diff options
author | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-02-01 17:02:02 +0000 |
---|---|---|
committer | Android Build Coastguard Worker <android-build-coastguard-worker@google.com> | 2023-02-01 17:02:02 +0000 |
commit | d11c27b4ea53212ee506172aba82342ee6547eab (patch) | |
tree | 760f1ccfff9ec58be7317d596eea99081295515d | |
parent | 2ca3a019c30cd5561749ad0e2210506444531b96 (diff) | |
parent | fa2d812a9f0b47572a5efcd81306195f142e995e (diff) | |
download | bouncycastle-aml_art_331813010.tar.gz |
Snap for 9550700 from fa2d812a9f0b47572a5efcd81306195f142e995e to mainline-art-releaseaml_art_331813100aml_art_331813010aml_art_331711080aml_art_331612010android13-mainline-art-release
Change-Id: Icfc2b903a89a71137537bc4f866c7bd24a17c62d
32 files changed, 454 insertions, 40 deletions
@@ -280,3 +280,31 @@ java_library { ], sdk_version: "core_current", } + +// Bouncycastle for use by packages/modules/Uwb project. +// +//Excludes directories not needed. +java_library { + name: "bouncycastle-uwb", + visibility: [ + "//packages/modules/Uwb/service", + ], + apex_available: [ + "com.android.uwb", + ], + srcs: [ + "bcprov/src/main/java/org/bouncycastle/**/*.java", + "bcpkix/src/main/java/org/bouncycastle/cert/**/*.java", + "bcpkix/src/main/java/org/bouncycastle/cms/**/*.java", + "bcpkix/src/main/java/org/bouncycastle/operator/**/*.java", + ], + + exclude_srcs: [ + "bcprov/src/main/java/org/bouncycastle/iana/**/*.java", + "bcprov/src/main/java/org/bouncycastle/its/**/*.java", + ], + sdk_version: "core_current", + lint: { + warning_checks: ["SuspiciousIndentation"], + }, +} @@ -1,2 +1,7 @@ # Bug component: 684135 -include platform/libcore:/OWNERS +prb@google.com + +mast@google.com +miguelaranda@google.com +rpl@google.com +sorinbasca@google.com diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java index 9818f864..831b497e 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java @@ -54,4 +54,11 @@ public interface ConfigurableProvider AsymmetricKeyInfoConverter getKeyInfoConverter(ASN1ObjectIdentifier oid); void addAttributes(String key, Map<String, String> attributeMap); + + // BEGIN Android-added: Allow algorithms to be added privately. + // See BouncyCastleProvider for details. + void addPrivateAlgorithm(String key, String value); + + void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className); + // END Android-added: Allow algorithms to be added privately. } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java index 5c6b699d..dd25b0c4 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java @@ -76,6 +76,8 @@ public class SHA224 addHMACAlias(provider, "SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha224, PREFIX + "$HashMac"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java index 48f99b4d..ae4c82fd 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java @@ -101,6 +101,8 @@ public class SHA256 addHMACAlias(provider, "SHA256", NISTObjectIdentifiers.id_sha256); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha256, PREFIX + "$HashMac"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java index 8f083748..b5f269ee 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java @@ -95,6 +95,8 @@ public class SHA384 addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha384, PREFIX + "$HashMac"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java index e227620e..335d0d60 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java @@ -193,6 +193,8 @@ public class SHA512 addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha512, PREFIX + "$HashMac"); } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java index 4c3e480d..263c63d2 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java @@ -116,9 +116,12 @@ public class PKCS12KeyStoreSpi { static final String PKCS12_MAX_IT_COUNT_PROPERTY = "org.bouncycastle.pkcs12.max_it_count"; - // Android-changed: Use default provider for JCA algorithms instead of BC + // Android-changed: Use default provider for most JCA algorithms instead of BC. + // For the case where we need BC implementations, the BCJcaJceHelper will also search + // the list of private implementations help by BouncyCastleProvider. // Was: private final JcaJceHelper helper = new BCJcaJceHelper(); private final JcaJceHelper helper = new DefaultJcaJceHelper(); + private final JcaJceHelper selfHelper = new BCJcaJceHelper(); private static final int SALT_SIZE = 20; private static final int MIN_ITERATIONS = 50 * 1024; @@ -727,7 +730,9 @@ public class PKCS12KeyStoreSpi PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); - SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); + // Android-Changed: SecretKeyFactory must be from BC due to instanceof logic. + // SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); + SecretKeyFactory keyFact = selfHelper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); SecretKey key; if (func.isDefaultPrf()) @@ -739,7 +744,9 @@ public class PKCS12KeyStoreSpi key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), validateIterationCount(func.getIterationCount()), keySizeProvider.getKeySize(encScheme), func.getPrf())); } - Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId()); + // Android-Changed: Cipher must be from BC due to use of internal PKCS12Key tyoe. + // Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId()); + Cipher cipher = selfHelper.createCipher(alg.getEncryptionScheme().getAlgorithm().getId()); ASN1Encodable encParams = alg.getEncryptionScheme().getParameters(); if (encParams instanceof ASN1OctetString) @@ -1781,7 +1788,9 @@ public class PKCS12KeyStoreSpi { PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); - Mac mac = helper.createMac(oid.getId()); + // Android-Changed: Mac must be from BC due to use of internal PKCS12Key tyoe. + // Mac mac = helper.createMac(oid.getId()); + Mac mac = selfHelper.createMac(oid.getId()); mac.init(new PKCS12Key(password, wrongPkcs12Zero), defParams); mac.update(data); diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java index e7d3ec24..d25ed90c 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java @@ -1088,6 +1088,11 @@ public final class AES // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); // addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); // END Android-removed: Unsupported algorithms + + // Android-added: Private implementations needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); + provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); + provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java index 1af79b80..e384134b 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java @@ -40,14 +40,14 @@ public class PBEPBKDF2 static { - // BEGIN Android-removed: Unsupported algorithm - /* - prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA1, Integers.valueOf(PBE.SHA1)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA256, Integers.valueOf(PBE.SHA256)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA224, Integers.valueOf(PBE.SHA224)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA384, Integers.valueOf(PBE.SHA384)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA512, Integers.valueOf(PBE.SHA512)); + // BEGIN Android-removed: Unsupported algorithms + /* + prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411)); prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_256, Integers.valueOf(PBE.SHA3_256)); prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_224, Integers.valueOf(PBE.SHA3_224)); prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_384, Integers.valueOf(PBE.SHA3_384)); @@ -62,8 +62,6 @@ public class PBEPBKDF2 } - // BEGIN Android-removed: Unsupported algorithms - /* public static class AlgParams extends BaseAlgorithmParameters { @@ -146,8 +144,6 @@ public class PBEPBKDF2 return "PBKDF2 Parameters"; } } - */ - // END Android-removed: Unsupported algorithms public static class BasePBKDF2 extends BaseSecretKeyFactory @@ -273,8 +269,6 @@ public class PBEPBKDF2 } } - // BEGIN Android-removed: Unsupported algorithms - /* public static class PBKDF2withUTF8 extends BasePBKDF2 { @@ -284,6 +278,8 @@ public class PBEPBKDF2 } } + // BEGIN Android-removed: Unsupported algorithms + /* public static class PBKDF2withSHA224 extends BasePBKDF2 { @@ -614,6 +610,9 @@ public class PBEPBKDF2 provider.addAlgorithm("SecretKeyFactory.PBEWithHmacSHA512AndAES_256", PREFIX + "$PBEWithHmacSHA512AndAES_256"); provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT"); // END Android-added: Android versions of algorithms. + // Android-added: Private implementations needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8"); + provider.addPrivateAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.12", "PBKDF2"); } } } diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java b/bcprov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java index 6c384585..13205ec2 100644 --- a/bcprov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java +++ b/bcprov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java @@ -1,8 +1,13 @@ package org.bouncycastle.jcajce.util; +import java.security.NoSuchAlgorithmException; import java.security.Provider; import java.security.Security; +import javax.crypto.Cipher; +import javax.crypto.Mac; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKeyFactory; import org.bouncycastle.jce.provider.BouncyCastleProvider; /** @@ -38,4 +43,61 @@ public class BCJcaJceHelper { super(getBouncyCastleProvider()); } + + // BEGIN Android-added: Look up algorithms in private provider if not found in main Provider. + // + // If code is using a BCJcajceHelper to ensure it gets its implementation from BC, then + // also search in the privately provided algorithms if not found in the main set. + // + // If any error occurs while searching the private Provider, typically a + // NoSuchAlgorithmException being thrown, then the original NoSuchAlgorithmException + // from the BC Provider is thrown for consistency. + @Override + public Cipher createCipher(String algorithm) + throws NoSuchAlgorithmException, NoSuchPaddingException { + try { + return super.createCipher(algorithm); + } catch (NoSuchAlgorithmException originalException) { + try { + return Cipher.getInstance(algorithm, getPrivateProvider()); + } catch (Throwable throwable) { + throw originalException; + } + } + } + + @Override + public SecretKeyFactory createSecretKeyFactory(String algorithm) + throws NoSuchAlgorithmException { + try { + return super.createSecretKeyFactory(algorithm); + } catch (NoSuchAlgorithmException originalException) { + try { + return SecretKeyFactory.getInstance(algorithm, getPrivateProvider()); + } catch (Throwable throwable) { + throw originalException; + } + } + } + + @Override + public Mac createMac(String algorithm) throws NoSuchAlgorithmException { + try { + return super.createMac(algorithm); + } catch (NoSuchAlgorithmException originalException) { + try { + return Mac.getInstance(algorithm, getPrivateProvider()); + } catch (Throwable throwable) { + throw originalException; + } + } + } + + private Provider getPrivateProvider() { + if (provider instanceof BouncyCastleProvider) { + return ((BouncyCastleProvider) provider).getPrivateProvider(); + } + throw new IllegalStateException("Internal error in BCJcaJceHelper"); + } + // END Android-added: Look up algorithms in private provider if not found in main Provider. } diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java index bb12aecf..7f9285b1 100644 --- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -426,4 +426,37 @@ public final class BouncyCastleProvider extends Provider return converter.generatePrivate(privateKeyInfo); */ } + + // BEGIN Android-added: Allow algorithms to be provided privately for BC internals. + // + // Algorithms added via these methods are stored in a private instance of PrivateProvider, + // which is never added to the system-wide list of installed Providers, and is only + // ever searched by BC internal classes which search for algorithms using an instance + // of BCJcajceHelper. + private static final class PrivateProvider extends Provider { + public PrivateProvider() { + super("BCPrivate", 1.0, "Android BC private use only"); + } + } + + private final Provider privateProvider = new PrivateProvider(); + + public void addPrivateAlgorithm(String key, String value) + { + if (privateProvider.containsKey(key)) + { + throw new IllegalStateException("duplicate provider key (" + key + ") found"); + } + privateProvider.put(key, value); + } + + public void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className) + { + addPrivateAlgorithm(type + "." + oid, className); + } + + public Provider getPrivateProvider() { + return privateProvider; + } + // END Android-added: Allow algorithms to be provided privately for BC internals. } diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java index da69af72..d6dc21ea 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java @@ -56,4 +56,11 @@ public interface ConfigurableProvider AsymmetricKeyInfoConverter getKeyInfoConverter(ASN1ObjectIdentifier oid); void addAttributes(String key, Map<String, String> attributeMap); + + // BEGIN Android-added: Allow algorithms to be added privately. + // See BouncyCastleProvider for details. + void addPrivateAlgorithm(String key, String value); + + void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className); + // END Android-added: Allow algorithms to be added privately. } diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA224.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA224.java index e9f436a8..ff4fde85 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA224.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA224.java @@ -92,6 +92,8 @@ public class SHA224 addHMACAlias(provider, "SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha224, PREFIX + "$HashMac"); } } } diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA256.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA256.java index 706d4ab3..a4e8a762 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA256.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA256.java @@ -115,6 +115,8 @@ public class SHA256 addHMACAlias(provider, "SHA256", NISTObjectIdentifiers.id_sha256); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha256, PREFIX + "$HashMac"); } } } diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA384.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA384.java index b7d97164..7ff261e0 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA384.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA384.java @@ -109,6 +109,8 @@ public class SHA384 addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha384, PREFIX + "$HashMac"); } } } diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA512.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA512.java index dbd513c7..cdc70186 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA512.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA512.java @@ -207,6 +207,8 @@ public class SHA512 addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha512, PREFIX + "$HashMac"); } } diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java index fb5f2fdd..06fbb963 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java @@ -120,9 +120,12 @@ public class PKCS12KeyStoreSpi { static final String PKCS12_MAX_IT_COUNT_PROPERTY = "com.android.org.bouncycastle.pkcs12.max_it_count"; - // Android-changed: Use default provider for JCA algorithms instead of BC + // Android-changed: Use default provider for most JCA algorithms instead of BC. + // For the case where we need BC implementations, the BCJcaJceHelper will also search + // the list of private implementations help by BouncyCastleProvider. // Was: private final JcaJceHelper helper = new BCJcaJceHelper(); private final JcaJceHelper helper = new DefaultJcaJceHelper(); + private final JcaJceHelper selfHelper = new BCJcaJceHelper(); private static final int SALT_SIZE = 20; private static final int MIN_ITERATIONS = 50 * 1024; @@ -731,7 +734,9 @@ public class PKCS12KeyStoreSpi PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); - SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); + // Android-Changed: SecretKeyFactory must be from BC due to instanceof logic. + // SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); + SecretKeyFactory keyFact = selfHelper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); SecretKey key; if (func.isDefaultPrf()) @@ -743,7 +748,9 @@ public class PKCS12KeyStoreSpi key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), validateIterationCount(func.getIterationCount()), keySizeProvider.getKeySize(encScheme), func.getPrf())); } - Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId()); + // Android-Changed: Cipher must be from BC due to use of internal PKCS12Key tyoe. + // Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId()); + Cipher cipher = selfHelper.createCipher(alg.getEncryptionScheme().getAlgorithm().getId()); ASN1Encodable encParams = alg.getEncryptionScheme().getParameters(); if (encParams instanceof ASN1OctetString) @@ -1785,7 +1792,9 @@ public class PKCS12KeyStoreSpi { PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); - Mac mac = helper.createMac(oid.getId()); + // Android-Changed: Mac must be from BC due to use of internal PKCS12Key tyoe. + // Mac mac = helper.createMac(oid.getId()); + Mac mac = selfHelper.createMac(oid.getId()); mac.init(new PKCS12Key(password, wrongPkcs12Zero), defParams); mac.update(data); diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/AES.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/AES.java index 9e2a493d..9684f351 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/AES.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/AES.java @@ -1146,6 +1146,11 @@ public final class AES // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); // addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); // END Android-removed: Unsupported algorithms + + // Android-added: Private implementations needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); + provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); + provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); } } } diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java index 2109104c..15880ad9 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java @@ -44,14 +44,14 @@ public class PBEPBKDF2 static { - // BEGIN Android-removed: Unsupported algorithm - /* - prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA1, Integers.valueOf(PBE.SHA1)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA256, Integers.valueOf(PBE.SHA256)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA224, Integers.valueOf(PBE.SHA224)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA384, Integers.valueOf(PBE.SHA384)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA512, Integers.valueOf(PBE.SHA512)); + // BEGIN Android-removed: Unsupported algorithms + /* + prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411)); prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_256, Integers.valueOf(PBE.SHA3_256)); prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_224, Integers.valueOf(PBE.SHA3_224)); prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_384, Integers.valueOf(PBE.SHA3_384)); @@ -66,8 +66,9 @@ public class PBEPBKDF2 } - // BEGIN Android-removed: Unsupported algorithms - /* + /** + * @hide This class is not part of the Android public SDK API + */ public static class AlgParams extends BaseAlgorithmParameters { @@ -150,8 +151,6 @@ public class PBEPBKDF2 return "PBKDF2 Parameters"; } } - */ - // END Android-removed: Unsupported algorithms /** * @hide This class is not part of the Android public SDK API @@ -280,8 +279,9 @@ public class PBEPBKDF2 } } - // BEGIN Android-removed: Unsupported algorithms - /* + /** + * @hide This class is not part of the Android public SDK API + */ public static class PBKDF2withUTF8 extends BasePBKDF2 { @@ -291,6 +291,8 @@ public class PBEPBKDF2 } } + // BEGIN Android-removed: Unsupported algorithms + /* public static class PBKDF2withSHA224 extends BasePBKDF2 { @@ -687,6 +689,9 @@ public class PBEPBKDF2 provider.addAlgorithm("SecretKeyFactory.PBEWithHmacSHA512AndAES_256", PREFIX + "$PBEWithHmacSHA512AndAES_256"); provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT"); // END Android-added: Android versions of algorithms. + // Android-added: Private implementations needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8"); + provider.addPrivateAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.12", "PBKDF2"); } } } diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/util/BCJcaJceHelper.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/util/BCJcaJceHelper.java index 65523d84..69ab946c 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/util/BCJcaJceHelper.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/util/BCJcaJceHelper.java @@ -1,9 +1,14 @@ /* GENERATED SOURCE. DO NOT MODIFY. */ package com.android.org.bouncycastle.jcajce.util; +import java.security.NoSuchAlgorithmException; import java.security.Provider; import java.security.Security; +import javax.crypto.Cipher; +import javax.crypto.Mac; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKeyFactory; import com.android.org.bouncycastle.jce.provider.BouncyCastleProvider; /** @@ -40,4 +45,61 @@ public class BCJcaJceHelper { super(getBouncyCastleProvider()); } + + // BEGIN Android-added: Look up algorithms in private provider if not found in main Provider. + // + // If code is using a BCJcajceHelper to ensure it gets its implementation from BC, then + // also search in the privately provided algorithms if not found in the main set. + // + // If any error occurs while searching the private Provider, typically a + // NoSuchAlgorithmException being thrown, then the original NoSuchAlgorithmException + // from the BC Provider is thrown for consistency. + @Override + public Cipher createCipher(String algorithm) + throws NoSuchAlgorithmException, NoSuchPaddingException { + try { + return super.createCipher(algorithm); + } catch (NoSuchAlgorithmException originalException) { + try { + return Cipher.getInstance(algorithm, getPrivateProvider()); + } catch (Throwable throwable) { + throw originalException; + } + } + } + + @Override + public SecretKeyFactory createSecretKeyFactory(String algorithm) + throws NoSuchAlgorithmException { + try { + return super.createSecretKeyFactory(algorithm); + } catch (NoSuchAlgorithmException originalException) { + try { + return SecretKeyFactory.getInstance(algorithm, getPrivateProvider()); + } catch (Throwable throwable) { + throw originalException; + } + } + } + + @Override + public Mac createMac(String algorithm) throws NoSuchAlgorithmException { + try { + return super.createMac(algorithm); + } catch (NoSuchAlgorithmException originalException) { + try { + return Mac.getInstance(algorithm, getPrivateProvider()); + } catch (Throwable throwable) { + throw originalException; + } + } + } + + private Provider getPrivateProvider() { + if (provider instanceof BouncyCastleProvider) { + return ((BouncyCastleProvider) provider).getPrivateProvider(); + } + throw new IllegalStateException("Internal error in BCJcaJceHelper"); + } + // END Android-added: Look up algorithms in private provider if not found in main Provider. } diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java index 61383ce7..798bb8ed 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -429,4 +429,37 @@ public final class BouncyCastleProvider extends Provider return converter.generatePrivate(privateKeyInfo); */ } + + // BEGIN Android-added: Allow algorithms to be provided privately for BC internals. + // + // Algorithms added via these methods are stored in a private instance of PrivateProvider, + // which is never added to the system-wide list of installed Providers, and is only + // ever searched by BC internal classes which search for algorithms using an instance + // of BCJcajceHelper. + private static final class PrivateProvider extends Provider { + public PrivateProvider() { + super("BCPrivate", 1.0, "Android BC private use only"); + } + } + + private final Provider privateProvider = new PrivateProvider(); + + public void addPrivateAlgorithm(String key, String value) + { + if (privateProvider.containsKey(key)) + { + throw new IllegalStateException("duplicate provider key (" + key + ") found"); + } + privateProvider.put(key, value); + } + + public void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className) + { + addPrivateAlgorithm(type + "." + oid, className); + } + + public Provider getPrivateProvider() { + return privateProvider; + } + // END Android-added: Allow algorithms to be provided privately for BC internals. } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java index 8f8787f7..cd76b860 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java @@ -56,4 +56,11 @@ public interface ConfigurableProvider AsymmetricKeyInfoConverter getKeyInfoConverter(ASN1ObjectIdentifier oid); void addAttributes(String key, Map<String, String> attributeMap); + + // BEGIN Android-added: Allow algorithms to be added privately. + // See BouncyCastleProvider for details. + void addPrivateAlgorithm(String key, String value); + + void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className); + // END Android-added: Allow algorithms to be added privately. } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA224.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA224.java index 5b5d9511..bac8e723 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA224.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA224.java @@ -92,6 +92,8 @@ public class SHA224 addHMACAlias(provider, "SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha224, PREFIX + "$HashMac"); } } } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA256.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA256.java index 929364f5..a7ab4097 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA256.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA256.java @@ -115,6 +115,8 @@ public class SHA256 addHMACAlias(provider, "SHA256", NISTObjectIdentifiers.id_sha256); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha256, PREFIX + "$HashMac"); } } } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA384.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA384.java index 89d14437..5d209512 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA384.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA384.java @@ -109,6 +109,8 @@ public class SHA384 addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha384, PREFIX + "$HashMac"); } } } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA512.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA512.java index b726dbf8..243a3064 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA512.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA512.java @@ -207,6 +207,8 @@ public class SHA512 addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha512, PREFIX + "$HashMac"); } } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java index d5897959..745534da 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java @@ -120,9 +120,12 @@ public class PKCS12KeyStoreSpi { static final String PKCS12_MAX_IT_COUNT_PROPERTY = "com.android.internal.org.bouncycastle.pkcs12.max_it_count"; - // Android-changed: Use default provider for JCA algorithms instead of BC + // Android-changed: Use default provider for most JCA algorithms instead of BC. + // For the case where we need BC implementations, the BCJcaJceHelper will also search + // the list of private implementations help by BouncyCastleProvider. // Was: private final JcaJceHelper helper = new BCJcaJceHelper(); private final JcaJceHelper helper = new DefaultJcaJceHelper(); + private final JcaJceHelper selfHelper = new BCJcaJceHelper(); private static final int SALT_SIZE = 20; private static final int MIN_ITERATIONS = 50 * 1024; @@ -731,7 +734,9 @@ public class PKCS12KeyStoreSpi PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); - SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); + // Android-Changed: SecretKeyFactory must be from BC due to instanceof logic. + // SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); + SecretKeyFactory keyFact = selfHelper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); SecretKey key; if (func.isDefaultPrf()) @@ -743,7 +748,9 @@ public class PKCS12KeyStoreSpi key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), validateIterationCount(func.getIterationCount()), keySizeProvider.getKeySize(encScheme), func.getPrf())); } - Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId()); + // Android-Changed: Cipher must be from BC due to use of internal PKCS12Key tyoe. + // Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId()); + Cipher cipher = selfHelper.createCipher(alg.getEncryptionScheme().getAlgorithm().getId()); ASN1Encodable encParams = alg.getEncryptionScheme().getParameters(); if (encParams instanceof ASN1OctetString) @@ -1785,7 +1792,9 @@ public class PKCS12KeyStoreSpi { PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); - Mac mac = helper.createMac(oid.getId()); + // Android-Changed: Mac must be from BC due to use of internal PKCS12Key tyoe. + // Mac mac = helper.createMac(oid.getId()); + Mac mac = selfHelper.createMac(oid.getId()); mac.init(new PKCS12Key(password, wrongPkcs12Zero), defParams); mac.update(data); diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/AES.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/AES.java index 55510fd2..056faae1 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/AES.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/AES.java @@ -1146,6 +1146,11 @@ public final class AES // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); // addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); // END Android-removed: Unsupported algorithms + + // Android-added: Private implementations needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); + provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); + provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); } } } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java index ab218e1f..63824db6 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java @@ -44,14 +44,14 @@ public class PBEPBKDF2 static { - // BEGIN Android-removed: Unsupported algorithm - /* - prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA1, Integers.valueOf(PBE.SHA1)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA256, Integers.valueOf(PBE.SHA256)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA224, Integers.valueOf(PBE.SHA224)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA384, Integers.valueOf(PBE.SHA384)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA512, Integers.valueOf(PBE.SHA512)); + // BEGIN Android-removed: Unsupported algorithms + /* + prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411)); prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_256, Integers.valueOf(PBE.SHA3_256)); prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_224, Integers.valueOf(PBE.SHA3_224)); prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_384, Integers.valueOf(PBE.SHA3_384)); @@ -66,8 +66,9 @@ public class PBEPBKDF2 } - // BEGIN Android-removed: Unsupported algorithms - /* + /** + * @hide This class is not part of the Android public SDK API + */ public static class AlgParams extends BaseAlgorithmParameters { @@ -150,8 +151,6 @@ public class PBEPBKDF2 return "PBKDF2 Parameters"; } } - */ - // END Android-removed: Unsupported algorithms /** * @hide This class is not part of the Android public SDK API @@ -280,8 +279,9 @@ public class PBEPBKDF2 } } - // BEGIN Android-removed: Unsupported algorithms - /* + /** + * @hide This class is not part of the Android public SDK API + */ public static class PBKDF2withUTF8 extends BasePBKDF2 { @@ -291,6 +291,8 @@ public class PBEPBKDF2 } } + // BEGIN Android-removed: Unsupported algorithms + /* public static class PBKDF2withSHA224 extends BasePBKDF2 { @@ -687,6 +689,9 @@ public class PBEPBKDF2 provider.addAlgorithm("SecretKeyFactory.PBEWithHmacSHA512AndAES_256", PREFIX + "$PBEWithHmacSHA512AndAES_256"); provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT"); // END Android-added: Android versions of algorithms. + // Android-added: Private implementations needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8"); + provider.addPrivateAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.12", "PBKDF2"); } } } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/util/BCJcaJceHelper.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/util/BCJcaJceHelper.java index 15130f26..507d225c 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/util/BCJcaJceHelper.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/util/BCJcaJceHelper.java @@ -1,9 +1,14 @@ /* GENERATED SOURCE. DO NOT MODIFY. */ package com.android.internal.org.bouncycastle.jcajce.util; +import java.security.NoSuchAlgorithmException; import java.security.Provider; import java.security.Security; +import javax.crypto.Cipher; +import javax.crypto.Mac; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKeyFactory; import com.android.internal.org.bouncycastle.jce.provider.BouncyCastleProvider; /** @@ -40,4 +45,61 @@ public class BCJcaJceHelper { super(getBouncyCastleProvider()); } + + // BEGIN Android-added: Look up algorithms in private provider if not found in main Provider. + // + // If code is using a BCJcajceHelper to ensure it gets its implementation from BC, then + // also search in the privately provided algorithms if not found in the main set. + // + // If any error occurs while searching the private Provider, typically a + // NoSuchAlgorithmException being thrown, then the original NoSuchAlgorithmException + // from the BC Provider is thrown for consistency. + @Override + public Cipher createCipher(String algorithm) + throws NoSuchAlgorithmException, NoSuchPaddingException { + try { + return super.createCipher(algorithm); + } catch (NoSuchAlgorithmException originalException) { + try { + return Cipher.getInstance(algorithm, getPrivateProvider()); + } catch (Throwable throwable) { + throw originalException; + } + } + } + + @Override + public SecretKeyFactory createSecretKeyFactory(String algorithm) + throws NoSuchAlgorithmException { + try { + return super.createSecretKeyFactory(algorithm); + } catch (NoSuchAlgorithmException originalException) { + try { + return SecretKeyFactory.getInstance(algorithm, getPrivateProvider()); + } catch (Throwable throwable) { + throw originalException; + } + } + } + + @Override + public Mac createMac(String algorithm) throws NoSuchAlgorithmException { + try { + return super.createMac(algorithm); + } catch (NoSuchAlgorithmException originalException) { + try { + return Mac.getInstance(algorithm, getPrivateProvider()); + } catch (Throwable throwable) { + throw originalException; + } + } + } + + private Provider getPrivateProvider() { + if (provider instanceof BouncyCastleProvider) { + return ((BouncyCastleProvider) provider).getPrivateProvider(); + } + throw new IllegalStateException("Internal error in BCJcaJceHelper"); + } + // END Android-added: Look up algorithms in private provider if not found in main Provider. } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jce/provider/BouncyCastleProvider.java index 2f3f1ea2..2689da81 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -428,4 +428,37 @@ public final class BouncyCastleProvider extends Provider return converter.generatePrivate(privateKeyInfo); */ } + + // BEGIN Android-added: Allow algorithms to be provided privately for BC internals. + // + // Algorithms added via these methods are stored in a private instance of PrivateProvider, + // which is never added to the system-wide list of installed Providers, and is only + // ever searched by BC internal classes which search for algorithms using an instance + // of BCJcajceHelper. + private static final class PrivateProvider extends Provider { + public PrivateProvider() { + super("BCPrivate", 1.0, "Android BC private use only"); + } + } + + private final Provider privateProvider = new PrivateProvider(); + + public void addPrivateAlgorithm(String key, String value) + { + if (privateProvider.containsKey(key)) + { + throw new IllegalStateException("duplicate provider key (" + key + ") found"); + } + privateProvider.put(key, value); + } + + public void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className) + { + addPrivateAlgorithm(type + "." + oid, className); + } + + public Provider getPrivateProvider() { + return privateProvider; + } + // END Android-added: Allow algorithms to be provided privately for BC internals. } |