From ca84b19f10d5cb6bbaca1f71077bcaea5c84bdc1 Mon Sep 17 00:00:00 2001 From: Alex Klyubin Date: Thu, 7 May 2015 09:36:01 -0700 Subject: Document that new APIs for asymmetric crypto have no effect. Bug: 18088752 Change-Id: Idfcf57251e76185425b9271d6a2001c5556f9f59 --- .../android/security/KeyPairGeneratorSpec.java | 24 ++++++++++++++++++++++ .../java/android/security/KeyStoreParameter.java | 24 ++++++++++++++++++++++ 2 files changed, 48 insertions(+) (limited to 'keystore') diff --git a/keystore/java/android/security/KeyPairGeneratorSpec.java b/keystore/java/android/security/KeyPairGeneratorSpec.java index 9dde386..25c61fd 100644 --- a/keystore/java/android/security/KeyPairGeneratorSpec.java +++ b/keystore/java/android/security/KeyPairGeneratorSpec.java @@ -629,6 +629,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { * *

By default, the key is valid at any instant. * + *

NOTE: This has currently no effect. + * * @see #setKeyValidityEnd(Date) */ public Builder setKeyValidityStart(Date startDate) { @@ -641,6 +643,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { * *

By default, the key is valid at any instant. * + *

NOTE: This has currently no effect. + * * @see #setKeyValidityStart(Date) * @see #setKeyValidityForConsumptionEnd(Date) * @see #setKeyValidityForOriginationEnd(Date) @@ -656,6 +660,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { * *

By default, the key is valid at any instant. * + *

NOTE: This has currently no effect. + * * @see #setKeyValidityForConsumptionEnd(Date) */ public Builder setKeyValidityForOriginationEnd(Date endDate) { @@ -669,6 +675,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { * *

By default, the key is valid at any instant. * + *

NOTE: This has currently no effect. + * * @see #setKeyValidityForOriginationEnd(Date) */ public Builder setKeyValidityForConsumptionEnd(Date endDate) { @@ -680,6 +688,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { * Sets the set of purposes for which the key can be used. * *

This must be specified for all keys. There is no default. + * + *

NOTE: This has currently no effect. */ public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) { mPurposes = purposes; @@ -691,6 +701,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { * to use the key with any other digest will be rejected. * *

This must be specified for keys which are used for signing/verification. + * + *

NOTE: This has currently no effect. */ public Builder setDigests(@KeyStoreKeyProperties.DigestEnum String... digests) { mDigests = ArrayUtils.cloneIfNotEmpty(digests); @@ -703,6 +715,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { * rejected. * *

This must be specified for keys which are used for encryption/decryption. + * + *

NOTE: This has currently no effect. */ public Builder setEncryptionPaddings( @KeyStoreKeyProperties.EncryptionPaddingEnum String... paddings) { @@ -716,6 +730,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { * rejected. * *

This must be specified for RSA keys which are used for signing/verification. + * + *

NOTE: This has currently no effect. */ public Builder setSignaturePaddings( @KeyStoreKeyProperties.SignaturePaddingEnum String... paddings) { @@ -728,6 +744,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { * Attempts to use the key with any other block modes will be rejected. * *

This must be specified for encryption/decryption keys. + * + *

NOTE: This has currently no effect. */ public Builder setBlockModes(@KeyStoreKeyProperties.BlockModeEnum String... blockModes) { mBlockModes = ArrayUtils.cloneIfNotEmpty(blockModes); @@ -753,6 +771,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { *

  • If you are using RSA encryption without padding, consider switching to padding * schemes which offer {@code IND-CPA}, such as PKCS#1 or OAEP.
    • * + * + *

    NOTE: This has currently no effect. */ public Builder setRandomizedEncryptionRequired(boolean required) { mRandomizedEncryptionRequired = required; @@ -775,6 +795,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { *

    This restriction applies only to private key operations. Public key operations are not * restricted. * + *

    NOTE: This has currently no effect. + * * @see #setUserAuthenticationValidityDurationSeconds(int) */ public Builder setUserAuthenticationRequired(boolean required) { @@ -791,6 +813,8 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { *

    This restriction applies only to private key operations. Public key operations are not * restricted. * + *

    NOTE: This has currently no effect. + * * @param seconds duration in seconds or {@code -1} if the user needs to authenticate for * every use of the key. * diff --git a/keystore/java/android/security/KeyStoreParameter.java b/keystore/java/android/security/KeyStoreParameter.java index 46d60f4..8d7a19f 100644 --- a/keystore/java/android/security/KeyStoreParameter.java +++ b/keystore/java/android/security/KeyStoreParameter.java @@ -294,6 +294,8 @@ public final class KeyStoreParameter implements ProtectionParameter { * *

    By default, the key is valid at any instant. * + *

    NOTE: This has currently no effect on asymmetric key pairs. + * * @see #setKeyValidityEnd(Date) */ public Builder setKeyValidityStart(Date startDate) { @@ -306,6 +308,8 @@ public final class KeyStoreParameter implements ProtectionParameter { * *

    By default, the key is valid at any instant. * + *

    NOTE: This has currently no effect on asymmetric key pairs. + * * @see #setKeyValidityStart(Date) * @see #setKeyValidityForConsumptionEnd(Date) * @see #setKeyValidityForOriginationEnd(Date) @@ -321,6 +325,8 @@ public final class KeyStoreParameter implements ProtectionParameter { * *

    By default, the key is valid at any instant. * + *

    NOTE: This has currently no effect on asymmetric key pairs. + * * @see #setKeyValidityForConsumptionEnd(Date) */ public Builder setKeyValidityForOriginationEnd(Date endDate) { @@ -334,6 +340,8 @@ public final class KeyStoreParameter implements ProtectionParameter { * *

    By default, the key is valid at any instant. * + *

    NOTE: This has currently no effect on asymmetric key pairs. + * * @see #setKeyValidityForOriginationEnd(Date) */ public Builder setKeyValidityForConsumptionEnd(Date endDate) { @@ -345,6 +353,8 @@ public final class KeyStoreParameter implements ProtectionParameter { * Sets the set of purposes for which the key can be used. * *

    This must be specified for all keys. There is no default. + * + *

    NOTE: This has currently no effect on asymmetric key pairs. */ public Builder setPurposes(@KeyStoreKeyProperties.PurposeEnum int purposes) { mPurposes = purposes; @@ -357,6 +367,8 @@ public final class KeyStoreParameter implements ProtectionParameter { * rejected. * *

    This must be specified for keys which are used for encryption/decryption. + * + *

    NOTE: This has currently no effect on asymmetric key pairs. */ public Builder setEncryptionPaddings( @KeyStoreKeyProperties.EncryptionPaddingEnum String... paddings) { @@ -370,6 +382,8 @@ public final class KeyStoreParameter implements ProtectionParameter { * rejected. * *

    This must be specified for RSA keys which are used for signing/verification. + * + *

    NOTE: This has currently no effect on asymmetric key pairs. */ public Builder setSignaturePaddings( @KeyStoreKeyProperties.SignaturePaddingEnum String... paddings) { @@ -384,6 +398,8 @@ public final class KeyStoreParameter implements ProtectionParameter { * *

    For HMAC keys, the default is the digest specified in {@link Key#getAlgorithm()}. For * asymmetric signing keys this constraint must be specified. + * + *

    NOTE: This has currently no effect on asymmetric key pairs. */ public Builder setDigests(@KeyStoreKeyProperties.DigestEnum String... digests) { mDigests = ArrayUtils.cloneIfNotEmpty(digests); @@ -395,6 +411,8 @@ public final class KeyStoreParameter implements ProtectionParameter { * Attempts to use the key with any other block modes will be rejected. * *

    This must be specified for encryption/decryption keys. + * + *

    NOTE: This has currently no effect on asymmetric key pairs. */ public Builder setBlockModes(@KeyStoreKeyProperties.BlockModeEnum String... blockModes) { mBlockModes = ArrayUtils.cloneIfNotEmpty(blockModes); @@ -434,6 +452,8 @@ public final class KeyStoreParameter implements ProtectionParameter { *

  • If you are using RSA encryption without padding, consider switching to padding * schemes which offer {@code IND-CPA}, such as PKCS#1 or OAEP.
    • * + * + *

    NOTE: This has currently no effect on asymmetric key pairs. */ public Builder setRandomizedEncryptionRequired(boolean required) { mRandomizedEncryptionRequired = required; @@ -453,6 +473,8 @@ public final class KeyStoreParameter implements ProtectionParameter { * More * information. * + *

    NOTE: This has currently no effect on asymmetric key pairs. + * * @see #setUserAuthenticationValidityDurationSeconds(int) */ public Builder setUserAuthenticationRequired(boolean required) { @@ -466,6 +488,8 @@ public final class KeyStoreParameter implements ProtectionParameter { * *

    By default, the user needs to authenticate for every use of the key. * + *

    NOTE: This has currently no effect on asymmetric key pairs. + * * @param seconds duration in seconds or {@code -1} if the user needs to authenticate for * every use of the key. * -- cgit v1.1