Support creation and use of HMAC keys with KM_DIGEST_NONE
KM_DIGEST_NONE should mean "any digest" when applied to HMAC keys,
allowing any valid digest to be specified during begin() of an HMAC
signature or verification operation.
Bug: 22119295
Change-Id: I4698435f5d7aaf0a2f66b9c7aa4097f60c9c6eb3
diff --git a/hmac_operation.cpp b/hmac_operation.cpp
index 75e8a07..b1437c4 100644
--- a/hmac_operation.cpp
+++ b/hmac_operation.cpp
@@ -45,15 +45,8 @@
}
keymaster_digest_t digest;
- if (!begin_params.GetTagValue(TAG_DIGEST, &digest)) {
- LOG_E("%d digests specified in begin params", begin_params.GetTagCount(TAG_DIGEST));
- *error = KM_ERROR_UNSUPPORTED_DIGEST;
+ if (!GetAndValidateDigest(begin_params, key, &digest, error))
return nullptr;
- } else if (!key.authorizations().Contains(TAG_DIGEST, digest)) {
- LOG_E("Digest %d was specified, but not authorized by key", digest);
- *error = KM_ERROR_INCOMPATIBLE_DIGEST;
- return nullptr;
- }
const SymmetricKey* symmetric_key = static_cast<const SymmetricKey*>(&key);
UniquePtr<HmacOperation> op(