Test importing EC P-256 keys with multiple encodings

Test importing of an Elliptic Curve P-256 key, encoded using the RFC5915 specification (which requires the curve OID in key in addition to the wrapper) and the same key encoded using SEC1 (which allows omitting the OID if it's known from the wrapper). Test: atest VtsHalKeymasterV4_0TargetTest ImportKeyTest Bug: 124437839 Bug: 127799174 Bug: 129398850 Change-Id: I5f5df86e55a758ed739403d830baa5c7308813a3 Merged-In: I5f5df86e55a758ed739403d830baa5c7308813a3
2019-03-07 16:16:24 +00:00 · 2019-03-07 16:16:24 +00:00 · 04a7045117
commit 04a7045117
parent 22fe9b3c90
1 changed files with 64 additions and 0 deletions
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@ -172,6 +172,20 @@ string ec_521_key = hex2str(
    "E78E70BEFE930DB34818EE4D5C26259F5C6B8E28A652950F9F88D7B4B2C9"
    "D9");
 string ec_256_key_rfc5915 =
        hex2str("308193020100301306072a8648ce3d020106082a8648ce3d030107047930"
                "770201010420782370a8c8ce5537baadd04dcff079c8158cfa9c67b818b3"
                "8e8d21c9fa750c1da00a06082a8648ce3d030107a14403420004e2cc561e"
                "e701da0ad0ef0d176bb0c919d42e79c393fdc1bd6c4010d85cf2cf8e68c9"
                "05464666f98dad4f01573ba81078b3428570a439ba3229fbc026c550682f");
 string ec_256_key_sec1 =
        hex2str("308187020100301306072a8648ce3d020106082a8648ce3d030107046d30"
                "6b0201010420782370a8c8ce5537baadd04dcff079c8158cfa9c67b818b3"
                "8e8d21c9fa750c1da14403420004e2cc561ee701da0ad0ef0d176bb0c919"
                "d42e79c393fdc1bd6c4010d85cf2cf8e68c905464666f98dad4f01573ba8"
                "1078b3428570a439ba3229fbc026c550682f");
 struct RSA_Delete {
    void operator()(RSA* p) { RSA_free(p); }
 };
@ -1749,6 +1763,56 @@ TEST_F(ImportKeyTest, EcdsaSuccess) {
    VerifyMessage(message, signature, params);
 }
 /*
 * ImportKeyTest.EcdsaP256RFC5915Success
 *
 * Verifies that importing and using an ECDSA P-256 key pair encoded using RFC5915 works correctly.
 */
 TEST_F(ImportKeyTest, EcdsaP256RFC5915Success) {
    ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
                                               .Authorization(TAG_NO_AUTH_REQUIRED)
                                               .EcdsaSigningKey(256)
                                               .Digest(Digest::SHA_2_256),
                                       KeyFormat::PKCS8, ec_256_key_rfc5915));
    CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC);
    CheckCryptoParam(TAG_KEY_SIZE, 256U);
    CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256);
    CheckCryptoParam(TAG_EC_CURVE, EcCurve::P_256);
    CheckOrigin();
    string message(32, 'a');
    auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256);
    string signature = SignMessage(message, params);
    VerifyMessage(message, signature, params);
 }
 /*
 * ImportKeyTest.EcdsaP256SEC1Success
 *
 * Verifies that importing and using an ECDSA P-256 key pair encoded using SEC1 works correctly.
 */
 TEST_F(ImportKeyTest, EcdsaP256SEC1Success) {
    ASSERT_EQ(ErrorCode::OK, ImportKey(AuthorizationSetBuilder()
                                               .Authorization(TAG_NO_AUTH_REQUIRED)
                                               .EcdsaSigningKey(256)
                                               .Digest(Digest::SHA_2_256),
                                       KeyFormat::PKCS8, ec_256_key_sec1));
    CheckCryptoParam(TAG_ALGORITHM, Algorithm::EC);
    CheckCryptoParam(TAG_KEY_SIZE, 256U);
    CheckCryptoParam(TAG_DIGEST, Digest::SHA_2_256);
    CheckCryptoParam(TAG_EC_CURVE, EcCurve::P_256);
    CheckOrigin();
    string message(32, 'a');
    auto params = AuthorizationSetBuilder().Digest(Digest::SHA_2_256);
    string signature = SignMessage(message, params);
    VerifyMessage(message, signature, params);
 }
 /*
 * ImportKeyTest.Ecdsa521Success
 *