From 3867709fb3840fa26072fef66ba7121a0e41871f Mon Sep 17 00:00:00 2001
From: Alex Klyubin <klyubin@google.com>
Date: Mon, 22 Jun 2015 13:42:46 -0700
Subject: Document that RSA OAEP requires digest authorization.

RSA encryption/decryption keys used with RSA OAEP padding scheme now
require the key to be authorized for the digest used by OAEP.

Bug: 21998286
Change-Id: I1f5eb1b30a1b574c45ffcabed6096de8671882d3
---
 .../java/android/security/keystore/KeyGenParameterSpec.java   |  9 +++++----
 keystore/java/android/security/keystore/KeyProtection.java    | 11 ++++++-----
 2 files changed, 11 insertions(+), 9 deletions(-)

(limited to 'keystore')

diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
index 1732db9..3d23399 100644
--- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java
+++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
@@ -634,11 +634,12 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec {
 
         /**
          * Sets the set of digests algorithms (e.g., {@code SHA-256}, {@code SHA-384}) with which
-         * the key can be used when signing/verifying. Attempts to use the key with any other digest
-         * algorithm will be rejected.
+         * the key can be used. Attempts to use the key with any other digest algorithm will be
+         * rejected.
          *
-         * <p>This must be specified for keys which are used for signing/verification. For HMAC
-         * keys, the set of digests defaults to the digest associated with the key algorithm (e.g.,
+         * <p>This must be specified for signing/verification keys and RSA encryption/decryption
+         * keys used with RSA OAEP padding scheme because these operations involve a digest. For
+         * HMAC keys, the default is the digest associated with the key algorithm (e.g.,
          * {@code SHA-256} for key algorithm {@code HmacSHA256}).
          *
          * <p>For private keys used for TLS/SSL client or server authentication it is usually
diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java
index b7a2a0b..5b4b3e7 100644
--- a/keystore/java/android/security/keystore/KeyProtection.java
+++ b/keystore/java/android/security/keystore/KeyProtection.java
@@ -417,12 +417,13 @@ public final class KeyProtection implements ProtectionParameter {
 
         /**
          * Sets the set of digest algorithms (e.g., {@code SHA-256}, {@code SHA-384}) with which the
-         * key can be used when signing/verifying or generating MACs. Attempts to use the key with
-         * any other digest algorithm will be rejected.
+         * key can be used. Attempts to use the key with any other digest algorithm will be
+         * rejected.
          *
-         * <p>For HMAC keys, the default is the digest algorithm specified in
-         * {@link Key#getAlgorithm()}. For asymmetric signing keys the set of digest algorithms
-         * must be specified.
+         * <p>This must be specified for signing/verification keys and RSA encryption/decryption
+         * keys used with RSA OAEP padding scheme because these operations involve a digest. For
+         * HMAC keys, the default is the digest specified in {@link Key#getAlgorithm()} (e.g.,
+         * {@code SHA-256} for key algorithm {@code HmacSHA256}).
          *
          * <p>For private keys used for TLS/SSL client or server authentication it is usually
          * necessary to authorize the use of no digest ({@link KeyProperties#DIGEST_NONE}). This is
-- 
cgit v1.1