Track Keymaster changes.

* MAC length is now specified as a parameters to the begin operation instead of as a parameter at key generation/import time. * KM_TAG_MAC_LENGTH is now in bits instead of in bytes. Change-Id: I752fe232d11d3ac39a575a48948215d84ded8fb9
author: Alex Klyubin <klyubin@google.com> 2015-04-30 10:50:45 -0700
committer: Alex Klyubin <klyubin@google.com> 2015-04-30 11:11:50 -0700
commit: 7ea50902647b32fa8fcfcd25138b1636bbf97dcd (patch)
tree: b54b6862ee370ef6ee1ea461255ba94a42ce436c /keystore/java/android/security/KeyStoreHmacSpi.java
parent: 403ac2d64f7ad53ecf9ccd713951cf151ea2f2bc (diff)
download: frameworks_base-7ea50902647b32fa8fcfcd25138b1636bbf97dcd.zip
frameworks_base-7ea50902647b32fa8fcfcd25138b1636bbf97dcd.tar.gz
frameworks_base-7ea50902647b32fa8fcfcd25138b1636bbf97dcd.tar.bz2
1 files changed, 7 insertions, 5 deletions
diff --git a/keystore/java/android/security/KeyStoreHmacSpi.java b/keystore/java/android/security/KeyStoreHmacSpi.java
index 4590b9c..c52f61b 100644
--- a/keystore/java/android/security/KeyStoreHmacSpi.java
+++ b/keystore/java/android/security/KeyStoreHmacSpi.java
@@ -67,7 +67,7 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp
 
     private final KeyStore mKeyStore = KeyStore.getInstance();
     private final int mKeymasterDigest;
-    private final int mMacSizeBytes;
+    private final int mMacSizeBits;
 
     // Fields below are populated by engineInit and should be preserved after engineDoFinal.
     private KeyStoreSecretKey mKey;
@@ -79,12 +79,12 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp
 
     protected KeyStoreHmacSpi(int keymasterDigest) {
         mKeymasterDigest = keymasterDigest;
-        mMacSizeBytes = KeymasterUtils.getDigestOutputSizeBytes(keymasterDigest);
+        mMacSizeBits = KeymasterUtils.getDigestOutputSizeBits(keymasterDigest);
     }
 
     @Override
     protected int engineGetMacLength() {
-        return mMacSizeBytes;
+        return (mMacSizeBits + 7) / 8;
     }
 
     @Override
@@ -158,14 +158,16 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp
         KeymasterArguments keymasterArgs = new KeymasterArguments();
         keymasterArgs.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_HMAC);
         keymasterArgs.addInt(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest);
+        keymasterArgs.addInt(KeymasterDefs.KM_TAG_MAC_LENGTH, mMacSizeBits);
 
+        KeymasterArguments keymasterOutputArgs = new KeymasterArguments();
         OperationResult opResult = mKeyStore.begin(
                 mKey.getAlias(),
                 KeymasterDefs.KM_PURPOSE_SIGN,
                 true,
                 keymasterArgs,
-                null,
-                new KeymasterArguments());
+                null, // no additional entropy needed for HMAC because it's deterministic
+                keymasterOutputArgs);
         if (opResult == null) {
             throw new KeyStoreConnectException();
         } else if ((opResult.resultCode != KeyStore.NO_ERROR)
author	Alex Klyubin <klyubin@google.com>	2015-04-30 10:50:45 -0700
committer	Alex Klyubin <klyubin@google.com>	2015-04-30 11:11:50 -0700
commit	7ea50902647b32fa8fcfcd25138b1636bbf97dcd (patch)
tree	b54b6862ee370ef6ee1ea461255ba94a42ce436c /keystore/java/android/security/KeyStoreHmacSpi.java
parent	403ac2d64f7ad53ecf9ccd713951cf151ea2f2bc (diff)
download	frameworks_base-7ea50902647b32fa8fcfcd25138b1636bbf97dcd.zip frameworks_base-7ea50902647b32fa8fcfcd25138b1636bbf97dcd.tar.gz frameworks_base-7ea50902647b32fa8fcfcd25138b1636bbf97dcd.tar.bz2