Merge "Updating accepted HMAC key sizes" am: 1cf90f78f1

am: 7f813b80d3 Change-Id: I54e1a756120090113588be39e861c71b55766c62
2019-11-19 16:20:47 -08:00
parent ff21f7b085 7f813b80d3
commit 432cb5d523
1 changed files with 2 additions and 6 deletions
--- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java
@@ -210,13 +210,9 @@ public abstract class AndroidKeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
                    }
                }
                if (mKeymasterAlgorithm == KeymasterDefs.KM_ALGORITHM_HMAC) {
-                    if (mKeySizeBits < 64) {
+                    if (mKeySizeBits < 64 || mKeySizeBits > 512) {
                        throw new InvalidAlgorithmParameterException(
-                            "HMAC key size must be at least 64 bits.");
-                    }
-                    if (mKeySizeBits > 512 && spec.isStrongBoxBacked()) {
-                        throw new InvalidAlgorithmParameterException(
-                            "StrongBox HMAC key size must be smaller than 512 bits.");
+                            "HMAC key sizes must be within 64-512 bits, inclusive.");
                    }

                    // JCA HMAC key algorithm implies a digest (e.g., HmacSHA256 key algorithm