Merge "Expose RSA and ECDSA Signature from Android Keystore Provider." into mnc-dev (cb94dd1c) · Commits · e / os / android_frameworks_base

keystore/java/android/security/keystore/AndroidKeyStoreBCWorkaroundProvider.java

+106 −0

Original line number	Diff line number	Diff line
		@@ -122,6 +122,106 @@ class AndroidKeyStoreBCWorkaroundProvider extends Provider {
		PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA512AndMGF1Padding");
		put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-512AndMGF1Padding",
		"RSA/ECB/OAEPWithSHA-512AndMGF1Padding");

		// --------------------- java.security.Signature
		putSignatureImpl("NONEwithRSA",
		PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$NONEWithPKCS1Padding");

		putSignatureImpl("MD5withRSA",
		PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$MD5WithPKCS1Padding");
		put("Alg.Alias.Signature.MD5WithRSAEncryption", "MD5WithRSA");
		put("Alg.Alias.Signature.MD5/RSA", "MD5WithRSA");
		put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5WithRSA");
		put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5WithRSA");

		putSignatureImpl("SHA1withRSA",
		PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA1WithPKCS1Padding");
		put("Alg.Alias.Signature.SHA1WithRSAEncryption", "SHA1WithRSA");
		put("Alg.Alias.Signature.SHA1/RSA", "SHA1WithRSA");
		put("Alg.Alias.Signature.SHA-1/RSA", "SHA1WithRSA");
		put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1WithRSA");
		put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1WithRSA");
		put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1WithRSA");
		put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1WithRSA");

		putSignatureImpl("SHA224withRSA",
		PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA224WithPKCS1Padding");
		put("Alg.Alias.Signature.SHA224WithRSAEncryption", "SHA224WithRSA");
		put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA224WithRSA");
		put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.1",
		"SHA224WithRSA");
		put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.11",
		"SHA224WithRSA");

		putSignatureImpl("SHA256withRSA",
		PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA256WithPKCS1Padding");
		put("Alg.Alias.Signature.SHA256WithRSAEncryption", "SHA256WithRSA");
		put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256WithRSA");
		put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.1",
		"SHA256WithRSA");
		put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.11",
		"SHA256WithRSA");

		putSignatureImpl("SHA384withRSA",
		PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA384WithPKCS1Padding");
		put("Alg.Alias.Signature.SHA384WithRSAEncryption", "SHA384WithRSA");
		put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384WithRSA");
		put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.113549.1.1.1",
		"SHA384WithRSA");

		putSignatureImpl("SHA512withRSA",
		PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA512WithPKCS1Padding");
		put("Alg.Alias.Signature.SHA512WithRSAEncryption", "SHA512WithRSA");
		put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512WithRSA");
		put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.113549.1.1.1",
		"SHA512WithRSA");

		putSignatureImpl("SHA1withRSA/PSS",
		PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA1WithPSSPadding");
		putSignatureImpl("SHA224withRSA/PSS",
		PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA224WithPSSPadding");
		putSignatureImpl("SHA256withRSA/PSS",
		PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA256WithPSSPadding");
		putSignatureImpl("SHA384withRSA/PSS",
		PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA384WithPSSPadding");
		putSignatureImpl("SHA512withRSA/PSS",
		PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA512WithPSSPadding");

		putSignatureImpl("NONEwithECDSA",
		PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$NONE");

		putSignatureImpl("ECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA1");
		put("Alg.Alias.Signature.SHA1withECDSA", "ECDSA");
		put("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA");
		// iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA1(1)
		put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA");
		put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10045.2.1", "ECDSA");

		// iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3)
		putSignatureImpl("SHA224withECDSA",
		PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA224");
		// ecdsa-with-SHA224(1)
		put("Alg.Alias.Signature.1.2.840.10045.4.3.1", "SHA224withECDSA");
		put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.10045.2.1", "SHA224withECDSA");

		// iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3)
		putSignatureImpl("SHA256withECDSA",
		PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA256");
		// ecdsa-with-SHA256(2)
		put("Alg.Alias.Signature.1.2.840.10045.4.3.2", "SHA256withECDSA");
		put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.10045.2.1", "SHA256withECDSA");

		putSignatureImpl("SHA384withECDSA",
		PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA384");
		// ecdsa-with-SHA384(3)
		put("Alg.Alias.Signature.1.2.840.10045.4.3.3", "SHA384withECDSA");
		put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.10045.2.1", "SHA384withECDSA");

		putSignatureImpl("SHA512withECDSA",
		PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA512");
		// ecdsa-with-SHA512(4)
		put("Alg.Alias.Signature.1.2.840.10045.4.3.4", "SHA512withECDSA");
		put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.10045.2.1", "SHA512withECDSA");
		}

		private void putMacImpl(String algorithm, String implClass) {
		@@ -139,4 +239,10 @@ class AndroidKeyStoreBCWorkaroundProvider extends Provider {
		put("Cipher." + transformation + " SupportedKeyClasses",
		KEYSTORE_PRIVATE_KEY_CLASS_NAME + "\|" + KEYSTORE_PUBLIC_KEY_CLASS_NAME);
		}

		private void putSignatureImpl(String algorithm, String implClass) {
		put("Signature." + algorithm, implClass);
		put("Signature." + algorithm + " SupportedKeyClasses",
		KEYSTORE_PRIVATE_KEY_CLASS_NAME + "\|" + KEYSTORE_PUBLIC_KEY_CLASS_NAME);
		}
		}

keystore/java/android/security/keystore/AndroidKeyStoreECDSASignatureSpi.java

0 → 100644

+123 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2015 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package android.security.keystore;

		import android.annotation.NonNull;
		import android.security.KeyStore;
		import android.security.keymaster.KeyCharacteristics;
		import android.security.keymaster.KeymasterArguments;
		import android.security.keymaster.KeymasterDefs;

		import java.security.InvalidKeyException;
		import java.security.SignatureSpi;

		/**
		* Base class for {@link SignatureSpi} providing Android KeyStore backed ECDSA signatures.
		*
		* @hide
		*/
		abstract class AndroidKeyStoreECDSASignatureSpi extends AndroidKeyStoreSignatureSpiBase {

		public final static class NONE extends AndroidKeyStoreECDSASignatureSpi {
		public NONE() {
		super(KeymasterDefs.KM_DIGEST_NONE);
		}
		}

		public final static class SHA1 extends AndroidKeyStoreECDSASignatureSpi {
		public SHA1() {
		super(KeymasterDefs.KM_DIGEST_SHA1);
		}
		}

		public final static class SHA224 extends AndroidKeyStoreECDSASignatureSpi {
		public SHA224() {
		super(KeymasterDefs.KM_DIGEST_SHA_2_224);
		}
		}

		public final static class SHA256 extends AndroidKeyStoreECDSASignatureSpi {
		public SHA256() {
		super(KeymasterDefs.KM_DIGEST_SHA_2_256);
		}
		}

		public final static class SHA384 extends AndroidKeyStoreECDSASignatureSpi {
		public SHA384() {
		super(KeymasterDefs.KM_DIGEST_SHA_2_384);
		}
		}

		public final static class SHA512 extends AndroidKeyStoreECDSASignatureSpi {
		public SHA512() {
		super(KeymasterDefs.KM_DIGEST_SHA_2_512);
		}
		}

		private final int mKeymasterDigest;

		private int mGroupSizeBytes = -1;

		AndroidKeyStoreECDSASignatureSpi(int keymasterDigest) {
		mKeymasterDigest = keymasterDigest;
		}

		@Override
		protected final void initKey(AndroidKeyStoreKey key) throws InvalidKeyException {
		if (!KeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(key.getAlgorithm())) {
		throw new InvalidKeyException("Unsupported key algorithm: " + key.getAlgorithm()
		+ ". Only" + KeyProperties.KEY_ALGORITHM_EC + " supported");
		}

		KeyCharacteristics keyCharacteristics = new KeyCharacteristics();
		int errorCode = getKeyStore().getKeyCharacteristics(
		key.getAlias(), null, null, keyCharacteristics);
		if (errorCode != KeyStore.NO_ERROR) {
		throw getKeyStore().getInvalidKeyException(key.getAlias(), errorCode);
		}
		int keySizeBits = keyCharacteristics.getInt(KeymasterDefs.KM_TAG_KEY_SIZE, -1);
		if (keySizeBits == -1) {
		throw new InvalidKeyException("Size of key not known");
		}
		mGroupSizeBytes = (keySizeBits + 7) / 8;

		super.initKey(key);
		}

		@Override
		protected final void resetAll() {
		mGroupSizeBytes = -1;
		super.resetAll();
		}

		@Override
		protected final void resetWhilePreservingInitState() {
		super.resetWhilePreservingInitState();
		}

		@Override
		protected void addAlgorithmSpecificParametersToBegin(
		@NonNull KeymasterArguments keymasterArgs) {
		keymasterArgs.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_EC);
		keymasterArgs.addInt(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest);
		}

		@Override
		protected int getAdditionalEntropyAmountForBegin() {
		return (isSigning()) ? mGroupSizeBytes : 0;
		}
		}

keystore/java/android/security/keystore/AndroidKeyStoreECPublicKey.java

0 → 100644

+57 −0

Original line number	Diff line number	Diff line
		/*
		* Copyright (C) 2015 The Android Open Source Project
		*
		* Licensed under the Apache License, Version 2.0 (the "License");
		* you may not use this file except in compliance with the License.
		* You may obtain a copy of the License at
		*
		* http://www.apache.org/licenses/LICENSE-2.0
		*
		* Unless required by applicable law or agreed to in writing, software
		* distributed under the License is distributed on an "AS IS" BASIS,
		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		* See the License for the specific language governing permissions and
		* limitations under the License.
		*/

		package android.security.keystore;

		import java.security.interfaces.ECPublicKey;
		import java.security.spec.ECParameterSpec;
		import java.security.spec.ECPoint;

		/**
		* {@link ECPublicKey} backed by keystore.
		*
		* @hide
		*/
		public class AndroidKeyStoreECPublicKey extends AndroidKeyStorePublicKey implements ECPublicKey {

		private final ECParameterSpec mParams;
		private final ECPoint mW;

		public AndroidKeyStoreECPublicKey(String alias, byte[] x509EncodedForm, ECParameterSpec params,
		ECPoint w) {
		super(alias, KeyProperties.KEY_ALGORITHM_EC, x509EncodedForm);
		mParams = params;
		mW = w;
		}

		public AndroidKeyStoreECPublicKey(String alias, ECPublicKey info) {
		this(alias, info.getEncoded(), info.getParams(), info.getW());
		if (!"X.509".equalsIgnoreCase(info.getFormat())) {
		throw new IllegalArgumentException(
		"Unsupported key export format: " + info.getFormat());
		}
		}

		@Override
		public ECParameterSpec getParams() {
		return mParams;
		}

		@Override
		public ECPoint getW() {
		return mW;
		}
		}
		No newline at end of file

keystore/java/android/security/keystore/AndroidKeyStoreProvider.java

+6 −2

Original line number	Diff line number	Diff line
		@@ -20,6 +20,7 @@ import android.security.KeyStore;

		import java.security.Provider;
		import java.security.Security;
		import java.security.Signature;

		import javax.crypto.Cipher;
		import javax.crypto.Mac;
		@@ -118,12 +119,15 @@ public class AndroidKeyStoreProvider extends Provider {
		throw new NullPointerException();
		}
		Object spi;
		if (cryptoPrimitive instanceof Mac) {
		if (cryptoPrimitive instanceof Signature) {
		spi = ((Signature) cryptoPrimitive).getCurrentSpi();
		} else if (cryptoPrimitive instanceof Mac) {
		spi = ((Mac) cryptoPrimitive).getCurrentSpi();
		} else if (cryptoPrimitive instanceof Cipher) {
		spi = ((Cipher) cryptoPrimitive).getCurrentSpi();
		} else {
		throw new IllegalArgumentException("Unsupported crypto primitive: " + cryptoPrimitive);
		throw new IllegalArgumentException("Unsupported crypto primitive: " + cryptoPrimitive
		+ ". Supported: Signature, Mac, Cipher");
		}
		if (spi == null) {
		throw new IllegalStateException("Crypto primitive not initialized");

keystore/java/android/security/keystore/AndroidKeyStoreRSAPublicKey.java

+1 −1

Original line number	Diff line number	Diff line
		@@ -30,7 +30,7 @@ public class AndroidKeyStoreRSAPublicKey extends AndroidKeyStorePublicKey implem

		public AndroidKeyStoreRSAPublicKey(String alias, byte[] x509EncodedForm, BigInteger modulus,
		BigInteger publicExponent) {
		super(alias, "RSA", x509EncodedForm);
		super(alias, KeyProperties.KEY_ALGORITHM_RSA, x509EncodedForm);
		mModulus = modulus;
		mPublicExponent = publicExponent;
		}