Add ECDSA key generation.
Change-Id: I68a1d46e617124a8ccb7a4b2c09baae89603a5e0
diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index 1772c0d..ccd2c17 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp
@@ -101,9 +101,10 @@
SupportedResponse<keymaster_algorithm_t> response;
device.SupportedAlgorithms(&response);
EXPECT_EQ(KM_ERROR_OK, response.error);
- EXPECT_EQ(2U, response.results_length);
+ EXPECT_EQ(3U, response.results_length);
EXPECT_EQ(KM_ALGORITHM_RSA, response.results[0]);
EXPECT_EQ(KM_ALGORITHM_DSA, response.results[1]);
+ EXPECT_EQ(KM_ALGORITHM_ECDSA, response.results[2]);
}
TEST_F(CheckSupported, SupportedBlockModes) {
@@ -119,6 +120,10 @@
EXPECT_EQ(KM_ERROR_OK, response.error);
EXPECT_EQ(0U, response.results_length);
+ device.SupportedBlockModes(KM_ALGORITHM_ECDSA, &response);
+ EXPECT_EQ(KM_ERROR_OK, response.error);
+ EXPECT_EQ(0U, response.results_length);
+
device.SupportedBlockModes(KM_ALGORITHM_AES, &response);
EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
}
@@ -138,6 +143,11 @@
EXPECT_EQ(1U, response.results_length);
EXPECT_EQ(KM_PAD_NONE, response.results[0]);
+ device.SupportedPaddingModes(KM_ALGORITHM_ECDSA, &response);
+ EXPECT_EQ(KM_ERROR_OK, response.error);
+ EXPECT_EQ(1U, response.results_length);
+ EXPECT_EQ(KM_PAD_NONE, response.results[0]);
+
device.SupportedPaddingModes(KM_ALGORITHM_AES, &response);
EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
}
@@ -157,6 +167,11 @@
EXPECT_EQ(1U, response.results_length);
EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
+ device.SupportedDigests(KM_ALGORITHM_ECDSA, &response);
+ EXPECT_EQ(KM_ERROR_OK, response.error);
+ EXPECT_EQ(1U, response.results_length);
+ EXPECT_EQ(KM_DIGEST_NONE, response.results[0]);
+
device.SupportedDigests(KM_ALGORITHM_AES, &response);
EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
}
@@ -176,6 +191,11 @@
EXPECT_EQ(1U, response.results_length);
EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
+ device.SupportedImportFormats(KM_ALGORITHM_ECDSA, &response);
+ EXPECT_EQ(KM_ERROR_OK, response.error);
+ EXPECT_EQ(1U, response.results_length);
+ EXPECT_EQ(KM_KEY_FORMAT_PKCS8, response.results[0]);
+
device.SupportedImportFormats(KM_ALGORITHM_AES, &response);
EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
}
@@ -195,6 +215,11 @@
EXPECT_EQ(1U, response.results_length);
EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
+ device.SupportedExportFormats(KM_ALGORITHM_ECDSA, &response);
+ EXPECT_EQ(KM_ERROR_OK, response.error);
+ EXPECT_EQ(1U, response.results_length);
+ EXPECT_EQ(KM_KEY_FORMAT_X509, response.results[0]);
+
device.SupportedExportFormats(KM_ALGORITHM_AES, &response);
EXPECT_EQ(KM_ERROR_UNSUPPORTED_ALGORITHM, response.error);
}
@@ -310,6 +335,56 @@
EXPECT_EQ(20U, q.data_length);
}
+TEST_F(NewKeyGeneration, Ecdsa) {
+ keymaster_key_param_t params[] = {
+ Authorization(TAG_PURPOSE, KM_PURPOSE_SIGN),
+ Authorization(TAG_PURPOSE, KM_PURPOSE_VERIFY),
+ Authorization(TAG_ALGORITHM, KM_ALGORITHM_ECDSA),
+ Authorization(TAG_KEY_SIZE, 256),
+ Authorization(TAG_USER_ID, 7),
+ Authorization(TAG_USER_AUTH_ID, 8),
+ Authorization(TAG_APPLICATION_ID, "app_id", 6),
+ Authorization(TAG_APPLICATION_DATA, "app_data", 8),
+ Authorization(TAG_AUTH_TIMEOUT, 300),
+ };
+ GenerateKeyRequest req;
+ req.key_description.Reinitialize(params, array_length(params));
+ GenerateKeyResponse rsp;
+
+ device.GenerateKey(req, &rsp);
+
+ ASSERT_EQ(KM_ERROR_OK, rsp.error);
+ EXPECT_EQ(0U, rsp.enforced.size());
+ EXPECT_EQ(12U, rsp.enforced.SerializedSize());
+ EXPECT_GT(rsp.unenforced.SerializedSize(), 12U);
+
+ // Check specified tags are all present in unenforced characteristics
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_SIGN));
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_VERIFY));
+
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_ALGORITHM, KM_ALGORITHM_ECDSA));
+
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_ID, 7));
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_USER_AUTH_ID, 8));
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_KEY_SIZE, 256));
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 300));
+
+ // Verify that App ID, App data and ROT are NOT included.
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_ROOT_OF_TRUST));
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_ID));
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_APPLICATION_DATA));
+
+ // Just for giggles, check that some unexpected tags/values are NOT present.
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_PURPOSE, KM_PURPOSE_DECRYPT));
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_AUTH_TIMEOUT, 301));
+ EXPECT_FALSE(contains(rsp.unenforced, TAG_RESCOPE_AUTH_TIMEOUT));
+
+ // Now check that unspecified, defaulted tags are correct.
+ EXPECT_TRUE(contains(rsp.unenforced, TAG_ORIGIN, KM_ORIGIN_SOFTWARE));
+ EXPECT_TRUE(contains(rsp.unenforced, KM_TAG_CREATION_DATETIME));
+}
+
typedef KeymasterTest GetKeyCharacteristics;
TEST_F(GetKeyCharacteristics, SimpleRsa) {
keymaster_key_param_t params[] = {