Loading security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl +6 −0 Original line number Diff line number Diff line Loading @@ -379,6 +379,12 @@ interface IKeyMintDevice { * validate it against the key material. In the event of a mismatch, importKey must return * ErrorCode::IMPORT_PARAMETER_MISMATCH. * * o Tag::EC_CURVE is not necessary in the input parameters for import of EC keys. If not * provided the IKeyMintDevice must deduce the value from the provided key material and add * the tag and value to the key characteristics. If Tag::EC_CURVE is provided, the * IKeyMintDevice must validate it against the key material. In the event of a mismatch, * importKey must return ErrorCode::IMPORT_PARAMETER_MISMATCH. * * o Tag::RSA_PUBLIC_EXPONENT (for RSA keys only) is not necessary in the input parameters. If * not provided, the IKeyMintDevice must deduce the value from the provided key material and * add the tag and value to the key characteristics. If Tag::RSA_PUBLIC_EXPONENT is provided, Loading security/keymint/aidl/vts/functional/KeyMintTest.cpp +36 −0 Original line number Diff line number Diff line Loading @@ -4147,6 +4147,42 @@ TEST_P(ImportKeyTest, EcdsaSuccess) { LocalVerifyMessage(message, signature, params); } /* * ImportKeyTest.EcdsaSuccessCurveNotSpecified * * Verifies that importing and using an ECDSA P-256 key pair works correctly * when the EC_CURVE is not explicitly specified. */ TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) { if (AidlVersion() < 4) { /* * The KeyMint spec before V4 was not clear as to whether EC_CURVE was optional on import of * EC keys. However, this was not checked at the time so we can only be strict about * checking this for implementations of KeyMint version 4 and above. */ GTEST_SKIP() << "Skipping EC_CURVE on import only strict since KeyMint v4"; } ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .Authorization(TAG_ALGORITHM, Algorithm::EC) .SigningKey() .Digest(Digest::SHA_2_256) .SetDefaultValidity(), KeyFormat::PKCS8, ec_256_key)); CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC); CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256); CheckCryptoParam(TAG_EC_CURVE, EcCurve::P_256); CheckOrigin(); string message(32, 'a'); auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256); string signature = SignMessage(message, params); LocalVerifyMessage(message, signature, params); } /* * ImportKeyTest.EcdsaP256RFC5915Success * Loading Loading
security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl +6 −0 Original line number Diff line number Diff line Loading @@ -379,6 +379,12 @@ interface IKeyMintDevice { * validate it against the key material. In the event of a mismatch, importKey must return * ErrorCode::IMPORT_PARAMETER_MISMATCH. * * o Tag::EC_CURVE is not necessary in the input parameters for import of EC keys. If not * provided the IKeyMintDevice must deduce the value from the provided key material and add * the tag and value to the key characteristics. If Tag::EC_CURVE is provided, the * IKeyMintDevice must validate it against the key material. In the event of a mismatch, * importKey must return ErrorCode::IMPORT_PARAMETER_MISMATCH. * * o Tag::RSA_PUBLIC_EXPONENT (for RSA keys only) is not necessary in the input parameters. If * not provided, the IKeyMintDevice must deduce the value from the provided key material and * add the tag and value to the key characteristics. If Tag::RSA_PUBLIC_EXPONENT is provided, Loading
security/keymint/aidl/vts/functional/KeyMintTest.cpp +36 −0 Original line number Diff line number Diff line Loading @@ -4147,6 +4147,42 @@ TEST_P(ImportKeyTest, EcdsaSuccess) { LocalVerifyMessage(message, signature, params); } /* * ImportKeyTest.EcdsaSuccessCurveNotSpecified * * Verifies that importing and using an ECDSA P-256 key pair works correctly * when the EC_CURVE is not explicitly specified. */ TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) { if (AidlVersion() < 4) { /* * The KeyMint spec before V4 was not clear as to whether EC_CURVE was optional on import of * EC keys. However, this was not checked at the time so we can only be strict about * checking this for implementations of KeyMint version 4 and above. */ GTEST_SKIP() << "Skipping EC_CURVE on import only strict since KeyMint v4"; } ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder() .Authorization(TAG_NO_AUTH_REQUIRED) .Authorization(TAG_ALGORITHM, Algorithm::EC) .SigningKey() .Digest(Digest::SHA_2_256) .SetDefaultValidity(), KeyFormat::PKCS8, ec_256_key)); CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC); CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256); CheckCryptoParam(TAG_EC_CURVE, EcCurve::P_256); CheckOrigin(); string message(32, 'a'); auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256); string signature = SignMessage(message, params); LocalVerifyMessage(message, signature, params); } /* * ImportKeyTest.EcdsaP256RFC5915Success * Loading
