Loading keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java +30 −3 Original line number Original line Diff line number Diff line Loading @@ -109,13 +109,29 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato } } } } // For curve 25519, KeyMint uses the KM_ALGORITHM_EC constant, but in the Java layer we need // to distinguish between Curve 25519 and other EC algorithms, so we use a different constant // with a value that is outside the range of the enum used for KeyMint algorithms. private static final int ALGORITHM_XDH = KeymasterDefs.KM_ALGORITHM_EC + 1200; private static final int ALGORITHM_ED25519 = ALGORITHM_XDH + 1; /** /** * XDH represents Curve 25519 providers. * XDH represents Curve 25519 agreement key provider. */ */ public static class XDH extends AndroidKeyStoreKeyPairGeneratorSpi { public static class XDH extends AndroidKeyStoreKeyPairGeneratorSpi { // XDH is treated as EC. // XDH is treated as EC. public XDH() { public XDH() { super(KeymasterDefs.KM_ALGORITHM_EC); super(ALGORITHM_XDH); } } /** * ED25519 represents Curve 25519 signing key provider. */ public static class ED25519 extends AndroidKeyStoreKeyPairGeneratorSpi { // ED25519 is treated as EC. public ED25519() { super(ALGORITHM_ED25519); } } } } Loading Loading @@ -241,7 +257,9 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato KeyGenParameterSpec spec; KeyGenParameterSpec spec; boolean encryptionAtRestRequired = false; boolean encryptionAtRestRequired = false; int keymasterAlgorithm = mOriginalKeymasterAlgorithm; int keymasterAlgorithm = (mOriginalKeymasterAlgorithm == ALGORITHM_XDH || mOriginalKeymasterAlgorithm == ALGORITHM_ED25519) ? KeymasterDefs.KM_ALGORITHM_EC : mOriginalKeymasterAlgorithm; if (params instanceof KeyGenParameterSpec) { if (params instanceof KeyGenParameterSpec) { spec = (KeyGenParameterSpec) params; spec = (KeyGenParameterSpec) params; } else if (params instanceof KeyPairGeneratorSpec) { } else if (params instanceof KeyPairGeneratorSpec) { Loading Loading @@ -610,6 +628,15 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato if (algSpecificSpec instanceof ECGenParameterSpec) { if (algSpecificSpec instanceof ECGenParameterSpec) { ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec; ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec; mEcCurveName = ecSpec.getName(); mEcCurveName = ecSpec.getName(); if (mOriginalKeymasterAlgorithm == ALGORITHM_XDH && !mEcCurveName.equalsIgnoreCase("x25519")) { throw new InvalidAlgorithmParameterException("XDH algorithm only supports" + " x25519 curve."); } else if (mOriginalKeymasterAlgorithm == ALGORITHM_ED25519 && !mEcCurveName.equalsIgnoreCase("ed25519")) { throw new InvalidAlgorithmParameterException("Ed25519 algorithm only" + " supports ed25519 curve."); } final Integer ecSpecKeySizeBits = SUPPORTED_EC_CURVE_NAME_TO_SIZE.get( final Integer ecSpecKeySizeBits = SUPPORTED_EC_CURVE_NAME_TO_SIZE.get( mEcCurveName.toLowerCase(Locale.US)); mEcCurveName.toLowerCase(Locale.US)); if (ecSpecKeySizeBits == null) { if (ecSpecKeySizeBits == null) { Loading keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java +3 −0 Original line number Original line Diff line number Diff line Loading @@ -86,11 +86,14 @@ public class AndroidKeyStoreProvider extends Provider { put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$EC"); put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$EC"); put("KeyPairGenerator.RSA", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$RSA"); put("KeyPairGenerator.RSA", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$RSA"); put("KeyPairGenerator.XDH", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$XDH"); put("KeyPairGenerator.XDH", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$XDH"); put("KeyPairGenerator.ED25519", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$ED25519"); // java.security.KeyFactory // java.security.KeyFactory putKeyFactoryImpl("EC"); putKeyFactoryImpl("EC"); putKeyFactoryImpl("RSA"); putKeyFactoryImpl("RSA"); putKeyFactoryImpl("XDH"); putKeyFactoryImpl("XDH"); putKeyFactoryImpl("ED25519"); // javax.crypto.KeyGenerator // javax.crypto.KeyGenerator put("KeyGenerator.AES", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$AES"); put("KeyGenerator.AES", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$AES"); Loading Loading
keystore/java/android/security/keystore2/AndroidKeyStoreKeyPairGeneratorSpi.java +30 −3 Original line number Original line Diff line number Diff line Loading @@ -109,13 +109,29 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato } } } } // For curve 25519, KeyMint uses the KM_ALGORITHM_EC constant, but in the Java layer we need // to distinguish between Curve 25519 and other EC algorithms, so we use a different constant // with a value that is outside the range of the enum used for KeyMint algorithms. private static final int ALGORITHM_XDH = KeymasterDefs.KM_ALGORITHM_EC + 1200; private static final int ALGORITHM_ED25519 = ALGORITHM_XDH + 1; /** /** * XDH represents Curve 25519 providers. * XDH represents Curve 25519 agreement key provider. */ */ public static class XDH extends AndroidKeyStoreKeyPairGeneratorSpi { public static class XDH extends AndroidKeyStoreKeyPairGeneratorSpi { // XDH is treated as EC. // XDH is treated as EC. public XDH() { public XDH() { super(KeymasterDefs.KM_ALGORITHM_EC); super(ALGORITHM_XDH); } } /** * ED25519 represents Curve 25519 signing key provider. */ public static class ED25519 extends AndroidKeyStoreKeyPairGeneratorSpi { // ED25519 is treated as EC. public ED25519() { super(ALGORITHM_ED25519); } } } } Loading Loading @@ -241,7 +257,9 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato KeyGenParameterSpec spec; KeyGenParameterSpec spec; boolean encryptionAtRestRequired = false; boolean encryptionAtRestRequired = false; int keymasterAlgorithm = mOriginalKeymasterAlgorithm; int keymasterAlgorithm = (mOriginalKeymasterAlgorithm == ALGORITHM_XDH || mOriginalKeymasterAlgorithm == ALGORITHM_ED25519) ? KeymasterDefs.KM_ALGORITHM_EC : mOriginalKeymasterAlgorithm; if (params instanceof KeyGenParameterSpec) { if (params instanceof KeyGenParameterSpec) { spec = (KeyGenParameterSpec) params; spec = (KeyGenParameterSpec) params; } else if (params instanceof KeyPairGeneratorSpec) { } else if (params instanceof KeyPairGeneratorSpec) { Loading Loading @@ -610,6 +628,15 @@ public abstract class AndroidKeyStoreKeyPairGeneratorSpi extends KeyPairGenerato if (algSpecificSpec instanceof ECGenParameterSpec) { if (algSpecificSpec instanceof ECGenParameterSpec) { ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec; ECGenParameterSpec ecSpec = (ECGenParameterSpec) algSpecificSpec; mEcCurveName = ecSpec.getName(); mEcCurveName = ecSpec.getName(); if (mOriginalKeymasterAlgorithm == ALGORITHM_XDH && !mEcCurveName.equalsIgnoreCase("x25519")) { throw new InvalidAlgorithmParameterException("XDH algorithm only supports" + " x25519 curve."); } else if (mOriginalKeymasterAlgorithm == ALGORITHM_ED25519 && !mEcCurveName.equalsIgnoreCase("ed25519")) { throw new InvalidAlgorithmParameterException("Ed25519 algorithm only" + " supports ed25519 curve."); } final Integer ecSpecKeySizeBits = SUPPORTED_EC_CURVE_NAME_TO_SIZE.get( final Integer ecSpecKeySizeBits = SUPPORTED_EC_CURVE_NAME_TO_SIZE.get( mEcCurveName.toLowerCase(Locale.US)); mEcCurveName.toLowerCase(Locale.US)); if (ecSpecKeySizeBits == null) { if (ecSpecKeySizeBits == null) { Loading
keystore/java/android/security/keystore2/AndroidKeyStoreProvider.java +3 −0 Original line number Original line Diff line number Diff line Loading @@ -86,11 +86,14 @@ public class AndroidKeyStoreProvider extends Provider { put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$EC"); put("KeyPairGenerator.EC", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$EC"); put("KeyPairGenerator.RSA", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$RSA"); put("KeyPairGenerator.RSA", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$RSA"); put("KeyPairGenerator.XDH", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$XDH"); put("KeyPairGenerator.XDH", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$XDH"); put("KeyPairGenerator.ED25519", PACKAGE_NAME + ".AndroidKeyStoreKeyPairGeneratorSpi$ED25519"); // java.security.KeyFactory // java.security.KeyFactory putKeyFactoryImpl("EC"); putKeyFactoryImpl("EC"); putKeyFactoryImpl("RSA"); putKeyFactoryImpl("RSA"); putKeyFactoryImpl("XDH"); putKeyFactoryImpl("XDH"); putKeyFactoryImpl("ED25519"); // javax.crypto.KeyGenerator // javax.crypto.KeyGenerator put("KeyGenerator.AES", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$AES"); put("KeyGenerator.AES", PACKAGE_NAME + ".AndroidKeyStoreKeyGeneratorSpi$AES"); Loading
