Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9b8d75ea authored by David Drysdale's avatar David Drysdale
Browse files

KeyMint: clarify EC_CURVE on import

Bug: 292318194
Test: VtsAidlKeyMintTargetTest
Change-Id: I4194b70f1da8816e19f231331c738050c2b7d59f
parent ee6590ef
Loading
Loading
Loading
Loading
+6 −0
Original line number Diff line number Diff line
@@ -379,6 +379,12 @@ interface IKeyMintDevice {
     *   validate it against the key material.  In the event of a mismatch, importKey must return
     *   ErrorCode::IMPORT_PARAMETER_MISMATCH.
     *
     * o Tag::EC_CURVE is not necessary in the input parameters for import of EC keys. If not
     *   provided the IKeyMintDevice must deduce the value from the provided key material and add
     *   the tag and value to the key characteristics.  If Tag::EC_CURVE is provided, the
     *   IKeyMintDevice must validate it against the key material.  In the event of a mismatch,
     *   importKey must return ErrorCode::IMPORT_PARAMETER_MISMATCH.
     *
     * o Tag::RSA_PUBLIC_EXPONENT (for RSA keys only) is not necessary in the input parameters.  If
     *   not provided, the IKeyMintDevice must deduce the value from the provided key material and
     *   add the tag and value to the key characteristics.  If Tag::RSA_PUBLIC_EXPONENT is provided,
+36 −0
Original line number Diff line number Diff line
@@ -4147,6 +4147,42 @@ TEST_P(ImportKeyTest, EcdsaSuccess) {
    LocalVerifyMessage(message, signature, params);
}

/*
 * ImportKeyTest.EcdsaSuccessCurveNotSpecified
 *
 * Verifies that importing and using an ECDSA P-256 key pair works correctly
 * when the EC_CURVE is not explicitly specified.
 */
TEST_P(ImportKeyTest, EcdsaSuccessCurveNotSpecified) {
    if (AidlVersion() < 4) {
        /*
         * The KeyMint spec before V4 was not clear as to whether EC_CURVE was optional on import of
         * EC keys. However, this was not checked at the time so we can only be strict about
         * checking this for implementations of KeyMint version 4 and above.
         */
        GTEST_SKIP() << "Skipping EC_CURVE on import only strict since KeyMint v4";
    }

    ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
                                               .Authorization(TAG_NO_AUTH_REQUIRED)
                                               .Authorization(TAG_ALGORITHM, Algorithm::EC)
                                               .SigningKey()
                                               .Digest(Digest::SHA_2_256)
                                               .SetDefaultValidity(),
                                       KeyFormat::PKCS8, ec_256_key));

    CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC);
    CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256);
    CheckCryptoParam(TAG_EC_CURVE, EcCurve::P_256);

    CheckOrigin();

    string message(32, 'a');
    auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256);
    string signature = SignMessage(message, params);
    LocalVerifyMessage(message, signature, params);
}

/*
 * ImportKeyTest.EcdsaP256RFC5915Success
 *