AndroidKeyStoreBCWorkaroundProvider.java revision a8c837f11a53b094228b8faf8da0b09d80b6b1ef 
1/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.security.keystore;
18
19import java.security.Provider;
20
21/**
22 * {@link Provider} of JCA crypto operations operating on Android KeyStore keys.
23 *
24 * <p>This provider was separated out of {@link AndroidKeyStoreProvider} to work around the issue
25 * that Bouncy Castle provider incorrectly declares that it accepts arbitrary keys (incl. Android
26 * KeyStore ones). This causes JCA to select the Bouncy Castle's implementation of JCA crypto
27 * operations for Android KeyStore keys unless Android KeyStore's own implementations are installed
28 * as higher-priority than Bouncy Castle ones. The purpose of this provider is to do just that: to
29 * offer crypto operations operating on Android KeyStore keys and to be installed at higher priority
30 * than the Bouncy Castle provider.
31 *
32 * <p>Once Bouncy Castle provider is fixed, this provider can be merged into the
33 * {@code AndroidKeyStoreProvider}.
34 *
35 * @hide
36 */
37class AndroidKeyStoreBCWorkaroundProvider extends Provider {
38
39    // IMPLEMENTATION NOTE: Class names are hard-coded in this provider to avoid loading these
40    // classes when this provider is instantiated and installed early on during each app's
41    // initialization process.
42
43    private static final String PACKAGE_NAME = "android.security.keystore";
44    private static final String KEYSTORE_SECRET_KEY_CLASS_NAME =
45            PACKAGE_NAME + ".AndroidKeyStoreSecretKey";
46
47    AndroidKeyStoreBCWorkaroundProvider() {
48        super("AndroidKeyStoreBCWorkaround",
49                1.0,
50                "Android KeyStore security provider to work around Bouncy Castle");
51
52        // javax.crypto.Mac
53        putMacImpl("HmacSHA1", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA1");
54        put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1");
55        put("Alg.Alias.Mac.HMAC-SHA1", "HmacSHA1");
56        put("Alg.Alias.Mac.HMAC/SHA1", "HmacSHA1");
57
58        putMacImpl("HmacSHA224", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA224");
59        put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA224");
60        put("Alg.Alias.Mac.HMAC-SHA224", "HmacSHA224");
61        put("Alg.Alias.Mac.HMAC/SHA224", "HmacSHA224");
62
63        putMacImpl("HmacSHA256", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA256");
64        put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256");
65        put("Alg.Alias.Mac.HMAC-SHA256", "HmacSHA256");
66        put("Alg.Alias.Mac.HMAC/SHA256", "HmacSHA256");
67
68        putMacImpl("HmacSHA384", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA384");
69        put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384");
70        put("Alg.Alias.Mac.HMAC-SHA384", "HmacSHA384");
71        put("Alg.Alias.Mac.HMAC/SHA384", "HmacSHA384");
72
73        putMacImpl("HmacSHA512", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA512");
74        put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512");
75        put("Alg.Alias.Mac.HMAC-SHA512", "HmacSHA512");
76        put("Alg.Alias.Mac.HMAC/SHA512", "HmacSHA512");
77
78        // javax.crypto.Cipher
79        putSymmetricCipherImpl("AES/ECB/NoPadding",
80                PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$ECB$NoPadding");
81        putSymmetricCipherImpl("AES/ECB/PKCS7Padding",
82                PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$ECB$PKCS7Padding");
83
84        putSymmetricCipherImpl("AES/CBC/NoPadding",
85                PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$CBC$NoPadding");
86        putSymmetricCipherImpl("AES/CBC/PKCS7Padding",
87                PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$CBC$PKCS7Padding");
88
89        putSymmetricCipherImpl("AES/CTR/NoPadding",
90                PACKAGE_NAME + ".AndroidKeyStoreCipherSpi$AES$CTR$NoPadding");
91    }
92
93    private void putMacImpl(String algorithm, String implClass) {
94        put("Mac." + algorithm, implClass);
95        put("Mac." + algorithm + " SupportedKeyClasses", KEYSTORE_SECRET_KEY_CLASS_NAME);
96    }
97
98    private void putSymmetricCipherImpl(String transformation, String implClass) {
99        put("Cipher." + transformation, implClass);
100        put("Cipher." + transformation + " SupportedKeyClasses", KEYSTORE_SECRET_KEY_CLASS_NAME);
101    }
102}
103