diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-03-29 02:56:36 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-03-29 02:56:36 +0000 |
commit | 63e19616ab7e2fcc7ba59ea1efc5964fe7f67c45 (patch) | |
tree | ce56f39d098bfd038773e3aeb900421814fba742 | |
parent | f3f7ccc090c7aa96fa4c7540e1d451f23c3ac24f (diff) | |
parent | 9c8e9bb18552cc9508ab17d78f2e28920867d3b0 (diff) | |
download | wycheproof-63e19616ab7e2fcc7ba59ea1efc5964fe7f67c45.tar.gz |
Snap for 9841731 from 9c8e9bb18552cc9508ab17d78f2e28920867d3b0 to udc-d1-release
Change-Id: I76831eeea688f9293c4a97f501681a0240bd1e91
-rw-r--r-- | keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java | 27 | ||||
-rw-r--r-- | keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java | 18 |
2 files changed, 30 insertions, 15 deletions
diff --git a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java index d174cbf..ea5d91b 100644 --- a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java +++ b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java @@ -38,6 +38,7 @@ import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Date; import java.util.Enumeration; +import java.util.List; import javax.crypto.spec.SecretKeySpec; import javax.security.auth.x500.X500Principal; @@ -53,6 +54,9 @@ public class KeyStoreUtil { public static final int KM_VERSION_KEYMASTER_4_1 = 41; public static final int KM_VERSION_KEYMINT_1 = 100; + private static final List kmSupportedDigests = List.of("md5","sha-1","sha-224","sha-384", + "sha-256","sha-512"); + public static KeyStore saveKeysToKeystore(String alias, PublicKey pubKey, PrivateKey privKey, KeyProtection keyProtection) throws Exception { KeyPair keyPair = new KeyPair(pubKey, privKey); @@ -100,13 +104,26 @@ public class KeyStoreUtil { TestUtils.assumeStrongBox(); } - public static boolean isStrongBoxSupportDigest(String digest) { - return digest.equalsIgnoreCase("sha-1") - || digest.equalsIgnoreCase("sha-256"); + public static boolean isSupportedDigest(String digest, boolean isStrongBox) { + if (isStrongBox) { + return digest.equalsIgnoreCase("sha-256"); + } + return kmSupportedDigests.contains(digest.toLowerCase()); + } + + public static boolean isSupportedMgfDigest(String digest, boolean isStrongBox) { + if (isStrongBox) { + return digest.equalsIgnoreCase("sha-1") + || digest.equalsIgnoreCase("sha-256"); + } + return kmSupportedDigests.contains(digest.toLowerCase()); } - public static boolean isStrongBoxSupportKeySize(int keySize) { - return keySize == 2048; + public static boolean isSupportedRsaKeySize(int keySize, boolean isStrongBox) { + if (isStrongBox) { + return keySize == 2048; + } + return keySize == 2048 || keySize == 3072 || keySize == 4096; } public static X509Certificate createCertificate( diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java index ed4987c..5eb47e5 100644 --- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java +++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java @@ -176,10 +176,9 @@ public class RsaOaepTest { String digest = getString(object, "sha"); String mgfDigest = getString(object, "mgfSha"); int keysize = object.get("keysize").getAsInt(); - if (isStrongBox - && (!KeyStoreUtil.isStrongBoxSupportDigest(digest) - || !KeyStoreUtil.isStrongBoxSupportDigest(mgfDigest) - || !KeyStoreUtil.isStrongBoxSupportKeySize(keysize))) { + if (!KeyStoreUtil.isSupportedDigest(digest, isStrongBox) + || !KeyStoreUtil.isSupportedMgfDigest(mgfDigest, isStrongBox) + || !KeyStoreUtil.isSupportedRsaKeySize(keysize, isStrongBox)) { throw new UnsupportedKeyParametersException(); } return saveKeyPairToKeystoreAndReturnPrivateKey(pubKey, intermediateKey, digest, mgfDigest, @@ -291,11 +290,10 @@ public class RsaOaepTest { key = getPrivateKey(group, isStrongBox); } catch (UnsupportedKeyParametersException e) { skippedKeys++; - if (isStrongBox) { - continue; - } if (!allowSkippingKeys) { throw e; + } else { + continue; } } String algorithm = getOaepAlgorithmName(group); @@ -356,7 +354,7 @@ public class RsaOaepTest { assertEquals(0, errors); if (skippedKeys > 0) { Log.d(TAG, "RSAES-OAEP: file:" + filename + " skipped key:" + skippedKeys); - assertTrue(!allowSkippingKeys); + assertTrue(allowSkippingKeys); } else { assertEquals(numTests, cntTests); } @@ -462,11 +460,11 @@ public class RsaOaepTest { @Test public void testRsaOaepMisc() throws Exception { - testOaep("rsa_oaep_misc_test.json", false); + testOaep("rsa_oaep_misc_test.json", true); } @Test public void testRsaOaepMisc_StrongBox() throws Exception { - testOaep("rsa_oaep_misc_test.json", false, true); + testOaep("rsa_oaep_misc_test.json", true, true); } } |