diff options
Diffstat (limited to 'repackaged_platform/bcprov/src/main/java')
10 files changed, 142 insertions, 13 deletions
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java index 8f8787f7..cd76b860 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java @@ -56,4 +56,11 @@ public interface ConfigurableProvider AsymmetricKeyInfoConverter getKeyInfoConverter(ASN1ObjectIdentifier oid); void addAttributes(String key, Map<String, String> attributeMap); + + // BEGIN Android-added: Allow algorithms to be added privately. + // See BouncyCastleProvider for details. + void addPrivateAlgorithm(String key, String value); + + void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className); + // END Android-added: Allow algorithms to be added privately. } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA224.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA224.java index 5b5d9511..bac8e723 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA224.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA224.java @@ -92,6 +92,8 @@ public class SHA224 addHMACAlias(provider, "SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha224, PREFIX + "$HashMac"); } } } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA256.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA256.java index 929364f5..a7ab4097 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA256.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA256.java @@ -115,6 +115,8 @@ public class SHA256 addHMACAlias(provider, "SHA256", NISTObjectIdentifiers.id_sha256); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha256, PREFIX + "$HashMac"); } } } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA384.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA384.java index 89d14437..5d209512 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA384.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA384.java @@ -109,6 +109,8 @@ public class SHA384 addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha384, PREFIX + "$HashMac"); } } } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA512.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA512.java index b726dbf8..243a3064 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA512.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA512.java @@ -207,6 +207,8 @@ public class SHA512 addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256"); */ // END Android-removed: Unsupported algorithms + // Android-added: Private implementation needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha512, PREFIX + "$HashMac"); } } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java index d5897959..745534da 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java @@ -120,9 +120,12 @@ public class PKCS12KeyStoreSpi { static final String PKCS12_MAX_IT_COUNT_PROPERTY = "com.android.internal.org.bouncycastle.pkcs12.max_it_count"; - // Android-changed: Use default provider for JCA algorithms instead of BC + // Android-changed: Use default provider for most JCA algorithms instead of BC. + // For the case where we need BC implementations, the BCJcaJceHelper will also search + // the list of private implementations help by BouncyCastleProvider. // Was: private final JcaJceHelper helper = new BCJcaJceHelper(); private final JcaJceHelper helper = new DefaultJcaJceHelper(); + private final JcaJceHelper selfHelper = new BCJcaJceHelper(); private static final int SALT_SIZE = 20; private static final int MIN_ITERATIONS = 50 * 1024; @@ -731,7 +734,9 @@ public class PKCS12KeyStoreSpi PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters()); AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme()); - SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); + // Android-Changed: SecretKeyFactory must be from BC due to instanceof logic. + // SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); + SecretKeyFactory keyFact = selfHelper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId()); SecretKey key; if (func.isDefaultPrf()) @@ -743,7 +748,9 @@ public class PKCS12KeyStoreSpi key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), validateIterationCount(func.getIterationCount()), keySizeProvider.getKeySize(encScheme), func.getPrf())); } - Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId()); + // Android-Changed: Cipher must be from BC due to use of internal PKCS12Key tyoe. + // Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId()); + Cipher cipher = selfHelper.createCipher(alg.getEncryptionScheme().getAlgorithm().getId()); ASN1Encodable encParams = alg.getEncryptionScheme().getParameters(); if (encParams instanceof ASN1OctetString) @@ -1785,7 +1792,9 @@ public class PKCS12KeyStoreSpi { PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount); - Mac mac = helper.createMac(oid.getId()); + // Android-Changed: Mac must be from BC due to use of internal PKCS12Key tyoe. + // Mac mac = helper.createMac(oid.getId()); + Mac mac = selfHelper.createMac(oid.getId()); mac.init(new PKCS12Key(password, wrongPkcs12Zero), defParams); mac.update(data); diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/AES.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/AES.java index 55510fd2..056faae1 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/AES.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/AES.java @@ -1146,6 +1146,11 @@ public final class AES // addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128"); // addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen"); // END Android-removed: Unsupported algorithms + + // Android-added: Private implementations needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC"); + provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC"); + provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC"); } } } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java index ab218e1f..63824db6 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java @@ -44,14 +44,14 @@ public class PBEPBKDF2 static { - // BEGIN Android-removed: Unsupported algorithm - /* - prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA1, Integers.valueOf(PBE.SHA1)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA256, Integers.valueOf(PBE.SHA256)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA224, Integers.valueOf(PBE.SHA224)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA384, Integers.valueOf(PBE.SHA384)); prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA512, Integers.valueOf(PBE.SHA512)); + // BEGIN Android-removed: Unsupported algorithms + /* + prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411)); prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_256, Integers.valueOf(PBE.SHA3_256)); prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_224, Integers.valueOf(PBE.SHA3_224)); prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_384, Integers.valueOf(PBE.SHA3_384)); @@ -66,8 +66,9 @@ public class PBEPBKDF2 } - // BEGIN Android-removed: Unsupported algorithms - /* + /** + * @hide This class is not part of the Android public SDK API + */ public static class AlgParams extends BaseAlgorithmParameters { @@ -150,8 +151,6 @@ public class PBEPBKDF2 return "PBKDF2 Parameters"; } } - */ - // END Android-removed: Unsupported algorithms /** * @hide This class is not part of the Android public SDK API @@ -280,8 +279,9 @@ public class PBEPBKDF2 } } - // BEGIN Android-removed: Unsupported algorithms - /* + /** + * @hide This class is not part of the Android public SDK API + */ public static class PBKDF2withUTF8 extends BasePBKDF2 { @@ -291,6 +291,8 @@ public class PBEPBKDF2 } } + // BEGIN Android-removed: Unsupported algorithms + /* public static class PBKDF2withSHA224 extends BasePBKDF2 { @@ -687,6 +689,9 @@ public class PBEPBKDF2 provider.addAlgorithm("SecretKeyFactory.PBEWithHmacSHA512AndAES_256", PREFIX + "$PBEWithHmacSHA512AndAES_256"); provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT"); // END Android-added: Android versions of algorithms. + // Android-added: Private implementations needed to support PBKDF2 with PKCS#12 + provider.addPrivateAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8"); + provider.addPrivateAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.12", "PBKDF2"); } } } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/util/BCJcaJceHelper.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/util/BCJcaJceHelper.java index 15130f26..507d225c 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/util/BCJcaJceHelper.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/util/BCJcaJceHelper.java @@ -1,9 +1,14 @@ /* GENERATED SOURCE. DO NOT MODIFY. */ package com.android.internal.org.bouncycastle.jcajce.util; +import java.security.NoSuchAlgorithmException; import java.security.Provider; import java.security.Security; +import javax.crypto.Cipher; +import javax.crypto.Mac; +import javax.crypto.NoSuchPaddingException; +import javax.crypto.SecretKeyFactory; import com.android.internal.org.bouncycastle.jce.provider.BouncyCastleProvider; /** @@ -40,4 +45,61 @@ public class BCJcaJceHelper { super(getBouncyCastleProvider()); } + + // BEGIN Android-added: Look up algorithms in private provider if not found in main Provider. + // + // If code is using a BCJcajceHelper to ensure it gets its implementation from BC, then + // also search in the privately provided algorithms if not found in the main set. + // + // If any error occurs while searching the private Provider, typically a + // NoSuchAlgorithmException being thrown, then the original NoSuchAlgorithmException + // from the BC Provider is thrown for consistency. + @Override + public Cipher createCipher(String algorithm) + throws NoSuchAlgorithmException, NoSuchPaddingException { + try { + return super.createCipher(algorithm); + } catch (NoSuchAlgorithmException originalException) { + try { + return Cipher.getInstance(algorithm, getPrivateProvider()); + } catch (Throwable throwable) { + throw originalException; + } + } + } + + @Override + public SecretKeyFactory createSecretKeyFactory(String algorithm) + throws NoSuchAlgorithmException { + try { + return super.createSecretKeyFactory(algorithm); + } catch (NoSuchAlgorithmException originalException) { + try { + return SecretKeyFactory.getInstance(algorithm, getPrivateProvider()); + } catch (Throwable throwable) { + throw originalException; + } + } + } + + @Override + public Mac createMac(String algorithm) throws NoSuchAlgorithmException { + try { + return super.createMac(algorithm); + } catch (NoSuchAlgorithmException originalException) { + try { + return Mac.getInstance(algorithm, getPrivateProvider()); + } catch (Throwable throwable) { + throw originalException; + } + } + } + + private Provider getPrivateProvider() { + if (provider instanceof BouncyCastleProvider) { + return ((BouncyCastleProvider) provider).getPrivateProvider(); + } + throw new IllegalStateException("Internal error in BCJcaJceHelper"); + } + // END Android-added: Look up algorithms in private provider if not found in main Provider. } diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jce/provider/BouncyCastleProvider.java index 2f3f1ea2..2689da81 100644 --- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jce/provider/BouncyCastleProvider.java +++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jce/provider/BouncyCastleProvider.java @@ -428,4 +428,37 @@ public final class BouncyCastleProvider extends Provider return converter.generatePrivate(privateKeyInfo); */ } + + // BEGIN Android-added: Allow algorithms to be provided privately for BC internals. + // + // Algorithms added via these methods are stored in a private instance of PrivateProvider, + // which is never added to the system-wide list of installed Providers, and is only + // ever searched by BC internal classes which search for algorithms using an instance + // of BCJcajceHelper. + private static final class PrivateProvider extends Provider { + public PrivateProvider() { + super("BCPrivate", 1.0, "Android BC private use only"); + } + } + + private final Provider privateProvider = new PrivateProvider(); + + public void addPrivateAlgorithm(String key, String value) + { + if (privateProvider.containsKey(key)) + { + throw new IllegalStateException("duplicate provider key (" + key + ") found"); + } + privateProvider.put(key, value); + } + + public void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className) + { + addPrivateAlgorithm(type + "." + oid, className); + } + + public Provider getPrivateProvider() { + return privateProvider; + } + // END Android-added: Allow algorithms to be provided privately for BC internals. } |