Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b32c72a4 authored by Eran Messeri's avatar Eran Messeri
Browse files

Keystore: Wire up Ed25519 signing 

Wire Ed25519 signing into Keystore. This consists of registering a
provider for Ed25519.

Ed25519 has its own digest scheme, so the caller should specify "none"
as the digest scheme, and that's the tag that's going to be passed into
KeyMint.
However, unlike other uses of the "NONE" digest scheme, the input to the
signature algorithm should not be truncated.

Bug: 194359292
Test: atest android.keystore.cts.Curve25519Test
Merged-In: Icce4f7f2f8fa10081a9c6beff4813c2d91756469
Change-Id: Ic59ad0aa8343c6aecf6d5c273166d1f4d10e4f21
parent 0f603e1f

keystore/java/android/security/keystore2/AndroidKeyStoreBCWorkaroundProvider.java

+2 −0
Original line number Diff line number Diff line
@@ -206,6 +206,8 @@ class AndroidKeyStoreBCWorkaroundProvider extends Provider { 


        putSignatureImpl("NONEwithECDSA",

                PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$NONE");

        putSignatureImpl("Ed25519",

                PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$Ed25519");



        putSignatureImpl("SHA1withECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA1");

        put("Alg.Alias.Signature.ECDSA", "SHA1withECDSA");

keystore/java/android/security/keystore2/AndroidKeyStoreECDSASignatureSpi.java

+22 −2
Original line number Diff line number Diff line
@@ -29,7 +29,10 @@ import libcore.util.EmptyArray; 
import java.io.ByteArrayOutputStream;

import java.security.InvalidKeyException;

import java.security.SignatureSpi;

import java.security.spec.NamedParameterSpec;

import java.util.Arrays;

import java.util.List;

import java.util.Set;



/**

 * Base class for {@link SignatureSpi} providing Android KeyStore backed ECDSA signatures.
@@ -37,6 +40,10 @@ import java.util.List; 
 * @hide

 */

abstract class AndroidKeyStoreECDSASignatureSpi extends AndroidKeyStoreSignatureSpiBase {

    private static final Set<String> ACCEPTED_SIGNING_SCHEMES = Set.of(

            KeyProperties.KEY_ALGORITHM_EC.toLowerCase(),

            NamedParameterSpec.ED25519.getName().toLowerCase(),

            "eddsa");



    public final static class NONE extends AndroidKeyStoreECDSASignatureSpi {

        public NONE() {
@@ -114,6 +121,18 @@ abstract class AndroidKeyStoreECDSASignatureSpi extends AndroidKeyStoreSignature 
        }

    }



    public static final class Ed25519 extends AndroidKeyStoreECDSASignatureSpi {

        public Ed25519() {

            // Ed25519 uses an internal digest system.

            super(KeymasterDefs.KM_DIGEST_NONE);

        }



        @Override

        protected String getAlgorithm() {

            return NamedParameterSpec.ED25519.getName();

        }

    }



    public final static class SHA1 extends AndroidKeyStoreECDSASignatureSpi {

        public SHA1() {

            super(KeymasterDefs.KM_DIGEST_SHA1);
@@ -174,9 +193,10 @@ abstract class AndroidKeyStoreECDSASignatureSpi extends AndroidKeyStoreSignature 


    @Override

    protected final void initKey(AndroidKeyStoreKey key) throws InvalidKeyException {

        if (!KeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(key.getAlgorithm())) {

        if (!ACCEPTED_SIGNING_SCHEMES.contains(key.getAlgorithm().toLowerCase())) {

            throw new InvalidKeyException("Unsupported key algorithm: " + key.getAlgorithm()

                    + ". Only" + KeyProperties.KEY_ALGORITHM_EC + " supported");

                    + ". Only" + Arrays.toString(ACCEPTED_SIGNING_SCHEMES.stream().toArray())

                    + " supported");

        }



        long keySizeBits = -1;