commit 8c856c8ce23d3570cc657c859f5cd55af38677a6
author Shawn Willden <swillden@google.com> Fri Sep 26 09:34:36 2014 -0600
committer Shawn Willden <swillden@google.com> Fri Sep 26 09:34:36 2014 -0600
tree 92085ee8e231eef9d237988827f0dea63b304ea1
parent 0c0f036774ea65d80412bede709141a321463797

Remove support for 192-bit ECDSA keys.

Change-Id: I5ddb952b9cd79f08f13dbb2a4fbf0c75b3a4fabd

ecdsa_key.cpp

diff --git a/ecdsa_key.cpp b/ecdsa_key.cpp
index 74713ab..ddf080b 100644
--- a/ecdsa_key.cpp
+++ b/ecdsa_key.cpp
@@ -113,9 +113,6 @@
 /* static */
 EC_GROUP* EcdsaKey::choose_group(size_t key_size_bits) {
     switch (key_size_bits) {
-    case 192:
-        return EC_GROUP_new_by_curve_name(NID_X9_62_prime192v1);
-        break;
     case 224:
         return EC_GROUP_new_by_curve_name(NID_secp224r1);
         break;
@@ -137,9 +134,6 @@
 /* static */
 keymaster_error_t EcdsaKey::get_group_size(const EC_GROUP& group, size_t* key_size_bits) {
     switch (EC_GROUP_get_curve_name(&group)) {
-    case NID_X9_62_prime192v1:
-        *key_size_bits = 192;
-        break;
     case NID_secp224r1:
         *key_size_bits = 224;
         break;

google_keymaster_test.cpp

diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index 55e9b0e..9bcdf9a 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp
@@ -344,14 +344,14 @@
 
 TEST_F(NewKeyGeneration, Ecdsa) {
     req_.key_description.push_back(Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
-    req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 192));
+    req_.key_description.push_back(Authorization(TAG_KEY_SIZE, 224));
     device.GenerateKey(req_, &rsp_);
 
     CheckBaseParams(rsp_);
 
     // Check specified tags are all present in unenforced characteristics
     EXPECT_TRUE(contains(rsp_.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
-    EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 192));
+    EXPECT_TRUE(contains(rsp_.unenforced, TAG_KEY_SIZE, 224));
 }
 
 TEST_F(NewKeyGeneration, EcdsaDefaultSize) {
@@ -375,7 +375,7 @@
 }
 
 TEST_F(NewKeyGeneration, EcdsaAllValidSizes) {
-    size_t valid_sizes[] = {192, 224, 256, 384, 521};
+    size_t valid_sizes[] = {224, 256, 384, 521};
     for (size_t size : valid_sizes) {
         req_.key_description.Reinitialize(key_generation_base_params,
                                           array_length(key_generation_base_params));
@@ -563,7 +563,7 @@
 }
 
 TEST_F(SigningOperationsTest, EcdsaSuccess) {
-    GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
+    GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 224 /* key size */);
 
     BeginOperationRequest begin_request;
     BeginOperationResponse begin_response;
@@ -780,7 +780,7 @@
 }
 
 TEST_F(VerificationOperationsTest, EcdsaSuccess) {
-    GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
+    GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 224 /* key size */);
     const char message[] = "123456789012345678901234567890123456789012345678";
     SignMessage(message, array_size(message) - 1);
     ASSERT_TRUE(signature() != NULL);
@@ -849,7 +849,7 @@
 }
 
 TEST_F(ExportKeyTest, EcdsaSuccess) {
-    GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 192 /* key size */);
+    GenerateKey(KM_ALGORITHM_ECDSA, KM_DIGEST_NONE, KM_PAD_NONE, 224 /* key size */);
 
     ExportKeyRequest request;
     ExportKeyResponse response;
@@ -1374,7 +1374,7 @@
         Authorization(TAG_USER_AUTH_ID, 8),
         Authorization(TAG_APPLICATION_ID, "app_id", 6),
         Authorization(TAG_AUTH_TIMEOUT, 300),
-        Authorization(TAG_KEY_SIZE, 192),
+        Authorization(TAG_KEY_SIZE, 224),
     };
 
     string pk8_key = read_file("ec_privkey_pk8.der");