Remove default key parameters in RSA and ECDSA key generation.
Bug: 19427294
Change-Id: I3e9a1fd06d39d310e3ae36206a516003b4ed89ac
diff --git a/ecdsa_key.cpp b/ecdsa_key.cpp
index 4593f7e..5602689 100644
--- a/ecdsa_key.cpp
+++ b/ecdsa_key.cpp
@@ -22,8 +22,6 @@
namespace keymaster {
-const uint32_t ECDSA_DEFAULT_KEY_SIZE = 224;
-
class EcdsaKeyFactory : public AsymmetricKeyFactory {
public:
virtual keymaster_algorithm_t registry_key() const { return KM_ALGORITHM_ECDSA; }
@@ -55,9 +53,11 @@
AuthorizationSet authorizations(key_description);
- uint32_t key_size = ECDSA_DEFAULT_KEY_SIZE;
- if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size))
- authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size));
+ uint32_t key_size;
+ if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size)) {
+ LOG_E("%s", "No key size specified for ECDSA key generation");
+ *error = KM_ERROR_UNSUPPORTED_KEY_SIZE;
+ }
UniquePtr<EC_KEY, EcdsaKey::ECDSA_Delete> ecdsa_key(EC_KEY_new());
UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
diff --git a/google_keymaster_test.cpp b/google_keymaster_test.cpp
index 931a9e1..900db53 100644
--- a/google_keymaster_test.cpp
+++ b/google_keymaster_test.cpp
@@ -273,19 +273,11 @@
}
TEST_F(NewKeyGeneration, RsaDefaultSize) {
- ASSERT_EQ(
- KM_ERROR_OK,
- GenerateKey(
- AuthorizationSetBuilder().Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA).SigningKey()));
-
- CheckBaseParams();
-
- // Check specified tags are all present in unenforced characteristics
- EXPECT_TRUE(contains(sw_enforced(), TAG_ALGORITHM, KM_ALGORITHM_RSA));
-
- // Now check that unspecified, defaulted tags are correct.
- EXPECT_TRUE(contains(sw_enforced(), TAG_RSA_PUBLIC_EXPONENT, 65537));
- EXPECT_TRUE(contains(sw_enforced(), TAG_KEY_SIZE, 2048));
+ ASSERT_EQ(KM_ERROR_UNSUPPORTED_KEY_SIZE,
+ GenerateKey(AuthorizationSetBuilder()
+ .Authorization(TAG_ALGORITHM, KM_ALGORITHM_RSA)
+ .Authorization(TAG_RSA_PUBLIC_EXPONENT, 3)
+ .SigningKey()));
}
TEST_F(NewKeyGeneration, Ecdsa) {
diff --git a/rsa_key.cpp b/rsa_key.cpp
index 91e1499..e42b9a5 100644
--- a/rsa_key.cpp
+++ b/rsa_key.cpp
@@ -29,9 +29,6 @@
namespace keymaster {
-const uint32_t RSA_DEFAULT_KEY_SIZE = 2048;
-const uint64_t RSA_DEFAULT_EXPONENT = 65537;
-
class RsaKeyFactory : public AsymmetricKeyFactory {
public:
virtual keymaster_algorithm_t registry_key() const { return KM_ALGORITHM_RSA; }
@@ -53,18 +50,24 @@
AuthorizationSet authorizations(key_description);
- uint64_t public_exponent = RSA_DEFAULT_EXPONENT;
- if (!authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent))
- authorizations.push_back(Authorization(TAG_RSA_PUBLIC_EXPONENT, public_exponent));
+ uint64_t public_exponent;
+ if (!authorizations.GetTagValue(TAG_RSA_PUBLIC_EXPONENT, &public_exponent)) {
+ LOG_E("%s", "No public exponent specified for RSA key generation");
+ *error = KM_ERROR_INVALID_ARGUMENT;
+ return NULL;
+ }
- uint32_t key_size = RSA_DEFAULT_KEY_SIZE;
- if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size))
- authorizations.push_back(Authorization(TAG_KEY_SIZE, key_size));
+ uint32_t key_size;
+ if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_size)) {
+ LOG_E("%s", "No key size specified for RSA key generation");
+ *error = KM_ERROR_UNSUPPORTED_KEY_SIZE;
+ return NULL;
+ }
UniquePtr<BIGNUM, BIGNUM_Delete> exponent(BN_new());
UniquePtr<RSA, RsaKey::RSA_Delete> rsa_key(RSA_new());
UniquePtr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
- if (rsa_key.get() == NULL || pkey.get() == NULL) {
+ if (exponent.get() == NULL || rsa_key.get() == NULL || pkey.get() == NULL) {
*error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
return NULL;
}