KeyMint VTS: require curve for ECDSA keys
The KeyMint AIDL spec requires that "Tag::EC_CURVE must be provided to
generate an ECDSA key". Move the VTS tests to always create ECDSA keys
by curve not key size.
Bug: 188672564
Test: VtsAidlKeyMintTargetTest
Change-Id: I33036387c243b21ab0ecd49221b7e7757598913e
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
index 5a51175..5359b3b 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp
@@ -1022,16 +1022,7 @@
}
break;
case Algorithm::EC:
- switch (SecLevel()) {
- case SecurityLevel::SOFTWARE:
- case SecurityLevel::TRUSTED_ENVIRONMENT:
- return {224, 256, 384, 521};
- case SecurityLevel::STRONGBOX:
- return {256};
- default:
- ADD_FAILURE() << "Invalid security level " << uint32_t(SecLevel());
- break;
- }
+ ADD_FAILURE() << "EC keys must be specified by curve not size";
break;
case Algorithm::AES:
return {128, 256};
@@ -1147,9 +1138,11 @@
}
vector<EcCurve> KeyMintAidlTestBase::InvalidCurves() {
- if (SecLevel() == SecurityLevel::TRUSTED_ENVIRONMENT) return {};
- CHECK(SecLevel() == SecurityLevel::STRONGBOX);
- return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
+ if (SecLevel() == SecurityLevel::STRONGBOX) {
+ return {EcCurve::P_224, EcCurve::P_384, EcCurve::P_521};
+ } else {
+ return {};
+ }
}
vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) {