Merge "Track change to Conscrypt"
This commit is contained in:
Kenny Root
@@ -17,7 +17,6 @@
|
|||||||
package android.security;
|
package android.security;
|
||||||
|
|
||||||
import com.android.org.bouncycastle.x509.X509V3CertificateGenerator;
|
import com.android.org.bouncycastle.x509.X509V3CertificateGenerator;
|
||||||
|
|
||||||
import com.android.org.conscrypt.NativeCrypto;
|
import com.android.org.conscrypt.NativeCrypto;
|
||||||
import com.android.org.conscrypt.OpenSSLEngine;
|
import com.android.org.conscrypt.OpenSSLEngine;
|
||||||
|
|
||||||
@@ -34,7 +33,6 @@ import java.security.SecureRandom;
|
|||||||
import java.security.cert.CertificateEncodingException;
|
import java.security.cert.CertificateEncodingException;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.security.spec.AlgorithmParameterSpec;
|
import java.security.spec.AlgorithmParameterSpec;
|
||||||
import java.security.spec.DSAParameterSpec;
|
|
||||||
import java.security.spec.InvalidKeySpecException;
|
import java.security.spec.InvalidKeySpecException;
|
||||||
import java.security.spec.RSAKeyGenParameterSpec;
|
import java.security.spec.RSAKeyGenParameterSpec;
|
||||||
import java.security.spec.X509EncodedKeySpec;
|
import java.security.spec.X509EncodedKeySpec;
|
||||||
@@ -156,8 +154,6 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
|
|||||||
private static String getDefaultSignatureAlgorithmForKeyType(String keyType) {
|
private static String getDefaultSignatureAlgorithmForKeyType(String keyType) {
|
||||||
if ("RSA".equalsIgnoreCase(keyType)) {
|
if ("RSA".equalsIgnoreCase(keyType)) {
|
||||||
return "sha256WithRSA";
|
return "sha256WithRSA";
|
||||||
} else if ("DSA".equalsIgnoreCase(keyType)) {
|
|
||||||
return "sha1WithDSA";
|
|
||||||
} else if ("EC".equalsIgnoreCase(keyType)) {
|
} else if ("EC".equalsIgnoreCase(keyType)) {
|
||||||
return "sha256WithECDSA";
|
return "sha256WithECDSA";
|
||||||
} else {
|
} else {
|
||||||
@@ -173,13 +169,6 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi {
|
|||||||
return new byte[][] { rsaSpec.getPublicExponent().toByteArray() };
|
return new byte[][] { rsaSpec.getPublicExponent().toByteArray() };
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case NativeCrypto.EVP_PKEY_DSA:
|
|
||||||
if (spec instanceof DSAParameterSpec) {
|
|
||||||
DSAParameterSpec dsaSpec = (DSAParameterSpec) spec;
|
|
||||||
return new byte[][] { dsaSpec.getG().toByteArray(),
|
|
||||||
dsaSpec.getP().toByteArray(), dsaSpec.getQ().toByteArray() };
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -379,7 +379,7 @@ public final class KeyChain {
|
|||||||
*/
|
*/
|
||||||
public static boolean isKeyAlgorithmSupported(String algorithm) {
|
public static boolean isKeyAlgorithmSupported(String algorithm) {
|
||||||
final String algUpper = algorithm.toUpperCase(Locale.US);
|
final String algUpper = algorithm.toUpperCase(Locale.US);
|
||||||
return "DSA".equals(algUpper) || "EC".equals(algUpper) || "RSA".equals(algUpper);
|
return "EC".equals(algUpper) || "RSA".equals(algUpper);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@@ -26,7 +26,6 @@ import java.security.NoSuchAlgorithmException;
|
|||||||
import java.security.PrivateKey;
|
import java.security.PrivateKey;
|
||||||
import java.security.cert.Certificate;
|
import java.security.cert.Certificate;
|
||||||
import java.security.spec.AlgorithmParameterSpec;
|
import java.security.spec.AlgorithmParameterSpec;
|
||||||
import java.security.spec.DSAParameterSpec;
|
|
||||||
import java.security.spec.RSAKeyGenParameterSpec;
|
import java.security.spec.RSAKeyGenParameterSpec;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
|
||||||
@@ -59,11 +58,6 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
|
|||||||
* These must be kept in sync with system/security/keystore/defaults.h
|
* These must be kept in sync with system/security/keystore/defaults.h
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* DSA */
|
|
||||||
private static final int DSA_DEFAULT_KEY_SIZE = 1024;
|
|
||||||
private static final int DSA_MIN_KEY_SIZE = 512;
|
|
||||||
private static final int DSA_MAX_KEY_SIZE = 8192;
|
|
||||||
|
|
||||||
/* EC */
|
/* EC */
|
||||||
private static final int EC_DEFAULT_KEY_SIZE = 256;
|
private static final int EC_DEFAULT_KEY_SIZE = 256;
|
||||||
private static final int EC_MIN_KEY_SIZE = 192;
|
private static final int EC_MIN_KEY_SIZE = 192;
|
||||||
@@ -165,9 +159,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static int getDefaultKeySizeForType(int keyType) {
|
private static int getDefaultKeySizeForType(int keyType) {
|
||||||
if (keyType == NativeCrypto.EVP_PKEY_DSA) {
|
if (keyType == NativeCrypto.EVP_PKEY_EC) {
|
||||||
return DSA_DEFAULT_KEY_SIZE;
|
|
||||||
} else if (keyType == NativeCrypto.EVP_PKEY_EC) {
|
|
||||||
return EC_DEFAULT_KEY_SIZE;
|
return EC_DEFAULT_KEY_SIZE;
|
||||||
} else if (keyType == NativeCrypto.EVP_PKEY_RSA) {
|
} else if (keyType == NativeCrypto.EVP_PKEY_RSA) {
|
||||||
return RSA_DEFAULT_KEY_SIZE;
|
return RSA_DEFAULT_KEY_SIZE;
|
||||||
@@ -176,12 +168,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static void checkValidKeySize(int keyType, int keySize) {
|
private static void checkValidKeySize(int keyType, int keySize) {
|
||||||
if (keyType == NativeCrypto.EVP_PKEY_DSA) {
|
if (keyType == NativeCrypto.EVP_PKEY_EC) {
|
||||||
if (keySize < DSA_MIN_KEY_SIZE || keySize > DSA_MAX_KEY_SIZE) {
|
|
||||||
throw new IllegalArgumentException("DSA keys must be >= " + DSA_MIN_KEY_SIZE
|
|
||||||
+ " and <= " + DSA_MAX_KEY_SIZE);
|
|
||||||
}
|
|
||||||
} else if (keyType == NativeCrypto.EVP_PKEY_EC) {
|
|
||||||
if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) {
|
if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) {
|
||||||
throw new IllegalArgumentException("EC keys must be >= " + EC_MIN_KEY_SIZE
|
throw new IllegalArgumentException("EC keys must be >= " + EC_MIN_KEY_SIZE
|
||||||
+ " and <= " + EC_MAX_KEY_SIZE);
|
+ " and <= " + EC_MAX_KEY_SIZE);
|
||||||
@@ -198,11 +185,7 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec {
|
|||||||
|
|
||||||
private static void checkCorrectParametersSpec(int keyType, int keySize,
|
private static void checkCorrectParametersSpec(int keyType, int keySize,
|
||||||
AlgorithmParameterSpec spec) {
|
AlgorithmParameterSpec spec) {
|
||||||
if (keyType == NativeCrypto.EVP_PKEY_DSA && spec != null) {
|
if (keyType == NativeCrypto.EVP_PKEY_RSA && spec != null) {
|
||||||
if (!(spec instanceof DSAParameterSpec)) {
|
|
||||||
throw new IllegalArgumentException("DSA keys must have DSAParameterSpec specified");
|
|
||||||
}
|
|
||||||
} else if (keyType == NativeCrypto.EVP_PKEY_RSA && spec != null) {
|
|
||||||
if (spec instanceof RSAKeyGenParameterSpec) {
|
if (spec instanceof RSAKeyGenParameterSpec) {
|
||||||
RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) spec;
|
RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) spec;
|
||||||
if (keySize != -1 && keySize != rsaSpec.getKeysize()) {
|
if (keySize != -1 && keySize != rsaSpec.getKeysize()) {
|
||||||
|
|||||||
@@ -71,8 +71,6 @@ public class KeyStore {
|
|||||||
static int getKeyTypeForAlgorithm(String keyType) throws IllegalArgumentException {
|
static int getKeyTypeForAlgorithm(String keyType) throws IllegalArgumentException {
|
||||||
if ("RSA".equalsIgnoreCase(keyType)) {
|
if ("RSA".equalsIgnoreCase(keyType)) {
|
||||||
return NativeCrypto.EVP_PKEY_RSA;
|
return NativeCrypto.EVP_PKEY_RSA;
|
||||||
} else if ("DSA".equalsIgnoreCase(keyType)) {
|
|
||||||
return NativeCrypto.EVP_PKEY_DSA;
|
|
||||||
} else if ("EC".equalsIgnoreCase(keyType)) {
|
} else if ("EC".equalsIgnoreCase(keyType)) {
|
||||||
return NativeCrypto.EVP_PKEY_EC;
|
return NativeCrypto.EVP_PKEY_EC;
|
||||||
} else {
|
} else {
|
||||||
|
|||||||
Reference in New Issue
Block a user