commit 3ac35814df71dce203c9b3cc1a937b178f7dc9c7
author Shawn Willden <swillden@google.com> Tue Jul 28 18:54:18 2015 +0000
committer Android (Google) Code Review <android-gerrit@google.com> Tue Jul 28 18:54:18 2015 +0000
tree 420fc62dec64a31b6c1c9065c5a3c0d8820f7add
parent 0e0cea3bc8aea903a50c1ee18e9f3309e9f67515
parent 53488c665d57bf64ed7cf45b72599cff29c517c3

Merge "Use minimum 20 bytes salt for RSA PSS." into mnc-dev

android_keymaster_test.cpp

diff --git a/android_keymaster_test.cpp b/android_keymaster_test.cpp
index 9a76b1b..13ff796 100644
--- a/android_keymaster_test.cpp
+++ b/android_keymaster_test.cpp
@@ -325,6 +325,7 @@
         EXPECT_FALSE(contains(auths, TAG_AUTH_TIMEOUT, 301));
 
         // Now check that unspecified, defaulted tags are correct.
+        EXPECT_TRUE(contains(auths, TAG_ORIGIN, KM_ORIGIN_GENERATED));
         EXPECT_TRUE(contains(auths, KM_TAG_CREATION_DATETIME));
     }
 };
@@ -1673,10 +1674,7 @@
                          TAG_RSA_PUBLIC_EXPONENT, 65537U));
 
     // And values provided by AndroidKeymaster
-    if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_RSA))
-        EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN));
-    else
-        EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
+    EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
     EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
 
     string message(1024 / 8, 'a');
@@ -1759,10 +1757,7 @@
                  TAG_KEY_SIZE, 256));
 
     // And values provided by AndroidKeymaster
-    if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
-        EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN));
-    else
-        EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
+    EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
     EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
 
     string message(32, 'a');
@@ -1791,10 +1786,7 @@
                  TAG_KEY_SIZE, 256));
 
     // And values provided by AndroidKeymaster
-    if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
-        EXPECT_TRUE(contains(hw_enforced(), TAG_ORIGIN, KM_ORIGIN_UNKNOWN));
-    else
-        EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
+    EXPECT_TRUE(contains(sw_enforced(), TAG_ORIGIN, KM_ORIGIN_IMPORTED));
     EXPECT_TRUE(contains(sw_enforced(), KM_TAG_CREATION_DATETIME));
 
     string message(32, 'a');
@@ -1972,7 +1964,7 @@
 
 TEST_P(EncryptionOperationsTest, RsaOaepUnauthorizedDigest) {
     ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
-                                           .RsaEncryptionKey(512, 3)
+                                       .RsaEncryptionKey(512, 3)
                                            .Padding(KM_PAD_RSA_OAEP)
                                            .Digest(KM_DIGEST_SHA_2_256)));
     string message = "Hello World!";

ec_keymaster0_key.cpp

diff --git a/ec_keymaster0_key.cpp b/ec_keymaster0_key.cpp
index 8cea462..08e4434 100644
--- a/ec_keymaster0_key.cpp
+++ b/ec_keymaster0_key.cpp
@@ -58,9 +58,8 @@
     // context_->CreateKeyBlob doesn't put them in sw_enforced.
     hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_EC);
     hw_enforced->push_back(TAG_KEY_SIZE, key_size);
-    hw_enforced->push_back(TAG_ORIGIN, KM_ORIGIN_UNKNOWN);
 
-    return context_->CreateKeyBlob(key_description, KM_ORIGIN_UNKNOWN, key_material, key_blob,
+    return context_->CreateKeyBlob(key_description, KM_ORIGIN_GENERATED, key_material, key_blob,
                                    hw_enforced, sw_enforced);
 }
 
@@ -90,9 +89,8 @@
     // context_->CreateKeyBlob doesn't put them in sw_enforced.
     hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_EC);
     hw_enforced->push_back(TAG_KEY_SIZE, key_size);
-    hw_enforced->push_back(TAG_ORIGIN, KM_ORIGIN_UNKNOWN);
 
-    return context_->CreateKeyBlob(authorizations, KM_ORIGIN_UNKNOWN, imported_hw_key,
+    return context_->CreateKeyBlob(authorizations, KM_ORIGIN_IMPORTED, imported_hw_key,
                                    output_key_blob, hw_enforced, sw_enforced);
 }
 

rsa_keymaster0_key.cpp

diff --git a/rsa_keymaster0_key.cpp b/rsa_keymaster0_key.cpp
index 3afd024..f882f94 100644
--- a/rsa_keymaster0_key.cpp
+++ b/rsa_keymaster0_key.cpp
@@ -67,9 +67,8 @@
     hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
     hw_enforced->push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
     hw_enforced->push_back(TAG_KEY_SIZE, key_size);
-    hw_enforced->push_back(TAG_ORIGIN, KM_ORIGIN_UNKNOWN);
 
-    return context_->CreateKeyBlob(key_description, KM_ORIGIN_UNKNOWN, key_material, key_blob,
+    return context_->CreateKeyBlob(key_description, KM_ORIGIN_GENERATED, key_material, key_blob,
                                    hw_enforced, sw_enforced);
 }
 
@@ -102,9 +101,8 @@
     hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
     hw_enforced->push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
     hw_enforced->push_back(TAG_KEY_SIZE, key_size);
-    hw_enforced->push_back(TAG_ORIGIN, KM_ORIGIN_UNKNOWN);
 
-    return context_->CreateKeyBlob(authorizations, KM_ORIGIN_UNKNOWN, imported_hw_key,
+    return context_->CreateKeyBlob(authorizations, KM_ORIGIN_IMPORTED, imported_hw_key,
                                    output_key_blob, hw_enforced, sw_enforced);
 }