Merge "Make MGF1 Digest setter NotNull" into main am: 6fee432f44 am: f26151a937 am: 6243dcbbdb
Original change: https://android-review.googlesource.com/c/platform/frameworks/base/+/2832673
Change-Id: I3fb733152de585a38a5b043464bb1f818c734af2
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/core/api/current.txt b/core/api/current.txt
index f9f8d78..bae7ca4 100644
--- a/core/api/current.txt
+++ b/core/api/current.txt
@@ -39259,7 +39259,7 @@
method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setKeyValidityForOriginationEnd(java.util.Date);
method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setKeyValidityStart(java.util.Date);
method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setMaxUsageCount(int);
- method @FlaggedApi("MGF1_DIGEST_SETTER") @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setMgf1Digests(@Nullable java.lang.String...);
+ method @FlaggedApi("MGF1_DIGEST_SETTER") @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setMgf1Digests(@NonNull java.lang.String...);
method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setRandomizedEncryptionRequired(boolean);
method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setSignaturePaddings(java.lang.String...);
method @NonNull public android.security.keystore.KeyGenParameterSpec.Builder setUnlockedDeviceRequired(boolean);
diff --git a/keystore/java/android/security/keystore/KeyGenParameterSpec.java b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
index b714035..231fa48 100644
--- a/keystore/java/android/security/keystore/KeyGenParameterSpec.java
+++ b/keystore/java/android/security/keystore/KeyGenParameterSpec.java
@@ -1282,15 +1282,18 @@
* function (MGF1) with a digest.
* The default digest for MGF1 is {@code SHA-1}, which will be specified during key creation
* time if no digests have been explicitly provided.
- * When using the key, the caller may not specify any digests that were not provided during
- * key creation time. The caller may specify the default digest, {@code SHA-1}, if no
+ * {@code null} may not be specified as a parameter to this method: It is not possible to
+ * disable MGF1 digest, a default must be present for when the caller tries to use it.
+ *
+ * <p>When using the key, the caller may not specify any digests that were not provided
+ * during key creation time. The caller may specify the default digest, {@code SHA-1}, if no
* digests were explicitly provided during key creation (but it is not necessary to do so).
*
* <p>See {@link KeyProperties}.{@code DIGEST} constants.
*/
@NonNull
@FlaggedApi("MGF1_DIGEST_SETTER")
- public Builder setMgf1Digests(@Nullable @KeyProperties.DigestEnum String... mgf1Digests) {
+ public Builder setMgf1Digests(@NonNull @KeyProperties.DigestEnum String... mgf1Digests) {
mMgf1Digests = Set.of(mgf1Digests);
return this;
}