Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit df09e54e authored by David Drysdale's avatar David Drysdale
Browse files

KeyMint VTS: require curve for ECDSA keys 

The KeyMint AIDL spec requires that "Tag::EC_CURVE must be provided to
generate an ECDSA key". Move the VTS tests to always create ECDSA keys
by curve not key size.

Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Change-Id: I33036387c243b21ab0ecd49221b7e7757598913e
parent 37af4b36

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

+6 −13
Original line number Diff line number Diff line
@@ -1022,16 +1022,7 @@ vector<uint32_t> KeyMintAidlTestBase::ValidKeySizes(Algorithm algorithm) { 
            }

            break;

        case Algorithm::EC:

            switch (SecLevel()) {

                case SecurityLevel::SOFTWARE:

                case SecurityLevel::TRUSTED_ENVIRONMENT:

                    return {224, 256, 384, 521};

                case SecurityLevel::STRONGBOX:

                    return {256};

                default:

                    ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel());

                    break;

            }

            ADD_FAILURE() << "EC keys must be specified by curve not size";

            break;

        case Algorithm::AES:

            return {128, 256};
@@ -1147,9 +1138,11 @@ vector<EcCurve> KeyMintAidlTestBase::ValidCurves() { 
}



vector<EcCurve> KeyMintAidlTestBase::InvalidCurves() {

    if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};

    CHECK(SecLevel() == SecurityLevel::STRONGBOX);

    if (SecLevel() == SecurityLevel::STRONGBOX) {

        return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};

    } else {

        return {};

    }

}



vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) {

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h

+1 −1
Original line number Diff line number Diff line
@@ -255,7 +255,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { 
        /* ECDSA */

        KeyData ecdsaKeyData;

        AuthorizationSetBuilder ecdsaBuilder = AuthorizationSetBuilder()

                                                       .EcdsaSigningKey(256)

                                                       .EcdsaSigningKey(EcCurve::P_256)

                                                       .Authorization(tagToTest)

                                                       .Digest(Digest::SHA_2_256)

                                                       .Authorization(TAG_NO_AUTH_REQUIRED)

security/keymint/aidl/vts/functional/KeyMintTest.cpp

+45 −109

File changed.

Preview size limit exceeded, changes collapsed.