diff options
author | Shawn Willden <swillden@google.com> | 2015-07-08 17:12:16 -0600 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2015-07-09 11:53:06 -0600 |
commit | 0d061c80d06f94291568e725f9eb649962a80352 (patch) | |
tree | a9c20e9ee93f7c09c5de6244f7b432614781505b /android_keymaster_test.cpp | |
parent | 12248fd3e82e61ca4be194caf6347152dacf219d (diff) | |
download | keymaster-0d061c80d06f94291568e725f9eb649962a80352.tar.gz |
Truncate too-long digests for keymaster 0 ECDSA sign operations
BoringSSL doesn't pre-truncate too-long digests before calling the ECDSA
sign operation via the ENGINE interface, and TrustyKeymaster is picky
about accepting them. This means that trying to sign a message with,
say, a 256-bit key and a 384-bit hash fails on Volantis.
This CL also corrects an error in get_supported_digests for ECDSA, which
was advertising support for MD5. BoringSSL doesn't support ECDSA with
MD5 and we're not offering it in the JCA API, so the solution is simply
not to advertise it and to return a better error code if it's requested
anyway.
Bug: 22355708
Change-Id: Iba2dad6953db7eda23951760b734f499a13c5191
Diffstat (limited to 'android_keymaster_test.cpp')
-rw-r--r-- | android_keymaster_test.cpp | 43 |
1 files changed, 35 insertions, 8 deletions
diff --git a/android_keymaster_test.cpp b/android_keymaster_test.cpp index cb120a6..2ee8147 100644 --- a/android_keymaster_test.cpp +++ b/android_keymaster_test.cpp @@ -46,6 +46,10 @@ namespace test { StdoutLogger logger; +template <typename T> vector<T> make_vector(const T* array, size_t len) { + return vector<T>(array, array + len); +} + class TestKeymasterEnforcement : public KeymasterEnforcement { public: TestKeymasterEnforcement() : KeymasterEnforcement(3, 3) {} @@ -221,10 +225,9 @@ TEST_P(CheckSupported, SupportedDigests) { ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC, KM_PURPOSE_SIGN, &digests, &len)); - EXPECT_TRUE( - ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224, - KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512}, - digests, len)); + EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224, + KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512}, + digests, len)); free(digests); EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE, @@ -717,6 +720,34 @@ TEST_P(SigningOperationsTest, EcdsaNoPaddingHugeData) { EXPECT_EQ(2, GetParam()->keymaster0_calls()); } +TEST_P(SigningOperationsTest, EcsdaAllSizesAndHashes) { + size_t len; + keymaster_digest_t* digest_arr; + ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC, + KM_PURPOSE_SIGN, &digest_arr, &len)); + vector<int> key_sizes = {224, 256, 384, 521}; + vector<keymaster_digest_t> digests = make_vector(digest_arr, len); + free(digest_arr); + + for (int key_size : key_sizes) { + for (keymaster_digest_t digest : digests) { + ASSERT_EQ( + KM_ERROR_OK, + GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(key_size).Digest(digest))); + + string message(1024, 'a'); + string signature; + if (digest == KM_DIGEST_NONE) + message.resize(key_size / 8); + SignMessage(message, &signature, digest); + } + } + + if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC)) + EXPECT_EQ(digests.size() * key_sizes.size() * 3, + static_cast<size_t>(GetParam()->keymaster0_calls())); +} + TEST_P(SigningOperationsTest, AesEcbSign) { ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization( @@ -1233,10 +1264,6 @@ TEST_P(VerificationOperationsTest, RsaPkcs1Sha256CorruptInput) { EXPECT_EQ(4, GetParam()->keymaster0_calls()); } -template <typename T> vector<T> make_vector(const T* array, size_t len) { - return vector<T>(array, array + len); -} - TEST_P(VerificationOperationsTest, RsaAllDigestAndPadCombinations) { // Get all supported digests and padding modes. size_t digests_len; |