commit 33ab0389e908b98702806c746e7babc0d46eb452
author Shawn Willden <swillden@google.com> Wed Jul 08 08:47:25 2015 -0600
committer Shawn Willden <swillden@google.com> Thu Jul 16 11:45:00 2015 -0600
tree e45b4d16c9f9c23a459a21cb75f0e39445f32d72
parent 7d05d88dc44b18e0350f7fe8d28c20f2f643bb80

Add support for KM_TAG_MIN_MAC_LENGTH.

HMAC and AES-GCM keys must be bound to a mininum MAC/tag length at
creation, and operations may not specify a length smaller than the
minimum, or provide a length smaller than the minimum during
verification.

Bug: 22337277
Change-Id: Id5ae2f4259045ba1418c28e9de8f4a47e67fd433

symmetric_key.cpp

diff --git a/symmetric_key.cpp b/symmetric_key.cpp
index 3d8424c..1d51e3a 100644
--- a/symmetric_key.cpp
+++ b/symmetric_key.cpp
@@ -43,12 +43,16 @@
         !key_size_supported(key_size_bits))
         return KM_ERROR_UNSUPPORTED_KEY_SIZE;
 
+    keymaster_error_t error = validate_algorithm_specific_new_key_params(key_description);
+    if (error != KM_ERROR_OK)
+        return error;
+
     size_t key_data_size = key_size_bits / 8;
     KeymasterKeyBlob key_material(key_data_size);
     if (!key_material.key_material)
         return KM_ERROR_MEMORY_ALLOCATION_FAILED;
 
-    keymaster_error_t error = context_->GenerateRandom(key_material.writable_data(), key_data_size);
+    error = context_->GenerateRandom(key_material.writable_data(), key_data_size);
     if (error != KM_ERROR_OK) {
         LOG_E("Error generating %d bit symmetric key", key_size_bits);
         return error;
@@ -76,6 +80,10 @@
         authorizations.push_back(TAG_KEY_SIZE, key_size_bits);
     }
 
+    keymaster_error_t error = validate_algorithm_specific_new_key_params(key_description);
+    if (error != KM_ERROR_OK)
+        return error;
+
     if (!key_size_supported(key_size_bits))
         return KM_ERROR_UNSUPPORTED_KEY_SIZE;