commit 7de99c2f1a160c1f93e08aa91eafb92e9394a49d
author Max Bires <jbires@google.com> Tue Nov 19 19:57:30 2019 -0800
committer android-build-merger <android-build-merger@google.com> Tue Nov 19 19:57:30 2019 -0800
tree ac3d4f93d65d3af8b74f012ec10843664e661cc4
parent 43416238689d84c60f97a173be95b84bf8efa947
parent 432cb5d523e9fd59f6c047314eda4fb052943e78

Merge "Updating accepted HMAC key sizes" am: 1cf90f78f1 am: 7f813b80d3
am: 432cb5d523

Change-Id: I1308b205762df42ed5fdc23da00f84a8cc31d45e

keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java

diff --git a/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java
index 3dc884e..17aacb9 100644
--- a/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java
+++ b/keystore/java/android/security/keystore/AndroidKeyStoreKeyGeneratorSpi.java
@@ -210,13 +210,9 @@
                     }
                 }
                 if (mKeymasterAlgorithm == KeymasterDefs.KM_ALGORITHM_HMAC) {
-                    if (mKeySizeBits < 64) {
+                    if (mKeySizeBits < 64 || mKeySizeBits > 512) {
                         throw new InvalidAlgorithmParameterException(
-                            "HMAC key size must be at least 64 bits.");
-                    }
-                    if (mKeySizeBits > 512 && spec.isStrongBoxBacked()) {
-                        throw new InvalidAlgorithmParameterException(
-                            "StrongBox HMAC key size must be smaller than 512 bits.");
+                            "HMAC key sizes must be within 64-512 bits, inclusive.");
                     }
 
                     // JCA HMAC key algorithm implies a digest (e.g., HmacSHA256 key algorithm