AndroidKeyStoreBCWorkaroundProvider.java revision a8c837f11a53b094228b8faf8da0b09d80b6b1ef
1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package android.security.keystore; 18 19import java.security.Provider; 20 21/** 22 * {@link Provider} of JCA crypto operations operating on Android KeyStore keys. 23 * 24 * <p>This provider was separated out of {@link AndroidKeyStoreProvider} to work around the issue 25 * that Bouncy Castle provider incorrectly declares that it accepts arbitrary keys (incl. Android 26 * KeyStore ones). This causes JCA to select the Bouncy Castle's implementation of JCA crypto 27 * operations for Android KeyStore keys unless Android KeyStore's own implementations are installed 28 * as higher-priority than Bouncy Castle ones. The purpose of this provider is to do just that: to 29 * offer crypto operations operating on Android KeyStore keys and to be installed at higher priority 30 * than the Bouncy Castle provider. 31 * 32 * <p>Once Bouncy Castle provider is fixed, this provider can be merged into the 33 * {@code AndroidKeyStoreProvider}. 34 * 35 * @hide 36 */ 37class AndroidKeyStoreBCWorkaroundProvider extends Provider { 38 39 // IMPLEMENTATION NOTE: Class names are hard-coded in this provider to avoid loading these 40 // classes when this provider is instantiated and installed early on during each app's 41 // initialization process. 42 43 private static final String PACKAGE_NAME = "android.security.keystore"; 44 private static final String KEYSTORE_SECRET_KEY_CLASS_NAME = 45 PACKAGE_NAME + ".AndroidKeyStoreSecretKey"; 46 47 AndroidKeyStoreBCWorkaroundProvider() { 48 super("AndroidKeyStoreBCWorkaround", 49 1.0, 50 "Android KeyStore security provider to work around Bouncy Castle"); 51 52 // javax.crypto.Mac 53 putMacImpl("HmacSHA1", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA1"); 54 put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1"); 55 put("Alg.Alias.Mac.HMAC-SHA1", "HmacSHA1"); 56 put("Alg.Alias.Mac.HMAC/SHA1", "HmacSHA1"); 57 58 putMacImpl("HmacSHA224", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA224"); 59 put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA224"); 60 put("Alg.Alias.Mac.HMAC-SHA224", "HmacSHA224"); 61 put("Alg.Alias.Mac.HMAC/SHA224", "HmacSHA224"); 62 63 putMacImpl("HmacSHA256", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA256"); 64 put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256"); 65 put("Alg.Alias.Mac.HMAC-SHA256", "HmacSHA256"); 66 put("Alg.Alias.Mac.HMAC/SHA256", "HmacSHA256"); 67 68 putMacImpl("HmacSHA384", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA384"); 69 put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384"); 70 put("Alg.Alias.Mac.HMAC-SHA384", "HmacSHA384"); 71 put("Alg.Alias.Mac.HMAC/SHA384", "HmacSHA384"); 72 73 putMacImpl("HmacSHA512", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA512"); 74 put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512"); 75 put("Alg.Alias.Mac.HMAC-SHA512", "HmacSHA512"); 76 put("Alg.Alias.Mac.HMAC/SHA512", "HmacSHA512"); 77 78 // javax.crypto.Cipher 79 putSymmetricCipherImpl("AES/ECB/NoPadding", 80 PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$ECB$NoPadding"); 81 putSymmetricCipherImpl("AES/ECB/PKCS7Padding", 82 PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$ECB$PKCS7Padding"); 83 84 putSymmetricCipherImpl("AES/CBC/NoPadding", 85 PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$CBC$NoPadding"); 86 putSymmetricCipherImpl("AES/CBC/PKCS7Padding", 87 PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$CBC$PKCS7Padding"); 88 89 putSymmetricCipherImpl("AES/CTR/NoPadding", 90 PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$CTR$NoPadding"); 91 } 92 93 private void putMacImpl(String algorithm, String implClass) { 94 put("Mac." + algorithm, implClass); 95 put("Mac." + algorithm + " SupportedKeyClasses", KEYSTORE_SECRET_KEY_CLASS_NAME); 96 } 97 98 private void putSymmetricCipherImpl(String transformation, String implClass) { 99 put("Cipher." + transformation, implClass); 100 put("Cipher." + transformation + " SupportedKeyClasses", KEYSTORE_SECRET_KEY_CLASS_NAME); 101 } 102} 103