Remove reference to DSA and rename KM_ALGORITHM_ECDSA.
Change-Id: Ibffddc5c3a5c728182f5ca7f6a76381413fc8645
diff --git a/ec_key.h b/ec_key.h
index 2ed789c..0d57e0d 100644
--- a/ec_key.h
+++ b/ec_key.h
@@ -44,7 +44,7 @@
class EcdsaKeyFactory : public EcKeyFactory {
public:
- virtual keymaster_algorithm_t registry_key() const { return KM_ALGORITHM_ECDSA; }
+ virtual keymaster_algorithm_t registry_key() const { return KM_ALGORITHM_EC; }
};
class EcdsaSignOperationFactory;
diff --git a/ecdsa_operation.cpp b/ecdsa_operation.cpp
index 607d7ad..e1397d6 100644
--- a/ecdsa_operation.cpp
+++ b/ecdsa_operation.cpp
@@ -27,7 +27,7 @@
class EcdsaSignOperationFactory : public OperationFactory {
public:
- virtual KeyType registry_key() const { return KeyType(KM_ALGORITHM_ECDSA, KM_PURPOSE_SIGN); }
+ virtual KeyType registry_key() const { return KeyType(KM_ALGORITHM_EC, KM_PURPOSE_SIGN); }
virtual Operation* CreateOperation(const Key& key, keymaster_error_t* error) {
const EcKey* ecdsa_key = static_cast<const EcKey*>(&key);
@@ -57,7 +57,7 @@
class EcdsaVerifyOperationFactory : public OperationFactory {
public:
- virtual KeyType registry_key() const { return KeyType(KM_ALGORITHM_ECDSA, KM_PURPOSE_VERIFY); }
+ virtual KeyType registry_key() const { return KeyType(KM_ALGORITHM_EC, KM_PURPOSE_VERIFY); }
virtual Operation* CreateOperation(const Key& key, keymaster_error_t* error) {
const EcKey* ecdsa_key = static_cast<const EcKey*>(&key);
diff --git a/google_keymaster_messages_test.cpp b/google_keymaster_messages_test.cpp
index a7c895d..0f93de9 100644
--- a/google_keymaster_messages_test.cpp
+++ b/google_keymaster_messages_test.cpp
@@ -90,13 +90,12 @@
TEST(RoundTrip, SupportedAlgorithmsResponse) {
for (int ver = 0; ver <= MAX_MESSAGE_VERSION; ++ver) {
SupportedAlgorithmsResponse rsp(ver);
- keymaster_algorithm_t algorithms[] = {KM_ALGORITHM_RSA, KM_ALGORITHM_DSA,
- KM_ALGORITHM_ECDSA};
+ keymaster_algorithm_t algorithms[] = {KM_ALGORITHM_RSA, KM_ALGORITHM_EC};
rsp.error = KM_ERROR_OK;
rsp.algorithms = dup_array(algorithms);
rsp.algorithms_length = array_length(algorithms);
- UniquePtr<SupportedAlgorithmsResponse> deserialized(round_trip(ver, rsp, 20));
+ UniquePtr<SupportedAlgorithmsResponse> deserialized(round_trip(ver, rsp, 16));
EXPECT_EQ(array_length(algorithms), deserialized->algorithms_length);
EXPECT_EQ(0, memcmp(deserialized->algorithms, algorithms, array_size(algorithms)));
}
diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index 70201d4..6afe243 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp
@@ -78,8 +78,7 @@
keymaster_algorithm_t* algorithms;
EXPECT_EQ(KM_ERROR_OK, device()->get_supported_algorithms(device(), &algorithms, &len));
EXPECT_TRUE(ResponseContains(
- {KM_ALGORITHM_RSA, KM_ALGORITHM_ECDSA, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms,
- len));
+ {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}, algorithms, len));
free(algorithms);
}
@@ -95,12 +94,8 @@
EXPECT_EQ(0U, len);
free(modes);
- EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM,
- device()->get_supported_block_modes(device(), KM_ALGORITHM_DSA, KM_PURPOSE_ENCRYPT,
- &modes, &len));
-
EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
- device()->get_supported_block_modes(device(), KM_ALGORITHM_ECDSA, KM_PURPOSE_ENCRYPT,
+ device()->get_supported_block_modes(device(), KM_ALGORITHM_EC, KM_PURPOSE_ENCRYPT,
&modes, &len));
EXPECT_EQ(KM_ERROR_OK, device()->get_supported_block_modes(device(), KM_ALGORITHM_AES,
@@ -127,11 +122,7 @@
EXPECT_TRUE(ResponseContains({KM_PAD_RSA_OAEP, KM_PAD_RSA_PKCS1_1_5_ENCRYPT}, modes, len));
free(modes);
- EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM,
- device()->get_supported_padding_modes(device(), KM_ALGORITHM_DSA, KM_PURPOSE_SIGN,
- &modes, &len));
-
- EXPECT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_ECDSA,
+ EXPECT_EQ(KM_ERROR_OK, device()->get_supported_padding_modes(device(), KM_ALGORITHM_EC,
KM_PURPOSE_SIGN, &modes, &len));
EXPECT_EQ(0U, len);
free(modes);
@@ -153,11 +144,7 @@
EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE, KM_DIGEST_SHA_2_256}, digests, len));
free(digests);
- EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM,
- device()->get_supported_digests(device(), KM_ALGORITHM_DSA, KM_PURPOSE_SIGN, &digests,
- &len));
-
- EXPECT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_ECDSA,
+ EXPECT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
KM_PURPOSE_SIGN, &digests, &len));
EXPECT_TRUE(ResponseContains({KM_DIGEST_NONE}, digests, len));
free(digests);
@@ -207,11 +194,8 @@
EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
free(formats);
- EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM,
- device()->get_supported_export_formats(device(), KM_ALGORITHM_DSA, &formats, &len));
-
EXPECT_EQ(KM_ERROR_OK,
- device()->get_supported_export_formats(device(), KM_ALGORITHM_ECDSA, &formats, &len));
+ device()->get_supported_export_formats(device(), KM_ALGORITHM_EC, &formats, &len));
EXPECT_TRUE(ResponseContains(KM_KEY_FORMAT_X509, formats, len));
free(formats);
@@ -288,7 +272,7 @@
CheckBaseParams();
// Check specified tags are all present in unenforced characteristics
- EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
+ EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_EC));
EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 224));
}
@@ -298,7 +282,7 @@
CheckBaseParams();
// Check specified tags are all present in unenforced characteristics
- EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
+ EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_EC));
// Now check that unspecified, defaulted tags are correct.
EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 224));
@@ -1130,7 +1114,7 @@
KM_KEY_FORMAT_PKCS8, pk8_key));
// Check values derived from the key.
- EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
+ EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_EC));
EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 256));
// And values provided by GoogleKeymaster
@@ -1151,7 +1135,7 @@
KM_KEY_FORMAT_PKCS8, pk8_key));
// Check values derived from the key.
- EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
+ EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_EC));
EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 256));
// And values provided by GoogleKeymaster
diff --git a/include/keymaster/authorization_set.h b/include/keymaster/authorization_set.h
index 28fb4e3..f78f769 100644
--- a/include/keymaster/authorization_set.h
+++ b/include/keymaster/authorization_set.h
@@ -438,7 +438,7 @@
}
inline AuthorizationSetBuilder& AuthorizationSetBuilder::EcdsaKey(uint32_t key_size) {
- Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA);
+ Authorization(TAG_ALGORITHM, KM_ALGORITHM_EC);
Authorization(TAG_KEY_SIZE, key_size);
return *this;
}
diff --git a/include/keymaster/keymaster_tags.h b/include/keymaster/keymaster_tags.h
index ea1f0ac..f3a7c21 100644
--- a/include/keymaster/keymaster_tags.h
+++ b/include/keymaster/keymaster_tags.h
@@ -159,9 +159,6 @@
DEFINE_KEYMASTER_TAG(KM_INT, TAG_CHUNK_LENGTH);
DEFINE_KEYMASTER_TAG(KM_BOOL, TAG_CALLER_NONCE);
DEFINE_KEYMASTER_TAG(KM_LONG, TAG_RSA_PUBLIC_EXPONENT);
-DEFINE_KEYMASTER_TAG(KM_BIGNUM, TAG_DSA_GENERATOR);
-DEFINE_KEYMASTER_TAG(KM_BIGNUM, TAG_DSA_P);
-DEFINE_KEYMASTER_TAG(KM_BIGNUM, TAG_DSA_Q);
DEFINE_KEYMASTER_TAG(KM_DATE, TAG_ACTIVE_DATETIME);
DEFINE_KEYMASTER_TAG(KM_DATE, TAG_ORIGINATION_EXPIRE_DATETIME);
DEFINE_KEYMASTER_TAG(KM_DATE, TAG_USAGE_EXPIRE_DATETIME);
diff --git a/keymaster_enforcement.cpp b/keymaster_enforcement.cpp
index 72f804a..2a14caa 100644
--- a/keymaster_enforcement.cpp
+++ b/keymaster_enforcement.cpp
@@ -132,9 +132,6 @@
/* Algorithm specific parameters not used for access control. */
case KM_TAG_RSA_PUBLIC_EXPONENT:
- case KM_TAG_DSA_GENERATOR:
- case KM_TAG_DSA_P:
- case KM_TAG_DSA_Q:
/* Informational tags. */
case KM_TAG_APPLICATION_DATA:
diff --git a/openssl_utils.cpp b/openssl_utils.cpp
index c8e9b79..4424a4d 100644
--- a/openssl_utils.cpp
+++ b/openssl_utils.cpp
@@ -30,7 +30,7 @@
switch (algorithm) {
case KM_ALGORITHM_RSA:
return EVP_PKEY_RSA;
- case KM_ALGORITHM_ECDSA:
+ case KM_ALGORITHM_EC:
return EVP_PKEY_EC;
default:
return -1;
diff --git a/soft_keymaster_device.cpp b/soft_keymaster_device.cpp
index b1e0161..a7073c8 100644
--- a/soft_keymaster_device.cpp
+++ b/soft_keymaster_device.cpp
@@ -184,7 +184,7 @@
}
case TYPE_EC: {
- req.key_description.push_back(TAG_ALGORITHM, KM_ALGORITHM_ECDSA);
+ req.key_description.push_back(TAG_ALGORITHM, KM_ALGORITHM_EC);
const keymaster_ec_keygen_params_t* ec_params =
static_cast<const keymaster_ec_keygen_params_t*>(key_params);
LOG_D("Generating ECDSA pair, key size: %u", ec_params->field_size);
@@ -904,15 +904,7 @@
!auth_set->push_back(TAG_PADDING, KM_PAD_NONE))
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
} break;
- case KM_ALGORITHM_DSA: {
- const keymaster_dsa_sign_params_t* dsa_params =
- reinterpret_cast<const keymaster_dsa_sign_params_t*>(signing_params);
- if (dsa_params->digest_type != DIGEST_NONE)
- return KM_ERROR_UNSUPPORTED_DIGEST;
- if (!auth_set->push_back(TAG_DIGEST, KM_DIGEST_NONE))
- return KM_ERROR_MEMORY_ALLOCATION_FAILED;
- } break;
- case KM_ALGORITHM_ECDSA: {
+ case KM_ALGORITHM_EC: {
const keymaster_ec_sign_params_t* ecdsa_params =
reinterpret_cast<const keymaster_ec_sign_params_t*>(signing_params);
if (ecdsa_params->digest_type != DIGEST_NONE)