diff options
author | Prashant Patil <patilprashant@google.com> | 2023-03-28 16:51:48 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-03-28 16:51:48 +0000 |
commit | ac8bb6845ab51aacdd2cea66569c2439917c1c91 (patch) | |
tree | ce56f39d098bfd038773e3aeb900421814fba742 | |
parent | 3ca01dba855cc0123015c395d40512362cadec2f (diff) | |
parent | 260247461c73c2de935beb3dd426b0951497516d (diff) | |
download | wycheproof-ac8bb6845ab51aacdd2cea66569c2439917c1c91.tar.gz |
Keystore:Filter out unexpected RSA key parameters am: 51d61afa63 am: 260247461c
Original change: https://android-review.googlesource.com/c/platform/external/wycheproof/+/2450522
Change-Id: Iff7ec61daaeca6205a6a7524955d6f436871db2e
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java | 27 | ||||
-rw-r--r-- | keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java | 18 |
2 files changed, 30 insertions, 15 deletions
diff --git a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java index d174cbf..ea5d91b 100644 --- a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java +++ b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java @@ -38,6 +38,7 @@ import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.Date; import java.util.Enumeration; +import java.util.List; import javax.crypto.spec.SecretKeySpec; import javax.security.auth.x500.X500Principal; @@ -53,6 +54,9 @@ public class KeyStoreUtil { public static final int KM_VERSION_KEYMASTER_4_1 = 41; public static final int KM_VERSION_KEYMINT_1 = 100; + private static final List kmSupportedDigests = List.of("md5","sha-1","sha-224","sha-384", + "sha-256","sha-512"); + public static KeyStore saveKeysToKeystore(String alias, PublicKey pubKey, PrivateKey privKey, KeyProtection keyProtection) throws Exception { KeyPair keyPair = new KeyPair(pubKey, privKey); @@ -100,13 +104,26 @@ public class KeyStoreUtil { TestUtils.assumeStrongBox(); } - public static boolean isStrongBoxSupportDigest(String digest) { - return digest.equalsIgnoreCase("sha-1") - || digest.equalsIgnoreCase("sha-256"); + public static boolean isSupportedDigest(String digest, boolean isStrongBox) { + if (isStrongBox) { + return digest.equalsIgnoreCase("sha-256"); + } + return kmSupportedDigests.contains(digest.toLowerCase()); + } + + public static boolean isSupportedMgfDigest(String digest, boolean isStrongBox) { + if (isStrongBox) { + return digest.equalsIgnoreCase("sha-1") + || digest.equalsIgnoreCase("sha-256"); + } + return kmSupportedDigests.contains(digest.toLowerCase()); } - public static boolean isStrongBoxSupportKeySize(int keySize) { - return keySize == 2048; + public static boolean isSupportedRsaKeySize(int keySize, boolean isStrongBox) { + if (isStrongBox) { + return keySize == 2048; + } + return keySize == 2048 || keySize == 3072 || keySize == 4096; } public static X509Certificate createCertificate( diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java index ed4987c..5eb47e5 100644 --- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java +++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java @@ -176,10 +176,9 @@ public class RsaOaepTest { String digest = getString(object, "sha"); String mgfDigest = getString(object, "mgfSha"); int keysize = object.get("keysize").getAsInt(); - if (isStrongBox - && (!KeyStoreUtil.isStrongBoxSupportDigest(digest) - || !KeyStoreUtil.isStrongBoxSupportDigest(mgfDigest) - || !KeyStoreUtil.isStrongBoxSupportKeySize(keysize))) { + if (!KeyStoreUtil.isSupportedDigest(digest, isStrongBox) + || !KeyStoreUtil.isSupportedMgfDigest(mgfDigest, isStrongBox) + || !KeyStoreUtil.isSupportedRsaKeySize(keysize, isStrongBox)) { throw new UnsupportedKeyParametersException(); } return saveKeyPairToKeystoreAndReturnPrivateKey(pubKey, intermediateKey, digest, mgfDigest, @@ -291,11 +290,10 @@ public class RsaOaepTest { key = getPrivateKey(group, isStrongBox); } catch (UnsupportedKeyParametersException e) { skippedKeys++; - if (isStrongBox) { - continue; - } if (!allowSkippingKeys) { throw e; + } else { + continue; } } String algorithm = getOaepAlgorithmName(group); @@ -356,7 +354,7 @@ public class RsaOaepTest { assertEquals(0, errors); if (skippedKeys > 0) { Log.d(TAG, "RSAES-OAEP: file:" + filename + " skipped key:" + skippedKeys); - assertTrue(!allowSkippingKeys); + assertTrue(allowSkippingKeys); } else { assertEquals(numTests, cntTests); } @@ -462,11 +460,11 @@ public class RsaOaepTest { @Test public void testRsaOaepMisc() throws Exception { - testOaep("rsa_oaep_misc_test.json", false); + testOaep("rsa_oaep_misc_test.json", true); } @Test public void testRsaOaepMisc_StrongBox() throws Exception { - testOaep("rsa_oaep_misc_test.json", false, true); + testOaep("rsa_oaep_misc_test.json", true, true); } } |