Loading keystore/java/android/security/keystore/AndroidKeyStoreBCWorkaroundProvider.java +106 −0 Original line number Diff line number Diff line Loading @@ -122,6 +122,106 @@ class AndroidKeyStoreBCWorkaroundProvider extends Provider { PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA512AndMGF1Padding"); put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-512AndMGF1Padding", "RSA/ECB/OAEPWithSHA-512AndMGF1Padding"); // --------------------- java.security.Signature putSignatureImpl("NONEwithRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$NONEWithPKCS1Padding"); putSignatureImpl("MD5withRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$MD5WithPKCS1Padding"); put("Alg.Alias.Signature.MD5WithRSAEncryption", "MD5WithRSA"); put("Alg.Alias.Signature.MD5/RSA", "MD5WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5WithRSA"); putSignatureImpl("SHA1withRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA1WithPKCS1Padding"); put("Alg.Alias.Signature.SHA1WithRSAEncryption", "SHA1WithRSA"); put("Alg.Alias.Signature.SHA1/RSA", "SHA1WithRSA"); put("Alg.Alias.Signature.SHA-1/RSA", "SHA1WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1WithRSA"); put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1WithRSA"); put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1WithRSA"); put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1WithRSA"); putSignatureImpl("SHA224withRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA224WithPKCS1Padding"); put("Alg.Alias.Signature.SHA224WithRSAEncryption", "SHA224WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA224WithRSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.1", "SHA224WithRSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.11", "SHA224WithRSA"); putSignatureImpl("SHA256withRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA256WithPKCS1Padding"); put("Alg.Alias.Signature.SHA256WithRSAEncryption", "SHA256WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256WithRSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.1", "SHA256WithRSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.11", "SHA256WithRSA"); putSignatureImpl("SHA384withRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA384WithPKCS1Padding"); put("Alg.Alias.Signature.SHA384WithRSAEncryption", "SHA384WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384WithRSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.113549.1.1.1", "SHA384WithRSA"); putSignatureImpl("SHA512withRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA512WithPKCS1Padding"); put("Alg.Alias.Signature.SHA512WithRSAEncryption", "SHA512WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512WithRSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.113549.1.1.1", "SHA512WithRSA"); putSignatureImpl("SHA1withRSA/PSS", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA1WithPSSPadding"); putSignatureImpl("SHA224withRSA/PSS", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA224WithPSSPadding"); putSignatureImpl("SHA256withRSA/PSS", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA256WithPSSPadding"); putSignatureImpl("SHA384withRSA/PSS", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA384WithPSSPadding"); putSignatureImpl("SHA512withRSA/PSS", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA512WithPSSPadding"); putSignatureImpl("NONEwithECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$NONE"); putSignatureImpl("ECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA1"); put("Alg.Alias.Signature.SHA1withECDSA", "ECDSA"); put("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA"); // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA1(1) put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10045.2.1", "ECDSA"); // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3) putSignatureImpl("SHA224withECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA224"); // ecdsa-with-SHA224(1) put("Alg.Alias.Signature.1.2.840.10045.4.3.1", "SHA224withECDSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.10045.2.1", "SHA224withECDSA"); // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3) putSignatureImpl("SHA256withECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA256"); // ecdsa-with-SHA256(2) put("Alg.Alias.Signature.1.2.840.10045.4.3.2", "SHA256withECDSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.10045.2.1", "SHA256withECDSA"); putSignatureImpl("SHA384withECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA384"); // ecdsa-with-SHA384(3) put("Alg.Alias.Signature.1.2.840.10045.4.3.3", "SHA384withECDSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.10045.2.1", "SHA384withECDSA"); putSignatureImpl("SHA512withECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA512"); // ecdsa-with-SHA512(4) put("Alg.Alias.Signature.1.2.840.10045.4.3.4", "SHA512withECDSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.10045.2.1", "SHA512withECDSA"); } private void putMacImpl(String algorithm, String implClass) { Loading @@ -139,4 +239,10 @@ class AndroidKeyStoreBCWorkaroundProvider extends Provider { put("Cipher." + transformation + " SupportedKeyClasses", KEYSTORE_PRIVATE_KEY_CLASS_NAME + "|" + KEYSTORE_PUBLIC_KEY_CLASS_NAME); } private void putSignatureImpl(String algorithm, String implClass) { put("Signature." + algorithm, implClass); put("Signature." + algorithm + " SupportedKeyClasses", KEYSTORE_PRIVATE_KEY_CLASS_NAME + "|" + KEYSTORE_PUBLIC_KEY_CLASS_NAME); } } keystore/java/android/security/keystore/AndroidKeyStoreECDSASignatureSpi.java 0 → 100644 +123 −0 Original line number Diff line number Diff line /* * Copyright (C) 2015 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.security.keystore; import android.annotation.NonNull; import android.security.KeyStore; import android.security.keymaster.KeyCharacteristics; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterDefs; import java.security.InvalidKeyException; import java.security.SignatureSpi; /** * Base class for {@link SignatureSpi} providing Android KeyStore backed ECDSA signatures. * * @hide */ abstract class AndroidKeyStoreECDSASignatureSpi extends AndroidKeyStoreSignatureSpiBase { public final static class NONE extends AndroidKeyStoreECDSASignatureSpi { public NONE() { super(KeymasterDefs.KM_DIGEST_NONE); } } public final static class SHA1 extends AndroidKeyStoreECDSASignatureSpi { public SHA1() { super(KeymasterDefs.KM_DIGEST_SHA1); } } public final static class SHA224 extends AndroidKeyStoreECDSASignatureSpi { public SHA224() { super(KeymasterDefs.KM_DIGEST_SHA_2_224); } } public final static class SHA256 extends AndroidKeyStoreECDSASignatureSpi { public SHA256() { super(KeymasterDefs.KM_DIGEST_SHA_2_256); } } public final static class SHA384 extends AndroidKeyStoreECDSASignatureSpi { public SHA384() { super(KeymasterDefs.KM_DIGEST_SHA_2_384); } } public final static class SHA512 extends AndroidKeyStoreECDSASignatureSpi { public SHA512() { super(KeymasterDefs.KM_DIGEST_SHA_2_512); } } private final int mKeymasterDigest; private int mGroupSizeBytes = -1; AndroidKeyStoreECDSASignatureSpi(int keymasterDigest) { mKeymasterDigest = keymasterDigest; } @Override protected final void initKey(AndroidKeyStoreKey key) throws InvalidKeyException { if (!KeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(key.getAlgorithm())) { throw new InvalidKeyException("Unsupported key algorithm: " + key.getAlgorithm() + ". Only" + KeyProperties.KEY_ALGORITHM_EC + " supported"); } KeyCharacteristics keyCharacteristics = new KeyCharacteristics(); int errorCode = getKeyStore().getKeyCharacteristics( key.getAlias(), null, null, keyCharacteristics); if (errorCode != KeyStore.NO_ERROR) { throw getKeyStore().getInvalidKeyException(key.getAlias(), errorCode); } int keySizeBits = keyCharacteristics.getInt(KeymasterDefs.KM_TAG_KEY_SIZE, -1); if (keySizeBits == -1) { throw new InvalidKeyException("Size of key not known"); } mGroupSizeBytes = (keySizeBits + 7) / 8; super.initKey(key); } @Override protected final void resetAll() { mGroupSizeBytes = -1; super.resetAll(); } @Override protected final void resetWhilePreservingInitState() { super.resetWhilePreservingInitState(); } @Override protected void addAlgorithmSpecificParametersToBegin( @NonNull KeymasterArguments keymasterArgs) { keymasterArgs.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_EC); keymasterArgs.addInt(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest); } @Override protected int getAdditionalEntropyAmountForBegin() { return (isSigning()) ? mGroupSizeBytes : 0; } } keystore/java/android/security/keystore/AndroidKeyStoreECPublicKey.java 0 → 100644 +57 −0 Original line number Diff line number Diff line /* * Copyright (C) 2015 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.security.keystore; import java.security.interfaces.ECPublicKey; import java.security.spec.ECParameterSpec; import java.security.spec.ECPoint; /** * {@link ECPublicKey} backed by keystore. * * @hide */ public class AndroidKeyStoreECPublicKey extends AndroidKeyStorePublicKey implements ECPublicKey { private final ECParameterSpec mParams; private final ECPoint mW; public AndroidKeyStoreECPublicKey(String alias, byte[] x509EncodedForm, ECParameterSpec params, ECPoint w) { super(alias, KeyProperties.KEY_ALGORITHM_EC, x509EncodedForm); mParams = params; mW = w; } public AndroidKeyStoreECPublicKey(String alias, ECPublicKey info) { this(alias, info.getEncoded(), info.getParams(), info.getW()); if (!"X.509".equalsIgnoreCase(info.getFormat())) { throw new IllegalArgumentException( "Unsupported key export format: " + info.getFormat()); } } @Override public ECParameterSpec getParams() { return mParams; } @Override public ECPoint getW() { return mW; } } No newline at end of file keystore/java/android/security/keystore/AndroidKeyStoreProvider.java +6 −2 Original line number Diff line number Diff line Loading @@ -20,6 +20,7 @@ import android.security.KeyStore; import java.security.Provider; import java.security.Security; import java.security.Signature; import javax.crypto.Cipher; import javax.crypto.Mac; Loading Loading @@ -118,12 +119,15 @@ public class AndroidKeyStoreProvider extends Provider { throw new NullPointerException(); } Object spi; if (cryptoPrimitive instanceof Mac) { if (cryptoPrimitive instanceof Signature) { spi = ((Signature) cryptoPrimitive).getCurrentSpi(); } else if (cryptoPrimitive instanceof Mac) { spi = ((Mac) cryptoPrimitive).getCurrentSpi(); } else if (cryptoPrimitive instanceof Cipher) { spi = ((Cipher) cryptoPrimitive).getCurrentSpi(); } else { throw new IllegalArgumentException("Unsupported crypto primitive: " + cryptoPrimitive); throw new IllegalArgumentException("Unsupported crypto primitive: " + cryptoPrimitive + ". Supported: Signature, Mac, Cipher"); } if (spi == null) { throw new IllegalStateException("Crypto primitive not initialized"); Loading keystore/java/android/security/keystore/AndroidKeyStoreRSAPublicKey.java +1 −1 Original line number Diff line number Diff line Loading @@ -30,7 +30,7 @@ public class AndroidKeyStoreRSAPublicKey extends AndroidKeyStorePublicKey implem public AndroidKeyStoreRSAPublicKey(String alias, byte[] x509EncodedForm, BigInteger modulus, BigInteger publicExponent) { super(alias, "RSA", x509EncodedForm); super(alias, KeyProperties.KEY_ALGORITHM_RSA, x509EncodedForm); mModulus = modulus; mPublicExponent = publicExponent; } Loading Loading
keystore/java/android/security/keystore/AndroidKeyStoreBCWorkaroundProvider.java +106 −0 Original line number Diff line number Diff line Loading @@ -122,6 +122,106 @@ class AndroidKeyStoreBCWorkaroundProvider extends Provider { PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA512AndMGF1Padding"); put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-512AndMGF1Padding", "RSA/ECB/OAEPWithSHA-512AndMGF1Padding"); // --------------------- java.security.Signature putSignatureImpl("NONEwithRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$NONEWithPKCS1Padding"); putSignatureImpl("MD5withRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$MD5WithPKCS1Padding"); put("Alg.Alias.Signature.MD5WithRSAEncryption", "MD5WithRSA"); put("Alg.Alias.Signature.MD5/RSA", "MD5WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5WithRSA"); putSignatureImpl("SHA1withRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA1WithPKCS1Padding"); put("Alg.Alias.Signature.SHA1WithRSAEncryption", "SHA1WithRSA"); put("Alg.Alias.Signature.SHA1/RSA", "SHA1WithRSA"); put("Alg.Alias.Signature.SHA-1/RSA", "SHA1WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1WithRSA"); put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1WithRSA"); put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1WithRSA"); put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1WithRSA"); putSignatureImpl("SHA224withRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA224WithPKCS1Padding"); put("Alg.Alias.Signature.SHA224WithRSAEncryption", "SHA224WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA224WithRSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.1", "SHA224WithRSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.11", "SHA224WithRSA"); putSignatureImpl("SHA256withRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA256WithPKCS1Padding"); put("Alg.Alias.Signature.SHA256WithRSAEncryption", "SHA256WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256WithRSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.1", "SHA256WithRSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.11", "SHA256WithRSA"); putSignatureImpl("SHA384withRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA384WithPKCS1Padding"); put("Alg.Alias.Signature.SHA384WithRSAEncryption", "SHA384WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384WithRSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.113549.1.1.1", "SHA384WithRSA"); putSignatureImpl("SHA512withRSA", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA512WithPKCS1Padding"); put("Alg.Alias.Signature.SHA512WithRSAEncryption", "SHA512WithRSA"); put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512WithRSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.113549.1.1.1", "SHA512WithRSA"); putSignatureImpl("SHA1withRSA/PSS", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA1WithPSSPadding"); putSignatureImpl("SHA224withRSA/PSS", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA224WithPSSPadding"); putSignatureImpl("SHA256withRSA/PSS", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA256WithPSSPadding"); putSignatureImpl("SHA384withRSA/PSS", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA384WithPSSPadding"); putSignatureImpl("SHA512withRSA/PSS", PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA512WithPSSPadding"); putSignatureImpl("NONEwithECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$NONE"); putSignatureImpl("ECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA1"); put("Alg.Alias.Signature.SHA1withECDSA", "ECDSA"); put("Alg.Alias.Signature.ECDSAwithSHA1", "ECDSA"); // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA1(1) put("Alg.Alias.Signature.1.2.840.10045.4.1", "ECDSA"); put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10045.2.1", "ECDSA"); // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3) putSignatureImpl("SHA224withECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA224"); // ecdsa-with-SHA224(1) put("Alg.Alias.Signature.1.2.840.10045.4.3.1", "SHA224withECDSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.10045.2.1", "SHA224withECDSA"); // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3) putSignatureImpl("SHA256withECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA256"); // ecdsa-with-SHA256(2) put("Alg.Alias.Signature.1.2.840.10045.4.3.2", "SHA256withECDSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.10045.2.1", "SHA256withECDSA"); putSignatureImpl("SHA384withECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA384"); // ecdsa-with-SHA384(3) put("Alg.Alias.Signature.1.2.840.10045.4.3.3", "SHA384withECDSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.10045.2.1", "SHA384withECDSA"); putSignatureImpl("SHA512withECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA512"); // ecdsa-with-SHA512(4) put("Alg.Alias.Signature.1.2.840.10045.4.3.4", "SHA512withECDSA"); put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.10045.2.1", "SHA512withECDSA"); } private void putMacImpl(String algorithm, String implClass) { Loading @@ -139,4 +239,10 @@ class AndroidKeyStoreBCWorkaroundProvider extends Provider { put("Cipher." + transformation + " SupportedKeyClasses", KEYSTORE_PRIVATE_KEY_CLASS_NAME + "|" + KEYSTORE_PUBLIC_KEY_CLASS_NAME); } private void putSignatureImpl(String algorithm, String implClass) { put("Signature." + algorithm, implClass); put("Signature." + algorithm + " SupportedKeyClasses", KEYSTORE_PRIVATE_KEY_CLASS_NAME + "|" + KEYSTORE_PUBLIC_KEY_CLASS_NAME); } }
keystore/java/android/security/keystore/AndroidKeyStoreECDSASignatureSpi.java 0 → 100644 +123 −0 Original line number Diff line number Diff line /* * Copyright (C) 2015 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.security.keystore; import android.annotation.NonNull; import android.security.KeyStore; import android.security.keymaster.KeyCharacteristics; import android.security.keymaster.KeymasterArguments; import android.security.keymaster.KeymasterDefs; import java.security.InvalidKeyException; import java.security.SignatureSpi; /** * Base class for {@link SignatureSpi} providing Android KeyStore backed ECDSA signatures. * * @hide */ abstract class AndroidKeyStoreECDSASignatureSpi extends AndroidKeyStoreSignatureSpiBase { public final static class NONE extends AndroidKeyStoreECDSASignatureSpi { public NONE() { super(KeymasterDefs.KM_DIGEST_NONE); } } public final static class SHA1 extends AndroidKeyStoreECDSASignatureSpi { public SHA1() { super(KeymasterDefs.KM_DIGEST_SHA1); } } public final static class SHA224 extends AndroidKeyStoreECDSASignatureSpi { public SHA224() { super(KeymasterDefs.KM_DIGEST_SHA_2_224); } } public final static class SHA256 extends AndroidKeyStoreECDSASignatureSpi { public SHA256() { super(KeymasterDefs.KM_DIGEST_SHA_2_256); } } public final static class SHA384 extends AndroidKeyStoreECDSASignatureSpi { public SHA384() { super(KeymasterDefs.KM_DIGEST_SHA_2_384); } } public final static class SHA512 extends AndroidKeyStoreECDSASignatureSpi { public SHA512() { super(KeymasterDefs.KM_DIGEST_SHA_2_512); } } private final int mKeymasterDigest; private int mGroupSizeBytes = -1; AndroidKeyStoreECDSASignatureSpi(int keymasterDigest) { mKeymasterDigest = keymasterDigest; } @Override protected final void initKey(AndroidKeyStoreKey key) throws InvalidKeyException { if (!KeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(key.getAlgorithm())) { throw new InvalidKeyException("Unsupported key algorithm: " + key.getAlgorithm() + ". Only" + KeyProperties.KEY_ALGORITHM_EC + " supported"); } KeyCharacteristics keyCharacteristics = new KeyCharacteristics(); int errorCode = getKeyStore().getKeyCharacteristics( key.getAlias(), null, null, keyCharacteristics); if (errorCode != KeyStore.NO_ERROR) { throw getKeyStore().getInvalidKeyException(key.getAlias(), errorCode); } int keySizeBits = keyCharacteristics.getInt(KeymasterDefs.KM_TAG_KEY_SIZE, -1); if (keySizeBits == -1) { throw new InvalidKeyException("Size of key not known"); } mGroupSizeBytes = (keySizeBits + 7) / 8; super.initKey(key); } @Override protected final void resetAll() { mGroupSizeBytes = -1; super.resetAll(); } @Override protected final void resetWhilePreservingInitState() { super.resetWhilePreservingInitState(); } @Override protected void addAlgorithmSpecificParametersToBegin( @NonNull KeymasterArguments keymasterArgs) { keymasterArgs.addInt(KeymasterDefs.KM_TAG_ALGORITHM, KeymasterDefs.KM_ALGORITHM_EC); keymasterArgs.addInt(KeymasterDefs.KM_TAG_DIGEST, mKeymasterDigest); } @Override protected int getAdditionalEntropyAmountForBegin() { return (isSigning()) ? mGroupSizeBytes : 0; } }
keystore/java/android/security/keystore/AndroidKeyStoreECPublicKey.java 0 → 100644 +57 −0 Original line number Diff line number Diff line /* * Copyright (C) 2015 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package android.security.keystore; import java.security.interfaces.ECPublicKey; import java.security.spec.ECParameterSpec; import java.security.spec.ECPoint; /** * {@link ECPublicKey} backed by keystore. * * @hide */ public class AndroidKeyStoreECPublicKey extends AndroidKeyStorePublicKey implements ECPublicKey { private final ECParameterSpec mParams; private final ECPoint mW; public AndroidKeyStoreECPublicKey(String alias, byte[] x509EncodedForm, ECParameterSpec params, ECPoint w) { super(alias, KeyProperties.KEY_ALGORITHM_EC, x509EncodedForm); mParams = params; mW = w; } public AndroidKeyStoreECPublicKey(String alias, ECPublicKey info) { this(alias, info.getEncoded(), info.getParams(), info.getW()); if (!"X.509".equalsIgnoreCase(info.getFormat())) { throw new IllegalArgumentException( "Unsupported key export format: " + info.getFormat()); } } @Override public ECParameterSpec getParams() { return mParams; } @Override public ECPoint getW() { return mW; } } No newline at end of file
keystore/java/android/security/keystore/AndroidKeyStoreProvider.java +6 −2 Original line number Diff line number Diff line Loading @@ -20,6 +20,7 @@ import android.security.KeyStore; import java.security.Provider; import java.security.Security; import java.security.Signature; import javax.crypto.Cipher; import javax.crypto.Mac; Loading Loading @@ -118,12 +119,15 @@ public class AndroidKeyStoreProvider extends Provider { throw new NullPointerException(); } Object spi; if (cryptoPrimitive instanceof Mac) { if (cryptoPrimitive instanceof Signature) { spi = ((Signature) cryptoPrimitive).getCurrentSpi(); } else if (cryptoPrimitive instanceof Mac) { spi = ((Mac) cryptoPrimitive).getCurrentSpi(); } else if (cryptoPrimitive instanceof Cipher) { spi = ((Cipher) cryptoPrimitive).getCurrentSpi(); } else { throw new IllegalArgumentException("Unsupported crypto primitive: " + cryptoPrimitive); throw new IllegalArgumentException("Unsupported crypto primitive: " + cryptoPrimitive + ". Supported: Signature, Mac, Cipher"); } if (spi == null) { throw new IllegalStateException("Crypto primitive not initialized"); Loading
keystore/java/android/security/keystore/AndroidKeyStoreRSAPublicKey.java +1 −1 Original line number Diff line number Diff line Loading @@ -30,7 +30,7 @@ public class AndroidKeyStoreRSAPublicKey extends AndroidKeyStorePublicKey implem public AndroidKeyStoreRSAPublicKey(String alias, byte[] x509EncodedForm, BigInteger modulus, BigInteger publicExponent) { super(alias, "RSA", x509EncodedForm); super(alias, KeyProperties.KEY_ALGORITHM_RSA, x509EncodedForm); mModulus = modulus; mPublicExponent = publicExponent; } Loading
