diff options
author | Daulet Zhanguzin <dauletz@google.com> | 2020-05-01 22:33:16 +0100 |
---|---|---|
committer | Daulet Zhanguzin <dauletz@google.com> | 2020-05-04 14:11:57 +0100 |
commit | 6bfb3fc9615696ab0cfc6ab0b479454d804a0bda (patch) | |
tree | 651f5ab0e8f0c04b64926f5355976ea5c5ea3b25 /repackaged | |
parent | 105445433dfb81761347d614d691721a4fe1c5d0 (diff) | |
download | bouncycastle-6bfb3fc9615696ab0cfc6ab0b479454d804a0bda.tar.gz |
Load default KeyFactory instead of BC's implementation
BouncyCastle has a shortcut for getting its own KeyFactory implementations. Since some of them are removed, e.g. KeyFactory.RSA, we need to load other available implementations.In particular BKS KeyStore, that is only available in BouncyCastle, uses KeyFactory.RSA, so this Android modifications are necessary for the KeyStore to keep functioning.
Test: cts -m CtsLibcoreOkHttpTestCases
Bug: 67761667
Change-Id: I98adb4d2f475e8b600a44b655ade83cd94c1efbd
Diffstat (limited to 'repackaged')
3 files changed, 44 insertions, 6 deletions
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/DESede.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/DESede.java index df1b354e..97d396bd 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/DESede.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/DESede.java @@ -433,7 +433,8 @@ public final class DESede // provider.addAlgorithm("Alg.Alias.AlgorithmParameterGenerator.TDEA", "DESEDE"); provider.addAlgorithm("Alg.Alias.SecretKeyFactory.TDEA", "DESEDE"); - if (provider.hasAlgorithm("MessageDigest", "SHA-1")) + // Android-removed Bouncy Castle's SHA-1 implementation is removed but we still need PBEWithSHAAnd3-KeyTripleDES-CBC + // if (provider.hasAlgorithm("MessageDigest", "SHA-1")) { provider.addAlgorithm("Cipher.PBEWITHSHAAND3-KEYTRIPLEDES-CBC", PREFIX + "$PBEWithSHAAndDES3Key"); // BEGIN Android-removed: Unsupported algorithms diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/netscape/NetscapeCertRequest.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/netscape/NetscapeCertRequest.java index 4f943340..f6bcc662 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/netscape/NetscapeCertRequest.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/netscape/NetscapeCertRequest.java @@ -117,7 +117,7 @@ public class NetscapeCertRequest pubkeyinfo).getBytes()); keyAlg = pubkeyinfo.getAlgorithm(); - pubkey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId(), "BC") + pubkey = KeyFactory.getInstance(keyAlg.getAlgorithm().getId()) .generatePublic(xspec); } @@ -205,8 +205,7 @@ public class NetscapeCertRequest // Verify the signature .. shows the response was generated // by someone who knew the associated private key // - Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(), - "BC"); + Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId()); sig.initVerify(pubkey); sig.update(content.getBytes()); @@ -225,8 +224,7 @@ public class NetscapeCertRequest SignatureException, NoSuchProviderException, InvalidKeySpecException { - Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId(), - "BC"); + Signature sig = Signature.getInstance(sigAlg.getAlgorithm().getId()); if (rand != null) { diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java index c5b996aa..bf10ed35 100644 --- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -3,10 +3,15 @@ package com.android.org.bouncycastle.jce.provider; import java.io.IOException; import java.security.AccessController; +// Android-added: need to get non-BC implementations +import java.security.KeyFactory; import java.security.PrivateKey; import java.security.PrivilegedAction; import java.security.Provider; import java.security.PublicKey; +// Android-added: need to convert Asn1Objects into standard specs +import java.security.spec.PKCS8EncodedKeySpec; +import java.security.spec.X509EncodedKeySpec; import java.util.HashMap; import java.util.Iterator; import java.util.Map; @@ -341,6 +346,22 @@ public final class BouncyCastleProvider extends Provider public static PublicKey getPublicKey(SubjectPublicKeyInfo publicKeyInfo) throws IOException { + // Android-added: BC KeyFactories have been removed, so load them the standard way + try { + return KeyFactory + .getInstance( + publicKeyInfo.getAlgorithmId().getAlgorithm().getId()) + .generatePublic( + new X509EncodedKeySpec(publicKeyInfo.getEncoded())); + } catch (java.security.NoSuchAlgorithmException ex) { + // Maintaining compatibility with upstream logic: if appropriate algorithm not found + // ("converter" in Android-removed section) return null instead of throwing. + return null; + } catch (java.security.spec.InvalidKeySpecException ex) { + throw new IOException(ex); + } + // Android-removed: see above + /* AsymmetricKeyInfoConverter converter = getAsymmetricKeyInfoConverter(publicKeyInfo.getAlgorithm().getAlgorithm()); if (converter == null) @@ -349,11 +370,28 @@ public final class BouncyCastleProvider extends Provider } return converter.generatePublic(publicKeyInfo); + */ } public static PrivateKey getPrivateKey(PrivateKeyInfo privateKeyInfo) throws IOException { + // Android-added: BC KeyFactories have been removed, so load them the standard way + try { + return KeyFactory + .getInstance( + privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm().getId()) + .generatePrivate( + new PKCS8EncodedKeySpec(privateKeyInfo.getEncoded())); + } catch (java.security.NoSuchAlgorithmException ex) { + // Maintaining compatibility with upstream logic: if appropriate algorithm not found + // ("converter" in Android-removed section) return null instead of throwing. + return null; + } catch (java.security.spec.InvalidKeySpecException ex) { + throw new IOException(ex); + } + // Android-removed: see above + /* AsymmetricKeyInfoConverter converter = getAsymmetricKeyInfoConverter(privateKeyInfo.getPrivateKeyAlgorithm().getAlgorithm()); if (converter == null) @@ -362,5 +400,6 @@ public final class BouncyCastleProvider extends Provider } return converter.generatePrivate(privateKeyInfo); + */ } } |