Restrict allowed RSA key sizes to 2048 as per strongbox HAL spec.
Also allow 1024 bit keys for this size is used by VTS tests a lot.
Change-Id: Id90a335502d091de9af58cdbe9c7a3f84d36b34a
diff --git a/src/keymaster-import-key-tests.cc b/src/keymaster-import-key-tests.cc
index 0392de7..83bc276 100644
--- a/src/keymaster-import-key-tests.cc
+++ b/src/keymaster-import-key-tests.cc
@@ -142,7 +142,7 @@
ImportKeyResponse response;
// Unsupported exponent
- initRSARequest(&request, Algorithm::RSA, 512, 2, 2,
+ initRSARequest(&request, Algorithm::RSA, 1024, 2, 2,
string(64, '\0'), string(64, '\0'));
ASSERT_NO_ERROR(service->ImportKey(request, &response), "");
@@ -155,7 +155,7 @@
ImportKeyResponse response;
// N does not match KEY_SIZE.
- initRSARequest(&request, Algorithm::RSA, 512, 3, 3,
+ initRSARequest(&request, Algorithm::RSA, 1024, 3, 3,
string(64, '\0'), string(63, '\0'));
ASSERT_NO_ERROR(service->ImportKey(request, &response), "");
EXPECT_EQ((ErrorCode)response.error_code(),
@@ -167,7 +167,7 @@
ImportKeyResponse response;
// D does not match KEY_SIZE.
- initRSARequest(&request, Algorithm::RSA, 512, 3, 3,
+ initRSARequest(&request, Algorithm::RSA, 1024, 3, 3,
string(63, '\0'), string(64, '\0'));
ASSERT_NO_ERROR(service->ImportKey(request, &response), "");
EXPECT_EQ((ErrorCode)response.error_code(),
@@ -179,7 +179,7 @@
ImportKeyResponse response;
// e does not match PUBLIC_EXPONENT tag.
- initRSARequest(&request, Algorithm::RSA, 512, 3, 2,
+ initRSARequest(&request, Algorithm::RSA, 1024, 3, 2,
string(64, '\0'), string(64, '\0'));
ASSERT_NO_ERROR(service->ImportKey(request, &response), "");
EXPECT_EQ((ErrorCode)response.error_code(),
diff --git a/src/test-data/test-keys/rsa.h b/src/test-data/test-keys/rsa.h
index 07965e7..80a163b 100644
--- a/src/test-data/test-keys/rsa.h
+++ b/src/test-data/test-keys/rsa.h
@@ -27,14 +27,8 @@
const uint8_t *n;
const size_t size;
} TEST_RSA_KEYS[] = {
- {3, RSA_3_512_D, RSA_3_512_N, sizeof(RSA_3_512_N)},
- {65537, RSA_512_D, RSA_512_N, sizeof(RSA_512_N)},
- {65537, RSA_768_D, RSA_768_N, sizeof(RSA_768_N)},
{65537, RSA_1024_D, RSA_1024_N, sizeof(RSA_1024_N)},
{65537, RSA_2048_D, RSA_2048_N, sizeof(RSA_2048_N)},
- {65537, RSA_3072_D, RSA_3072_N, sizeof(RSA_3072_N)},
- // TODO: update transport to accept larger messages.
- // {RSA_4096_D, RSA_4096_N, sizeof(RSA_4096_N)},
};