push_back(TAG_ORIGIN, KM_ORIGIN_UNKNOWN); - return context_->CreateKeyBlob(authorizations, KM_ORIGIN_IMPORTED, imported_hw_key, + return context_->CreateKeyBlob(authorizations, KM_ORIGIN_UNKNOWN, imported_hw_key, output_key_blob, hw_enforced, sw_enforced); } diff --git a/rsa_keymaster0_key.cpp b/rsa_keymaster0_key.cpp index f882f94..3afd024 100644 --- a/rsa_keymaster0_key.cpp +++ b/rsa_keymaster0_key.cpp @@ -67,8 +67,9 @@ keymaster_error_t RsaKeymaster0KeyFactory::GenerateKey(const AuthorizationSet& k hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA); hw_enforced->push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent); hw_enforced->push_back(TAG_KEY_SIZE, key_size); + hw_enforced->push_back(TAG_ORIGIN, KM_ORIGIN_UNKNOWN); - return context_->CreateKeyBlob(key_description, KM_ORIGIN_GENERATED, key_material, key_blob, + return context_->CreateKeyBlob(key_description, KM_ORIGIN_UNKNOWN, key_material, key_blob, hw_enforced, sw_enforced); } @@ -101,8 +102,9 @@ keymaster_error_t RsaKeymaster0KeyFactory::ImportKey( hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA); hw_enforced->push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent); hw_enforced->push_back(TAG_KEY_SIZE, key_size); + hw_enforced->push_back(TAG_ORIGIN, KM_ORIGIN_UNKNOWN); - return context_->CreateKeyBlob(authorizations, KM_ORIGIN_IMPORTED, imported_hw_key, + return context_->CreateKeyBlob(authorizations, KM_ORIGIN_UNKNOWN, imported_hw_key, output_key_blob, hw_enforced, sw_enforced); } |