Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7c3b65e9 authored by Shawn Willden's avatar Shawn Willden
Browse files

Reject HMAC keys smaller than 64 bits. 

Test: CTS test has been updated to verify this.
Change-Id: I6389d9fa2ff75d08a2223c789e5437190c4b82c6
parent 38b17ad2

keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java

+5 −0
Original line number Diff line number Diff line
@@ -199,6 +199,11 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { 
                }



                if (mKeymasterAlgorithm == KeymasterDefs.KM_ALGORITHM_HMAC) {

                    if (mKeySizeBits < 64) {

                        throw new InvalidAlgorithmParameterException(

                            "HMAC key size must be at least 64 bits.");

                    }



                    // JCA HMAC key algorithm implies a digest (e.g., HmacSHA256 key algorithm

                    // implies SHA-256 digest). Because keymaster HMAC key is authorized only for

                    // one digest, we don't let algorithm parameter spec override the digest implied