KeyMint: Test Ecdsa key generation without curve

Added new VTS EcdsaMissingCurve to test if EC_CURVE not specified while generating new EC Key, keyGeneration should fail. Bug: 225135360 Test: run vts -m VtsAidlKeyMintTargetTest Change-Id: I32bbba05ed5203690292f7150d14f9644c4be6df
2022-03-29 13:11:09 +00:00 · 2022-03-29 13:11:09 +00:00 · 60f8d4d5b2
commit 60f8d4d5b2
parent 96bfaeb66a
1 changed files with 23 additions and 0 deletions
--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp
@ -2442,6 +2442,29 @@ TEST_P(NewKeyGenerationTest, EcdsaInvalidCurve) {
                                  .SetDefaultValidity()));
 }

+/*
+ * NewKeyGenerationTest.EcdsaMissingCurve
+ *
+ * Verifies that EC key generation fails if EC_CURVE not specified after KeyMint V2.
+ */
+TEST_P(NewKeyGenerationTest, EcdsaMissingCurve) {
+    if (AidlVersion() < 2) {
+        /*
+         * The KeyMint V1 spec required that EC_CURVE be specified for EC keys.
+         * However, this was not checked at the time so we can only be strict about checking this
+         * for implementations of KeyMint version 2 and above.
+         */
+        GTEST_SKIP() << "Requiring EC_CURVE only strict since KeyMint v2";
+    }
+    /* If EC_CURVE not provided, generateKey
+     * must return ErrorCode::UNSUPPORTED_KEY_SIZE or ErrorCode::UNSUPPORTED_EC_CURVE.
+     */
+    auto result = GenerateKey(
+            AuthorizationSetBuilder().EcdsaKey(256).Digest(Digest::NONE).SetDefaultValidity());
+    ASSERT_TRUE(result == ErrorCode::UNSUPPORTED_KEY_SIZE ||
+                result == ErrorCode::UNSUPPORTED_EC_CURVE);
+}
+
 /*
 * NewKeyGenerationTest.EcdsaMismatchKeySize
 *