Merge "Add more digests to AndroidKeyStore API." (1da3d7fc) · Commits · e / os / android_frameworks_base

keystore/java/android/security/AndroidKeyStoreProvider.java

+17 −2

Original line number	Diff line number	Diff line
		@@ -49,14 +49,25 @@ public class AndroidKeyStoreProvider extends Provider {

		// javax.crypto.KeyGenerator
		put("KeyGenerator.AES", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$AES");
		put("KeyGenerator.HmacSHA1", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$HmacSHA1");
		put("KeyGenerator.HmacSHA224", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$HmacSHA224");
		put("KeyGenerator.HmacSHA256", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$HmacSHA256");
		put("KeyGenerator.HmacSHA384", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$HmacSHA384");
		put("KeyGenerator.HmacSHA512", PACKAGE_NAME + ".KeyStoreKeyGeneratorSpi$HmacSHA512");

		// java.security.SecretKeyFactory
		put("SecretKeyFactory.AES", PACKAGE_NAME + ".KeyStoreSecretKeyFactorySpi");
		put("SecretKeyFactory.HmacSHA256", PACKAGE_NAME + ".KeyStoreSecretKeyFactorySpi");
		putSecretKeyFactoryImpl("AES");
		putSecretKeyFactoryImpl("HmacSHA1");
		putSecretKeyFactoryImpl("HmacSHA224");
		putSecretKeyFactoryImpl("HmacSHA256");
		putSecretKeyFactoryImpl("HmacSHA384");
		putSecretKeyFactoryImpl("HmacSHA512");

		// javax.crypto.Mac
		putMacImpl("HmacSHA224", PACKAGE_NAME + ".KeyStoreHmacSpi$HmacSHA224");
		putMacImpl("HmacSHA256", PACKAGE_NAME + ".KeyStoreHmacSpi$HmacSHA256");
		putMacImpl("HmacSHA384", PACKAGE_NAME + ".KeyStoreHmacSpi$HmacSHA384");
		putMacImpl("HmacSHA512", PACKAGE_NAME + ".KeyStoreHmacSpi$HmacSHA512");

		// javax.crypto.Cipher
		putSymmetricCipherImpl("AES/ECB/NoPadding",
		@@ -73,6 +84,10 @@ public class AndroidKeyStoreProvider extends Provider {
		PACKAGE_NAME + ".KeyStoreCipherSpi$AES$CTR$NoPadding");
		}

		private void putSecretKeyFactoryImpl(String algorithm) {
		put("SecretKeyFactory." + algorithm, PACKAGE_NAME + ".KeyStoreSecretKeyFactorySpi");
		}

		private void putMacImpl(String algorithm, String implClass) {
		put("Mac." + algorithm, implClass);
		put("Mac." + algorithm + " SupportedKeyClasses", KEYSTORE_SECRET_KEY_CLASS_NAME);

keystore/java/android/security/KeyStoreHmacSpi.java

+27 −3

Original line number	Diff line number	Diff line
		@@ -35,9 +35,33 @@ import javax.crypto.MacSpi;
		*/
		public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOperation {

		public static class HmacSHA1 extends KeyStoreHmacSpi {
		public HmacSHA1() {
		super(KeyStoreKeyConstraints.Digest.SHA1);
		}
		}

		public static class HmacSHA224 extends KeyStoreHmacSpi {
		public HmacSHA224() {
		super(KeyStoreKeyConstraints.Digest.SHA224);
		}
		}

		public static class HmacSHA256 extends KeyStoreHmacSpi {
		public HmacSHA256() {
		super(KeyStoreKeyConstraints.Digest.SHA256, 256 / 8);
		super(KeyStoreKeyConstraints.Digest.SHA256);
		}
		}

		public static class HmacSHA384 extends KeyStoreHmacSpi {
		public HmacSHA384() {
		super(KeyStoreKeyConstraints.Digest.SHA384);
		}
		}

		public static class HmacSHA512 extends KeyStoreHmacSpi {
		public HmacSHA512() {
		super(KeyStoreKeyConstraints.Digest.SHA512);
		}
		}

		@@ -52,9 +76,9 @@ public abstract class KeyStoreHmacSpi extends MacSpi implements KeyStoreCryptoOp
		private IBinder mOperationToken;
		private Long mOperationHandle;

		protected KeyStoreHmacSpi(@KeyStoreKeyConstraints.DigestEnum int digest, int macSizeBytes) {
		protected KeyStoreHmacSpi(@KeyStoreKeyConstraints.DigestEnum int digest) {
		mDigest = digest;
		mMacSizeBytes = macSizeBytes;
		mMacSizeBytes = KeyStoreKeyConstraints.Digest.getOutputSizeBytes(digest);
		}

		@Override

keystore/java/android/security/KeyStoreKeyConstraints.java

+112 −13

Original line number	Diff line number	Diff line
		@@ -327,7 +327,15 @@ public abstract class KeyStoreKeyConstraints {

		@Retention(RetentionPolicy.SOURCE)
		@IntDef(flag = true,
		value = {Digest.NONE, Digest.SHA256})
		value = {
		Digest.NONE,
		Digest.MD5,
		Digest.SHA1,
		Digest.SHA224,
		Digest.SHA256,
		Digest.SHA384,
		Digest.SHA512,
		})
		public @interface DigestEnum {}

		/**
		@@ -343,9 +351,34 @@ public abstract class KeyStoreKeyConstraints {
		public static final int NONE = 1 << 0;

		/**
		* SHA-256 digest.
		* MD5 digest.
		*/
		public static final int SHA256 = 1 << 1;
		public static final int MD5 = 1 << 1;

		/**
		* SHA-1 digest.
		*/
		public static final int SHA1 = 1 << 2;

		/**
		* SHA-2 224 (aka SHA-224) digest.
		*/
		public static final int SHA224 = 1 << 3;

		/**
		* SHA-2 256 (aka SHA-256) digest.
		*/
		public static final int SHA256 = 1 << 4;

		/**
		* SHA-2 384 (aka SHA-384) digest.
		*/
		public static final int SHA384 = 1 << 5;

		/**
		* SHA-2 512 (aka SHA-512) digest.
		*/
		public static final int SHA512 = 1 << 6;

		/**
		* @hide
		@@ -354,8 +387,18 @@ public abstract class KeyStoreKeyConstraints {
		switch (digest) {
		case NONE:
		return "NONE";
		case MD5:
		return "MD5";
		case SHA1:
		return "SHA-1";
		case SHA224:
		return "SHA-224";
		case SHA256:
		return "SHA256";
		return "SHA-256";
		case SHA384:
		return "SHA-384";
		case SHA512:
		return "SHA-512";
		default:
		throw new IllegalArgumentException("Unknown digest: " + digest);
		}
		@@ -364,13 +407,19 @@ public abstract class KeyStoreKeyConstraints {
		/**
		* @hide
		*/
		public static String[] allToString(@DigestEnum int digests) {
		int[] values = getSetFlags(digests);
		String[] result = new String[values.length];
		for (int i = 0; i < values.length; i++) {
		result[i] = toString(values[i]);
		public static String allToString(@DigestEnum int digests) {
		StringBuilder result = new StringBuilder("[");
		boolean firstValue = true;
		for (@DigestEnum int digest : getSetFlags(digests)) {
		if (firstValue) {
		firstValue = false;
		} else {
		result.append(", ");
		}
		return result;
		result.append(toString(digest));
		}
		result.append(']');
		return result.toString();
		}

		/**
		@@ -380,8 +429,18 @@ public abstract class KeyStoreKeyConstraints {
		switch (digest) {
		case NONE:
		return KeymasterDefs.KM_DIGEST_NONE;
		case MD5:
		return KeymasterDefs.KM_DIGEST_MD5;
		case SHA1:
		return KeymasterDefs.KM_DIGEST_SHA1;
		case SHA224:
		return KeymasterDefs.KM_DIGEST_SHA_2_224;
		case SHA256:
		return KeymasterDefs.KM_DIGEST_SHA_2_256;
		case SHA384:
		return KeymasterDefs.KM_DIGEST_SHA_2_384;
		case SHA512:
		return KeymasterDefs.KM_DIGEST_SHA_2_512;
		default:
		throw new IllegalArgumentException("Unknown digest: " + digest);
		}
		@@ -394,8 +453,18 @@ public abstract class KeyStoreKeyConstraints {
		switch (digest) {
		case KeymasterDefs.KM_DIGEST_NONE:
		return NONE;
		case KeymasterDefs.KM_DIGEST_MD5:
		return MD5;
		case KeymasterDefs.KM_DIGEST_SHA1:
		return SHA1;
		case KeymasterDefs.KM_DIGEST_SHA_2_224:
		return SHA224;
		case KeymasterDefs.KM_DIGEST_SHA_2_256:
		return SHA256;
		case KeymasterDefs.KM_DIGEST_SHA_2_384:
		return SHA384;
		case KeymasterDefs.KM_DIGEST_SHA_2_512:
		return SHA512;
		default:
		throw new IllegalArgumentException("Unknown digest: " + digest);
		}
		@@ -429,11 +498,21 @@ public abstract class KeyStoreKeyConstraints {
		public static @DigestEnum Integer fromJCASecretKeyAlgorithm(String algorithm) {
		String algorithmLower = algorithm.toLowerCase(Locale.US);
		if (algorithmLower.startsWith("hmac")) {
		if ("hmacsha256".equals(algorithmLower)) {
		String digestLower = algorithmLower.substring("hmac".length());
		if ("md5".equals(digestLower)) {
		return MD5;
		} else if ("sha1".equals(digestLower)) {
		return SHA1;
		} else if ("sha224".equals(digestLower)) {
		return SHA224;
		} else if ("sha256".equals(digestLower)) {
		return SHA256;
		} else if ("sha384".equals(digestLower)) {
		return SHA384;
		} else if ("sha512".equals(digestLower)) {
		return SHA512;
		} else {
		throw new IllegalArgumentException("Unsupported digest: "
		+ algorithmLower.substring("hmac".length()));
		throw new IllegalArgumentException("Unsupported digest: " + digestLower);
		}
		} else {
		return null;
		@@ -447,8 +526,18 @@ public abstract class KeyStoreKeyConstraints {
		switch (digest) {
		case NONE:
		return "NONE";
		case MD5:
		return "MD5";
		case SHA1:
		return "SHA1";
		case SHA224:
		return "SHA224";
		case SHA256:
		return "SHA256";
		case SHA384:
		return "SHA384";
		case SHA512:
		return "SHA512";
		default:
		throw new IllegalArgumentException("Unknown digest: " + digest);
		}
		@@ -461,8 +550,18 @@ public abstract class KeyStoreKeyConstraints {
		switch (digest) {
		case NONE:
		return null;
		case MD5:
		return 128 / 8;
		case SHA1:
		return 160 / 8;
		case SHA224:
		return 224 / 8;
		case SHA256:
		return 256 / 8;
		case SHA384:
		return 384 / 8;
		case SHA512:
		return 512 / 8;
		default:
		throw new IllegalArgumentException("Unknown digest: " + digest);
		}

keystore/java/android/security/KeyStoreKeyGeneratorSpi.java

+34 −5

Original line number	Diff line number	Diff line
		@@ -41,12 +41,41 @@ public abstract class KeyStoreKeyGeneratorSpi extends KeyGeneratorSpi {
		}
		}

		public static class HmacSHA256 extends KeyStoreKeyGeneratorSpi {
		public HmacSHA256() {
		protected static abstract class HmacBase extends KeyStoreKeyGeneratorSpi {
		protected HmacBase(@KeyStoreKeyConstraints.DigestEnum int digest) {
		super(KeyStoreKeyConstraints.Algorithm.HMAC,
		KeyStoreKeyConstraints.Digest.SHA256,
		KeyStoreKeyConstraints.Digest.getOutputSizeBytes(
		KeyStoreKeyConstraints.Digest.SHA256) * 8);
		digest,
		KeyStoreKeyConstraints.Digest.getOutputSizeBytes(digest) * 8);
		}
		}

		public static class HmacSHA1 extends HmacBase {
		public HmacSHA1() {
		super(KeyStoreKeyConstraints.Digest.SHA1);
		}
		}

		public static class HmacSHA224 extends HmacBase {
		public HmacSHA224() {
		super(KeyStoreKeyConstraints.Digest.SHA224);
		}
		}

		public static class HmacSHA256 extends HmacBase {
		public HmacSHA256() {
		super(KeyStoreKeyConstraints.Digest.SHA256);
		}
		}

		public static class HmacSHA384 extends HmacBase {
		public HmacSHA384() {
		super(KeyStoreKeyConstraints.Digest.SHA384);
		}
		}

		public static class HmacSHA512 extends HmacBase {
		public HmacSHA512() {
		super(KeyStoreKeyConstraints.Digest.SHA512);
		}
		}