Merge "Revert "Track change to Conscrypt" DO NOT MERGE ANYWHERE" into lmp-mr1-modular-dev (a7645df5) · Commits · e / os / android_frameworks_base

keystore/java/android/security/AndroidKeyPairGenerator.java

+11 −0

Original line number	Diff line number	Diff line
		@@ -17,6 +17,7 @@
		package android.security;

		import com.android.org.bouncycastle.x509.X509V3CertificateGenerator;

		import com.android.org.conscrypt.NativeCrypto;
		import com.android.org.conscrypt.OpenSSLEngine;

		@@ -33,6 +34,7 @@ import java.security.SecureRandom;
		import java.security.cert.CertificateEncodingException;
		import java.security.cert.X509Certificate;
		import java.security.spec.AlgorithmParameterSpec;
		import java.security.spec.DSAParameterSpec;
		import java.security.spec.InvalidKeySpecException;
		import java.security.spec.RSAKeyGenParameterSpec;
		import java.security.spec.X509EncodedKeySpec;
		@@ -154,6 +156,8 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
		private static String getDefaultSignatureAlgorithmForKeyType(String keyType) {
		if ("RSA".equalsIgnoreCase(keyType)) {
		return "sha256WithRSA";
		} else if ("DSA".equalsIgnoreCase(keyType)) {
		return "sha1WithDSA";
		} else if ("EC".equalsIgnoreCase(keyType)) {
		return "sha256WithECDSA";
		} else {
		@@ -169,6 +173,13 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
		return new byte[][] { rsaSpec.getPublicExponent().toByteArray() };
		}
		break;
		case NativeCrypto.EVP_PKEY_DSA:
		if (spec instanceof DSAParameterSpec) {
		DSAParameterSpec dsaSpec = (DSAParameterSpec) spec;
		return new byte[][] { dsaSpec.getG().toByteArray(),
		dsaSpec.getP().toByteArray(), dsaSpec.getQ().toByteArray() };
		}
		break;
		}
		return null;
		}

keystore/java/android/security/KeyChain.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -379,7 +379,7 @@ public final class KeyChain {
		*/
		public static boolean isKeyAlgorithmSupported(String algorithm) {
		final String algUpper = algorithm.toUpperCase(Locale.US);
		return "EC".equals(algUpper) \|\| "RSA".equals(algUpper);
		return "DSA".equals(algUpper) \|\| "EC".equals(algUpper) \|\| "RSA".equals(algUpper);
		}

		/**

keystore/java/android/security/KeyPairGeneratorSpec.java

+20 −3

Original line number	Diff line number	Diff line
		@@ -26,6 +26,7 @@ import java.security.NoSuchAlgorithmException;
		import java.security.PrivateKey;
		import java.security.cert.Certificate;
		import java.security.spec.AlgorithmParameterSpec;
		import java.security.spec.DSAParameterSpec;
		import java.security.spec.RSAKeyGenParameterSpec;
		import java.util.Date;

		@@ -58,6 +59,11 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
		* These must be kept in sync with system/security/keystore/defaults.h
		*/

		/* DSA */
		private static final int DSA_DEFAULT_KEY_SIZE = 1024;
		private static final int DSA_MIN_KEY_SIZE = 512;
		private static final int DSA_MAX_KEY_SIZE = 8192;

		/* EC */
		private static final int EC_DEFAULT_KEY_SIZE = 256;
		private static final int EC_MIN_KEY_SIZE = 192;
		@@ -159,7 +165,9 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
		}

		private static int getDefaultKeySizeForType(int keyType) {
		if (keyType == NativeCrypto.EVP_PKEY_EC) {
		if (keyType == NativeCrypto.EVP_PKEY_DSA) {
		return DSA_DEFAULT_KEY_SIZE;
		} else if (keyType == NativeCrypto.EVP_PKEY_EC) {
		return EC_DEFAULT_KEY_SIZE;
		} else if (keyType == NativeCrypto.EVP_PKEY_RSA) {
		return RSA_DEFAULT_KEY_SIZE;
		@@ -168,7 +176,12 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
		}

		private static void checkValidKeySize(int keyType, int keySize) {
		if (keyType == NativeCrypto.EVP_PKEY_EC) {
		if (keyType == NativeCrypto.EVP_PKEY_DSA) {
		if (keySize < DSA_MIN_KEY_SIZE \|\| keySize > DSA_MAX_KEY_SIZE) {
		throw new IllegalArgumentException("DSA keys must be >= " + DSA_MIN_KEY_SIZE
		+ " and <= " + DSA_MAX_KEY_SIZE);
		}
		} else if (keyType == NativeCrypto.EVP_PKEY_EC) {
		if (keySize < EC_MIN_KEY_SIZE \|\| keySize > EC_MAX_KEY_SIZE) {
		throw new IllegalArgumentException("EC keys must be >= " + EC_MIN_KEY_SIZE
		+ " and <= " + EC_MAX_KEY_SIZE);
		@@ -185,7 +198,11 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {

		private static void checkCorrectParametersSpec(int keyType, int keySize,
		AlgorithmParameterSpec spec) {
		if (keyType == NativeCrypto.EVP_PKEY_RSA && spec != null) {
		if (keyType == NativeCrypto.EVP_PKEY_DSA && spec != null) {
		if (!(spec instanceof DSAParameterSpec)) {
		throw new IllegalArgumentException("DSA keys must have DSAParameterSpec specified");
		}
		} else if (keyType == NativeCrypto.EVP_PKEY_RSA && spec != null) {
		if (spec instanceof RSAKeyGenParameterSpec) {
		RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) spec;
		if (keySize != -1 && keySize != rsaSpec.getKeysize()) {

keystore/java/android/security/KeyStore.java

+2 −0

Original line number	Diff line number	Diff line
		@@ -71,6 +71,8 @@ public class KeyStore {
		static int getKeyTypeForAlgorithm(String keyType) throws IllegalArgumentException {
		if ("RSA".equalsIgnoreCase(keyType)) {
		return NativeCrypto.EVP_PKEY_RSA;
		} else if ("DSA".equalsIgnoreCase(keyType)) {
		return NativeCrypto.EVP_PKEY_DSA;
		} else if ("EC".equalsIgnoreCase(keyType)) {
		return NativeCrypto.EVP_PKEY_EC;
		} else {