diff options
| author | Alex Klyubin <klyubin@google.com> | 2015-07-16 16:32:23 -0700 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2015-07-16 16:52:51 -0700 |
| commit | a95550f8016bbb0dba086dbd73eec63e6cdbbe98 (patch) | |
| tree | e6912c5fdb0fc66d6a5fc7fe48d3e8c640270877 /core/java/android | |
| parent | f7592b234acde62f0f0a93dad77284f12ca9980a (diff) | |
| download | frameworks_base-a95550f8016bbb0dba086dbd73eec63e6cdbbe98.zip frameworks_base-a95550f8016bbb0dba086dbd73eec63e6cdbbe98.tar.gz frameworks_base-a95550f8016bbb0dba086dbd73eec63e6cdbbe98.tar.bz2 | |
Add KM_MIN_MAC_LENGTH tag to HMAC and AES-GCM keys.
This makes Android Keystore add the KM_MIN_MAC_LENGTH tag to generated
and imported HMAC and AES-GCM keys. This tag specifies the minimum
length of the MAC/authentication tag authorized to be used for the
key.
For HMAC keys the minimum MAC length is set to the length of the
digest associated with the key (HMAC keys are authorized for exactly
one digest). For AES keys the minimum authetication tag length is set
to 96 bit. This is the minimum supported by Android Keystore's AES-GCM
implementation.
Bug: 22337277
Change-Id: Ic6e47cf084734d1592788dc58088889f7fff74eb
Diffstat (limited to 'core/java/android')
| -rw-r--r-- | core/java/android/security/keymaster/KeymasterDefs.java | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/core/java/android/security/keymaster/KeymasterDefs.java b/core/java/android/security/keymaster/KeymasterDefs.java index bae5455..04d5952 100644 --- a/core/java/android/security/keymaster/KeymasterDefs.java +++ b/core/java/android/security/keymaster/KeymasterDefs.java @@ -51,6 +51,7 @@ public final class KeymasterDefs { public static final int KM_TAG_DIGEST = KM_ENUM_REP | 5; public static final int KM_TAG_PADDING = KM_ENUM_REP | 6; public static final int KM_TAG_CALLER_NONCE = KM_BOOL | 7; + public static final int KM_TAG_MIN_MAC_LENGTH = KM_UINT | 8; public static final int KM_TAG_RESCOPING_ADD = KM_ENUM_REP | 101; public static final int KM_TAG_RESCOPING_DEL = KM_ENUM_REP | 102; @@ -194,6 +195,9 @@ public final class KeymasterDefs { public static final int KM_ERROR_KEY_RATE_LIMIT_EXCEEDED = -54; public static final int KM_ERROR_CALLER_NONCE_PROHIBITED = -55; public static final int KM_ERROR_KEY_MAX_OPS_EXCEEDED = -56; + public static final int KM_ERROR_INVALID_MAC_LENGTH = -57; + public static final int KM_ERROR_MISSING_MIN_MAC_LENGTH = -58; + public static final int KM_ERROR_UNSUPPORTED_MIN_MAC_LENGTH = -59; public static final int KM_ERROR_UNIMPLEMENTED = -100; public static final int KM_ERROR_VERSION_MISMATCH = -101; public static final int KM_ERROR_UNKNOWN_ERROR = -1000; @@ -237,6 +241,8 @@ public final class KeymasterDefs { sErrorCodeToString.put(KM_ERROR_INVALID_NONCE, "Invalid IV"); sErrorCodeToString.put(KM_ERROR_CALLER_NONCE_PROHIBITED, "Caller-provided IV not permitted"); + sErrorCodeToString.put(KM_ERROR_INVALID_MAC_LENGTH, + "Invalid MAC or authentication tag length"); sErrorCodeToString.put(KM_ERROR_UNIMPLEMENTED, "Not implemented"); sErrorCodeToString.put(KM_ERROR_UNKNOWN_ERROR, "Unknown error"); } |