diff options
author | Shawn Willden <swillden@google.com> | 2015-07-08 08:47:25 -0600 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2015-07-16 11:45:00 -0600 |
commit | 33ab0389e908b98702806c746e7babc0d46eb452 (patch) | |
tree | e45b4d16c9f9c23a459a21cb75f0e39445f32d72 /keymaster_enforcement.cpp | |
parent | 7d05d88dc44b18e0350f7fe8d28c20f2f643bb80 (diff) | |
download | android_system_keymaster-33ab0389e908b98702806c746e7babc0d46eb452.tar.gz android_system_keymaster-33ab0389e908b98702806c746e7babc0d46eb452.tar.bz2 android_system_keymaster-33ab0389e908b98702806c746e7babc0d46eb452.zip |
Add support for KM_TAG_MIN_MAC_LENGTH.
HMAC and AES-GCM keys must be bound to a mininum MAC/tag length at
creation, and operations may not specify a length smaller than the
minimum, or provide a length smaller than the minimum during
verification.
Bug: 22337277
Change-Id: Id5ae2f4259045ba1418c28e9de8f4a47e67fd433
Diffstat (limited to 'keymaster_enforcement.cpp')
-rw-r--r-- | keymaster_enforcement.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/keymaster_enforcement.cpp b/keymaster_enforcement.cpp index 9752438..4d0aaef 100644 --- a/keymaster_enforcement.cpp +++ b/keymaster_enforcement.cpp @@ -286,7 +286,7 @@ keymaster_error_t KeymasterEnforcement::AuthorizeBegin(const keymaster_purpose_t case KM_TAG_APPLICATION_DATA: return KM_ERROR_INVALID_KEY_BLOB; - /* Tags used for cryptographic parameters. */ + /* Tags used for cryptographic parameters in keygen. Nothing to enforce. */ case KM_TAG_PURPOSE: case KM_TAG_ALGORITHM: case KM_TAG_KEY_SIZE: @@ -295,6 +295,7 @@ keymaster_error_t KeymasterEnforcement::AuthorizeBegin(const keymaster_purpose_t case KM_TAG_MAC_LENGTH: case KM_TAG_PADDING: case KM_TAG_NONCE: + case KM_TAG_MIN_MAC_LENGTH: /* Tags not used for operations. */ case KM_TAG_BLOB_USAGE_REQUIREMENTS: |