14812563f68c87278af68309662433279d10f573eAlex Klyubin/* 24812563f68c87278af68309662433279d10f573eAlex Klyubin * Copyright (C) 2015 The Android Open Source Project 34812563f68c87278af68309662433279d10f573eAlex Klyubin * 44812563f68c87278af68309662433279d10f573eAlex Klyubin * Licensed under the Apache License, Version 2.0 (the "License"); 54812563f68c87278af68309662433279d10f573eAlex Klyubin * you may not use this file except in compliance with the License. 64812563f68c87278af68309662433279d10f573eAlex Klyubin * You may obtain a copy of the License at 74812563f68c87278af68309662433279d10f573eAlex Klyubin * 84812563f68c87278af68309662433279d10f573eAlex Klyubin * http://www.apache.org/licenses/LICENSE-2.0 94812563f68c87278af68309662433279d10f573eAlex Klyubin * 104812563f68c87278af68309662433279d10f573eAlex Klyubin * Unless required by applicable law or agreed to in writing, software 114812563f68c87278af68309662433279d10f573eAlex Klyubin * distributed under the License is distributed on an "AS IS" BASIS, 124812563f68c87278af68309662433279d10f573eAlex Klyubin * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 134812563f68c87278af68309662433279d10f573eAlex Klyubin * See the License for the specific language governing permissions and 144812563f68c87278af68309662433279d10f573eAlex Klyubin * limitations under the License. 154812563f68c87278af68309662433279d10f573eAlex Klyubin */ 164812563f68c87278af68309662433279d10f573eAlex Klyubin 17dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubinpackage android.security.keystore; 184812563f68c87278af68309662433279d10f573eAlex Klyubin 194812563f68c87278af68309662433279d10f573eAlex Klyubinimport java.security.Provider; 204812563f68c87278af68309662433279d10f573eAlex Klyubin 214812563f68c87278af68309662433279d10f573eAlex Klyubin/** 224812563f68c87278af68309662433279d10f573eAlex Klyubin * {@link Provider} of JCA crypto operations operating on Android KeyStore keys. 234812563f68c87278af68309662433279d10f573eAlex Klyubin * 244812563f68c87278af68309662433279d10f573eAlex Klyubin * <p>This provider was separated out of {@link AndroidKeyStoreProvider} to work around the issue 254812563f68c87278af68309662433279d10f573eAlex Klyubin * that Bouncy Castle provider incorrectly declares that it accepts arbitrary keys (incl. Android 264812563f68c87278af68309662433279d10f573eAlex Klyubin * KeyStore ones). This causes JCA to select the Bouncy Castle's implementation of JCA crypto 274812563f68c87278af68309662433279d10f573eAlex Klyubin * operations for Android KeyStore keys unless Android KeyStore's own implementations are installed 284812563f68c87278af68309662433279d10f573eAlex Klyubin * as higher-priority than Bouncy Castle ones. The purpose of this provider is to do just that: to 294812563f68c87278af68309662433279d10f573eAlex Klyubin * offer crypto operations operating on Android KeyStore keys and to be installed at higher priority 304812563f68c87278af68309662433279d10f573eAlex Klyubin * than the Bouncy Castle provider. 314812563f68c87278af68309662433279d10f573eAlex Klyubin * 324812563f68c87278af68309662433279d10f573eAlex Klyubin * <p>Once Bouncy Castle provider is fixed, this provider can be merged into the 334812563f68c87278af68309662433279d10f573eAlex Klyubin * {@code AndroidKeyStoreProvider}. 344812563f68c87278af68309662433279d10f573eAlex Klyubin * 354812563f68c87278af68309662433279d10f573eAlex Klyubin * @hide 364812563f68c87278af68309662433279d10f573eAlex Klyubin */ 374812563f68c87278af68309662433279d10f573eAlex Klyubinclass AndroidKeyStoreBCWorkaroundProvider extends Provider { 384812563f68c87278af68309662433279d10f573eAlex Klyubin 394812563f68c87278af68309662433279d10f573eAlex Klyubin // IMPLEMENTATION NOTE: Class names are hard-coded in this provider to avoid loading these 404812563f68c87278af68309662433279d10f573eAlex Klyubin // classes when this provider is instantiated and installed early on during each app's 414812563f68c87278af68309662433279d10f573eAlex Klyubin // initialization process. 424812563f68c87278af68309662433279d10f573eAlex Klyubin 43dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin private static final String PACKAGE_NAME = "android.security.keystore"; 444812563f68c87278af68309662433279d10f573eAlex Klyubin private static final String KEYSTORE_SECRET_KEY_CLASS_NAME = 45dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin PACKAGE_NAME + ".AndroidKeyStoreSecretKey"; 464f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin private static final String KEYSTORE_PRIVATE_KEY_CLASS_NAME = 474f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin PACKAGE_NAME + ".AndroidKeyStorePrivateKey"; 484f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin private static final String KEYSTORE_PUBLIC_KEY_CLASS_NAME = 494f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin PACKAGE_NAME + ".AndroidKeyStorePublicKey"; 504812563f68c87278af68309662433279d10f573eAlex Klyubin 514812563f68c87278af68309662433279d10f573eAlex Klyubin AndroidKeyStoreBCWorkaroundProvider() { 524812563f68c87278af68309662433279d10f573eAlex Klyubin super("AndroidKeyStoreBCWorkaround", 534812563f68c87278af68309662433279d10f573eAlex Klyubin 1.0, 544812563f68c87278af68309662433279d10f573eAlex Klyubin "Android KeyStore security provider to work around Bouncy Castle"); 554812563f68c87278af68309662433279d10f573eAlex Klyubin 564f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin // --------------------- javax.crypto.Mac 57dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin putMacImpl("HmacSHA1", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA1"); 58a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1"); 59a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.HMAC-SHA1", "HmacSHA1"); 60a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.HMAC/SHA1", "HmacSHA1"); 61a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin 62dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin putMacImpl("HmacSHA224", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA224"); 63a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA224"); 64a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.HMAC-SHA224", "HmacSHA224"); 65a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.HMAC/SHA224", "HmacSHA224"); 66a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin 67dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin putMacImpl("HmacSHA256", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA256"); 68a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); 69a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.HMAC-SHA256", "HmacSHA256"); 70a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.HMAC/SHA256", "HmacSHA256"); 71a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin 72dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin putMacImpl("HmacSHA384", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA384"); 73a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); 74a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.HMAC-SHA384", "HmacSHA384"); 75a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.HMAC/SHA384", "HmacSHA384"); 76a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin 77dcdaf87ed0aa99073638bcfe645949f130f0c7adAlex Klyubin putMacImpl("HmacSHA512", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA512"); 78a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); 79a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.HMAC-SHA512", "HmacSHA512"); 80a8c837f11a53b094228b8faf8da0b09d80b6b1efAlex Klyubin put("Alg.Alias.Mac.HMAC/SHA512", "HmacSHA512"); 814812563f68c87278af68309662433279d10f573eAlex Klyubin 824f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin // --------------------- javax.crypto.Cipher 834812563f68c87278af68309662433279d10f573eAlex Klyubin putSymmetricCipherImpl("AES/ECB/NoPadding", 847cbcfd4fc1e538bd391a20cdd00dd1494ace2d0eAlex Klyubin PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$ECB$NoPadding"); 854812563f68c87278af68309662433279d10f573eAlex Klyubin putSymmetricCipherImpl("AES/ECB/PKCS7Padding", 867cbcfd4fc1e538bd391a20cdd00dd1494ace2d0eAlex Klyubin PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$ECB$PKCS7Padding"); 874812563f68c87278af68309662433279d10f573eAlex Klyubin 884812563f68c87278af68309662433279d10f573eAlex Klyubin putSymmetricCipherImpl("AES/CBC/NoPadding", 897cbcfd4fc1e538bd391a20cdd00dd1494ace2d0eAlex Klyubin PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$CBC$NoPadding"); 904812563f68c87278af68309662433279d10f573eAlex Klyubin putSymmetricCipherImpl("AES/CBC/PKCS7Padding", 917cbcfd4fc1e538bd391a20cdd00dd1494ace2d0eAlex Klyubin PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$CBC$PKCS7Padding"); 924812563f68c87278af68309662433279d10f573eAlex Klyubin 934812563f68c87278af68309662433279d10f573eAlex Klyubin putSymmetricCipherImpl("AES/CTR/NoPadding", 947cbcfd4fc1e538bd391a20cdd00dd1494ace2d0eAlex Klyubin PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$CTR$NoPadding"); 954f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin 9600af27b7d9010eb41e45959dab7c4ff6de119897Alex Klyubin putSymmetricCipherImpl("AES/GCM/NoPadding", 9700af27b7d9010eb41e45959dab7c4ff6de119897Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreAuthenticatedAESCipherSpi$GCM$NoPadding"); 9800af27b7d9010eb41e45959dab7c4ff6de119897Alex Klyubin 994f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin putAsymmetricCipherImpl("RSA/ECB/NoPadding", 1004f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$NoPadding"); 1014f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin put("Alg.Alias.Cipher.RSA/None/NoPadding", "RSA/ECB/NoPadding"); 1024f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin putAsymmetricCipherImpl("RSA/ECB/PKCS1Padding", 1034f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$PKCS1Padding"); 1044f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin put("Alg.Alias.Cipher.RSA/None/PKCS1Padding", "RSA/ECB/PKCS1Padding"); 1054f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin putAsymmetricCipherImpl("RSA/ECB/OAEPPadding", 1064f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA1AndMGF1Padding"); 1074f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin put("Alg.Alias.Cipher.RSA/None/OAEPPadding", "RSA/ECB/OAEPPadding"); 1084f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin putAsymmetricCipherImpl("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", 1094f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA1AndMGF1Padding"); 1104f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-1AndMGF1Padding", 1114f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin "RSA/ECB/OAEPWithSHA-1AndMGF1Padding"); 1124f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin putAsymmetricCipherImpl("RSA/ECB/OAEPWithSHA-224AndMGF1Padding", 1134f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA224AndMGF1Padding"); 1144f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-224AndMGF1Padding", 1154f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); 1164f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin putAsymmetricCipherImpl("RSA/ECB/OAEPWithSHA-256AndMGF1Padding", 1174f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA256AndMGF1Padding"); 1184f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-256AndMGF1Padding", 1194f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin "RSA/ECB/OAEPWithSHA-256AndMGF1Padding"); 1204f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin putAsymmetricCipherImpl("RSA/ECB/OAEPWithSHA-384AndMGF1Padding", 1214f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA384AndMGF1Padding"); 1224f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-384AndMGF1Padding", 1234f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin "RSA/ECB/OAEPWithSHA-384AndMGF1Padding"); 1244f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin putAsymmetricCipherImpl("RSA/ECB/OAEPWithSHA-512AndMGF1Padding", 1254f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA512AndMGF1Padding"); 1264f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-512AndMGF1Padding", 1274f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin "RSA/ECB/OAEPWithSHA-512AndMGF1Padding"); 128ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 129ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin // --------------------- java.security.Signature 130ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("NONEwithRSA", 131ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$NONEWithPKCS1Padding"); 132ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 133ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("MD5withRSA", 134ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$MD5WithPKCS1Padding"); 135240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.MD5WithRSAEncryption", "MD5withRSA"); 136240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.MD5/RSA", "MD5withRSA"); 137240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA"); 138240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5withRSA"); 139ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 140ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA1withRSA", 141ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA1WithPKCS1Padding"); 142240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.SHA1WithRSAEncryption", "SHA1withRSA"); 143240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.SHA1/RSA", "SHA1withRSA"); 144240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.SHA-1/RSA", "SHA1withRSA"); 145240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA"); 146240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1withRSA"); 147240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1withRSA"); 148240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA"); 149ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 150ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA224withRSA", 151ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA224WithPKCS1Padding"); 152240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.SHA224WithRSAEncryption", "SHA224withRSA"); 153240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA224withRSA"); 154ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.1", 155240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath "SHA224withRSA"); 156ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.11", 157240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath "SHA224withRSA"); 158ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 159ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA256withRSA", 160ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA256WithPKCS1Padding"); 161240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.SHA256WithRSAEncryption", "SHA256withRSA"); 162240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA"); 163ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.1", 164240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath "SHA256withRSA"); 165ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.11", 166240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath "SHA256withRSA"); 167ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 168ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA384withRSA", 169ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA384WithPKCS1Padding"); 170240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.SHA384WithRSAEncryption", "SHA384withRSA"); 171240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA"); 172ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.113549.1.1.1", 173240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath "SHA384withRSA"); 174ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 175ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA512withRSA", 176ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA512WithPKCS1Padding"); 177240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.SHA512WithRSAEncryption", "SHA512withRSA"); 178240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA"); 179ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.113549.1.1.1", 180240e48d2e1613a4cb2e4d12de6574732c20e91cbNarayan Kamath "SHA512withRSA"); 181ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 182ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA1withRSA/PSS", 183ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA1WithPSSPadding"); 184ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA224withRSA/PSS", 185ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA224WithPSSPadding"); 186ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA256withRSA/PSS", 187ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA256WithPSSPadding"); 188ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA384withRSA/PSS", 189ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA384WithPSSPadding"); 190ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA512withRSA/PSS", 191ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA512WithPSSPadding"); 192ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 193ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("NONEwithECDSA", 194ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$NONE"); 195ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 196f78cae3cb4278ba69d5e2de0f2887836d726b412Kenny Root putSignatureImpl("SHA1withECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA1"); 197f78cae3cb4278ba69d5e2de0f2887836d726b412Kenny Root put("Alg.Alias.Signature.ECDSA", "SHA1withECDSA"); 198f78cae3cb4278ba69d5e2de0f2887836d726b412Kenny Root put("Alg.Alias.Signature.ECDSAwithSHA1", "SHA1withECDSA"); 199ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA1(1) 200f78cae3cb4278ba69d5e2de0f2887836d726b412Kenny Root put("Alg.Alias.Signature.1.2.840.10045.4.1", "SHA1withECDSA"); 201f78cae3cb4278ba69d5e2de0f2887836d726b412Kenny Root put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10045.2.1", "SHA1withECDSA"); 202ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 203ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3) 204ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA224withECDSA", 205ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA224"); 206ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin // ecdsa-with-SHA224(1) 207ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.1.2.840.10045.4.3.1", "SHA224withECDSA"); 208ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.10045.2.1", "SHA224withECDSA"); 209ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 210ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3) 211ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA256withECDSA", 212ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA256"); 213ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin // ecdsa-with-SHA256(2) 214ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.1.2.840.10045.4.3.2", "SHA256withECDSA"); 215ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.10045.2.1", "SHA256withECDSA"); 216ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 217ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA384withECDSA", 218ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA384"); 219ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin // ecdsa-with-SHA384(3) 220ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.1.2.840.10045.4.3.3", "SHA384withECDSA"); 221ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.10045.2.1", "SHA384withECDSA"); 222ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 223ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin putSignatureImpl("SHA512withECDSA", 224ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA512"); 225ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin // ecdsa-with-SHA512(4) 226ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.1.2.840.10045.4.3.4", "SHA512withECDSA"); 227ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.10045.2.1", "SHA512withECDSA"); 2284812563f68c87278af68309662433279d10f573eAlex Klyubin } 2294812563f68c87278af68309662433279d10f573eAlex Klyubin 2304812563f68c87278af68309662433279d10f573eAlex Klyubin private void putMacImpl(String algorithm, String implClass) { 2314812563f68c87278af68309662433279d10f573eAlex Klyubin put("Mac." + algorithm, implClass); 2324812563f68c87278af68309662433279d10f573eAlex Klyubin put("Mac." + algorithm + " SupportedKeyClasses", KEYSTORE_SECRET_KEY_CLASS_NAME); 2334812563f68c87278af68309662433279d10f573eAlex Klyubin } 2344812563f68c87278af68309662433279d10f573eAlex Klyubin 2354812563f68c87278af68309662433279d10f573eAlex Klyubin private void putSymmetricCipherImpl(String transformation, String implClass) { 2364812563f68c87278af68309662433279d10f573eAlex Klyubin put("Cipher." + transformation, implClass); 2374812563f68c87278af68309662433279d10f573eAlex Klyubin put("Cipher." + transformation + " SupportedKeyClasses", KEYSTORE_SECRET_KEY_CLASS_NAME); 2384812563f68c87278af68309662433279d10f573eAlex Klyubin } 2394f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin 2404f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin private void putAsymmetricCipherImpl(String transformation, String implClass) { 2414f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin put("Cipher." + transformation, implClass); 2424f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin put("Cipher." + transformation + " SupportedKeyClasses", 2434f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin KEYSTORE_PRIVATE_KEY_CLASS_NAME + "|" + KEYSTORE_PUBLIC_KEY_CLASS_NAME); 2444f389fd200fee9e055d3f28b20bee3132329a056Alex Klyubin } 245ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin 246ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin private void putSignatureImpl(String algorithm, String implClass) { 247ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Signature." + algorithm, implClass); 248ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin put("Signature." + algorithm + " SupportedKeyClasses", 249ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin KEYSTORE_PRIVATE_KEY_CLASS_NAME + "|" + KEYSTORE_PUBLIC_KEY_CLASS_NAME); 250ccbe88a505848896e59ef8eb4e8405037ba94e88Alex Klyubin } 2513ceb1a04b44539c2b2c3afec6df487fe128911f2Alex Klyubin 2523ceb1a04b44539c2b2c3afec6df487fe128911f2Alex Klyubin public static String[] getSupportedEcdsaSignatureDigests() { 2533ceb1a04b44539c2b2c3afec6df487fe128911f2Alex Klyubin return new String[] {"NONE", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"}; 2543ceb1a04b44539c2b2c3afec6df487fe128911f2Alex Klyubin } 2553ceb1a04b44539c2b2c3afec6df487fe128911f2Alex Klyubin 2563ceb1a04b44539c2b2c3afec6df487fe128911f2Alex Klyubin public static String[] getSupportedRsaSignatureWithPkcs1PaddingDigests() { 2573ceb1a04b44539c2b2c3afec6df487fe128911f2Alex Klyubin return new String[] {"NONE", "MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"}; 2583ceb1a04b44539c2b2c3afec6df487fe128911f2Alex Klyubin } 2594812563f68c87278af68309662433279d10f573eAlex Klyubin} 260