summaryrefslogtreecommitdiffstats
path: root/keystore/java/android/security/keystore/KeyGenParameterSpec.java
diff options
context:
space:
mode:
authorAlex Klyubin <klyubin@google.com>2015-07-08 09:31:23 -0700
committerAlex Klyubin <klyubin@google.com>2015-07-16 09:59:51 -0700
commitc58153b2d7418f44f2b0e397478be808e91decef (patch)
tree281c3d80d1265fa344fffe460d4e45509fba0e3e /keystore/java/android/security/keystore/KeyGenParameterSpec.java
parent532737df65330200dc55ae42d31140d19c4024be (diff)
downloadframeworks_base-c58153b2d7418f44f2b0e397478be808e91decef.zip
frameworks_base-c58153b2d7418f44f2b0e397478be808e91decef.tar.gz
frameworks_base-c58153b2d7418f44f2b0e397478be808e91decef.tar.bz2
HMAC keys are authorized for exactly one digest.
This is in preparation for enforcing the minimum length of MACs which in the case of HMAC keys generated or imported by Android Keystore will be set to the length of the digest for which the key is authorized. Bug: 22337277 Change-Id: I0255d5ba184dabfb6b45d8f32ddadeb84ab7fc19
Diffstat (limited to 'keystore/java/android/security/keystore/KeyGenParameterSpec.java')
-rw-r--r--keystore/java/android/security/keystore/KeyGenParameterSpec.java3
1 files changed, 2 insertions, 1 deletions
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
index 919dd48..faaa1a6 100644
--- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java
+++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
@@ -642,7 +642,8 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec {
* <p>This must be specified for signing/verification keys and RSA encryption/decryption
* keys used with RSA OAEP padding scheme because these operations involve a digest. For
* HMAC keys, the default is the digest associated with the key algorithm (e.g.,
- * {@code SHA-256} for key algorithm {@code HmacSHA256}).
+ * {@code SHA-256} for key algorithm {@code HmacSHA256}). HMAC keys cannot be authorized
+ * for more than one digest.
*
* <p>For private keys used for TLS/SSL client or server authentication it is usually
* necessary to authorize the use of no digest ({@link KeyProperties#DIGEST_NONE}). This is
generated by cgit v1.1 at 2024-05-28 19:33:07 +0000