Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6bf52c42 authored by Adam Langley's avatar Adam Langley
Browse files

frameworks/base: switch to using NativeConstants. 

NativeCrypto is a conscrypt class that contained several OpenSSL
constants. NativeConstants is the new class that contains the same
thing, but the latter is automatically generated and thus won't drift
from the C headers.

Bug: 20521989

Change-Id: I45c7b9a6844a06e3ffd09be692ebf733e1ebbbcc
parent 0e29681f

keystore/java/android/security/AndroidKeyPairGenerator.java

+7 −7
Original line number Diff line number Diff line
@@ -17,7 +17,7 @@ 
package android.security;



import com.android.org.bouncycastle.x509.X509V3CertificateGenerator;

import com.android.org.conscrypt.NativeCrypto;

import com.android.org.conscrypt.NativeConstants;

import com.android.org.conscrypt.OpenSSLEngine;



import java.security.InvalidAlgorithmParameterException;
@@ -206,9 +206,9 @@ public abstract class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { 
    }



    private static int getDefaultKeySize(int keyType) {

        if (keyType == NativeCrypto.EVP_PKEY_EC) {

        if (keyType == NativeConstants.EVP_PKEY_EC) {

            return EC_DEFAULT_KEY_SIZE;

        } else if (keyType == NativeCrypto.EVP_PKEY_RSA) {

        } else if (keyType == NativeConstants.EVP_PKEY_RSA) {

            return RSA_DEFAULT_KEY_SIZE;

        }

        return -1;
@@ -216,12 +216,12 @@ public abstract class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { 


    private static void checkValidKeySize(String keyAlgorithm, int keyType, int keySize)

            throws InvalidAlgorithmParameterException {

        if (keyType == NativeCrypto.EVP_PKEY_EC) {

        if (keyType == NativeConstants.EVP_PKEY_EC) {

            if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) {

                throw new InvalidAlgorithmParameterException("EC keys must be >= "

                        + EC_MIN_KEY_SIZE + " and <= " + EC_MAX_KEY_SIZE);

            }

        } else if (keyType == NativeCrypto.EVP_PKEY_RSA) {

        } else if (keyType == NativeConstants.EVP_PKEY_RSA) {

            if (keySize < RSA_MIN_KEY_SIZE || keySize > RSA_MAX_KEY_SIZE) {

                throw new InvalidAlgorithmParameterException("RSA keys must be >= "

                        + RSA_MIN_KEY_SIZE + " and <= " + RSA_MAX_KEY_SIZE);
@@ -234,7 +234,7 @@ public abstract class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { 


    private static void checkCorrectParametersSpec(int keyType, int keySize,

            AlgorithmParameterSpec spec) throws InvalidAlgorithmParameterException {

        if (keyType == NativeCrypto.EVP_PKEY_RSA && spec != null) {

        if (keyType == NativeConstants.EVP_PKEY_RSA && spec != null) {

            if (spec instanceof RSAKeyGenParameterSpec) {

                RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) spec;

                if (keySize != -1 && keySize != rsaSpec.getKeysize()) {
@@ -260,7 +260,7 @@ public abstract class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { 


    private static byte[][] getArgsForKeyType(int keyType, AlgorithmParameterSpec spec) {

        switch (keyType) {

            case NativeCrypto.EVP_PKEY_RSA:

            case NativeConstants.EVP_PKEY_RSA:

                if (spec instanceof RSAKeyGenParameterSpec) {

                    RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) spec;

                    return new byte[][] { rsaSpec.getPublicExponent().toByteArray() };

keystore/java/android/security/KeyStore.java

+3 −3
Original line number Diff line number Diff line
@@ -16,7 +16,7 @@ 


package android.security;



import com.android.org.conscrypt.NativeCrypto;

import com.android.org.conscrypt.NativeConstants;



import android.os.Binder;

import android.os.IBinder;
@@ -87,9 +87,9 @@ public class KeyStore { 


    static int getKeyTypeForAlgorithm(String keyType) {

        if ("RSA".equalsIgnoreCase(keyType)) {

            return NativeCrypto.EVP_PKEY_RSA;

            return NativeConstants.EVP_PKEY_RSA;

        } else if ("EC".equalsIgnoreCase(keyType)) {

            return NativeCrypto.EVP_PKEY_EC;

            return NativeConstants.EVP_PKEY_EC;

        } else {

            return -1;

        }

keystore/tests/src/android/security/AndroidKeyStoreTest.java

+9 −9
Original line number Diff line number Diff line
@@ -18,7 +18,7 @@ package android.security; 


import com.android.org.bouncycastle.x509.X509V3CertificateGenerator;



import com.android.org.conscrypt.NativeCrypto;

import com.android.org.conscrypt.NativeConstants;

import com.android.org.conscrypt.OpenSSLEngine;



import android.test.AndroidTestCase;
@@ -768,7 +768,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        assertAliases(new String[] {});



        assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED,

                KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED,

                null));



        assertAliases(new String[] { TEST_ALIAS_1 });
@@ -797,7 +797,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        assertAliases(new String[] {});



        assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1,

                KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED,

                KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED,

                null));



        assertTrue("Should contain generated private key", mKeyStore.containsAlias(TEST_ALIAS_1));
@@ -1963,7 +1963,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        {

            final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1;

            assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF,

                    NativeCrypto.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null));

                    NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null));



            Key key = mKeyStore.getKey(TEST_ALIAS_1, null);
@@ -2019,7 +2019,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        {

            final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1;

            assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF,

                    NativeCrypto.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null));

                    NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null));



            X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1,

                    TEST_SERIAL_1, TEST_DN_1, NOW, NOW_PLUS_10_YEARS);
@@ -2032,7 +2032,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        {

            final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_2;

            assertTrue(mAndroidKeyStore.generate(privateKeyAlias, KeyStore.UID_SELF,

                    NativeCrypto.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null));

                    NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED, null));



            X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_2,

                    TEST_SERIAL_2, TEST_DN_2, NOW, NOW_PLUS_10_YEARS);
@@ -2064,7 +2064,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        {

            final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1;

            assertTrue(mAndroidKeyStore.generate(privateKeyAlias,

                    android.security.KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 1024,

                    android.security.KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024,

                    android.security.KeyStore.FLAG_NONE, null));



            X509Certificate cert =
@@ -2116,7 +2116,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
        assertAliases(new String[] { TEST_ALIAS_1, TEST_ALIAS_2 });



        assertTrue(mAndroidKeyStore.generate(Credentials.USER_PRIVATE_KEY + TEST_ALIAS_3,

                KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED,

                KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024, KeyStore.FLAG_ENCRYPTED,

                null));



        assertEquals("The keystore size should match expected", 3, mKeyStore.size());
@@ -2184,7 +2184,7 @@ public class AndroidKeyStoreTest extends AndroidTestCase { 
    private void setupKey() throws Exception {

        final String privateKeyAlias = Credentials.USER_PRIVATE_KEY + TEST_ALIAS_1;

        assertTrue(mAndroidKeyStore

                .generate(privateKeyAlias, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA, 1024,

                .generate(privateKeyAlias, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA, 1024,

                        KeyStore.FLAG_ENCRYPTED, null));



        X509Certificate cert = generateCertificate(mAndroidKeyStore, TEST_ALIAS_1, TEST_SERIAL_1,

keystore/tests/src/android/security/KeyStoreTest.java

+15 −15
Original line number Diff line number Diff line
@@ -32,7 +32,7 @@ import android.test.ActivityUnitTestCase; 
import android.test.AssertionFailedError;

import android.test.MoreAsserts;

import android.test.suitebuilder.annotation.MediumTest;

import com.android.org.conscrypt.NativeCrypto;

import com.android.org.conscrypt.NativeConstants;

import java.nio.charset.StandardCharsets;

import java.util.Arrays;

import java.util.Date;
@@ -365,7 +365,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 


    public void testGenerate_NotInitialized_Fail() throws Exception {

        assertFalse("Should fail when keystore is not initialized",

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA,

                        RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));

    }
@@ -373,7 +373,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
        mKeyStore.password(TEST_PASSWD);

        mKeyStore.lock();

        assertFalse("Should fail when keystore is locked",

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA,

                        RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));

    }
@@ -381,7 +381,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
        assertTrue(mKeyStore.password(TEST_PASSWD));



        assertTrue("Should be able to generate key when unlocked",

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA,

                        RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));

        assertTrue(mKeyStore.contains(TEST_KEYNAME));

        assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));
@@ -391,7 +391,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
        assertTrue(mKeyStore.password(TEST_PASSWD));



        assertTrue("Should be able to generate key when unlocked",

                mKeyStore.generate(TEST_KEYNAME, Process.WIFI_UID, NativeCrypto.EVP_PKEY_RSA,

                mKeyStore.generate(TEST_KEYNAME, Process.WIFI_UID, NativeConstants.EVP_PKEY_RSA,

                        RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));

        assertTrue(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));

        assertFalse(mKeyStore.contains(TEST_KEYNAME));
@@ -401,7 +401,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
        assertTrue(mKeyStore.password(TEST_PASSWD));



        assertFalse(mKeyStore.generate(TEST_KEYNAME, Process.BLUETOOTH_UID,

                    NativeCrypto.EVP_PKEY_RSA, RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));

                    NativeConstants.EVP_PKEY_RSA, RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));

        assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.BLUETOOTH_UID));

        assertFalse(mKeyStore.contains(TEST_KEYNAME, Process.WIFI_UID));

        assertFalse(mKeyStore.contains(TEST_KEYNAME));
@@ -447,7 +447,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
    public void testSign_Success() throws Exception {

        mKeyStore.password(TEST_PASSWD);



        assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,

        assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA,

                    RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));

        assertTrue(mKeyStore.contains(TEST_KEYNAME));

        final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA);
@@ -458,7 +458,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
    public void testVerify_Success() throws Exception {

        mKeyStore.password(TEST_PASSWD);



        assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,

        assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA,

                    RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));

        assertTrue(mKeyStore.contains(TEST_KEYNAME));

        final byte[] signature = mKeyStore.sign(TEST_KEYNAME, TEST_DATA);
@@ -486,7 +486,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
                mKeyStore.password(TEST_PASSWD));



        assertTrue("Should be able to generate key for testcase",

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA,

                        RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));



        assertTrue("Should be able to grant key to other user",
@@ -520,7 +520,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
                mKeyStore.password(TEST_PASSWD));



        assertTrue("Should be able to generate key for testcase",

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA,

                        RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));



        assertTrue("Should be able to grant key to other user",
@@ -554,7 +554,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
                mKeyStore.password(TEST_PASSWD));



        assertTrue("Should be able to generate key for testcase",

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA,

                        RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));



        assertFalse("Should not be able to revoke not existent grant",
@@ -566,7 +566,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
                mKeyStore.password(TEST_PASSWD));



        assertTrue("Should be able to generate key for testcase",

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA,

                        RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));



        assertTrue("Should be able to grant key to other user",
@@ -584,7 +584,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 
                mKeyStore.password(TEST_PASSWD));



        assertTrue("Should be able to generate key for testcase",

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,

                mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA,

                        RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));



        assertTrue("Should be able to grant key to other user",
@@ -605,7 +605,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 


        assertFalse(mKeyStore.contains(TEST_KEYNAME));



        assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,

        assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA,

                    RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));



        assertTrue(mKeyStore.contains(TEST_KEYNAME));
@@ -644,7 +644,7 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { 


        assertFalse(mKeyStore.contains(TEST_KEYNAME));



        assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeCrypto.EVP_PKEY_RSA,

        assertTrue(mKeyStore.generate(TEST_KEYNAME, KeyStore.UID_SELF, NativeConstants.EVP_PKEY_RSA,

                    RSA_KEY_SIZE, KeyStore.FLAG_ENCRYPTED, null));



        assertTrue(mKeyStore.contains(TEST_KEYNAME));

tools/obbtool/pbkdf2gen.cpp

+1 −0
Original line number Diff line number Diff line
@@ -20,6 +20,7 @@ 
#include <errno.h>

#include <fcntl.h>

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

#include <unistd.h>