Loading keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java +6 −18 Original line number Diff line number Diff line Loading @@ -215,14 +215,8 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato legacySpec.getKeystoreAlias(), KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); specBuilder.setDigests( KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_MD5, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); // Authorized to be used with any digest (including no digest). specBuilder.setDigests(KeyProperties.DIGEST_NONE); break; case KeymasterDefs.KM_ALGORITHM_RSA: specBuilder = new KeyGenParameterSpec.Builder( Loading @@ -231,19 +225,13 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato | KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); specBuilder.setDigests( KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_MD5, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); // Authorized to be used with any digest (including no digest). specBuilder.setDigests(KeyProperties.DIGEST_NONE); specBuilder.setSignaturePaddings( KeyProperties.SIGNATURE_PADDING_RSA_PKCS1); // Authorized to be used with any padding (including no padding). specBuilder.setEncryptionPaddings( KeyProperties.ENCRYPTION_PADDING_NONE, KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1); KeyProperties.ENCRYPTION_PADDING_NONE); // Disable randomized encryption requirement to support encryption // padding NONE above. specBuilder.setRandomizedEncryptionRequired(false); Loading keystore/java/android/security/keystore/AndroidKeyStoreSpi.java +6 −18 Original line number Diff line number Diff line Loading @@ -247,14 +247,8 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { specBuilder = new KeyProtection.Builder( KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); specBuilder.setDigests( KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_MD5, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); // Authorized to be used with any digest (including no digest). specBuilder.setDigests(KeyProperties.DIGEST_NONE); } else if (KeyProperties.KEY_ALGORITHM_RSA.equalsIgnoreCase(keyAlgorithm)) { specBuilder = new KeyProtection.Builder( Loading @@ -262,19 +256,13 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { | KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); specBuilder.setDigests( KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_MD5, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); // Authorized to be used with any digest (including no digest). specBuilder.setDigests(KeyProperties.DIGEST_NONE); specBuilder.setSignaturePaddings( KeyProperties.SIGNATURE_PADDING_RSA_PKCS1); // Authorized to be used with any padding (including no padding). specBuilder.setEncryptionPaddings( KeyProperties.ENCRYPTION_PADDING_NONE, KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1); KeyProperties.ENCRYPTION_PADDING_NONE); // Disable randomized encryption requirement to support encryption padding NONE // above. specBuilder.setRandomizedEncryptionRequired(false); Loading keystore/java/android/security/keystore/KeyGenParameterSpec.java +13 −2 Original line number Diff line number Diff line Loading @@ -611,9 +611,14 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { * * <p>This must be specified for keys which are used for signing/verification. For HMAC * keys, the set of digests defaults to the digest associated with the key algorithm (e.g., * {@code SHA-256} for key algorithm {@code HmacSHA256} * {@code SHA-256} for key algorithm {@code HmacSHA256}). * * @see KeyProperties.Digest * <p>For private keys used for TLS/SSL client or server authentication it is usually * necessary to authorize the use of no digest ({@link KeyProperties#DIGEST_NONE}). This is * because TLS/SSL stacks typically generate the necessary digest(s) themselves and then use * a private key to sign it. * * <p>See {@link KeyProperties}.{@code DIGEST} constants. */ @NonNull public Builder setDigests(@KeyProperties.DigestEnum String... digests) { Loading @@ -629,6 +634,12 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { * * <p>This must be specified for keys which are used for encryption/decryption. * * <p>For RSA private keys used by TLS/SSL servers to authenticate themselves to clients it * is usually necessary to authorize the use of no/any padding * ({@link KeyProperties#ENCRYPTION_PADDING_NONE}). This is because RSA decryption is * required by some cipher suites, and some stacks request decryption using no padding * whereas others request PKCS#1 padding. * * <p>See {@link KeyProperties}.{@code ENCRYPTION_PADDING} constants. */ @NonNull Loading keystore/java/android/security/keystore/KeyProperties.java +6 −0 Original line number Diff line number Diff line Loading @@ -368,6 +368,9 @@ public abstract class KeyProperties { /** * No encryption padding. * * <p><b>NOTE</b>: If a key is authorized to be used with no padding, then it can be used with * any padding scheme. */ public static final String ENCRYPTION_PADDING_NONE = "NoPadding"; Loading Loading @@ -514,6 +517,9 @@ public abstract class KeyProperties { /** * No digest: sign/authenticate the raw message. * * <p><b>NOTE</b>: If a key is authorized to be used with no digest, then it can be used with * any digest. */ public static final String DIGEST_NONE = "NONE"; Loading keystore/java/android/security/keystore/KeyProtection.java +11 −0 Original line number Diff line number Diff line Loading @@ -374,6 +374,12 @@ public final class KeyProtection implements ProtectionParameter { * * <p>This must be specified for keys which are used for encryption/decryption. * * <p>For RSA private keys used by TLS/SSL servers to authenticate themselves to clients it * is usually necessary to authorize the use of no/any padding * ({@link KeyProperties#ENCRYPTION_PADDING_NONE}). This is because RSA decryption is * required by some cipher suites, and some stacks request decryption using no padding * whereas others request PKCS#1 padding. * * <p>See {@link KeyProperties}.{@code ENCRYPTION_PADDING} constants. */ @NonNull Loading Loading @@ -408,6 +414,11 @@ public final class KeyProtection implements ProtectionParameter { * {@link Key#getAlgorithm()}. For asymmetric signing keys the set of digest algorithms * must be specified. * * <p>For private keys used for TLS/SSL client or server authentication it is usually * necessary to authorize the use of no digest ({@link KeyProperties#DIGEST_NONE}). This is * because TLS/SSL stacks typically generate the necessary digest(s) themselves and then use * a private key to sign it. * * <p>See {@link KeyProperties}.{@code DIGEST} constants. */ @NonNull Loading Loading
keystore/java/android/security/keystore/AndroidKeyStoreKeyPairGeneratorSpi.java +6 −18 Original line number Diff line number Diff line Loading @@ -215,14 +215,8 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato legacySpec.getKeystoreAlias(), KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); specBuilder.setDigests( KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_MD5, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); // Authorized to be used with any digest (including no digest). specBuilder.setDigests(KeyProperties.DIGEST_NONE); break; case KeymasterDefs.KM_ALGORITHM_RSA: specBuilder = new KeyGenParameterSpec.Builder( Loading @@ -231,19 +225,13 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato | KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); specBuilder.setDigests( KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_MD5, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); // Authorized to be used with any digest (including no digest). specBuilder.setDigests(KeyProperties.DIGEST_NONE); specBuilder.setSignaturePaddings( KeyProperties.SIGNATURE_PADDING_RSA_PKCS1); // Authorized to be used with any padding (including no padding). specBuilder.setEncryptionPaddings( KeyProperties.ENCRYPTION_PADDING_NONE, KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1); KeyProperties.ENCRYPTION_PADDING_NONE); // Disable randomized encryption requirement to support encryption // padding NONE above. specBuilder.setRandomizedEncryptionRequired(false); Loading
keystore/java/android/security/keystore/AndroidKeyStoreSpi.java +6 −18 Original line number Diff line number Diff line Loading @@ -247,14 +247,8 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { specBuilder = new KeyProtection.Builder( KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); specBuilder.setDigests( KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_MD5, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); // Authorized to be used with any digest (including no digest). specBuilder.setDigests(KeyProperties.DIGEST_NONE); } else if (KeyProperties.KEY_ALGORITHM_RSA.equalsIgnoreCase(keyAlgorithm)) { specBuilder = new KeyProtection.Builder( Loading @@ -262,19 +256,13 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { | KeyProperties.PURPOSE_DECRYPT | KeyProperties.PURPOSE_SIGN | KeyProperties.PURPOSE_VERIFY); specBuilder.setDigests( KeyProperties.DIGEST_NONE, KeyProperties.DIGEST_MD5, KeyProperties.DIGEST_SHA1, KeyProperties.DIGEST_SHA224, KeyProperties.DIGEST_SHA256, KeyProperties.DIGEST_SHA384, KeyProperties.DIGEST_SHA512); // Authorized to be used with any digest (including no digest). specBuilder.setDigests(KeyProperties.DIGEST_NONE); specBuilder.setSignaturePaddings( KeyProperties.SIGNATURE_PADDING_RSA_PKCS1); // Authorized to be used with any padding (including no padding). specBuilder.setEncryptionPaddings( KeyProperties.ENCRYPTION_PADDING_NONE, KeyProperties.ENCRYPTION_PADDING_RSA_PKCS1); KeyProperties.ENCRYPTION_PADDING_NONE); // Disable randomized encryption requirement to support encryption padding NONE // above. specBuilder.setRandomizedEncryptionRequired(false); Loading
keystore/java/android/security/keystore/KeyGenParameterSpec.java +13 −2 Original line number Diff line number Diff line Loading @@ -611,9 +611,14 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { * * <p>This must be specified for keys which are used for signing/verification. For HMAC * keys, the set of digests defaults to the digest associated with the key algorithm (e.g., * {@code SHA-256} for key algorithm {@code HmacSHA256} * {@code SHA-256} for key algorithm {@code HmacSHA256}). * * @see KeyProperties.Digest * <p>For private keys used for TLS/SSL client or server authentication it is usually * necessary to authorize the use of no digest ({@link KeyProperties#DIGEST_NONE}). This is * because TLS/SSL stacks typically generate the necessary digest(s) themselves and then use * a private key to sign it. * * <p>See {@link KeyProperties}.{@code DIGEST} constants. */ @NonNull public Builder setDigests(@KeyProperties.DigestEnum String... digests) { Loading @@ -629,6 +634,12 @@ public final class KeyGenParameterSpec implements AlgorithmParameterSpec { * * <p>This must be specified for keys which are used for encryption/decryption. * * <p>For RSA private keys used by TLS/SSL servers to authenticate themselves to clients it * is usually necessary to authorize the use of no/any padding * ({@link KeyProperties#ENCRYPTION_PADDING_NONE}). This is because RSA decryption is * required by some cipher suites, and some stacks request decryption using no padding * whereas others request PKCS#1 padding. * * <p>See {@link KeyProperties}.{@code ENCRYPTION_PADDING} constants. */ @NonNull Loading
keystore/java/android/security/keystore/KeyProperties.java +6 −0 Original line number Diff line number Diff line Loading @@ -368,6 +368,9 @@ public abstract class KeyProperties { /** * No encryption padding. * * <p><b>NOTE</b>: If a key is authorized to be used with no padding, then it can be used with * any padding scheme. */ public static final String ENCRYPTION_PADDING_NONE = "NoPadding"; Loading Loading @@ -514,6 +517,9 @@ public abstract class KeyProperties { /** * No digest: sign/authenticate the raw message. * * <p><b>NOTE</b>: If a key is authorized to be used with no digest, then it can be used with * any digest. */ public static final String DIGEST_NONE = "NONE"; Loading
keystore/java/android/security/keystore/KeyProtection.java +11 −0 Original line number Diff line number Diff line Loading @@ -374,6 +374,12 @@ public final class KeyProtection implements ProtectionParameter { * * <p>This must be specified for keys which are used for encryption/decryption. * * <p>For RSA private keys used by TLS/SSL servers to authenticate themselves to clients it * is usually necessary to authorize the use of no/any padding * ({@link KeyProperties#ENCRYPTION_PADDING_NONE}). This is because RSA decryption is * required by some cipher suites, and some stacks request decryption using no padding * whereas others request PKCS#1 padding. * * <p>See {@link KeyProperties}.{@code ENCRYPTION_PADDING} constants. */ @NonNull Loading Loading @@ -408,6 +414,11 @@ public final class KeyProtection implements ProtectionParameter { * {@link Key#getAlgorithm()}. For asymmetric signing keys the set of digest algorithms * must be specified. * * <p>For private keys used for TLS/SSL client or server authentication it is usually * necessary to authorize the use of no digest ({@link KeyProperties#DIGEST_NONE}). This is * because TLS/SSL stacks typically generate the necessary digest(s) themselves and then use * a private key to sign it. * * <p>See {@link KeyProperties}.{@code DIGEST} constants. */ @NonNull Loading
