diff options
author | Prashant Patil <patilprashant@google.com> | 2022-12-15 13:27:44 +0000 |
---|---|---|
committer | Prashant Patil <patilprashant@google.com> | 2023-01-05 12:14:11 +0000 |
commit | c9c8b81a1a857418394a3585c2c13096391b766d (patch) | |
tree | 20f7947e5b55dd3b38284c65c9b83dcf1653f7df | |
parent | 0cbbf85345f22095673a4ce16afcb33bf9a2e9c5 (diff) | |
download | wycheproof-c9c8b81a1a857418394a3585c2c13096391b766d.tar.gz |
Keystore:Assumption for non default MGF digest.
Support for RSA-OAEP with MGF digest other than SHA1 is added from
KeyMint V1. For older versions this feature is expected to be added in
Software emulation (b/216436980). Until software emulation is
implemented for non-default MGF Digest, the test should be skipped.
Test cases which are using MGF digest other than SHA1 are
skipped by adding the assumption that the underlying Key{Master/Mint}
implementation is greater than or equal to KeyMint V1.
But there are few test vectors failing, which are already reported in
b/258005962 and b/258389371 and those are implementation
issues in KeyMaster and KeyMint of respective devices.
Bug: 262370514
Test: atest CtsKeystoreWycheproofTestCases:com.google.security.wycheproof.RsaOaepTest
Change-Id: I119651788ca1bb5d1a626db0238b4e3631cf8f79
-rw-r--r-- | keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java | 5 | ||||
-rw-r--r-- | keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java | 6 |
2 files changed, 11 insertions, 0 deletions
diff --git a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java index a6c186f..d174cbf 100644 --- a/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java +++ b/keystore-cts/java/android/keystore/cts/util/KeyStoreUtil.java @@ -15,6 +15,7 @@ package android.keystore.cts.util; import android.content.Context; import android.security.keystore.KeyProtection; +import android.keystore.cts.util.TestUtils; import androidx.test.core.app.ApplicationProvider; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo; @@ -86,6 +87,10 @@ public class KeyStoreUtil { } } + public static int getFeatureVersionKeystore() { + return TestUtils.getFeatureVersionKeystore(ApplicationProvider.getApplicationContext()); + } + public static boolean hasStrongBox() { Context context = ApplicationProvider.getApplicationContext(); return TestUtils.hasStrongBox(context); diff --git a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java index 39a3b0a..ed4987c 100644 --- a/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java +++ b/keystore-cts/java/com/google/security/wycheproof/testcases/RsaOaepTest.java @@ -15,6 +15,7 @@ package com.google.security.wycheproof; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; +import static org.junit.Assume.assumeTrue; import com.google.gson.JsonElement; import com.google.gson.JsonObject; @@ -196,6 +197,11 @@ public class RsaOaepTest { String sha = getString(group, "sha"); String mgf = getString(group, "mgf"); String mgfSha = getString(group, "mgfSha"); + // mgfDigest other than SHA-1 are supported from KeyMint V1 and above. + if (!mgfSha.equalsIgnoreCase("SHA-1")) { + assumeTrue("This test is valid for KeyMint version 1 and above.", + KeyStoreUtil.getFeatureVersionKeystore() >= KeyStoreUtil.KM_VERSION_KEYMINT_1); + } PSource p = PSource.PSpecified.DEFAULT; if (test.has("label") && !TextUtils.isEmpty(getString(test, "label"))) { // p = new PSource.PSpecified(getBytes(test, "label")); |