Load default KeyFactory instead of BC's implementation

BouncyCastle has a shortcut for getting its own KeyFactory implementations. Since some of them are removed, e.g. KeyFactory.RSA, we need to load other available implementations.In particular BKS KeyStore, that is only available in BouncyCastle, uses KeyFactory.RSA, so this Android modifications are necessary for the KeyStore to keep functioning. Test: cts -m CtsLibcoreOkHttpTestCases Bug: 67761667 Change-Id: I98adb4d2f475e8b600a44b655ade83cd94c1efbd
author: Daulet Zhanguzin <dauletz@google.com> 2020-05-01 22:33:16 +0100
committer: Daulet Zhanguzin <dauletz@google.com> 2020-05-04 14:11:57 +0100
commit: 6bfb3fc9615696ab0cfc6ab0b479454d804a0bda (patch)
tree: 651f5ab0e8f0c04b64926f5355976ea5c5ea3b25 /repackaged
parent: 105445433dfb81761347d614d691721a4fe1c5d0 (diff)
download: bouncycastle-6bfb3fc9615696ab0cfc6ab0b479454d804a0bda.tar.gz
3 files changed, 44 insertions, 6 deletions
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/DESede.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/DESede.java
index df1b354e..97d396bd 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/DESede.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/DESede.java
@@ -433,7 +433,8 @@ public final class DESede
             // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE");
             provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE");
 
-            if (provider.hasAlgorithm("MessageDigest", "SHA-1"))
+            // Android-removed Bouncy Castle's SHA-1 implementation is removed but we still need PBEWithSHAAnd3-KeyTripleDES-CBC
+            // if (provider.hasAlgorithm("MessageDigest", "SHA-1"))
             {
                 provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key");
                 // BEGIN Android-removed: Unsupported algorithms
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/netscape/NetscapeCertRequest.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
index 4f943340..f6bcc662 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/netscape/NetscapeCertRequest.java
@@ -117,7 +117,7 @@ public class NetscapeCertRequest
                     pubkeyinfo).getBytes());
 
             keyAlg = pubkeyinfo.getAlgorithm();
-            pubkey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), "BC")
+            pubkey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId())
                     .generatePublic(xspec);
 
         }
@@ -205,8 +205,7 @@ public class NetscapeCertRequest
         // Verify the signature .. shows the response was generated
         // by someone who knew the associated private key
         //
-        Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(),
-                "BC");
+        Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId());
         sig.initVerify(pubkey);
         sig.update(content.getBytes());
 
@@ -225,8 +224,7 @@ public class NetscapeCertRequest
             SignatureException, NoSuchProviderException,
             InvalidKeySpecException
     {
-        Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(),
-                "BC");
+        Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId());
 
         if (rand != null)
         {
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java
index c5b996aa..bf10ed35 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -3,10 +3,15 @@ package com.android.org.bouncycastle.jce.provider;
 
 import java.io.IOException;
 import java.security.AccessController;
+// Android-added: need to get non-BC implementations
+import java.security.KeyFactory;
 import java.security.PrivateKey;
 import java.security.PrivilegedAction;
 import java.security.Provider;
 import java.security.PublicKey;
+// Android-added: need to convert Asn1Objects into standard specs
+import java.security.spec.PKCS8EncodedKeySpec;
+import java.security.spec.X509EncodedKeySpec;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.Map;
@@ -341,6 +346,22 @@ public final class BouncyCastleProvider extends Provider
     public static PublicKey getPublicKey(SubjectPublicKeyInfo publicKeyInfo)
         throws IOException
     {
+        // Android-added: BC KeyFactories have been removed, so load them the standard way
+        try {
+            return KeyFactory
+                .getInstance(
+                    publicKeyInfo.getAlgorithmId().getAlgorithm().getId())
+                .generatePublic(
+                    new X509EncodedKeySpec(publicKeyInfo.getEncoded()));
+        } catch (java.security.NoSuchAlgorithmException ex) {
+            // Maintaining compatibility with upstream logic: if appropriate algorithm not found
+            // ("converter" in Android-removed section) return null instead of throwing.
+            return null;
+        } catch (java.security.spec.InvalidKeySpecException ex) {
+            throw new IOException(ex);
+        }
+        // Android-removed: see above
+        /*
         AsymmetricKeyInfoConverter converter = getAsymmetricKeyInfoConverter(publicKeyInfo.getAlgorithm().getAlgorithm());
 
         if (converter == null)
@@ -349,11 +370,28 @@ public final class BouncyCastleProvider extends Provider
         }
 
         return converter.generatePublic(publicKeyInfo);
+        */
     }
 
     public static PrivateKey getPrivateKey(PrivateKeyInfo privateKeyInfo)
         throws IOException
     {
+        // Android-added: BC KeyFactories have been removed, so load them the standard way
+        try {
+            return KeyFactory
+                .getInstance(
+                    privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId())
+                .generatePrivate(
+                    new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded()));
+        } catch (java.security.NoSuchAlgorithmException ex) {
+            // Maintaining compatibility with upstream logic: if appropriate algorithm not found
+            // ("converter" in Android-removed section) return null instead of throwing.
+            return null;
+        } catch (java.security.spec.InvalidKeySpecException ex) {
+            throw new IOException(ex);
+        }
+        // Android-removed: see above
+        /*
         AsymmetricKeyInfoConverter converter = getAsymmetricKeyInfoConverter(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm());
 
         if (converter == null)
@@ -362,5 +400,6 @@ public final class BouncyCastleProvider extends Provider
         }
 
         return converter.generatePrivate(privateKeyInfo);
+        */
     }
 }
author	Daulet Zhanguzin <dauletz@google.com>	2020-05-01 22:33:16 +0100
committer	Daulet Zhanguzin <dauletz@google.com>	2020-05-04 14:11:57 +0100
commit	6bfb3fc9615696ab0cfc6ab0b479454d804a0bda (patch)
tree	651f5ab0e8f0c04b64926f5355976ea5c5ea3b25 /repackaged
parent	105445433dfb81761347d614d691721a4fe1c5d0 (diff)
download	bouncycastle-6bfb3fc9615696ab0cfc6ab0b479454d804a0bda.tar.gz