Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3867709f authored by Alex Klyubin's avatar Alex Klyubin
Browse files

Document that RSA OAEP requires digest authorization. 

RSA encryption/decryption keys used with RSA OAEP padding scheme now
require the key to be authorized for the digest used by OAEP.

Bug: 21998286
Change-Id: I1f5eb1b30a1b574c45ffcabed6096de8671882d3
parent c54bcade

keystore/java/android/security/keystore/KeyGenParameterSpec.java

+5 −4
Original line number Diff line number Diff line
@@ -634,11 +634,12 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { 


        /**

         * Sets the set of digests algorithms (e.g., {@code SHA-256}, {@code SHA-384}) with which

         * the key can be used when signing/verifying. Attempts to use the key with any other digest

         * algorithm will be rejected.

         * the key can be used. Attempts to use the key with any other digest algorithm will be

         * rejected.

         *

         * <p>This must be specified for keys which are used for signing/verification. For HMAC

         * keys, the set of digests defaults to the digest associated with the key algorithm (e.g.,

         * <p>This must be specified for signing/verification keys and RSA encryption/decryption

         * keys used with RSA OAEP padding scheme because these operations involve a digest. For

         * HMAC keys, the default is the digest associated with the key algorithm (e.g.,

         * {@code SHA-256} for key algorithm {@code HmacSHA256}).

         *

         * <p>For private keys used for TLS/SSL client or server authentication it is usually

keystore/java/android/security/keystore/KeyProtection.java

+6 −5
Original line number Diff line number Diff line
@@ -417,12 +417,13 @@ public final class KeyProtection implements ProtectionParameter { 


        /**

         * Sets the set of digest algorithms (e.g., {@code SHA-256}, {@code SHA-384}) with which the

         * key can be used when signing/verifying or generating MACs. Attempts to use the key with

         * any other digest algorithm will be rejected.

         * key can be used. Attempts to use the key with any other digest algorithm will be

         * rejected.

         *

         * <p>For HMAC keys, the default is the digest algorithm specified in

         * {@link Key#getAlgorithm()}. For asymmetric signing keys the set of digest algorithms

         * must be specified.

         * <p>This must be specified for signing/verification keys and RSA encryption/decryption

         * keys used with RSA OAEP padding scheme because these operations involve a digest. For

         * HMAC keys, the default is the digest specified in {@link Key#getAlgorithm()} (e.g.,

         * {@code SHA-256} for key algorithm {@code HmacSHA256}).

         *

         * <p>For private keys used for TLS/SSL client or server authentication it is usually

         * necessary to authorize the use of no digest ({@link KeyProperties#DIGEST_NONE}). This is