Commit | Line | Data |
---|---|---|
cd9434cc T |
1 | /* |
2 | * Copyright (c) 2015 TRUSTONIC LIMITED | |
3 | * All rights reserved. | |
4 | * | |
5 | * Redistribution and use in source and binary forms, with or without | |
6 | * modification, are permitted provided that the following conditions are met: | |
7 | * | |
8 | * 1. Redistributions of source code must retain the above copyright notice, | |
9 | * this list of conditions and the following disclaimer. | |
10 | * | |
11 | * 2. Redistributions in binary form must reproduce the above copyright | |
12 | * notice, this list of conditions and the following disclaimer in the | |
13 | * documentation and/or other materials provided with the distribution. | |
14 | * | |
15 | * 3. Neither the name of the TRUSTONIC LIMITED nor the names of its | |
16 | * contributors may be used to endorse or promote products derived from | |
17 | * this software without specific prior written permission. | |
18 | * | |
19 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS | |
20 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED | |
21 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | |
22 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR | |
23 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | |
24 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | |
25 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; | |
26 | * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, | |
27 | * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR | |
28 | * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF | |
29 | * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
30 | */ | |
31 | ||
32 | #define __STDC_FORMAT_MACROS | |
33 | #include <inttypes.h> | |
34 | ||
35 | #include <hardware/keymaster1.h> | |
36 | ||
37 | #include "test_km_ec.h" | |
38 | #include "test_km_util.h" | |
39 | ||
40 | #include <assert.h> | |
41 | ||
42 | #undef LOG_ANDROID | |
43 | #undef LOG_TAG | |
44 | #define LOG_TAG "TlcTeeKeyMasterTest" | |
45 | #include "log.h" | |
46 | ||
47 | static keymaster_error_t test_km_ec_sign_verify( | |
48 | keymaster1_device_t *device, | |
49 | keymaster_key_blob_t *key_blob, | |
50 | uint32_t keylen, | |
51 | keymaster_digest_t digest) | |
52 | { | |
53 | keymaster_error_t res = KM_ERROR_OK; | |
54 | keymaster_key_param_t key_param[2]; | |
55 | keymaster_key_param_set_t paramset = {key_param, 0}; | |
56 | keymaster_operation_handle_t handle; | |
57 | uint8_t message[1000]; | |
58 | keymaster_blob_t messageblob = {0, 0}; | |
59 | keymaster_blob_t sig_output = {0, 0}; | |
60 | size_t message_consumed = 0; | |
61 | ||
62 | /* populate message */ | |
63 | memset(message, 25, sizeof(message)); | |
64 | ||
65 | key_param[0].tag = KM_TAG_ALGORITHM; | |
66 | key_param[0].enumerated = KM_ALGORITHM_EC; | |
67 | key_param[1].tag = KM_TAG_DIGEST; | |
68 | key_param[1].enumerated = digest; | |
69 | paramset.length = 2; | |
70 | CHECK_RESULT_OK(device->begin(device, | |
71 | KM_PURPOSE_SIGN, | |
72 | key_blob, | |
73 | ¶mset, | |
74 | NULL, // no out_params | |
75 | &handle)); | |
76 | ||
77 | messageblob.data = &message[0]; | |
78 | messageblob.data_length = 630; | |
79 | CHECK_RESULT_OK(device->update(device, | |
80 | handle, | |
81 | NULL, // no params | |
82 | &messageblob, // first part of message | |
83 | &message_consumed, | |
84 | NULL, // no out_params | |
85 | NULL)); | |
86 | CHECK_TRUE(message_consumed == 630); | |
87 | ||
88 | messageblob.data = &message[630]; | |
89 | messageblob.data_length = 370; | |
90 | CHECK_RESULT_OK(device->update(device, | |
91 | handle, | |
92 | NULL, // no params | |
93 | &messageblob, // last part of message | |
94 | &message_consumed, | |
95 | NULL, // no out_params | |
96 | NULL)); | |
97 | CHECK_TRUE(message_consumed == 370); | |
98 | ||
99 | CHECK_RESULT_OK(device->finish(device, | |
100 | handle, | |
101 | NULL, // no params | |
102 | NULL, // no signature | |
103 | NULL, // no out_params | |
104 | &sig_output)); | |
105 | CHECK_TRUE(sig_output.data_length <= 2*keylen + 9); | |
106 | ||
107 | CHECK_RESULT_OK(device->begin(device, | |
108 | KM_PURPOSE_VERIFY, | |
109 | key_blob, | |
110 | ¶mset, // same as for KM_PURPOSE_SIGN | |
111 | NULL, // no out_params | |
112 | &handle)); | |
113 | ||
114 | messageblob.data = &message[0]; | |
115 | messageblob.data_length = 480; | |
116 | CHECK_RESULT_OK(device->update(device, | |
117 | handle, | |
118 | NULL, // no params | |
119 | &messageblob, // first part of message | |
120 | &message_consumed, | |
121 | NULL, // no out_params | |
122 | NULL)); | |
123 | CHECK_TRUE(message_consumed == 480); | |
124 | ||
125 | messageblob.data = &message[480]; | |
126 | messageblob.data_length = 520; | |
127 | CHECK_RESULT_OK(device->update(device, | |
128 | handle, | |
129 | NULL, // no params | |
130 | &messageblob, // last part of message | |
131 | &message_consumed, | |
132 | NULL, // no out_params | |
133 | NULL)); | |
134 | CHECK_TRUE(message_consumed == 520); | |
135 | ||
136 | CHECK_RESULT_OK(device->finish(device, | |
137 | handle, | |
138 | NULL, // no params | |
139 | &sig_output, | |
140 | NULL, // no out_params | |
141 | NULL)); | |
142 | ||
143 | end: | |
144 | km_free_blob(&sig_output); | |
145 | ||
146 | return res; | |
147 | } | |
148 | ||
149 | static keymaster_error_t test_km_ec_sign_verify_empty_message( | |
150 | keymaster1_device_t *device, | |
151 | keymaster_key_blob_t *key_blob, | |
152 | uint32_t keylen, | |
153 | keymaster_digest_t digest) | |
154 | { | |
155 | keymaster_error_t res = KM_ERROR_OK; | |
156 | keymaster_key_param_t key_param[2]; | |
157 | keymaster_key_param_set_t paramset = {key_param, 0}; | |
158 | keymaster_operation_handle_t handle; | |
159 | uint8_t message; | |
160 | keymaster_blob_t messageblob = {0, 0}; | |
161 | keymaster_blob_t sig_output = {0, 0}; | |
162 | size_t message_consumed = 0; | |
163 | ||
164 | key_param[0].tag = KM_TAG_ALGORITHM; | |
165 | key_param[0].enumerated = KM_ALGORITHM_EC; | |
166 | key_param[1].tag = KM_TAG_DIGEST; | |
167 | key_param[1].enumerated = digest; | |
168 | paramset.length = 2; | |
169 | CHECK_RESULT_OK(device->begin(device, | |
170 | KM_PURPOSE_SIGN, key_blob, ¶mset, NULL, &handle)); | |
171 | ||
172 | messageblob.data = &message; | |
173 | messageblob.data_length = 0; | |
174 | CHECK_RESULT_OK(device->update(device, | |
175 | handle, NULL, &messageblob, &message_consumed, NULL, NULL)); | |
176 | CHECK_TRUE(message_consumed == 0); | |
177 | ||
178 | CHECK_RESULT_OK(device->finish(device, | |
179 | handle, NULL, NULL, NULL, &sig_output)); | |
180 | CHECK_TRUE(sig_output.data_length <= 2*keylen + 9); | |
181 | ||
182 | CHECK_RESULT_OK(device->begin(device, | |
183 | KM_PURPOSE_VERIFY, key_blob, ¶mset, NULL, &handle)); | |
184 | ||
185 | messageblob.data = &message; | |
186 | messageblob.data_length = 0; | |
187 | CHECK_RESULT_OK(device->update(device, | |
188 | handle, NULL, &messageblob, &message_consumed, NULL, NULL)); | |
189 | CHECK_TRUE(message_consumed == 0); | |
190 | ||
191 | CHECK_RESULT_OK(device->finish(device, | |
192 | handle, NULL, &sig_output, NULL, NULL)); | |
193 | ||
194 | end: | |
195 | km_free_blob(&sig_output); | |
196 | ||
197 | return res; | |
198 | } | |
199 | ||
200 | keymaster_error_t test_km_ec_import_export( | |
201 | keymaster1_device_t *device) | |
202 | { | |
203 | keymaster_error_t res = KM_ERROR_OK; | |
204 | keymaster_key_param_t key_param[6]; | |
205 | keymaster_key_param_set_t key_paramset = {key_param, 6}; | |
206 | keymaster_key_blob_t key_blob = {NULL, 0}; | |
207 | ||
208 | /* Test vector from Android M PDK: system/keymaster/ec_privkey_pk8.der */ | |
209 | const uint8_t key[] = { | |
210 | 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, | |
211 | 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, | |
212 | 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, | |
213 | 0x73, 0x7c, 0x2e, 0xcd, 0x7b, 0x8d, 0x19, 0x40, 0xbf, 0x29, 0x30, 0xaa, | |
214 | 0x9b, 0x4e, 0xd3, 0xff, 0x94, 0x1e, 0xed, 0x09, 0x36, 0x6b, 0xc0, 0x32, | |
215 | 0x99, 0x98, 0x64, 0x81, 0xf3, 0xa4, 0xd8, 0x59, 0xa1, 0x44, 0x03, 0x42, | |
216 | 0x00, 0x04, 0xbf, 0x85, 0xd7, 0x72, 0x0d, 0x07, 0xc2, 0x54, 0x61, 0x68, | |
217 | 0x3b, 0xc6, 0x48, 0xb4, 0x77, 0x8a, 0x9a, 0x14, 0xdd, 0x8a, 0x02, 0x4e, | |
218 | 0x3b, 0xdd, 0x8c, 0x7d, 0xdd, 0x9a, 0xb2, 0xb5, 0x28, 0xbb, 0xc7, 0xaa, | |
219 | 0x1b, 0x51, 0xf1, 0x4e, 0xbb, 0xbb, 0x0b, 0xd0, 0xce, 0x21, 0xbc, 0xc4, | |
220 | 0x1c, 0x6e, 0xb0, 0x00, 0x83, 0xcf, 0x33, 0x76, 0xd1, 0x1f, 0xd4, 0x49, | |
221 | 0x49, 0xe0, 0xb2, 0x18, 0x3b, 0xfe}; | |
222 | ||
223 | const keymaster_blob_t key_data = {key, sizeof(key)}; | |
224 | ||
225 | keymaster_blob_t export_data = {NULL, 0}; | |
226 | ||
227 | key_param[0].tag = KM_TAG_ALGORITHM; | |
228 | key_param[0].enumerated = KM_ALGORITHM_EC; | |
229 | key_param[1].tag = KM_TAG_KEY_SIZE; | |
230 | key_param[1].integer = 256; | |
231 | key_param[2].tag = KM_TAG_NO_AUTH_REQUIRED; | |
232 | key_param[2].boolean = true; | |
233 | key_param[3].tag = KM_TAG_PURPOSE; | |
234 | key_param[3].enumerated = KM_PURPOSE_SIGN; | |
235 | key_param[4].tag = KM_TAG_PURPOSE; | |
236 | key_param[4].enumerated = KM_PURPOSE_VERIFY; | |
237 | key_param[5].tag = KM_TAG_DIGEST; | |
238 | key_param[5].enumerated = KM_DIGEST_SHA1; | |
239 | CHECK_RESULT_OK(device->import_key(device, | |
240 | &key_paramset, KM_KEY_FORMAT_PKCS8, &key_data, &key_blob, NULL)); | |
241 | ||
242 | CHECK_RESULT_OK(test_km_ec_sign_verify( | |
243 | device, &key_blob, 32, KM_DIGEST_SHA1)); | |
244 | ||
245 | CHECK_RESULT_OK(device->export_key(device, | |
246 | KM_KEY_FORMAT_X509, &key_blob, NULL, NULL, &export_data)); | |
247 | ||
248 | end: | |
249 | km_free_blob(&export_data); | |
250 | km_free_key_blob(&key_blob); | |
251 | ||
252 | return res; | |
253 | } | |
254 | ||
255 | keymaster_error_t test_km_ec_p521_interop( | |
256 | keymaster1_device_t *device) | |
257 | { | |
258 | keymaster_error_t res = KM_ERROR_OK; | |
259 | keymaster_key_param_t key_param[6]; | |
260 | keymaster_key_param_set_t key_paramset = {key_param, 6}; | |
261 | keymaster_key_param_t op_param[2]; | |
262 | keymaster_key_param_set_t op_paramset = {op_param, 2}; | |
263 | keymaster_key_blob_t key_blob = {0, 0}; | |
264 | keymaster_operation_handle_t handle; | |
265 | const char *message = "This is a test"; | |
266 | keymaster_blob_t messageblob = {(const uint8_t*)message, strlen(message)}; | |
267 | size_t message_consumed = 0; | |
268 | keymaster_blob_t sig = {0, 0}; | |
269 | ||
270 | /* Test vector from Android M CTS: ec_key6_secp521r1_pkcs8.der */ | |
271 | const uint8_t key[] = { | |
272 | 0x30, 0x81, 0xED, 0x02, 0x01, 0x00, 0x30, 0x10, 0x06, 0x07, 0x2A, 0x86, | |
273 | 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x05, 0x2B, 0x81, 0x04, 0x00, 0x23, | |
274 | 0x04, 0x81, 0xD5, 0x30, 0x81, 0xD2, 0x02, 0x01, 0x01, 0x04, 0x41, 0x11, | |
275 | 0x45, 0x8C, 0x58, 0x6D, 0xB5, 0xDA, 0xA9, 0x2A, 0xFA, 0xB0, 0x3F, 0x4F, | |
276 | 0xE4, 0x6A, 0xA9, 0xD9, 0xC3, 0xCE, 0x9A, 0x9B, 0x7A, 0x00, 0x6A, 0x83, | |
277 | 0x84, 0xBE, 0xC4, 0xC7, 0x8E, 0x8E, 0x9D, 0x18, 0xD7, 0xD0, 0x8B, 0x5B, | |
278 | 0xCF, 0xA0, 0xE5, 0x3C, 0x75, 0xB0, 0x64, 0xAD, 0x51, 0xC4, 0x49, 0xBA, | |
279 | 0xE0, 0x25, 0x8D, 0x54, 0xB9, 0x4B, 0x1E, 0x88, 0x5D, 0xED, 0x08, 0xED, | |
280 | 0x4F, 0xB2, 0x5C, 0xE9, 0xA1, 0x81, 0x89, 0x03, 0x81, 0x86, 0x00, 0x04, | |
281 | 0x01, 0x49, 0xEC, 0x11, 0xC6, 0xDF, 0x0F, 0xA1, 0x22, 0xC6, 0xA9, 0xAF, | |
282 | 0xD9, 0x75, 0x4A, 0x4F, 0xA9, 0x51, 0x3A, 0x62, 0x7C, 0xA3, 0x29, 0xE3, | |
283 | 0x49, 0x53, 0x5A, 0x56, 0x29, 0x87, 0x5A, 0x8A, 0xDF, 0xBE, 0x27, 0xDC, | |
284 | 0xB9, 0x32, 0xC0, 0x51, 0x98, 0x63, 0x77, 0x10, 0x8D, 0x05, 0x4C, 0x28, | |
285 | 0xC6, 0xF3, 0x9B, 0x6F, 0x2C, 0x9A, 0xF8, 0x18, 0x02, 0xF9, 0xF3, 0x26, | |
286 | 0xB8, 0x42, 0xFF, 0x2E, 0x5F, 0x3C, 0x00, 0xAB, 0x76, 0x35, 0xCF, 0xB3, | |
287 | 0x61, 0x57, 0xFC, 0x08, 0x82, 0xD5, 0x74, 0xA1, 0x0D, 0x83, 0x9C, 0x1A, | |
288 | 0x0C, 0x04, 0x9D, 0xC5, 0xE0, 0xD7, 0x75, 0xE2, 0xEE, 0x50, 0x67, 0x1A, | |
289 | 0x20, 0x84, 0x31, 0xBB, 0x45, 0xE7, 0x8E, 0x70, 0xBE, 0xFE, 0x93, 0x0D, | |
290 | 0xB3, 0x48, 0x18, 0xEE, 0x4D, 0x5C, 0x26, 0x25, 0x9F, 0x5C, 0x6B, 0x8E, | |
291 | 0x28, 0xA6, 0x52, 0x95, 0x0F, 0x9F, 0x88, 0xD7, 0xB4, 0xB2, 0xC9, 0xD9}; | |
292 | ||
293 | /* Signature generated by Bouncy Castle in CTS run */ | |
294 | const uint8_t bc_sig[138] = { | |
295 | 0x30, 0x81, 0x87, 0x02, 0x42, 0x01, 0x90, 0xef, 0xd1, 0x43, 0x8c, 0xf7, | |
296 | 0xd2, 0x73, 0x19, 0x46, 0x09, 0xce, 0x74, 0x82, 0x10, 0x08, 0x3c, 0xb9, | |
297 | 0x65, 0x1e, 0x04, 0xde, 0x34, 0x9d, 0x8f, 0x66, 0x2b, 0xf7, 0x2e, 0x62, | |
298 | 0x10, 0xf4, 0x9c, 0xf7, 0xf5, 0x71, 0x9e, 0x6a, 0x5a, 0xeb, 0xce, 0xb7, | |
299 | 0x28, 0xd8, 0xd5, 0xd1, 0x1e, 0x7f, 0x8b, 0x85, 0x29, 0xd7, 0x04, 0x88, | |
300 | 0x2a, 0xf1, 0x99, 0x50, 0x71, 0x78, 0xd0, 0x14, 0xa9, 0x93, 0x68, 0x02, | |
301 | 0x41, 0x5c, 0xc9, 0x15, 0xcc, 0xd2, 0x12, 0xf3, 0xdb, 0x42, 0x8a, 0x07, | |
302 | 0x51, 0x85, 0x8b, 0xb9, 0x98, 0xc9, 0x27, 0xc1, 0x77, 0xb0, 0x7b, 0xdb, | |
303 | 0xae, 0x5f, 0x5c, 0x42, 0xe8, 0x5e, 0x4b, 0x89, 0xed, 0x93, 0xba, 0x73, | |
304 | 0x04, 0x98, 0x6a, 0xc7, 0x38, 0xb6, 0x9c, 0x6b, 0xa9, 0x13, 0x04, 0xc3, | |
305 | 0x33, 0xaf, 0xcb, 0x85, 0x8d, 0xfa, 0x4a, 0x33, 0x8a, 0x09, 0xfc, 0xdb, | |
306 | 0x5d, 0x3f, 0xcf, 0x49, 0x3a, 0x12}; | |
307 | ||
308 | const keymaster_blob_t key_data = {key, sizeof(key)}; | |
309 | const keymaster_blob_t bc_sig_blob = {bc_sig, sizeof(bc_sig)}; | |
310 | ||
311 | key_param[0].tag = KM_TAG_ALGORITHM; | |
312 | key_param[0].enumerated = KM_ALGORITHM_EC; | |
313 | key_param[1].tag = KM_TAG_KEY_SIZE; | |
314 | key_param[1].integer = 521; | |
315 | key_param[2].tag = KM_TAG_NO_AUTH_REQUIRED; | |
316 | key_param[2].boolean = true; | |
317 | key_param[3].tag = KM_TAG_PURPOSE; | |
318 | key_param[3].enumerated = KM_PURPOSE_SIGN; | |
319 | key_param[4].tag = KM_TAG_PURPOSE; | |
320 | key_param[4].enumerated = KM_PURPOSE_VERIFY; | |
321 | key_param[5].tag = KM_TAG_DIGEST; | |
322 | key_param[5].enumerated = KM_DIGEST_NONE; | |
323 | CHECK_RESULT_OK(device->import_key(device, | |
324 | &key_paramset, KM_KEY_FORMAT_PKCS8, &key_data, &key_blob, NULL)); | |
325 | ||
326 | op_param[0].tag = KM_TAG_ALGORITHM; | |
327 | op_param[0].enumerated = KM_ALGORITHM_EC; | |
328 | op_param[1].tag = KM_TAG_DIGEST; | |
329 | op_param[1].enumerated = KM_DIGEST_NONE; | |
330 | ||
331 | /* 1. Generate a signature ourselves. */ | |
332 | ||
333 | CHECK_RESULT_OK(device->begin(device, | |
334 | KM_PURPOSE_SIGN, &key_blob, &op_paramset, NULL, &handle)); | |
335 | ||
336 | CHECK_RESULT_OK(device->update(device, | |
337 | handle, NULL, &messageblob, &message_consumed, NULL, NULL)); | |
338 | CHECK_TRUE(message_consumed == messageblob.data_length); | |
339 | ||
340 | CHECK_RESULT_OK(device->finish(device, | |
341 | handle, NULL, NULL, NULL, &sig)); | |
342 | ||
343 | /* 2. Verify BC's signature. */ | |
344 | ||
345 | CHECK_RESULT_OK(device->begin(device, | |
346 | KM_PURPOSE_VERIFY, &key_blob, &op_paramset, NULL, &handle)); | |
347 | ||
348 | CHECK_RESULT_OK(device->update(device, | |
349 | handle, NULL, &messageblob, &message_consumed, NULL, NULL)); | |
350 | CHECK_TRUE(message_consumed == messageblob.data_length); | |
351 | ||
352 | CHECK_RESULT_OK(device->finish(device, | |
353 | handle, NULL, &bc_sig_blob, NULL, NULL)); | |
354 | ||
355 | end: | |
356 | km_free_key_blob(&key_blob); | |
357 | km_free_blob(&sig); | |
358 | ||
359 | return res; | |
360 | } | |
361 | ||
362 | keymaster_error_t test_km_ec( | |
363 | keymaster1_device_t *device, | |
364 | uint32_t keysize) | |
365 | { | |
366 | keymaster_error_t res = KM_ERROR_OK; | |
367 | keymaster_key_param_t key_param[8]; | |
368 | keymaster_key_param_set_t paramset = {key_param, 0}; | |
369 | keymaster_key_blob_t key_blob = {0, 0}; | |
370 | uint32_t keylen = BYTES_PER_BITS(keysize); | |
371 | ||
372 | LOG_I("Generate %d-bit key...", keysize); | |
373 | key_param[0].tag = KM_TAG_ALGORITHM; | |
374 | key_param[0].enumerated = KM_ALGORITHM_EC; | |
375 | key_param[1].tag = KM_TAG_KEY_SIZE; | |
376 | key_param[1].integer = keysize; | |
377 | key_param[2].tag = KM_TAG_NO_AUTH_REQUIRED; | |
378 | key_param[2].boolean = true; | |
379 | key_param[3].tag = KM_TAG_PURPOSE; | |
380 | key_param[3].enumerated = KM_PURPOSE_SIGN; | |
381 | key_param[4].tag = KM_TAG_PURPOSE; | |
382 | key_param[4].enumerated = KM_PURPOSE_VERIFY; | |
383 | key_param[5].tag = KM_TAG_DIGEST; | |
384 | key_param[5].enumerated = KM_DIGEST_SHA1; | |
385 | key_param[6].tag = KM_TAG_DIGEST; | |
386 | key_param[6].enumerated = KM_DIGEST_SHA_2_512; | |
387 | key_param[7].tag = KM_TAG_DIGEST; | |
388 | key_param[7].enumerated = KM_DIGEST_NONE; | |
389 | paramset.length = 8; | |
390 | CHECK_RESULT_OK(device->generate_key(device, | |
391 | ¶mset, &key_blob, NULL)); | |
392 | ||
393 | LOG_I("ECDSA sign/verify with SHA1 hash..."); | |
394 | CHECK_RESULT_OK(test_km_ec_sign_verify( | |
395 | device, &key_blob, keylen, KM_DIGEST_SHA1) ); | |
396 | ||
397 | LOG_I("ECDSA sign/verify with SHA512 hash..."); | |
398 | CHECK_RESULT_OK(test_km_ec_sign_verify( | |
399 | device, &key_blob, keylen, KM_DIGEST_SHA_2_512) ); | |
400 | ||
401 | LOG_I("ECDSA sign/verify with SHA1 hash, empty message..."); | |
402 | CHECK_RESULT_OK(test_km_ec_sign_verify_empty_message( | |
403 | device, &key_blob, keylen, KM_DIGEST_SHA1) ); | |
404 | ||
405 | LOG_I("ECDSA sign/verify with no digest, empty message..."); | |
406 | CHECK_RESULT_OK(test_km_ec_sign_verify_empty_message( | |
407 | device, &key_blob, keylen, KM_DIGEST_NONE) ); | |
408 | ||
409 | end: | |
410 | km_free_key_blob(&key_blob); | |
411 | ||
412 | return res; | |
413 | } |