summaryrefslogtreecommitdiffstats
path: root/keystore
diff options
context:
space:
mode:
authorAlex Klyubin <klyubin@google.com>2015-05-07 17:54:43 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2015-05-07 17:54:53 +0000
commita4ead5b0d55840be675eee3f11a9dd08bbedaa0d (patch)
tree02f8646d878d8253f22a7c4843cfe417de6f30a3 /keystore
parente91768d4b5c5e185b884a25bcf60457fb2ba8a5c (diff)
parentca84b19f10d5cb6bbaca1f71077bcaea5c84bdc1 (diff)
downloadframeworks_base-a4ead5b0d55840be675eee3f11a9dd08bbedaa0d.zip
frameworks_base-a4ead5b0d55840be675eee3f11a9dd08bbedaa0d.tar.gz
frameworks_base-a4ead5b0d55840be675eee3f11a9dd08bbedaa0d.tar.bz2
Merge "Document that new APIs for asymmetric crypto have no effect." into mnc-dev
Diffstat (limited to 'keystore')
-rw-r--r--keystore/java/android/security/KeyPairGeneratorSpec.java24
-rw-r--r--keystore/java/android/security/KeyStoreParameter.java24
2 files changed, 48 insertions, 0 deletions
diff --git a/keystore/java/android/security/KeyPairGeneratorSpec.java b/keystore/java/android/security/KeyPairGeneratorSpec.java
index 9dde386..25c61fd 100644
--- a/keystore/java/android/security/KeyPairGeneratorSpec.java
+++ b/keystore/java/android/security/KeyPairGeneratorSpec.java
@@ -629,6 +629,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>By default, the key is valid at any instant.
*
+ * <p><b>NOTE: This has currently no effect.
+ *
* @see #setKeyValidityEnd(Date)
*/
public Builder setKeyValidityStart(Date startDate) {
@@ -641,6 +643,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>By default, the key is valid at any instant.
*
+ * <p><b>NOTE: This has currently no effect.
+ *
* @see #setKeyValidityStart(Date)
* @see #setKeyValidityForConsumptionEnd(Date)
* @see #setKeyValidityForOriginationEnd(Date)
@@ -656,6 +660,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>By default, the key is valid at any instant.
*
+ * <p><b>NOTE: This has currently no effect.
+ *
* @see #setKeyValidityForConsumptionEnd(Date)
*/
public Builder setKeyValidityForOriginationEnd(Date endDate) {
@@ -669,6 +675,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
*
* <p>By default, the key is valid at any instant.
*
+ * <p><b>NOTE: This has currently no effect.
+ *
* @see #setKeyValidityForOriginationEnd(Date)
*/
public Builder setKeyValidityForConsumptionEnd(Date endDate) {
@@ -680,6 +688,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* Sets the set of purposes for which the key can be used.
*
* <p>This must be specified for all keys. There is no default.
+ *
+ * <p><b>NOTE: This has currently no effect.
*/
public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) {
mPurposes = purposes;
@@ -691,6 +701,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* to use the key with any other digest will be rejected.
*
* <p>This must be specified for keys which are used for signing/verification.
+ *
+ * <p><b>NOTE: This has currently no effect.
*/
public Builder setDigests(@KeyStoreKeyProperties.DigestEnum String... digests) {
mDigests = ArrayUtils.cloneIfNotEmpty(digests);
@@ -703,6 +715,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* rejected.
*
* <p>This must be specified for keys which are used for encryption/decryption.
+ *
+ * <p><b>NOTE: This has currently no effect.
*/
public Builder setEncryptionPaddings(
@KeyStoreKeyProperties.EncryptionPaddingEnum String... paddings) {
@@ -716,6 +730,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* rejected.
*
* <p>This must be specified for RSA keys which are used for signing/verification.
+ *
+ * <p><b>NOTE: This has currently no effect.
*/
public Builder setSignaturePaddings(
@KeyStoreKeyProperties.SignaturePaddingEnum String... paddings) {
@@ -728,6 +744,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* Attempts to use the key with any other block modes will be rejected.
*
* <p>This must be specified for encryption/decryption keys.
+ *
+ * <p><b>NOTE: This has currently no effect.
*/
public Builder setBlockModes(@KeyStoreKeyProperties.BlockModeEnum String... blockModes) {
mBlockModes = ArrayUtils.cloneIfNotEmpty(blockModes);
@@ -753,6 +771,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* <li>If you are using RSA encryption without padding, consider switching to padding
* schemes which offer {@code IND-CPA}, such as PKCS#1 or OAEP.</li>
* </ul>
+ *
+ * <p><b>NOTE: This has currently no effect.
*/
public Builder setRandomizedEncryptionRequired(boolean required) {
mRandomizedEncryptionRequired = required;
@@ -775,6 +795,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* <p>This restriction applies only to private key operations. Public key operations are not
* restricted.
*
+ * <p><b>NOTE: This has currently no effect.
+ *
* @see #setUserAuthenticationValidityDurationSeconds(int)
*/
public Builder setUserAuthenticationRequired(boolean required) {
@@ -791,6 +813,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
* <p>This restriction applies only to private key operations. Public key operations are not
* restricted.
*
+ * <p><b>NOTE: This has currently no effect.
+ *
* @param seconds duration in seconds or {@code -1} if the user needs to authenticate for
* every use of the key.
*
diff --git a/keystore/java/android/security/KeyStoreParameter.java b/keystore/java/android/security/KeyStoreParameter.java
index 46d60f4..8d7a19f 100644
--- a/keystore/java/android/security/KeyStoreParameter.java
+++ b/keystore/java/android/security/KeyStoreParameter.java
@@ -294,6 +294,8 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p>By default, the key is valid at any instant.
*
+ * <p><b>NOTE: This has currently no effect on asymmetric key pairs.
+ *
* @see #setKeyValidityEnd(Date)
*/
public Builder setKeyValidityStart(Date startDate) {
@@ -306,6 +308,8 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p>By default, the key is valid at any instant.
*
+ * <p><b>NOTE: This has currently no effect on asymmetric key pairs.
+ *
* @see #setKeyValidityStart(Date)
* @see #setKeyValidityForConsumptionEnd(Date)
* @see #setKeyValidityForOriginationEnd(Date)
@@ -321,6 +325,8 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p>By default, the key is valid at any instant.
*
+ * <p><b>NOTE: This has currently no effect on asymmetric key pairs.
+ *
* @see #setKeyValidityForConsumptionEnd(Date)
*/
public Builder setKeyValidityForOriginationEnd(Date endDate) {
@@ -334,6 +340,8 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p>By default, the key is valid at any instant.
*
+ * <p><b>NOTE: This has currently no effect on asymmetric key pairs.
+ *
* @see #setKeyValidityForOriginationEnd(Date)
*/
public Builder setKeyValidityForConsumptionEnd(Date endDate) {
@@ -345,6 +353,8 @@ public final class KeyStoreParameter implements ProtectionParameter {
* Sets the set of purposes for which the key can be used.
*
* <p>This must be specified for all keys. There is no default.
+ *
+ * <p><b>NOTE: This has currently no effect on asymmetric key pairs.
*/
public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) {
mPurposes = purposes;
@@ -357,6 +367,8 @@ public final class KeyStoreParameter implements ProtectionParameter {
* rejected.
*
* <p>This must be specified for keys which are used for encryption/decryption.
+ *
+ * <p><b>NOTE: This has currently no effect on asymmetric key pairs.
*/
public Builder setEncryptionPaddings(
@KeyStoreKeyProperties.EncryptionPaddingEnum String... paddings) {
@@ -370,6 +382,8 @@ public final class KeyStoreParameter implements ProtectionParameter {
* rejected.
*
* <p>This must be specified for RSA keys which are used for signing/verification.
+ *
+ * <p><b>NOTE: This has currently no effect on asymmetric key pairs.
*/
public Builder setSignaturePaddings(
@KeyStoreKeyProperties.SignaturePaddingEnum String... paddings) {
@@ -384,6 +398,8 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p>For HMAC keys, the default is the digest specified in {@link Key#getAlgorithm()}. For
* asymmetric signing keys this constraint must be specified.
+ *
+ * <p><b>NOTE: This has currently no effect on asymmetric key pairs.
*/
public Builder setDigests(@KeyStoreKeyProperties.DigestEnum String... digests) {
mDigests = ArrayUtils.cloneIfNotEmpty(digests);
@@ -395,6 +411,8 @@ public final class KeyStoreParameter implements ProtectionParameter {
* Attempts to use the key with any other block modes will be rejected.
*
* <p>This must be specified for encryption/decryption keys.
+ *
+ * <p><b>NOTE: This has currently no effect on asymmetric key pairs.
*/
public Builder setBlockModes(@KeyStoreKeyProperties.BlockModeEnum String... blockModes) {
mBlockModes = ArrayUtils.cloneIfNotEmpty(blockModes);
@@ -434,6 +452,8 @@ public final class KeyStoreParameter implements ProtectionParameter {
* <li>If you are using RSA encryption without padding, consider switching to padding
* schemes which offer {@code IND-CPA}, such as PKCS#1 or OAEP.</li>
* </ul>
+ *
+ * <p><b>NOTE: This has currently no effect on asymmetric key pairs.
*/
public Builder setRandomizedEncryptionRequired(boolean required) {
mRandomizedEncryptionRequired = required;
@@ -453,6 +473,8 @@ public final class KeyStoreParameter implements ProtectionParameter {
* <a href="{@docRoot}training/articles/keystore.html#UserAuthentication">More
* information</a>.
*
+ * <p><b>NOTE: This has currently no effect on asymmetric key pairs.
+ *
* @see #setUserAuthenticationValidityDurationSeconds(int)
*/
public Builder setUserAuthenticationRequired(boolean required) {
@@ -466,6 +488,8 @@ public final class KeyStoreParameter implements ProtectionParameter {
*
* <p>By default, the user needs to authenticate for every use of the key.
*
+ * <p><b>NOTE: This has currently no effect on asymmetric key pairs.
+ *
* @param seconds duration in seconds or {@code -1} if the user needs to authenticate for
* every use of the key.
*