Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 2101e9e8215cce6da36d8d7382486737b68e8c93^! / . / android_keymaster_test.cpp
commit2101e9e8215cce6da36d8d7382486737b68e8c93[log] [tgz]
authorShawn Willden <swillden@google.com>Wed Jun 24 12:22:02 2015 -0700
committerShawn Willden <swillden@google.com>Wed Jun 24 15:14:25 2015 -0700
tree6659ab46406f8b24762d7d811bc7f63105a58d0e
parent0afa3c8a03fc817279bdf0f46abe3dc7a3fd53e1 [diff] [blame]
Handle ECDSA messages that may be a few bits longer than the key.

Also fix an RSA error message.

Bug: 22064177
Change-Id: If52b29a3e870e0318d9ecc0f124074a013cb491a

diff --git a/android_keymaster_test.cpp b/android_keymaster_test.cpp
index 9463a57..f7b37d3 100644
--- a/android_keymaster_test.cpp
+++ b/android_keymaster_test.cpp

@@ -1294,6 +1294,52 @@
         EXPECT_EQ(4, GetParam()->keymaster0_calls());
 }
 
+TEST_P(VerificationOperationsTest, EcdsaTooShort) {
+    ASSERT_EQ(KM_ERROR_OK,
+              GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
+    string message = "12345678901234567890";
+    string signature;
+    SignMessage(message, &signature, KM_DIGEST_NONE);
+    VerifyMessage(message, signature, KM_DIGEST_NONE);
+
+    if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
+        EXPECT_EQ(4, GetParam()->keymaster0_calls());
+}
+
+TEST_P(VerificationOperationsTest, EcdsaTooLong) {
+    ASSERT_EQ(KM_ERROR_OK,
+              GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256).Digest(KM_DIGEST_NONE)));
+    string message = "1234567890123456789012345678901234";
+    string signature;
+
+    AuthorizationSet begin_params(client_params());
+    begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
+    EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_SIGN, begin_params));
+    string output;
+    size_t input_consumed;
+    EXPECT_EQ(KM_ERROR_INVALID_INPUT_LENGTH, UpdateOperation(message, &output, &input_consumed));
+
+    if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
+        EXPECT_EQ(2, GetParam()->keymaster0_calls());
+}
+
+TEST_P(VerificationOperationsTest, EcdsaSlightlyTooLong) {
+    ASSERT_EQ(KM_ERROR_OK,
+              GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(521).Digest(KM_DIGEST_NONE)));
+
+    string message(66, 'a');
+    string signature;
+    SignMessage(message, &signature, KM_DIGEST_NONE);
+    VerifyMessage(message, signature, KM_DIGEST_NONE);
+
+    // Modifying low-order bits doesn't matter, because they didn't get signed.  Ugh.
+    message[65] ^= 7;
+    VerifyMessage(message, signature, KM_DIGEST_NONE);
+
+    if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
+        EXPECT_EQ(5, GetParam()->keymaster0_calls());
+}
+
 TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
     ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
                                            .EcdsaSigningKey(256)