1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.keystore.cts; 18 19 import android.content.Context; 20 import android.security.keystore.KeyProtection; 21 import android.test.AndroidTestCase; 22 23 import android.keystore.cts.R; 24 25 import java.security.KeyPair; 26 import java.security.Security; 27 import java.security.Signature; 28 import java.util.Arrays; 29 import java.util.Collection; 30 31 public class ECDSASignatureTest extends AndroidTestCase { 32 testNONEwithECDSATruncatesInputToFieldSize()33 public void testNONEwithECDSATruncatesInputToFieldSize() throws Exception { 34 for (ImportedKey key : importKatKeyPairs("NONEwithECDSA")) { 35 try { 36 assertNONEwithECDSATruncatesInputToFieldSize(key.getKeystoreBackedKeyPair()); 37 } catch (Throwable e) { 38 throw new RuntimeException("Failed for " + key.getAlias(), e); 39 } 40 } 41 } 42 assertNONEwithECDSATruncatesInputToFieldSize(KeyPair keyPair)43 private void assertNONEwithECDSATruncatesInputToFieldSize(KeyPair keyPair) 44 throws Exception { 45 int keySizeBits = TestUtils.getKeySizeBits(keyPair.getPublic()); 46 byte[] message = new byte[(keySizeBits * 3) / 8]; 47 for (int i = 0; i < message.length; i++) { 48 message[i] = (byte) (i + 1); 49 } 50 51 Signature signature = Signature.getInstance("NONEwithECDSA"); 52 signature.initSign(keyPair.getPrivate()); 53 assertSame(Security.getProvider(SignatureTest.EXPECTED_PROVIDER_NAME), 54 signature.getProvider()); 55 signature.update(message); 56 byte[] sigBytes = signature.sign(); 57 58 signature = Signature.getInstance(signature.getAlgorithm(), signature.getProvider()); 59 signature.initVerify(keyPair.getPublic()); 60 61 // Verify the full-length message 62 signature.update(message); 63 assertTrue(signature.verify(sigBytes)); 64 65 // Verify the message truncated to field size 66 signature.update(message, 0, (keySizeBits + 7) / 8); 67 assertTrue(signature.verify(sigBytes)); 68 69 // Verify message truncated to one byte shorter than field size -- this should fail 70 signature.update(message, 0, (keySizeBits / 8) - 1); 71 assertFalse(signature.verify(sigBytes)); 72 } 73 testNONEwithECDSASupportsMessagesShorterThanFieldSize()74 public void testNONEwithECDSASupportsMessagesShorterThanFieldSize() throws Exception { 75 for (ImportedKey key : importKatKeyPairs("NONEwithECDSA")) { 76 try { 77 assertNONEwithECDSASupportsMessagesShorterThanFieldSize( 78 key.getKeystoreBackedKeyPair()); 79 } catch (Throwable e) { 80 throw new RuntimeException("Failed for " + key.getAlias(), e); 81 } 82 } 83 } 84 assertNONEwithECDSASupportsMessagesShorterThanFieldSize(KeyPair keyPair)85 private void assertNONEwithECDSASupportsMessagesShorterThanFieldSize(KeyPair keyPair) 86 throws Exception { 87 int keySizeBits = TestUtils.getKeySizeBits(keyPair.getPublic()); 88 byte[] message = new byte[(keySizeBits * 3 / 4) / 8]; 89 for (int i = 0; i < message.length; i++) { 90 message[i] = (byte) (i + 1); 91 } 92 93 Signature signature = Signature.getInstance("NONEwithECDSA"); 94 signature.initSign(keyPair.getPrivate()); 95 assertSame(Security.getProvider(SignatureTest.EXPECTED_PROVIDER_NAME), 96 signature.getProvider()); 97 signature.update(message); 98 byte[] sigBytes = signature.sign(); 99 100 signature = Signature.getInstance(signature.getAlgorithm(), signature.getProvider()); 101 signature.initVerify(keyPair.getPublic()); 102 103 // Verify the message 104 signature.update(message); 105 assertTrue(signature.verify(sigBytes)); 106 107 // Assert that the message is left-padded with zero bits 108 byte[] fullLengthMessage = TestUtils.leftPadWithZeroBytes(message, keySizeBits / 8); 109 signature.update(fullLengthMessage); 110 assertTrue(signature.verify(sigBytes)); 111 } 112 importKatKeyPairs(String signatureAlgorithm)113 private Collection<ImportedKey> importKatKeyPairs(String signatureAlgorithm) 114 throws Exception { 115 KeyProtection params = 116 TestUtils.getMinimalWorkingImportParametersForSigningingWith(signatureAlgorithm); 117 return importKatKeyPairs(getContext(), params); 118 } 119 importKatKeyPairs( Context context, KeyProtection importParams)120 static Collection<ImportedKey> importKatKeyPairs( 121 Context context, KeyProtection importParams) throws Exception { 122 return Arrays.asList(new ImportedKey[] { 123 TestUtils.importIntoAndroidKeyStore("testECsecp224r1", context, 124 R.raw.ec_key3_secp224r1_pkcs8, R.raw.ec_key3_secp224r1_cert, importParams), 125 TestUtils.importIntoAndroidKeyStore("testECsecp256r1", context, 126 R.raw.ec_key4_secp256r1_pkcs8, R.raw.ec_key4_secp256r1_cert, importParams), 127 TestUtils.importIntoAndroidKeyStore("testECsecp384r1", context, 128 R.raw.ec_key5_secp384r1_pkcs8, R.raw.ec_key5_secp384r1_cert, importParams), 129 TestUtils.importIntoAndroidKeyStore("testECsecp521r1", context, 130 R.raw.ec_key6_secp521r1_pkcs8, R.raw.ec_key6_secp521r1_cert, importParams), 131 }); 132 } 133 } 134