diff options
author | Shawn Willden <swillden@google.com> | 2015-07-08 08:47:25 -0600 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2015-07-16 11:45:00 -0600 |
commit | 33ab0389e908b98702806c746e7babc0d46eb452 (patch) | |
tree | e45b4d16c9f9c23a459a21cb75f0e39445f32d72 /hmac_operation.h | |
parent | 7d05d88dc44b18e0350f7fe8d28c20f2f643bb80 (diff) | |
download | keymaster-33ab0389e908b98702806c746e7babc0d46eb452.tar.gz |
Add support for KM_TAG_MIN_MAC_LENGTH.
HMAC and AES-GCM keys must be bound to a mininum MAC/tag length at
creation, and operations may not specify a length smaller than the
minimum, or provide a length smaller than the minimum during
verification.
Bug: 22337277
Change-Id: Id5ae2f4259045ba1418c28e9de8f4a47e67fd433
Diffstat (limited to 'hmac_operation.h')
-rw-r--r-- | hmac_operation.h | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/hmac_operation.h b/hmac_operation.h index ad59a16..9c2d59b 100644 --- a/hmac_operation.h +++ b/hmac_operation.h @@ -26,7 +26,7 @@ namespace keymaster { class HmacOperation : public Operation { public: HmacOperation(keymaster_purpose_t purpose, const uint8_t* key_data, size_t key_data_size, - keymaster_digest_t digest, size_t tag_length); + keymaster_digest_t digest, size_t mac_length, size_t min_mac_length); ~HmacOperation(); virtual keymaster_error_t Begin(const AuthorizationSet& input_params, @@ -44,7 +44,8 @@ class HmacOperation : public Operation { private: HMAC_CTX ctx_; keymaster_error_t error_; - size_t tag_length_; + const size_t mac_length_; + const size_t min_mac_length_; }; /** |