Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ca0d4d8f authored by Max Bires's avatar Max Bires
Browse files

Updating accepted HMAC key sizes 

In order to keep conformity across the ecosystem, keystore will enforce
that HMAC key sizes coming in through the framework must be limited to
the range of 64-512 bits, inclusive. This will be the case for both TEE
and StrongBox Keymaster implementations.

Bug: 143404829
Test: atest CtsKeystoreTestCases
Change-Id: I2ea867392060f4478b5a01bd747a4345e1fded4c
parent 377b5543

keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java

+2 −6
Original line number Original line Diff line number Diff line
@@ -210,13 +210,9 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi { 
                    }

                    }

                }

                }

                if (mKeymasterAlgorithm == KeymasterDefs.KM_ALGORITHM_HMAC) {

                if (mKeymasterAlgorithm == KeymasterDefs.KM_ALGORITHM_HMAC) {

                    if (mKeySizeBits < 64) {

                    if (mKeySizeBits < 64 || mKeySizeBits > 512) {

                        throw new InvalidAlgorithmParameterException(

                        throw new InvalidAlgorithmParameterException(

                            "HMAC key size must be at least 64 bits.");

                            "HMAC key sizes must be within 64-512 bits, inclusive.");

                    }

                    if (mKeySizeBits > 512 && spec.isStrongBoxBacked()) {

                        throw new InvalidAlgorithmParameterException(

                            "StrongBox HMAC key size must be smaller than 512 bits.");

                    }

                    }





                    // JCA HMAC key algorithm implies a digest (e.g., HmacSHA256 key algorithm

                    // JCA HMAC key algorithm implies a digest (e.g., HmacSHA256 key algorithm