commit efbd7e432228cf1e65abb6d85dffa38ec03f7a26
author Shawn Willden <swillden@google.com> Mon Jun 01 07:07:33 2015 -0600
committer Shawn Willden <swillden@google.com> Mon Jun 01 08:05:52 2015 -0600
tree 7389ff2ebc3ab75effabf6e688a464a02a4ff3ba
parent 117a0cc2178ec1151562b8607182647bfb62517e

Add support for all digests for ECDSA.

Also, switch to useing the EVP API rather than the ECDSA API.

Bug: 21048758
Change-Id: I088b3332285ce2060cac5a7282ec42bea2fa5950

android_keymaster_test.cpp

diff --git a/android_keymaster_test.cpp b/android_keymaster_test.cpp
index 5a4cba7..698e426 100644
--- a/android_keymaster_test.cpp
+++ b/android_keymaster_test.cpp
@@ -188,7 +188,10 @@
 
     ASSERT_EQ(KM_ERROR_OK, device()->get_supported_digests(device(), KM_ALGORITHM_EC,
                                                            KM_PURPOSE_SIGN, &digests, &len));
-    EXPECT_TRUE(ResponseContains(KM_DIGEST_NONE, digests, len));
+    EXPECT_TRUE(
+        ResponseContains({KM_DIGEST_NONE, KM_DIGEST_MD5, KM_DIGEST_SHA1, KM_DIGEST_SHA_2_224,
+                          KM_DIGEST_SHA_2_256, KM_DIGEST_SHA_2_384, KM_DIGEST_SHA_2_512},
+                         digests, len));
     free(digests);
 
     EXPECT_EQ(KM_ERROR_UNSUPPORTED_PURPOSE,
@@ -620,6 +623,17 @@
         EXPECT_EQ(3, GetParam()->keymaster0_calls());
 }
 
+TEST_P(SigningOperationsTest, EcdsaSha256Success) {
+    ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder().EcdsaSigningKey(224).Digest(
+                               KM_DIGEST_SHA_2_256)));
+    string message(1024, 'a');
+    string signature;
+    SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
+
+    if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
+        EXPECT_EQ(3, GetParam()->keymaster0_calls());
+}
+
 TEST_P(SigningOperationsTest, AesEcbSign) {
     ASSERT_EQ(KM_ERROR_OK,
               GenerateKey(AuthorizationSetBuilder().AesEncryptionKey(128).Authorization(
@@ -1245,6 +1259,31 @@
         EXPECT_EQ(4, GetParam()->keymaster0_calls());
 }
 
+TEST_P(VerificationOperationsTest, EcdsaSha256Success) {
+    ASSERT_EQ(KM_ERROR_OK, GenerateKey(AuthorizationSetBuilder()
+                                           .EcdsaSigningKey(256)
+                                           .Digest(KM_DIGEST_SHA_2_256)
+                                           .Digest(KM_DIGEST_NONE)));
+    string message = "123456789012345678901234567890123456789012345678";
+    string signature;
+    SignMessage(message, &signature, KM_DIGEST_SHA_2_256);
+    VerifyMessage(message, signature, KM_DIGEST_SHA_2_256);
+
+    if (GetParam()->algorithm_in_hardware(KM_ALGORITHM_EC))
+        EXPECT_EQ(4, GetParam()->keymaster0_calls());
+
+    // Just for giggles, try verifying with the wrong digest.
+    AuthorizationSet begin_params(client_params());
+    begin_params.push_back(TAG_DIGEST, KM_DIGEST_NONE);
+    EXPECT_EQ(KM_ERROR_OK, BeginOperation(KM_PURPOSE_VERIFY, begin_params));
+
+    string result;
+    size_t input_consumed;
+    EXPECT_EQ(KM_ERROR_OK, UpdateOperation(message, &result, &input_consumed));
+    EXPECT_EQ(message.size(), input_consumed);
+    EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, FinishOperation(signature, &result));
+}
+
 TEST_P(VerificationOperationsTest, HmacSha1Success) {
     GenerateKey(AuthorizationSetBuilder().HmacKey(128).Digest(KM_DIGEST_SHA1));
     string message = "123456789012345678901234567890123456789012345678";