Loading keystore/java/android/security/keystore/KeyProperties.java +46 −0 Original line number Original line Diff line number Diff line Loading @@ -30,6 +30,7 @@ import libcore.util.EmptyArray; import java.lang.annotation.Retention; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.RetentionPolicy; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.ECParameterSpec; import java.security.spec.MGF1ParameterSpec; import java.security.spec.MGF1ParameterSpec; import java.util.Collection; import java.util.Collection; import java.util.Locale; import java.util.Locale; Loading Loading @@ -913,6 +914,51 @@ public abstract class KeyProperties { } } } } /** * @hide */ public abstract static class EcCurve { private EcCurve() {} /** * @hide */ public static int toKeymasterCurve(ECParameterSpec spec) { int keySize = spec.getCurve().getField().getFieldSize(); switch (keySize) { case 224: return android.hardware.security.keymint.EcCurve.P_224; case 256: return android.hardware.security.keymint.EcCurve.P_256; case 384: return android.hardware.security.keymint.EcCurve.P_384; case 521: return android.hardware.security.keymint.EcCurve.P_521; default: return -1; } } /** * @hide */ public static int fromKeymasterCurve(int ecCurve) { switch (ecCurve) { case android.hardware.security.keymint.EcCurve.P_224: return 224; case android.hardware.security.keymint.EcCurve.P_256: case android.hardware.security.keymint.EcCurve.CURVE_25519: return 256; case android.hardware.security.keymint.EcCurve.P_384: return 384; case android.hardware.security.keymint.EcCurve.P_521: return 521; default: return -1; } } } /** /** * Namespaces provide system developers and vendors with a way to use keystore without * Namespaces provide system developers and vendors with a way to use keystore without * requiring an applications uid. Namespaces can be configured using SEPolicy. * requiring an applications uid. Namespaces can be configured using SEPolicy. Loading keystore/java/android/security/keystore2/AndroidKeyStoreECDSASignatureSpi.java +5 −0 Original line number Original line Diff line number Diff line Loading @@ -203,6 +203,11 @@ abstract class AndroidKeyStoreECDSASignatureSpi extends AndroidKeyStoreSignature for (Authorization a : key.getAuthorizations()) { for (Authorization a : key.getAuthorizations()) { if (a.keyParameter.tag == KeymasterDefs.KM_TAG_KEY_SIZE) { if (a.keyParameter.tag == KeymasterDefs.KM_TAG_KEY_SIZE) { keySizeBits = KeyStore2ParameterUtils.getUnsignedInt(a); keySizeBits = KeyStore2ParameterUtils.getUnsignedInt(a); break; } else if (a.keyParameter.tag == KeymasterDefs.KM_TAG_EC_CURVE) { keySizeBits = KeyProperties.EcCurve.fromKeymasterCurve( a.keyParameter.value.getEcCurve()); break; } } } } Loading keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java +17 −0 Original line number Original line Diff line number Diff line Loading @@ -66,6 +66,7 @@ import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.cert.X509Certificate; import java.security.interfaces.ECKey; import java.util.ArrayList; import java.util.ArrayList; import java.util.Arrays; import java.util.Arrays; import java.util.Collection; import java.util.Collection; Loading Loading @@ -566,6 +567,22 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { spec.getMaxUsageCount() spec.getMaxUsageCount() )); )); } } if (KeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(key.getAlgorithm())) { if (key instanceof ECKey) { ECKey ecKey = (ECKey) key; importArgs.add(KeyStore2ParameterUtils.makeEnum( KeymasterDefs.KM_TAG_EC_CURVE, KeyProperties.EcCurve.toKeymasterCurve(ecKey.getParams()) )); } } /* TODO: check for Ed25519(EdDSA) or X25519(XDH) key algorithm and * add import args for KM_TAG_EC_CURVE as EcCurve.CURVE_25519. * Currently conscrypt does not support EdDSA key import and XDH keys are not an * instance of XECKey, hence these conditions are not added, once it is fully * implemented by conscrypt, we can add CURVE_25519 argument for EdDSA and XDH * algorithms. */ } catch (IllegalArgumentException | IllegalStateException e) { } catch (IllegalArgumentException | IllegalStateException e) { throw new KeyStoreException(e); throw new KeyStoreException(e); } } Loading Loading
keystore/java/android/security/keystore/KeyProperties.java +46 −0 Original line number Original line Diff line number Diff line Loading @@ -30,6 +30,7 @@ import libcore.util.EmptyArray; import java.lang.annotation.Retention; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; import java.lang.annotation.RetentionPolicy; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.AlgorithmParameterSpec; import java.security.spec.ECParameterSpec; import java.security.spec.MGF1ParameterSpec; import java.security.spec.MGF1ParameterSpec; import java.util.Collection; import java.util.Collection; import java.util.Locale; import java.util.Locale; Loading Loading @@ -913,6 +914,51 @@ public abstract class KeyProperties { } } } } /** * @hide */ public abstract static class EcCurve { private EcCurve() {} /** * @hide */ public static int toKeymasterCurve(ECParameterSpec spec) { int keySize = spec.getCurve().getField().getFieldSize(); switch (keySize) { case 224: return android.hardware.security.keymint.EcCurve.P_224; case 256: return android.hardware.security.keymint.EcCurve.P_256; case 384: return android.hardware.security.keymint.EcCurve.P_384; case 521: return android.hardware.security.keymint.EcCurve.P_521; default: return -1; } } /** * @hide */ public static int fromKeymasterCurve(int ecCurve) { switch (ecCurve) { case android.hardware.security.keymint.EcCurve.P_224: return 224; case android.hardware.security.keymint.EcCurve.P_256: case android.hardware.security.keymint.EcCurve.CURVE_25519: return 256; case android.hardware.security.keymint.EcCurve.P_384: return 384; case android.hardware.security.keymint.EcCurve.P_521: return 521; default: return -1; } } } /** /** * Namespaces provide system developers and vendors with a way to use keystore without * Namespaces provide system developers and vendors with a way to use keystore without * requiring an applications uid. Namespaces can be configured using SEPolicy. * requiring an applications uid. Namespaces can be configured using SEPolicy. Loading
keystore/java/android/security/keystore2/AndroidKeyStoreECDSASignatureSpi.java +5 −0 Original line number Original line Diff line number Diff line Loading @@ -203,6 +203,11 @@ abstract class AndroidKeyStoreECDSASignatureSpi extends AndroidKeyStoreSignature for (Authorization a : key.getAuthorizations()) { for (Authorization a : key.getAuthorizations()) { if (a.keyParameter.tag == KeymasterDefs.KM_TAG_KEY_SIZE) { if (a.keyParameter.tag == KeymasterDefs.KM_TAG_KEY_SIZE) { keySizeBits = KeyStore2ParameterUtils.getUnsignedInt(a); keySizeBits = KeyStore2ParameterUtils.getUnsignedInt(a); break; } else if (a.keyParameter.tag == KeymasterDefs.KM_TAG_EC_CURVE) { keySizeBits = KeyProperties.EcCurve.fromKeymasterCurve( a.keyParameter.value.getEcCurve()); break; } } } } Loading
keystore/java/android/security/keystore2/AndroidKeyStoreSpi.java +17 −0 Original line number Original line Diff line number Diff line Loading @@ -66,6 +66,7 @@ import java.security.cert.CertificateEncodingException; import java.security.cert.CertificateException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.security.cert.X509Certificate; import java.security.interfaces.ECKey; import java.util.ArrayList; import java.util.ArrayList; import java.util.Arrays; import java.util.Arrays; import java.util.Collection; import java.util.Collection; Loading Loading @@ -566,6 +567,22 @@ public class AndroidKeyStoreSpi extends KeyStoreSpi { spec.getMaxUsageCount() spec.getMaxUsageCount() )); )); } } if (KeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(key.getAlgorithm())) { if (key instanceof ECKey) { ECKey ecKey = (ECKey) key; importArgs.add(KeyStore2ParameterUtils.makeEnum( KeymasterDefs.KM_TAG_EC_CURVE, KeyProperties.EcCurve.toKeymasterCurve(ecKey.getParams()) )); } } /* TODO: check for Ed25519(EdDSA) or X25519(XDH) key algorithm and * add import args for KM_TAG_EC_CURVE as EcCurve.CURVE_25519. * Currently conscrypt does not support EdDSA key import and XDH keys are not an * instance of XECKey, hence these conditions are not added, once it is fully * implemented by conscrypt, we can add CURVE_25519 argument for EdDSA and XDH * algorithms. */ } catch (IllegalArgumentException | IllegalStateException e) { } catch (IllegalArgumentException | IllegalStateException e) { throw new KeyStoreException(e); throw new KeyStoreException(e); } } Loading
