diff options
author | Alex Klyubin <klyubin@google.com> | 2015-06-15 22:42:02 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-06-15 22:42:04 +0000 |
commit | a8232452b6bea3c291a56a4e005e7a95eb99c5de (patch) | |
tree | 423e8e7872ae66677a3f908b8255d2c3cbde53d6 | |
parent | 9f6d39f84423d59705c0c7a8746d40cc610caee7 (diff) | |
parent | f78dd677e991ba8f76f3a6d4272ff5deef3faa69 (diff) | |
download | frameworks_base-a8232452b6bea3c291a56a4e005e7a95eb99c5de.zip frameworks_base-a8232452b6bea3c291a56a4e005e7a95eb99c5de.tar.gz frameworks_base-a8232452b6bea3c291a56a4e005e7a95eb99c5de.tar.bz2 |
Merge "Fix Android Keystore key gen for keys requiring user auth." into mnc-dev
-rw-r--r-- | keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java index b93424d..2de60fd 100644 --- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java +++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java @@ -624,7 +624,7 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato int keySizeBits, KeyGenParameterSpec spec) { // Constraints: - // 1. Key must be authorized for signing. + // 1. Key must be authorized for signing without user authentication. // 2. Signature digest must be one of key's authorized digests. // 3. For RSA keys, the digest output size must not exceed modulus size minus space needed // for RSA PKCS#1 signature padding (about 29 bytes: minimum 10 bytes of padding + 15--19 @@ -636,6 +636,10 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato // Key not authorized for signing return null; } + if (spec.isUserAuthenticationRequired()) { + // Key not authorized for use without user authentication + return null; + } if (!spec.isDigestsSpecified()) { // Key not authorized for any digests -- can't sign return null; |