summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>2023-03-07 14:51:40 +0000
committerAndroid Build Coastguard Worker <android-build-coastguard-worker@google.com>2023-03-07 14:51:40 +0000
commit24b69997203799589c096963603c4cea4542a719 (patch)
tree760f1ccfff9ec58be7317d596eea99081295515d
parentebf4ec42351dc857116a592ad3518d7e067a2f7c (diff)
parentfa2d812a9f0b47572a5efcd81306195f142e995e (diff)
downloadbouncycastle-android13-mainline-sdkext-release.tar.gz
Snap for 9701827 from fa2d812a9f0b47572a5efcd81306195f142e995e to mainline-sdkext-releaseaml_sdk_331812000aml_sdk_331811000android13-mainline-sdkext-release
Change-Id: I2581d7a875607ec729f31e3f5d8bed5de8c8caea
Diffstat
-rw-r--r--Android.bp28
-rw-r--r--OWNERS7
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java7
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java2
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java2
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java2
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java2
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java17
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java5
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java17
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java62
-rw-r--r--bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java33
-rw-r--r--repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java7
-rw-r--r--repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA224.java2
-rw-r--r--repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA256.java2
-rw-r--r--repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA384.java2
-rw-r--r--repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA512.java2
-rw-r--r--repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java17
-rw-r--r--repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/AES.java5
-rw-r--r--repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java23
-rw-r--r--repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/util/BCJcaJceHelper.java62
-rw-r--r--repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java33
-rw-r--r--repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java7
-rw-r--r--repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA224.java2
-rw-r--r--repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA256.java2
-rw-r--r--repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA384.java2
-rw-r--r--repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA512.java2
-rw-r--r--repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java17
-rw-r--r--repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/AES.java5
-rw-r--r--repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java23
-rw-r--r--repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/util/BCJcaJceHelper.java62
-rw-r--r--repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jce/provider/BouncyCastleProvider.java33
32 files changed, 454 insertions, 40 deletions
diff --git a/Android.bp b/Android.bp
index e5fb32f6..bdb67e02 100644
--- a/Android.bp
+++ b/Android.bp
@@ -280,3 +280,31 @@ java_library {
],
sdk_version: "core_current",
}
+
+// Bouncycastle for use by packages/modules/Uwb project.
+//
+//Excludes directories not needed.
+java_library {
+ name: "bouncycastle-uwb",
+ visibility: [
+ "//packages/modules/Uwb/service",
+ ],
+ apex_available: [
+ "com.android.uwb",
+ ],
+ srcs: [
+ "bcprov/src/main/java/org/bouncycastle/**/*.java",
+ "bcpkix/src/main/java/org/bouncycastle/cert/**/*.java",
+ "bcpkix/src/main/java/org/bouncycastle/cms/**/*.java",
+ "bcpkix/src/main/java/org/bouncycastle/operator/**/*.java",
+ ],
+
+ exclude_srcs: [
+ "bcprov/src/main/java/org/bouncycastle/iana/**/*.java",
+ "bcprov/src/main/java/org/bouncycastle/its/**/*.java",
+ ],
+ sdk_version: "core_current",
+ lint: {
+ warning_checks: ["SuspiciousIndentation"],
+ },
+}
diff --git a/OWNERS b/OWNERS
index 73617ea1..c3b459cc 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,2 +1,7 @@
# Bug component: 684135
-include platform/libcore:/OWNERS
+prb@google.com
+
+mast@google.com
+miguelaranda@google.com
+rpl@google.com
+sorinbasca@google.com
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
index 9818f864..831b497e 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
@@ -54,4 +54,11 @@ public interface ConfigurableProvider
AsymmetricKeyInfoConverter getKeyInfoConverter(ASN1ObjectIdentifier oid);
void addAttributes(String key, Map<String, String> attributeMap);
+
+ // BEGIN Android-added: Allow algorithms to be added privately.
+ // See BouncyCastleProvider for details.
+ void addPrivateAlgorithm(String key, String value);
+
+ void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className);
+ // END Android-added: Allow algorithms to be added privately.
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java
index 5c6b699d..dd25b0c4 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA224.java
@@ -76,6 +76,8 @@ public class SHA224
addHMACAlias(provider, "SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224);
*/
// END Android-removed: Unsupported algorithms
+ // Android-added: Private implementation needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha224, PREFIX + "$HashMac");
}
}
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java
index 48f99b4d..ae4c82fd 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA256.java
@@ -101,6 +101,8 @@ public class SHA256
addHMACAlias(provider, "SHA256", NISTObjectIdentifiers.id_sha256);
*/
// END Android-removed: Unsupported algorithms
+ // Android-added: Private implementation needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha256, PREFIX + "$HashMac");
}
}
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java
index 8f083748..b5f269ee 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA384.java
@@ -95,6 +95,8 @@ public class SHA384
addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384);
*/
// END Android-removed: Unsupported algorithms
+ // Android-added: Private implementation needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha384, PREFIX + "$HashMac");
}
}
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java
index e227620e..335d0d60 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/digest/SHA512.java
@@ -193,6 +193,8 @@ public class SHA512
addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256");
*/
// END Android-removed: Unsupported algorithms
+ // Android-added: Private implementation needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha512, PREFIX + "$HashMac");
}
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
index 4c3e480d..263c63d2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
@@ -116,9 +116,12 @@ public class PKCS12KeyStoreSpi
{
static final String PKCS12_MAX_IT_COUNT_PROPERTY = "org.bouncycastle.pkcs12.max_it_count";
- // Android-changed: Use default provider for JCA algorithms instead of BC
+ // Android-changed: Use default provider for most JCA algorithms instead of BC.
+ // For the case where we need BC implementations, the BCJcaJceHelper will also search
+ // the list of private implementations help by BouncyCastleProvider.
// Was: private final JcaJceHelper helper = new BCJcaJceHelper();
private final JcaJceHelper helper = new DefaultJcaJceHelper();
+ private final JcaJceHelper selfHelper = new BCJcaJceHelper();
private static final int SALT_SIZE = 20;
private static final int MIN_ITERATIONS = 50 * 1024;
@@ -727,7 +730,9 @@ public class PKCS12KeyStoreSpi
PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
- SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId());
+ // Android-Changed: SecretKeyFactory must be from BC due to instanceof logic.
+ // SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId());
+ SecretKeyFactory keyFact = selfHelper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId());
SecretKey key;
if (func.isDefaultPrf())
@@ -739,7 +744,9 @@ public class PKCS12KeyStoreSpi
key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), validateIterationCount(func.getIterationCount()), keySizeProvider.getKeySize(encScheme), func.getPrf()));
}
- Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId());
+ // Android-Changed: Cipher must be from BC due to use of internal PKCS12Key tyoe.
+ // Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId());
+ Cipher cipher = selfHelper.createCipher(alg.getEncryptionScheme().getAlgorithm().getId());
ASN1Encodable encParams = alg.getEncryptionScheme().getParameters();
if (encParams instanceof ASN1OctetString)
@@ -1781,7 +1788,9 @@ public class PKCS12KeyStoreSpi
{
PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount);
- Mac mac = helper.createMac(oid.getId());
+ // Android-Changed: Mac must be from BC due to use of internal PKCS12Key tyoe.
+ // Mac mac = helper.createMac(oid.getId());
+ Mac mac = selfHelper.createMac(oid.getId());
mac.init(new PKCS12Key(password, wrongPkcs12Zero), defParams);
mac.update(data);
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
index e7d3ec24..d25ed90c 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/AES.java
@@ -1088,6 +1088,11 @@ public final class AES
// addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128");
// addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen");
// END Android-removed: Unsupported algorithms
+
+ // Android-added: Private implementations needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC");
+ provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC");
+ provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC");
}
}
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
index 1af79b80..e384134b 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
@@ -40,14 +40,14 @@ public class PBEPBKDF2
static
{
- // BEGIN Android-removed: Unsupported algorithm
- /*
- prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA1, Integers.valueOf(PBE.SHA1));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA256, Integers.valueOf(PBE.SHA256));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA224, Integers.valueOf(PBE.SHA224));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA384, Integers.valueOf(PBE.SHA384));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA512, Integers.valueOf(PBE.SHA512));
+ // BEGIN Android-removed: Unsupported algorithms
+ /*
+ prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411));
prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_256, Integers.valueOf(PBE.SHA3_256));
prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_224, Integers.valueOf(PBE.SHA3_224));
prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_384, Integers.valueOf(PBE.SHA3_384));
@@ -62,8 +62,6 @@ public class PBEPBKDF2
}
- // BEGIN Android-removed: Unsupported algorithms
- /*
public static class AlgParams
extends BaseAlgorithmParameters
{
@@ -146,8 +144,6 @@ public class PBEPBKDF2
return "PBKDF2 Parameters";
}
}
- */
- // END Android-removed: Unsupported algorithms
public static class BasePBKDF2
extends BaseSecretKeyFactory
@@ -273,8 +269,6 @@ public class PBEPBKDF2
}
}
- // BEGIN Android-removed: Unsupported algorithms
- /*
public static class PBKDF2withUTF8
extends BasePBKDF2
{
@@ -284,6 +278,8 @@ public class PBEPBKDF2
}
}
+ // BEGIN Android-removed: Unsupported algorithms
+ /*
public static class PBKDF2withSHA224
extends BasePBKDF2
{
@@ -614,6 +610,9 @@ public class PBEPBKDF2
provider.addAlgorithm("SecretKeyFactory.PBEWithHmacSHA512AndAES_256", PREFIX + "$PBEWithHmacSHA512AndAES_256");
provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT");
// END Android-added: Android versions of algorithms.
+ // Android-added: Private implementations needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8");
+ provider.addPrivateAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.12", "PBKDF2");
}
}
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java b/bcprov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java
index 6c384585..13205ec2 100644
--- a/bcprov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java
+++ b/bcprov/src/main/java/org/bouncycastle/jcajce/util/BCJcaJceHelper.java
@@ -1,8 +1,13 @@
package org.bouncycastle.jcajce.util;
+import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
+import javax.crypto.Cipher;
+import javax.crypto.Mac;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKeyFactory;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
/**
@@ -38,4 +43,61 @@ public class BCJcaJceHelper
{
super(getBouncyCastleProvider());
}
+
+ // BEGIN Android-added: Look up algorithms in private provider if not found in main Provider.
+ //
+ // If code is using a BCJcajceHelper to ensure it gets its implementation from BC, then
+ // also search in the privately provided algorithms if not found in the main set.
+ //
+ // If any error occurs while searching the private Provider, typically a
+ // NoSuchAlgorithmException being thrown, then the original NoSuchAlgorithmException
+ // from the BC Provider is thrown for consistency.
+ @Override
+ public Cipher createCipher(String algorithm)
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ try {
+ return super.createCipher(algorithm);
+ } catch (NoSuchAlgorithmException originalException) {
+ try {
+ return Cipher.getInstance(algorithm, getPrivateProvider());
+ } catch (Throwable throwable) {
+ throw originalException;
+ }
+ }
+ }
+
+ @Override
+ public SecretKeyFactory createSecretKeyFactory(String algorithm)
+ throws NoSuchAlgorithmException {
+ try {
+ return super.createSecretKeyFactory(algorithm);
+ } catch (NoSuchAlgorithmException originalException) {
+ try {
+ return SecretKeyFactory.getInstance(algorithm, getPrivateProvider());
+ } catch (Throwable throwable) {
+ throw originalException;
+ }
+ }
+ }
+
+ @Override
+ public Mac createMac(String algorithm) throws NoSuchAlgorithmException {
+ try {
+ return super.createMac(algorithm);
+ } catch (NoSuchAlgorithmException originalException) {
+ try {
+ return Mac.getInstance(algorithm, getPrivateProvider());
+ } catch (Throwable throwable) {
+ throw originalException;
+ }
+ }
+ }
+
+ private Provider getPrivateProvider() {
+ if (provider instanceof BouncyCastleProvider) {
+ return ((BouncyCastleProvider) provider).getPrivateProvider();
+ }
+ throw new IllegalStateException("Internal error in BCJcaJceHelper");
+ }
+ // END Android-added: Look up algorithms in private provider if not found in main Provider.
}
diff --git a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
index bb12aecf..7f9285b1 100644
--- a/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/bcprov/src/main/java/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -426,4 +426,37 @@ public final class BouncyCastleProvider extends Provider
return converter.generatePrivate(privateKeyInfo);
*/
}
+
+ // BEGIN Android-added: Allow algorithms to be provided privately for BC internals.
+ //
+ // Algorithms added via these methods are stored in a private instance of PrivateProvider,
+ // which is never added to the system-wide list of installed Providers, and is only
+ // ever searched by BC internal classes which search for algorithms using an instance
+ // of BCJcajceHelper.
+ private static final class PrivateProvider extends Provider {
+ public PrivateProvider() {
+ super("BCPrivate", 1.0, "Android BC private use only");
+ }
+ }
+
+ private final Provider privateProvider = new PrivateProvider();
+
+ public void addPrivateAlgorithm(String key, String value)
+ {
+ if (privateProvider.containsKey(key))
+ {
+ throw new IllegalStateException("duplicate provider key (" + key + ") found");
+ }
+ privateProvider.put(key, value);
+ }
+
+ public void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className)
+ {
+ addPrivateAlgorithm(type + "." + oid, className);
+ }
+
+ public Provider getPrivateProvider() {
+ return privateProvider;
+ }
+ // END Android-added: Allow algorithms to be provided privately for BC internals.
}
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
index da69af72..d6dc21ea 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
@@ -56,4 +56,11 @@ public interface ConfigurableProvider
AsymmetricKeyInfoConverter getKeyInfoConverter(ASN1ObjectIdentifier oid);
void addAttributes(String key, Map<String, String> attributeMap);
+
+ // BEGIN Android-added: Allow algorithms to be added privately.
+ // See BouncyCastleProvider for details.
+ void addPrivateAlgorithm(String key, String value);
+
+ void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className);
+ // END Android-added: Allow algorithms to be added privately.
}
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA224.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA224.java
index e9f436a8..ff4fde85 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA224.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA224.java
@@ -92,6 +92,8 @@ public class SHA224
addHMACAlias(provider, "SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224);
*/
// END Android-removed: Unsupported algorithms
+ // Android-added: Private implementation needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha224, PREFIX + "$HashMac");
}
}
}
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA256.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA256.java
index 706d4ab3..a4e8a762 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA256.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA256.java
@@ -115,6 +115,8 @@ public class SHA256
addHMACAlias(provider, "SHA256", NISTObjectIdentifiers.id_sha256);
*/
// END Android-removed: Unsupported algorithms
+ // Android-added: Private implementation needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha256, PREFIX + "$HashMac");
}
}
}
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA384.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA384.java
index b7d97164..7ff261e0 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA384.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA384.java
@@ -109,6 +109,8 @@ public class SHA384
addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384);
*/
// END Android-removed: Unsupported algorithms
+ // Android-added: Private implementation needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha384, PREFIX + "$HashMac");
}
}
}
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA512.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA512.java
index dbd513c7..cdc70186 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA512.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/digest/SHA512.java
@@ -207,6 +207,8 @@ public class SHA512
addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256");
*/
// END Android-removed: Unsupported algorithms
+ // Android-added: Private implementation needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha512, PREFIX + "$HashMac");
}
}
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
index fb5f2fdd..06fbb963 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
@@ -120,9 +120,12 @@ public class PKCS12KeyStoreSpi
{
static final String PKCS12_MAX_IT_COUNT_PROPERTY = "com.android.org.bouncycastle.pkcs12.max_it_count";
- // Android-changed: Use default provider for JCA algorithms instead of BC
+ // Android-changed: Use default provider for most JCA algorithms instead of BC.
+ // For the case where we need BC implementations, the BCJcaJceHelper will also search
+ // the list of private implementations help by BouncyCastleProvider.
// Was: private final JcaJceHelper helper = new BCJcaJceHelper();
private final JcaJceHelper helper = new DefaultJcaJceHelper();
+ private final JcaJceHelper selfHelper = new BCJcaJceHelper();
private static final int SALT_SIZE = 20;
private static final int MIN_ITERATIONS = 50 * 1024;
@@ -731,7 +734,9 @@ public class PKCS12KeyStoreSpi
PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
- SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId());
+ // Android-Changed: SecretKeyFactory must be from BC due to instanceof logic.
+ // SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId());
+ SecretKeyFactory keyFact = selfHelper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId());
SecretKey key;
if (func.isDefaultPrf())
@@ -743,7 +748,9 @@ public class PKCS12KeyStoreSpi
key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), validateIterationCount(func.getIterationCount()), keySizeProvider.getKeySize(encScheme), func.getPrf()));
}
- Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId());
+ // Android-Changed: Cipher must be from BC due to use of internal PKCS12Key tyoe.
+ // Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId());
+ Cipher cipher = selfHelper.createCipher(alg.getEncryptionScheme().getAlgorithm().getId());
ASN1Encodable encParams = alg.getEncryptionScheme().getParameters();
if (encParams instanceof ASN1OctetString)
@@ -1785,7 +1792,9 @@ public class PKCS12KeyStoreSpi
{
PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount);
- Mac mac = helper.createMac(oid.getId());
+ // Android-Changed: Mac must be from BC due to use of internal PKCS12Key tyoe.
+ // Mac mac = helper.createMac(oid.getId());
+ Mac mac = selfHelper.createMac(oid.getId());
mac.init(new PKCS12Key(password, wrongPkcs12Zero), defParams);
mac.update(data);
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/AES.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/AES.java
index 9e2a493d..9684f351 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/AES.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/AES.java
@@ -1146,6 +1146,11 @@ public final class AES
// addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128");
// addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen");
// END Android-removed: Unsupported algorithms
+
+ // Android-added: Private implementations needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC");
+ provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC");
+ provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC");
}
}
}
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
index 2109104c..15880ad9 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
@@ -44,14 +44,14 @@ public class PBEPBKDF2
static
{
- // BEGIN Android-removed: Unsupported algorithm
- /*
- prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA1, Integers.valueOf(PBE.SHA1));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA256, Integers.valueOf(PBE.SHA256));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA224, Integers.valueOf(PBE.SHA224));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA384, Integers.valueOf(PBE.SHA384));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA512, Integers.valueOf(PBE.SHA512));
+ // BEGIN Android-removed: Unsupported algorithms
+ /*
+ prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411));
prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_256, Integers.valueOf(PBE.SHA3_256));
prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_224, Integers.valueOf(PBE.SHA3_224));
prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_384, Integers.valueOf(PBE.SHA3_384));
@@ -66,8 +66,9 @@ public class PBEPBKDF2
}
- // BEGIN Android-removed: Unsupported algorithms
- /*
+ /**
+ * @hide This class is not part of the Android public SDK API
+ */
public static class AlgParams
extends BaseAlgorithmParameters
{
@@ -150,8 +151,6 @@ public class PBEPBKDF2
return "PBKDF2 Parameters";
}
}
- */
- // END Android-removed: Unsupported algorithms
/**
* @hide This class is not part of the Android public SDK API
@@ -280,8 +279,9 @@ public class PBEPBKDF2
}
}
- // BEGIN Android-removed: Unsupported algorithms
- /*
+ /**
+ * @hide This class is not part of the Android public SDK API
+ */
public static class PBKDF2withUTF8
extends BasePBKDF2
{
@@ -291,6 +291,8 @@ public class PBEPBKDF2
}
}
+ // BEGIN Android-removed: Unsupported algorithms
+ /*
public static class PBKDF2withSHA224
extends BasePBKDF2
{
@@ -687,6 +689,9 @@ public class PBEPBKDF2
provider.addAlgorithm("SecretKeyFactory.PBEWithHmacSHA512AndAES_256", PREFIX + "$PBEWithHmacSHA512AndAES_256");
provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT");
// END Android-added: Android versions of algorithms.
+ // Android-added: Private implementations needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8");
+ provider.addPrivateAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.12", "PBKDF2");
}
}
}
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/util/BCJcaJceHelper.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/util/BCJcaJceHelper.java
index 65523d84..69ab946c 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/util/BCJcaJceHelper.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jcajce/util/BCJcaJceHelper.java
@@ -1,9 +1,14 @@
/* GENERATED SOURCE. DO NOT MODIFY. */
package com.android.org.bouncycastle.jcajce.util;
+import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
+import javax.crypto.Cipher;
+import javax.crypto.Mac;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKeyFactory;
import com.android.org.bouncycastle.jce.provider.BouncyCastleProvider;
/**
@@ -40,4 +45,61 @@ public class BCJcaJceHelper
{
super(getBouncyCastleProvider());
}
+
+ // BEGIN Android-added: Look up algorithms in private provider if not found in main Provider.
+ //
+ // If code is using a BCJcajceHelper to ensure it gets its implementation from BC, then
+ // also search in the privately provided algorithms if not found in the main set.
+ //
+ // If any error occurs while searching the private Provider, typically a
+ // NoSuchAlgorithmException being thrown, then the original NoSuchAlgorithmException
+ // from the BC Provider is thrown for consistency.
+ @Override
+ public Cipher createCipher(String algorithm)
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ try {
+ return super.createCipher(algorithm);
+ } catch (NoSuchAlgorithmException originalException) {
+ try {
+ return Cipher.getInstance(algorithm, getPrivateProvider());
+ } catch (Throwable throwable) {
+ throw originalException;
+ }
+ }
+ }
+
+ @Override
+ public SecretKeyFactory createSecretKeyFactory(String algorithm)
+ throws NoSuchAlgorithmException {
+ try {
+ return super.createSecretKeyFactory(algorithm);
+ } catch (NoSuchAlgorithmException originalException) {
+ try {
+ return SecretKeyFactory.getInstance(algorithm, getPrivateProvider());
+ } catch (Throwable throwable) {
+ throw originalException;
+ }
+ }
+ }
+
+ @Override
+ public Mac createMac(String algorithm) throws NoSuchAlgorithmException {
+ try {
+ return super.createMac(algorithm);
+ } catch (NoSuchAlgorithmException originalException) {
+ try {
+ return Mac.getInstance(algorithm, getPrivateProvider());
+ } catch (Throwable throwable) {
+ throw originalException;
+ }
+ }
+ }
+
+ private Provider getPrivateProvider() {
+ if (provider instanceof BouncyCastleProvider) {
+ return ((BouncyCastleProvider) provider).getPrivateProvider();
+ }
+ throw new IllegalStateException("Internal error in BCJcaJceHelper");
+ }
+ // END Android-added: Look up algorithms in private provider if not found in main Provider.
}
diff --git a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java
index 61383ce7..798bb8ed 100644
--- a/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/repackaged/bcprov/src/main/java/com/android/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -429,4 +429,37 @@ public final class BouncyCastleProvider extends Provider
return converter.generatePrivate(privateKeyInfo);
*/
}
+
+ // BEGIN Android-added: Allow algorithms to be provided privately for BC internals.
+ //
+ // Algorithms added via these methods are stored in a private instance of PrivateProvider,
+ // which is never added to the system-wide list of installed Providers, and is only
+ // ever searched by BC internal classes which search for algorithms using an instance
+ // of BCJcajceHelper.
+ private static final class PrivateProvider extends Provider {
+ public PrivateProvider() {
+ super("BCPrivate", 1.0, "Android BC private use only");
+ }
+ }
+
+ private final Provider privateProvider = new PrivateProvider();
+
+ public void addPrivateAlgorithm(String key, String value)
+ {
+ if (privateProvider.containsKey(key))
+ {
+ throw new IllegalStateException("duplicate provider key (" + key + ") found");
+ }
+ privateProvider.put(key, value);
+ }
+
+ public void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className)
+ {
+ addPrivateAlgorithm(type + "." + oid, className);
+ }
+
+ public Provider getPrivateProvider() {
+ return privateProvider;
+ }
+ // END Android-added: Allow algorithms to be provided privately for BC internals.
}
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
index 8f8787f7..cd76b860 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/config/ConfigurableProvider.java
@@ -56,4 +56,11 @@ public interface ConfigurableProvider
AsymmetricKeyInfoConverter getKeyInfoConverter(ASN1ObjectIdentifier oid);
void addAttributes(String key, Map<String, String> attributeMap);
+
+ // BEGIN Android-added: Allow algorithms to be added privately.
+ // See BouncyCastleProvider for details.
+ void addPrivateAlgorithm(String key, String value);
+
+ void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className);
+ // END Android-added: Allow algorithms to be added privately.
}
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA224.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA224.java
index 5b5d9511..bac8e723 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA224.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA224.java
@@ -92,6 +92,8 @@ public class SHA224
addHMACAlias(provider, "SHA224", PKCSObjectIdentifiers.id_hmacWithSHA224);
*/
// END Android-removed: Unsupported algorithms
+ // Android-added: Private implementation needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha224, PREFIX + "$HashMac");
}
}
}
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA256.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA256.java
index 929364f5..a7ab4097 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA256.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA256.java
@@ -115,6 +115,8 @@ public class SHA256
addHMACAlias(provider, "SHA256", NISTObjectIdentifiers.id_sha256);
*/
// END Android-removed: Unsupported algorithms
+ // Android-added: Private implementation needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha256, PREFIX + "$HashMac");
}
}
}
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA384.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA384.java
index 89d14437..5d209512 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA384.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA384.java
@@ -109,6 +109,8 @@ public class SHA384
addHMACAlias(provider, "SHA384", PKCSObjectIdentifiers.id_hmacWithSHA384);
*/
// END Android-removed: Unsupported algorithms
+ // Android-added: Private implementation needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha384, PREFIX + "$HashMac");
}
}
}
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA512.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA512.java
index b726dbf8..243a3064 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA512.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/digest/SHA512.java
@@ -207,6 +207,8 @@ public class SHA512
addHMACAlgorithm(provider, "SHA512/256", PREFIX + "$HashMacT256", PREFIX + "$KeyGeneratorT256");
*/
// END Android-removed: Unsupported algorithms
+ // Android-added: Private implementation needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Mac", NISTObjectIdentifiers.id_sha512, PREFIX + "$HashMac");
}
}
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
index d5897959..745534da 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/keystore/pkcs12/PKCS12KeyStoreSpi.java
@@ -120,9 +120,12 @@ public class PKCS12KeyStoreSpi
{
static final String PKCS12_MAX_IT_COUNT_PROPERTY = "com.android.internal.org.bouncycastle.pkcs12.max_it_count";
- // Android-changed: Use default provider for JCA algorithms instead of BC
+ // Android-changed: Use default provider for most JCA algorithms instead of BC.
+ // For the case where we need BC implementations, the BCJcaJceHelper will also search
+ // the list of private implementations help by BouncyCastleProvider.
// Was: private final JcaJceHelper helper = new BCJcaJceHelper();
private final JcaJceHelper helper = new DefaultJcaJceHelper();
+ private final JcaJceHelper selfHelper = new BCJcaJceHelper();
private static final int SALT_SIZE = 20;
private static final int MIN_ITERATIONS = 50 * 1024;
@@ -731,7 +734,9 @@ public class PKCS12KeyStoreSpi
PBKDF2Params func = PBKDF2Params.getInstance(alg.getKeyDerivationFunc().getParameters());
AlgorithmIdentifier encScheme = AlgorithmIdentifier.getInstance(alg.getEncryptionScheme());
- SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId());
+ // Android-Changed: SecretKeyFactory must be from BC due to instanceof logic.
+ // SecretKeyFactory keyFact = helper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId());
+ SecretKeyFactory keyFact = selfHelper.createSecretKeyFactory(alg.getKeyDerivationFunc().getAlgorithm().getId());
SecretKey key;
if (func.isDefaultPrf())
@@ -743,7 +748,9 @@ public class PKCS12KeyStoreSpi
key = keyFact.generateSecret(new PBKDF2KeySpec(password, func.getSalt(), validateIterationCount(func.getIterationCount()), keySizeProvider.getKeySize(encScheme), func.getPrf()));
}
- Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId());
+ // Android-Changed: Cipher must be from BC due to use of internal PKCS12Key tyoe.
+ // Cipher cipher = Cipher.getInstance(alg.getEncryptionScheme().getAlgorithm().getId());
+ Cipher cipher = selfHelper.createCipher(alg.getEncryptionScheme().getAlgorithm().getId());
ASN1Encodable encParams = alg.getEncryptionScheme().getParameters();
if (encParams instanceof ASN1OctetString)
@@ -1785,7 +1792,9 @@ public class PKCS12KeyStoreSpi
{
PBEParameterSpec defParams = new PBEParameterSpec(salt, itCount);
- Mac mac = helper.createMac(oid.getId());
+ // Android-Changed: Mac must be from BC due to use of internal PKCS12Key tyoe.
+ // Mac mac = helper.createMac(oid.getId());
+ Mac mac = selfHelper.createMac(oid.getId());
mac.init(new PKCS12Key(password, wrongPkcs12Zero), defParams);
mac.update(data);
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/AES.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/AES.java
index 55510fd2..056faae1 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/AES.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/AES.java
@@ -1146,6 +1146,11 @@ public final class AES
// addGMacAlgorithm(provider, "AES", PREFIX + "$AESGMAC", PREFIX + "$KeyGen128");
// addPoly1305Algorithm(provider, "AES", PREFIX + "$Poly1305", PREFIX + "$Poly1305KeyGen");
// END Android-removed: Unsupported algorithms
+
+ // Android-added: Private implementations needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes128_CBC, PREFIX + "$CBC");
+ provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes192_CBC, PREFIX + "$CBC");
+ provider.addPrivateAlgorithm("Cipher", NISTObjectIdentifiers.id_aes256_CBC, PREFIX + "$CBC");
}
}
}
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
index ab218e1f..63824db6 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/provider/symmetric/PBEPBKDF2.java
@@ -44,14 +44,14 @@ public class PBEPBKDF2
static
{
- // BEGIN Android-removed: Unsupported algorithm
- /*
- prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA1, Integers.valueOf(PBE.SHA1));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA256, Integers.valueOf(PBE.SHA256));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA224, Integers.valueOf(PBE.SHA224));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA384, Integers.valueOf(PBE.SHA384));
prfCodes.put(PKCSObjectIdentifiers.id_hmacWithSHA512, Integers.valueOf(PBE.SHA512));
+ // BEGIN Android-removed: Unsupported algorithms
+ /*
+ prfCodes.put(CryptoProObjectIdentifiers.gostR3411Hmac, Integers.valueOf(PBE.GOST3411));
prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_256, Integers.valueOf(PBE.SHA3_256));
prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_224, Integers.valueOf(PBE.SHA3_224));
prfCodes.put(NISTObjectIdentifiers.id_hmacWithSHA3_384, Integers.valueOf(PBE.SHA3_384));
@@ -66,8 +66,9 @@ public class PBEPBKDF2
}
- // BEGIN Android-removed: Unsupported algorithms
- /*
+ /**
+ * @hide This class is not part of the Android public SDK API
+ */
public static class AlgParams
extends BaseAlgorithmParameters
{
@@ -150,8 +151,6 @@ public class PBEPBKDF2
return "PBKDF2 Parameters";
}
}
- */
- // END Android-removed: Unsupported algorithms
/**
* @hide This class is not part of the Android public SDK API
@@ -280,8 +279,9 @@ public class PBEPBKDF2
}
}
- // BEGIN Android-removed: Unsupported algorithms
- /*
+ /**
+ * @hide This class is not part of the Android public SDK API
+ */
public static class PBKDF2withUTF8
extends BasePBKDF2
{
@@ -291,6 +291,8 @@ public class PBEPBKDF2
}
}
+ // BEGIN Android-removed: Unsupported algorithms
+ /*
public static class PBKDF2withSHA224
extends BasePBKDF2
{
@@ -687,6 +689,9 @@ public class PBEPBKDF2
provider.addAlgorithm("SecretKeyFactory.PBEWithHmacSHA512AndAES_256", PREFIX + "$PBEWithHmacSHA512AndAES_256");
provider.addAlgorithm("SecretKeyFactory.PBKDF2WithHmacSHA1And8BIT", PREFIX + "$PBKDF2WithHmacSHA18BIT");
// END Android-added: Android versions of algorithms.
+ // Android-added: Private implementations needed to support PBKDF2 with PKCS#12
+ provider.addPrivateAlgorithm("SecretKeyFactory.PBKDF2", PREFIX + "$PBKDF2withUTF8");
+ provider.addPrivateAlgorithm("Alg.Alias.SecretKeyFactory.1.2.840.113549.1.5.12", "PBKDF2");
}
}
}
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/util/BCJcaJceHelper.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/util/BCJcaJceHelper.java
index 15130f26..507d225c 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/util/BCJcaJceHelper.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jcajce/util/BCJcaJceHelper.java
@@ -1,9 +1,14 @@
/* GENERATED SOURCE. DO NOT MODIFY. */
package com.android.internal.org.bouncycastle.jcajce.util;
+import java.security.NoSuchAlgorithmException;
import java.security.Provider;
import java.security.Security;
+import javax.crypto.Cipher;
+import javax.crypto.Mac;
+import javax.crypto.NoSuchPaddingException;
+import javax.crypto.SecretKeyFactory;
import com.android.internal.org.bouncycastle.jce.provider.BouncyCastleProvider;
/**
@@ -40,4 +45,61 @@ public class BCJcaJceHelper
{
super(getBouncyCastleProvider());
}
+
+ // BEGIN Android-added: Look up algorithms in private provider if not found in main Provider.
+ //
+ // If code is using a BCJcajceHelper to ensure it gets its implementation from BC, then
+ // also search in the privately provided algorithms if not found in the main set.
+ //
+ // If any error occurs while searching the private Provider, typically a
+ // NoSuchAlgorithmException being thrown, then the original NoSuchAlgorithmException
+ // from the BC Provider is thrown for consistency.
+ @Override
+ public Cipher createCipher(String algorithm)
+ throws NoSuchAlgorithmException, NoSuchPaddingException {
+ try {
+ return super.createCipher(algorithm);
+ } catch (NoSuchAlgorithmException originalException) {
+ try {
+ return Cipher.getInstance(algorithm, getPrivateProvider());
+ } catch (Throwable throwable) {
+ throw originalException;
+ }
+ }
+ }
+
+ @Override
+ public SecretKeyFactory createSecretKeyFactory(String algorithm)
+ throws NoSuchAlgorithmException {
+ try {
+ return super.createSecretKeyFactory(algorithm);
+ } catch (NoSuchAlgorithmException originalException) {
+ try {
+ return SecretKeyFactory.getInstance(algorithm, getPrivateProvider());
+ } catch (Throwable throwable) {
+ throw originalException;
+ }
+ }
+ }
+
+ @Override
+ public Mac createMac(String algorithm) throws NoSuchAlgorithmException {
+ try {
+ return super.createMac(algorithm);
+ } catch (NoSuchAlgorithmException originalException) {
+ try {
+ return Mac.getInstance(algorithm, getPrivateProvider());
+ } catch (Throwable throwable) {
+ throw originalException;
+ }
+ }
+ }
+
+ private Provider getPrivateProvider() {
+ if (provider instanceof BouncyCastleProvider) {
+ return ((BouncyCastleProvider) provider).getPrivateProvider();
+ }
+ throw new IllegalStateException("Internal error in BCJcaJceHelper");
+ }
+ // END Android-added: Look up algorithms in private provider if not found in main Provider.
}
diff --git a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jce/provider/BouncyCastleProvider.java b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jce/provider/BouncyCastleProvider.java
index 2f3f1ea2..2689da81 100644
--- a/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jce/provider/BouncyCastleProvider.java
+++ b/repackaged_platform/bcprov/src/main/java/com/android/internal/org/bouncycastle/jce/provider/BouncyCastleProvider.java
@@ -428,4 +428,37 @@ public final class BouncyCastleProvider extends Provider
return converter.generatePrivate(privateKeyInfo);
*/
}
+
+ // BEGIN Android-added: Allow algorithms to be provided privately for BC internals.
+ //
+ // Algorithms added via these methods are stored in a private instance of PrivateProvider,
+ // which is never added to the system-wide list of installed Providers, and is only
+ // ever searched by BC internal classes which search for algorithms using an instance
+ // of BCJcajceHelper.
+ private static final class PrivateProvider extends Provider {
+ public PrivateProvider() {
+ super("BCPrivate", 1.0, "Android BC private use only");
+ }
+ }
+
+ private final Provider privateProvider = new PrivateProvider();
+
+ public void addPrivateAlgorithm(String key, String value)
+ {
+ if (privateProvider.containsKey(key))
+ {
+ throw new IllegalStateException("duplicate provider key (" + key + ") found");
+ }
+ privateProvider.put(key, value);
+ }
+
+ public void addPrivateAlgorithm(String type, ASN1ObjectIdentifier oid, String className)
+ {
+ addPrivateAlgorithm(type + "." + oid, className);
+ }
+
+ public Provider getPrivateProvider() {
+ return privateProvider;
+ }
+ // END Android-added: Allow algorithms to be provided privately for BC internals.
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-26 11:31:12 +0000