From 60f8d4d5b268d86210e3c8c63a9838f43eda5aff Mon Sep 17 00:00:00 2001 From: Prashant Patil Date: Tue, 29 Mar 2022 13:11:09 +0000 Subject: [PATCH] KeyMint: Test Ecdsa key generation without curve Added new VTS EcdsaMissingCurve to test if EC_CURVE not specified while generating new EC Key, keyGeneration should fail. Bug: 225135360 Test: run vts -m VtsAidlKeyMintTargetTest Change-Id: I32bbba05ed5203690292f7150d14f9644c4be6df --- .../aidl/vts/functional/KeyMintTest.cpp | 23 +++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp index d8502e43cc..f5239edf0e 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp @@ -2442,6 +2442,29 @@ TEST_P(NewKeyGenerationTest, EcdsaInvalidCurve) { .SetDefaultValidity())); } +/* + * NewKeyGenerationTest.EcdsaMissingCurve + * + * Verifies that EC key generation fails if EC_CURVE not specified after KeyMint V2. + */ +TEST_P(NewKeyGenerationTest, EcdsaMissingCurve) { + if (AidlVersion() < 2) { + /* + * The KeyMint V1 spec required that EC_CURVE be specified for EC keys. + * However, this was not checked at the time so we can only be strict about checking this + * for implementations of KeyMint version 2 and above. + */ + GTEST_SKIP() << "Requiring EC_CURVE only strict since KeyMint v2"; + } + /* If EC_CURVE not provided, generateKey + * must return ErrorCode::UNSUPPORTED_KEY_SIZE or ErrorCode::UNSUPPORTED_EC_CURVE. + */ + auto result = GenerateKey( + AuthorizationSetBuilder().EcdsaKey(256).Digest(Digest::NONE).SetDefaultValidity()); + ASSERT_TRUE(result == ErrorCode::UNSUPPORTED_KEY_SIZE || + result == ErrorCode::UNSUPPORTED_EC_CURVE); +} + /* * NewKeyGenerationTest.EcdsaMismatchKeySize *