Google Git
Sign in
android / platform / external / nos / test / system-test-harness / dc21695^! / .
commitdc21695ea7950dbb2962c4f8944353ae1d2f9cc6[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Fri Jun 08 13:02:31 2018 -0700
committerJanis Danisevskis <jdanis@google.com>Fri Jun 08 13:02:31 2018 -0700
treedf0f9384dce578a405884fd4852aa7b03f04dd59
parentf2f5f9def7dd7dcdb6b25f07541f525abb63a417 [diff]
Restrict allowed RSA key sizes to 2048 as per strongbox HAL spec.

Also allow 1024 bit keys for this size is used by VTS tests a lot.

Change-Id: Id90a335502d091de9af58cdbe9c7a3f84d36b34a

diff --git a/src/keymaster-import-key-tests.cc b/src/keymaster-import-key-tests.cc
index 0392de7..83bc276 100644
--- a/src/keymaster-import-key-tests.cc
+++ b/src/keymaster-import-key-tests.cc

@@ -142,7 +142,7 @@
   ImportKeyResponse response;
 
   // Unsupported exponent
-  initRSARequest(&request, Algorithm::RSA, 512, 2, 2,
+  initRSARequest(&request, Algorithm::RSA, 1024, 2, 2,
                  string(64, '\0'), string(64, '\0'));
 
   ASSERT_NO_ERROR(service->ImportKey(request, &response), "");
@@ -155,7 +155,7 @@
   ImportKeyResponse response;
 
   // N does not match KEY_SIZE.
-  initRSARequest(&request, Algorithm::RSA, 512, 3, 3,
+  initRSARequest(&request, Algorithm::RSA, 1024, 3, 3,
                  string(64, '\0'), string(63, '\0'));
   ASSERT_NO_ERROR(service->ImportKey(request, &response), "");
   EXPECT_EQ((ErrorCode)response.error_code(),
@@ -167,7 +167,7 @@
   ImportKeyResponse response;
 
   // D does not match KEY_SIZE.
-  initRSARequest(&request, Algorithm::RSA, 512, 3, 3,
+  initRSARequest(&request, Algorithm::RSA, 1024, 3, 3,
                  string(63, '\0'), string(64, '\0'));
   ASSERT_NO_ERROR(service->ImportKey(request, &response), "");
   EXPECT_EQ((ErrorCode)response.error_code(),
@@ -179,7 +179,7 @@
   ImportKeyResponse response;
 
   // e does not match PUBLIC_EXPONENT tag.
-  initRSARequest(&request, Algorithm::RSA, 512, 3, 2,
+  initRSARequest(&request, Algorithm::RSA, 1024, 3, 2,
                  string(64, '\0'), string(64, '\0'));
   ASSERT_NO_ERROR(service->ImportKey(request, &response), "");
   EXPECT_EQ((ErrorCode)response.error_code(),

diff --git a/src/test-data/test-keys/rsa.h b/src/test-data/test-keys/rsa.h
index 07965e7..80a163b 100644
--- a/src/test-data/test-keys/rsa.h
+++ b/src/test-data/test-keys/rsa.h

@@ -27,14 +27,8 @@
   const uint8_t *n;
   const size_t size;
 } TEST_RSA_KEYS[] = {
-  {3,     RSA_3_512_D, RSA_3_512_N, sizeof(RSA_3_512_N)},
-  {65537, RSA_512_D,   RSA_512_N,   sizeof(RSA_512_N)},
-  {65537, RSA_768_D,   RSA_768_N,   sizeof(RSA_768_N)},
   {65537, RSA_1024_D,  RSA_1024_N,  sizeof(RSA_1024_N)},
   {65537, RSA_2048_D,  RSA_2048_N,  sizeof(RSA_2048_N)},
-  {65537, RSA_3072_D,  RSA_3072_N,  sizeof(RSA_3072_N)},
-  // TODO: update transport to accept larger messages.
-  //  {RSA_4096_D, RSA_4096_N, sizeof(RSA_4096_N)},
 };