diff options
| author | Alex Klyubin <klyubin@google.com> | 2015-06-22 13:42:46 -0700 |
|---|---|---|
| committer | Alex Klyubin <klyubin@google.com> | 2015-06-22 13:42:46 -0700 |
| commit | 3867709fb3840fa26072fef66ba7121a0e41871f (patch) | |
| tree | 5f6f5f5b683c5df3afdf3ad5f63ff2016fd90daf /keystore/java | |
| parent | c54bcade1b7ec7e044aca7fe9c60357ad957a8c2 (diff) | |
| download | frameworks_base-3867709fb3840fa26072fef66ba7121a0e41871f.zip frameworks_base-3867709fb3840fa26072fef66ba7121a0e41871f.tar.gz frameworks_base-3867709fb3840fa26072fef66ba7121a0e41871f.tar.bz2 | |
Document that RSA OAEP requires digest authorization.
RSA encryption/decryption keys used with RSA OAEP padding scheme now
require the key to be authorized for the digest used by OAEP.
Bug: 21998286
Change-Id: I1f5eb1b30a1b574c45ffcabed6096de8671882d3
Diffstat (limited to 'keystore/java')
| -rw-r--r-- | keystore/java/android/security/keystore/KeyGenParameterSpec.java | 9 | ||||
| -rw-r--r-- | keystore/java/android/security/keystore/KeyProtection.java | 11 |
2 files changed, 11 insertions, 9 deletions
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index 1732db9..3d23399 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -634,11 +634,12 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { /** * Sets the set of digests algorithms (e.g., {@code SHA-256}, {@code SHA-384}) with which - * the key can be used when signing/verifying. Attempts to use the key with any other digest - * algorithm will be rejected. + * the key can be used. Attempts to use the key with any other digest algorithm will be + * rejected. * - * <p>This must be specified for keys which are used for signing/verification. For HMAC - * keys, the set of digests defaults to the digest associated with the key algorithm (e.g., + * <p>This must be specified for signing/verification keys and RSA encryption/decryption + * keys used with RSA OAEP padding scheme because these operations involve a digest. For + * HMAC keys, the default is the digest associated with the key algorithm (e.g., * {@code SHA-256} for key algorithm {@code HmacSHA256}). * * <p>For private keys used for TLS/SSL client or server authentication it is usually diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index b7a2a0b..5b4b3e7 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -417,12 +417,13 @@ public final class KeyProtection implements ProtectionParameter { /** * Sets the set of digest algorithms (e.g., {@code SHA-256}, {@code SHA-384}) with which the - * key can be used when signing/verifying or generating MACs. Attempts to use the key with - * any other digest algorithm will be rejected. + * key can be used. Attempts to use the key with any other digest algorithm will be + * rejected. * - * <p>For HMAC keys, the default is the digest algorithm specified in - * {@link Key#getAlgorithm()}. For asymmetric signing keys the set of digest algorithms - * must be specified. + * <p>This must be specified for signing/verification keys and RSA encryption/decryption + * keys used with RSA OAEP padding scheme because these operations involve a digest. For + * HMAC keys, the default is the digest specified in {@link Key#getAlgorithm()} (e.g., + * {@code SHA-256} for key algorithm {@code HmacSHA256}). * * <p>For private keys used for TLS/SSL client or server authentication it is usually * necessary to authorize the use of no digest ({@link KeyProperties#DIGEST_NONE}). This is |