diff options
author | Alex Klyubin <klyubin@google.com> | 2015-07-08 09:31:23 -0700 |
---|---|---|
committer | Alex Klyubin <klyubin@google.com> | 2015-07-16 09:59:51 -0700 |
commit | c58153b2d7418f44f2b0e397478be808e91decef (patch) | |
tree | 281c3d80d1265fa344fffe460d4e45509fba0e3e /keystore/java/android/security/keystore/KeyGenParameterSpec.java | |
parent | 532737df65330200dc55ae42d31140d19c4024be (diff) | |
download | frameworks_base-c58153b2d7418f44f2b0e397478be808e91decef.zip frameworks_base-c58153b2d7418f44f2b0e397478be808e91decef.tar.gz frameworks_base-c58153b2d7418f44f2b0e397478be808e91decef.tar.bz2 |
HMAC keys are authorized for exactly one digest.
This is in preparation for enforcing the minimum length of MACs
which in the case of HMAC keys generated or imported by Android
Keystore will be set to the length of the digest for which the
key is authorized.
Bug: 22337277
Change-Id: I0255d5ba184dabfb6b45d8f32ddadeb84ab7fc19
Diffstat (limited to 'keystore/java/android/security/keystore/KeyGenParameterSpec.java')
-rw-r--r-- | keystore/java/android/security/keystore/KeyGenParameterSpec.java | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index 919dd48..faaa1a6 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -642,7 +642,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { * <p>This must be specified for signing/verification keys and RSA encryption/decryption * keys used with RSA OAEP padding scheme because these operations involve a digest. For * HMAC keys, the default is the digest associated with the key algorithm (e.g., - * {@code SHA-256} for key algorithm {@code HmacSHA256}). + * {@code SHA-256} for key algorithm {@code HmacSHA256}). HMAC keys cannot be authorized + * for more than one digest. * * <p>For private keys used for TLS/SSL client or server authentication it is usually * necessary to authorize the use of no digest ({@link KeyProperties#DIGEST_NONE}). This is |