diff options
author | Alex Klyubin <klyubin@google.com> | 2015-06-17 18:32:22 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-06-17 18:32:24 +0000 |
commit | 97f4d3b40754e4496caeb29ee54c330d8bc9f2d7 (patch) | |
tree | e57ba64cd76b99bf2ae3bf9f835a209a17a49f5d /keystore | |
parent | b7bbd629eb0370f36ce27cbc9ecfc7e5c9d8953f (diff) | |
parent | a5e21f0ee2fbf3a6f03e31fca8da459e1fe9e213 (diff) | |
download | frameworks_base-97f4d3b40754e4496caeb29ee54c330d8bc9f2d7.zip frameworks_base-97f4d3b40754e4496caeb29ee54c330d8bc9f2d7.tar.gz frameworks_base-97f4d3b40754e4496caeb29ee54c330d8bc9f2d7.tar.bz2 |
Merge "Prefer GCM to CBC or CTR in documentation." into mnc-dev
Diffstat (limited to 'keystore')
3 files changed, 23 insertions, 23 deletions
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java index 5775a87..1732db9 100644 --- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java +++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java @@ -112,7 +112,7 @@ import javax.security.auth.x500.X500Principal; * * <p><h3>Example: Symmetric key</h3> * The following example illustrates how to generate an AES key in the Android KeyStore system under - * alias {@code key2} authorized to be used only for encryption/decryption in CBC mode with PKCS#7 + * alias {@code key2} authorized to be used only for encryption/decryption in GCM mode with no * padding. * <pre> {@code * KeyGenerator keyGenerator = KeyGenerator.getInstance( @@ -121,8 +121,8 @@ import javax.security.auth.x500.X500Principal; * keyGenerator.initialize( * new KeyGenParameterSpec.Builder("key2", * KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) - * .setBlockModes(KeyProperties.BLOCK_MODE_CBC) - * .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7) + * .setBlockModes(KeyProperties.BLOCK_MODE_GCM) + * .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) * .build()); * SecretKey key = keyGenerator.generateKey(); * @@ -377,7 +377,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { } /** - * Gets the set of block modes (e.g., {@code CBC}, {@code CTR}) with which the key can be used + * Gets the set of block modes (e.g., {@code GCM}, {@code CBC}) with which the key can be used * when encrypting/decrypting. Attempts to use the key with any other block modes will be * rejected. * @@ -694,11 +694,11 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { } /** - * Sets the set of block modes (e.g., {@code CBC}, {@code CTR}, {@code ECB}) with which the - * key can be used when encrypting/decrypting. Attempts to use the key with any other block - * modes will be rejected. + * Sets the set of block modes (e.g., {@code GCM}, {@code CBC}) with which the key can be + * used when encrypting/decrypting. Attempts to use the key with any other block modes will + * be rejected. * - * <p>This must be specified for encryption/decryption keys. + * <p>This must be specified for symmetric encryption/decryption keys. * * <p>See {@link KeyProperties}.{@code BLOCK_MODE} constants. */ @@ -724,7 +724,7 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { * <li>encryption/decryption transformation which do not offer {@code IND-CPA}, such as * {@code ECB} with a symmetric encryption algorithm, or RSA encryption/decryption without * padding, are prohibited;</li> - * <li>in block modes which use an IV, such as {@code CBC}, {@code CTR}, and {@code GCM}, + * <li>in block modes which use an IV, such as {@code GCM}, {@code CBC}, and {@code CTR}, * caller-provided IVs are rejected when encrypting, to ensure that only random IVs are * used.</li> * </ul> diff --git a/keystore/java/android/security/keystore/KeyInfo.java b/keystore/java/android/security/keystore/KeyInfo.java index 91a9a70..785ec15 100644 --- a/keystore/java/android/security/keystore/KeyInfo.java +++ b/keystore/java/android/security/keystore/KeyInfo.java @@ -30,7 +30,7 @@ import javax.crypto.SecretKey; * Keystore system</a>. This class describes whether the key material is available in * plaintext outside of secure hardware, whether user authentication is required for using the key * and whether this requirement is enforced by secure hardware, the key's origin, what uses the key - * is authorized for (e.g., only in {@code CBC} mode, or signing only), whether the key should be + * is authorized for (e.g., only in {@code GCM} mode, or signing only), whether the key should be * encrypted at rest, the key's and validity start and end dates. * * <p>Instances of this class are immutable. @@ -191,7 +191,7 @@ public class KeyInfo implements KeySpec { } /** - * Gets the set of block modes (e.g., {@code CBC}, {@code CTR}) with which the key can be used + * Gets the set of block modes (e.g., {@code GCM}, {@code CBC}) with which the key can be used * when encrypting/decrypting. Attempts to use the key with any other block modes will be * rejected. * diff --git a/keystore/java/android/security/keystore/KeyProtection.java b/keystore/java/android/security/keystore/KeyProtection.java index cd46afa..b7a2a0b 100644 --- a/keystore/java/android/security/keystore/KeyProtection.java +++ b/keystore/java/android/security/keystore/KeyProtection.java @@ -35,7 +35,7 @@ import javax.crypto.Mac; * Specification of how a key or key pair is secured when imported into the * <a href="{@docRoot}training/articles/keystore.html">Android KeyStore facility</a>. This class * specifies parameters such as whether user authentication is required for using the key, what uses - * the key is authorized for (e.g., only in {@code CTR} mode, or only for signing -- decryption not + * the key is authorized for (e.g., only in {@code GCM} mode, or only for signing -- decryption not * permitted), the key's and validity start and end dates. * * <p>To import a key or key pair into the Android KeyStore, create an instance of this class using @@ -55,8 +55,8 @@ import javax.crypto.Mac; * * <p><h3>Example: Symmetric Key</h3> * The following example illustrates how to import an AES key into the Android KeyStore under alias - * {@code key1} authorized to be used only for encryption/decryption in CBC mode with PKCS#7 - * padding. The key must export its key material via {@link Key#getEncoded()} in {@code RAW} format. + * {@code key1} authorized to be used only for encryption/decryption in GCM mode with no padding. + * The key must export its key material via {@link Key#getEncoded()} in {@code RAW} format. * <pre> {@code * SecretKey key = ...; // AES key * @@ -66,8 +66,8 @@ import javax.crypto.Mac; * "key1", * new KeyStore.SecretKeyEntry(key), * new KeyProtection.Builder(KeyProperties.PURPOSE_ENCRYPT | KeyProperties.PURPOSE_DECRYPT) - * .setBlockMode(KeyProperties.BLOCK_MODE_CBC) - * .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_PKCS7) + * .setBlockMode(KeyProperties.BLOCK_MODE_GCM) + * .setEncryptionPaddings(KeyProperties.ENCRYPTION_PADDING_NONE) * .build()); * // Key imported, obtain a reference to it. * SecretKey keyStoreKey = (SecretKey) keyStore.getKey("key1", null); @@ -236,7 +236,7 @@ public final class KeyProtection implements ProtectionParameter { } /** - * Gets the set of block modes (e.g., {@code CBC}, {@code CTR}) with which the key can be used + * Gets the set of block modes (e.g., {@code GCM}, {@code CBC}) with which the key can be used * when encrypting/decrypting. Attempts to use the key with any other block modes will be * rejected. * @@ -438,11 +438,11 @@ public final class KeyProtection implements ProtectionParameter { } /** - * Sets the set of block modes (e.g., {@code CBC}, {@code CTR}, {@code ECB}) with which the - * key can be used when encrypting/decrypting. Attempts to use the key with any other block - * modes will be rejected. + * Sets the set of block modes (e.g., {@code GCM}, {@code CBC}) with which the key can be + * used when encrypting/decrypting. Attempts to use the key with any other block modes will + * be rejected. * - * <p>This must be specified for encryption/decryption keys. + * <p>This must be specified for symmetric encryption/decryption keys. * * <p>See {@link KeyProperties}.{@code BLOCK_MODE} constants. */ @@ -467,8 +467,8 @@ public final class KeyProtection implements ProtectionParameter { * <ul> * <li>transformation which do not offer {@code IND-CPA}, such as symmetric ciphers using * {@code ECB} mode or RSA encryption without padding, are prohibited;</li> - * <li>in transformations which use an IV, such as symmetric ciphers in {@code CBC}, - * {@code CTR}, and {@code GCM} block modes, caller-provided IVs are rejected when + * <li>in transformations which use an IV, such as symmetric ciphers in {@code GCM}, + * {@code CBC}, and {@code CTR} block modes, caller-provided IVs are rejected when * encrypting, to ensure that only random IVs are used.</li> * * <p>Before disabling this requirement, consider the following approaches instead: |