Adding check for HMAC/EC key size for StrongBox
engineInit() for AndroidKeyStoreKeyGeneratorSpi does not make a call
into the backing Keymaster implementation until generate is called on it
to actually create the key. If a disallowed spec for StrongBox is passed
in, the backing StrongBox implementation won't be able to revoke it
until engineGenerateKey() is called, which will create different
behaviors between TEE backed implementations (which support a wider
range of algorithm spec parameters) and StrongBox implementations from a
public API perspective. This change will make sure HMAC is the same for
StrongBox.
This is also being done for EC keys in
AndroidKeyStoreKeyPairGeneratorSpi.java
Bug: 113525261
Bug: 114487149
Test: atest cts/tests/tests/keystore/src/android/keystore/cts/KeyGeneratorTest.java
Test: atest
cts/tests/tests/keystore/src/android/keystore/cts/KeyPairGeneratorTest.java
Change-Id: I728bb5222c9bf0ad84cdf2b8c0b78a4dd99f7186
2 files changed