Modify ECDSA to require specified digest. Bug: 19427294 Change-Id: Ia65bfd0152fa1ee46b981dc7718128dd33422743

commit: 84b8da52a242c42d9a6a8cc8f128fb4c8baa6f8f [log] [tgz]
author: Shawn Willden <swillden@google.com> Wed Mar 11 07:21:32 2015 -0600
committer: Shawn Willden <swillden@google.com> Tue Mar 17 16:51:44 2015 -0600
tree: b85a2fe2893cc1139a4ec40b72eb9b83e0dd42ee
parent: fdd6a6f5e60b8d0b513ffed84ca59b4b6ffef19c [diff] [blame]
diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index 2787b31..aaf7425 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp

@@ -524,7 +524,7 @@
 
     EXPECT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_ECDSA,
                                                            KM_PURPOSE_SIGN, &digests, &len));
-    EXPECT_EQ(0, len);
+    EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE}, digests, len));
     free(digests);
 
     EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
@@ -656,7 +656,8 @@
 }
 
 TEST_F(NewKeyGeneration, Ecdsa) {
-    ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224)));
+    ASSERT_EQ(KM_ERROR_OK,
+              GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224, KM_DIGEST_NONE)));
     CheckBaseParams();
 
     // Check specified tags are all present in unenforced characteristics
@@ -665,7 +666,8 @@
 }
 
 TEST_F(NewKeyGeneration, EcdsaDefaultSize) {
-    ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224)));
+    ASSERT_EQ(KM_ERROR_OK,
+              GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224, KM_DIGEST_NONE)));
     CheckBaseParams();
 
     // Check specified tags are all present in unenforced characteristics
@@ -677,13 +679,14 @@
 
 TEST_F(NewKeyGeneration, EcdsaInvalidSize) {
     ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
-              GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190)));
+              GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(190, KM_DIGEST_NONE)));
 }
 
 TEST_F(NewKeyGeneration, EcdsaAllValidSizes) {
     size_t valid_sizes[] = {224, 256, 384, 521};
     for (size_t size : valid_sizes) {
-        EXPECT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size)))
+        EXPECT_EQ(KM_ERROR_OK,
+                  GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(size, KM_DIGEST_NONE)))
             << "Failed to generate size: " << size;
     }
 }
@@ -774,7 +777,8 @@
 }
 
 TEST_F(SigningOperationsTest, EcdsaSuccess) {
-    ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224)));
+    ASSERT_EQ(KM_ERROR_OK,
+              GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224, KM_DIGEST_NONE)));
     string message = "123456789012345678901234567890123456789012345678";
     string signature;
     SignMessage(message, &signature);
@@ -1329,7 +1333,8 @@
 }
 
 TEST_F(VerificationOperationsTest, EcdsaSuccess) {
-    ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256)));
+    ASSERT_EQ(KM_ERROR_OK,
+              GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(256, KM_DIGEST_NONE)));
     string message = "123456789012345678901234567890123456789012345678";
     string signature;
     SignMessage(message, &signature);
@@ -1389,7 +1394,8 @@
 }
 
 TEST_F(ExportKeyTest, EcdsaSuccess) {
-    ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224)));
+    ASSERT_EQ(KM_ERROR_OK,
+              GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224, KM_DIGEST_NONE)));
     string export_data;
     ASSERT_EQ(KM_ERROR_OK, ExportKey(KM_KEY_FORMAT_X509, &export_data));
     EXPECT_GT(export_data.length(), 0);
@@ -1474,7 +1480,7 @@
     string pk8_key = read_file("ec_privkey_pk8.der");
     ASSERT_EQ(138U, pk8_key.size());
 
-    ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256),
+    ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256, KM_DIGEST_NONE),
                                      KM_KEY_FORMAT_PKCS8, pk8_key));
 
     // Check values derived from the key.
@@ -1495,7 +1501,7 @@
     string pk8_key = read_file("ec_privkey_pk8.der");
     ASSERT_EQ(138U, pk8_key.size());
 
-    ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256),
+    ASSERT_EQ(KM_ERROR_OK, ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(256, KM_DIGEST_NONE),
                                      KM_KEY_FORMAT_PKCS8, pk8_key));
 
     // Check values derived from the key.
@@ -1516,8 +1522,10 @@
     string pk8_key = read_file("ec_privkey_pk8.der");
     ASSERT_EQ(138U, pk8_key.size());
     ASSERT_EQ(KM_ERROR_IMPORT_PARAMETER_MISMATCH,
-              ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(224),  // Size does not match key
-                        KM_KEY_FORMAT_PKCS8, pk8_key));
+              ImportKey(AuthorizationSetBuilder().EcdsaSigningKey(
+                            224, KM_DIGEST_NONE),  // Size does not match key
+                        KM_KEY_FORMAT_PKCS8,
+                        pk8_key));
 }
 
 TEST_F(ImportKeyTest, AesKeySuccess) {
commit	84b8da52a242c42d9a6a8cc8f128fb4c8baa6f8f	[log] [tgz]
author	Shawn Willden <swillden@google.com>	Wed Mar 11 07:21:32 2015 -0600
committer	Shawn Willden <swillden@google.com>	Tue Mar 17 16:51:44 2015 -0600
tree	b85a2fe2893cc1139a4ec40b72eb9b83e0dd42ee
parent	fdd6a6f5e60b8d0b513ffed84ca59b4b6ffef19c [diff] [blame]