Snap for 9841731 from 9c8e9bb18552cc9508ab17d78f2e28920867d3b0 to udc-d1-release

Change-Id: I76831eeea688f9293c4a97f501681a0240bd1e91
author: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-03-29 02:56:36 +0000
committer: Android Build Coastguard Worker <android-build-coastguard-worker@google.com> 2023-03-29 02:56:36 +0000
commit: 63e19616ab7e2fcc7ba59ea1efc5964fe7f67c45 (patch)
tree: ce56f39d098bfd038773e3aeb900421814fba742
parent: f3f7ccc090c7aa96fa4c7540e1d451f23c3ac24f (diff)
parent: 9c8e9bb18552cc9508ab17d78f2e28920867d3b0 (diff)
download: wycheproof-63e19616ab7e2fcc7ba59ea1efc5964fe7f67c45.tar.gz
2 files changed, 30 insertions, 15 deletions
diff --git a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
index d174cbf..ea5d91b 100644
--- a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
+++ b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java
@@ -38,6 +38,7 @@ import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Date;
 import java.util.Enumeration;
+import java.util.List;
 import javax.crypto.spec.SecretKeySpec;
 import javax.security.auth.x500.X500Principal;
 
@@ -53,6 +54,9 @@ public class KeyStoreUtil {
     public static final int KM_VERSION_KEYMASTER_4_1 = 41;
     public static final int KM_VERSION_KEYMINT_1 = 100;
 
+    private static final List kmSupportedDigests = List.of("md5","sha-1","sha-224","sha-384",
+                                                        "sha-256","sha-512");
+
     public static KeyStore saveKeysToKeystore(String alias, PublicKey pubKey, PrivateKey privKey,
             KeyProtection keyProtection) throws Exception {
         KeyPair keyPair = new KeyPair(pubKey, privKey);
@@ -100,13 +104,26 @@ public class KeyStoreUtil {
         TestUtils.assumeStrongBox();
     }
 
-    public static boolean isStrongBoxSupportDigest(String digest) {
-        return digest.equalsIgnoreCase("sha-1")
-                || digest.equalsIgnoreCase("sha-256");
+    public static boolean isSupportedDigest(String digest, boolean isStrongBox) {
+        if (isStrongBox) {
+            return digest.equalsIgnoreCase("sha-256");
+        }
+        return kmSupportedDigests.contains(digest.toLowerCase());
+    }
+
+    public static boolean isSupportedMgfDigest(String digest, boolean isStrongBox) {
+        if (isStrongBox) {
+            return digest.equalsIgnoreCase("sha-1")
+                    || digest.equalsIgnoreCase("sha-256");
+        }
+        return kmSupportedDigests.contains(digest.toLowerCase());
     }
 
-    public static boolean isStrongBoxSupportKeySize(int keySize) {
-        return keySize == 2048;
+    public static boolean isSupportedRsaKeySize(int keySize, boolean isStrongBox) {
+        if (isStrongBox) {
+            return keySize == 2048;
+        }
+        return keySize == 2048 || keySize == 3072 || keySize == 4096;
     }
 
     public static X509Certificate createCertificate(
diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
index ed4987c..5eb47e5 100644
--- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
+++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java
@@ -176,10 +176,9 @@ public class RsaOaepTest {
     String digest = getString(object, "sha");
     String mgfDigest = getString(object, "mgfSha");
     int keysize = object.get("keysize").getAsInt();
-    if (isStrongBox
-            && (!KeyStoreUtil.isStrongBoxSupportDigest(digest)
-                || !KeyStoreUtil.isStrongBoxSupportDigest(mgfDigest)
-                || !KeyStoreUtil.isStrongBoxSupportKeySize(keysize))) {
+    if (!KeyStoreUtil.isSupportedDigest(digest, isStrongBox)
+          || !KeyStoreUtil.isSupportedMgfDigest(mgfDigest, isStrongBox)
+          || !KeyStoreUtil.isSupportedRsaKeySize(keysize, isStrongBox)) {
       throw new UnsupportedKeyParametersException();
     }
     return saveKeyPairToKeystoreAndReturnPrivateKey(pubKey, intermediateKey, digest, mgfDigest,
@@ -291,11 +290,10 @@ public class RsaOaepTest {
         key = getPrivateKey(group, isStrongBox);
       } catch (UnsupportedKeyParametersException e) {
         skippedKeys++;
-        if (isStrongBox) {
-          continue;
-        }
         if (!allowSkippingKeys) {
           throw e;
+        } else {
+          continue;
         }
       }
       String algorithm = getOaepAlgorithmName(group);
@@ -356,7 +354,7 @@ public class RsaOaepTest {
     assertEquals(0, errors);
     if (skippedKeys > 0) {
       Log.d(TAG, "RSAES-OAEP: file:" + filename + " skipped key:" + skippedKeys);
-      assertTrue(!allowSkippingKeys);
+      assertTrue(allowSkippingKeys);
     } else {
       assertEquals(numTests, cntTests);
     }
@@ -462,11 +460,11 @@ public class RsaOaepTest {
 
   @Test
   public void testRsaOaepMisc() throws Exception {
-    testOaep("rsa_oaep_misc_test.json", false);
+    testOaep("rsa_oaep_misc_test.json", true);
   }
   @Test
   public void testRsaOaepMisc_StrongBox() throws Exception {
-   testOaep("rsa_oaep_misc_test.json", false, true);
+    testOaep("rsa_oaep_misc_test.json", true, true);
   }
 }
author	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-03-29 02:56:36 +0000
committer	Android Build Coastguard Worker <android-build-coastguard-worker@google.com>	2023-03-29 02:56:36 +0000
commit	63e19616ab7e2fcc7ba59ea1efc5964fe7f67c45 (patch)
tree	ce56f39d098bfd038773e3aeb900421814fba742
parent	f3f7ccc090c7aa96fa4c7540e1d451f23c3ac24f (diff)
parent	9c8e9bb18552cc9508ab17d78f2e28920867d3b0 (diff)
download	wycheproof-63e19616ab7e2fcc7ba59ea1efc5964fe7f67c45.tar.gz