1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security.keystore2;
18 
19 import java.security.Provider;
20 
21 /**
22  * {@link Provider} of JCA crypto operations operating on Android KeyStore keys.
23  *
24  * <p>This provider was separated out of {@link AndroidKeyStoreProvider} to work around the issue
25  * that Bouncy Castle provider incorrectly declares that it accepts arbitrary keys (incl. Android
26  * KeyStore ones). This causes JCA to select the Bouncy Castle's implementation of JCA crypto
27  * operations for Android KeyStore keys unless Android KeyStore's own implementations are installed
28  * as higher-priority than Bouncy Castle ones. The purpose of this provider is to do just that: to
29  * offer crypto operations operating on Android KeyStore keys and to be installed at higher priority
30  * than the Bouncy Castle provider.
31  *
32  * <p>Once Bouncy Castle provider is fixed, this provider can be merged into the
33  * {@code AndroidKeyStoreProvider}.
34  *
35  * @hide
36  */
37 class AndroidKeyStoreBCWorkaroundProvider extends Provider {
38 
39     // IMPLEMENTATION NOTE: Class names are hard-coded in this provider to avoid loading these
40     // classes when this provider is instantiated and installed early on during each app's
41     // initialization process.
42 
43     private static final String PACKAGE_NAME = "android.security.keystore2";
44     private static final String KEYSTORE_SECRET_KEY_CLASS_NAME =
45             PACKAGE_NAME + ".AndroidKeyStoreSecretKey";
46     private static final String KEYSTORE_PRIVATE_KEY_CLASS_NAME =
47             PACKAGE_NAME + ".AndroidKeyStorePrivateKey";
48     private static final String KEYSTORE_PUBLIC_KEY_CLASS_NAME =
49             PACKAGE_NAME + ".AndroidKeyStorePublicKey";
50 
51     private static final String DESEDE_SYSTEM_PROPERTY = "ro.hardware.keystore_desede";
52 
AndroidKeyStoreBCWorkaroundProvider()53     AndroidKeyStoreBCWorkaroundProvider() {
54         super("AndroidKeyStoreBCWorkaround",
55                 1.0,
56                 "Android KeyStore security provider to work around Bouncy Castle");
57 
58         // --------------------- javax.crypto.Mac
59         putMacImpl("HmacSHA1", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA1");
60         put("Alg.Alias.Mac.1.2.840.113549.2.7", "HmacSHA1");
61         put("Alg.Alias.Mac.HMAC-SHA1", "HmacSHA1");
62         put("Alg.Alias.Mac.HMAC/SHA1", "HmacSHA1");
63 
64         putMacImpl("HmacSHA224", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA224");
65         put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA224");
66         put("Alg.Alias.Mac.HMAC-SHA224", "HmacSHA224");
67         put("Alg.Alias.Mac.HMAC/SHA224", "HmacSHA224");
68 
69         putMacImpl("HmacSHA256", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA256");
70         put("Alg.Alias.Mac.1.2.840.113549.2.9", "HmacSHA256");
71         put("Alg.Alias.Mac.HMAC-SHA256", "HmacSHA256");
72         put("Alg.Alias.Mac.HMAC/SHA256", "HmacSHA256");
73 
74         putMacImpl("HmacSHA384", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA384");
75         put("Alg.Alias.Mac.1.2.840.113549.2.10", "HmacSHA384");
76         put("Alg.Alias.Mac.HMAC-SHA384", "HmacSHA384");
77         put("Alg.Alias.Mac.HMAC/SHA384", "HmacSHA384");
78 
79         putMacImpl("HmacSHA512", PACKAGE_NAME + ".AndroidKeyStoreHmacSpi$HmacSHA512");
80         put("Alg.Alias.Mac.1.2.840.113549.2.11", "HmacSHA512");
81         put("Alg.Alias.Mac.HMAC-SHA512", "HmacSHA512");
82         put("Alg.Alias.Mac.HMAC/SHA512", "HmacSHA512");
83 
84         // --------------------- javax.crypto.Cipher
85         putSymmetricCipherImpl("AES/ECB/NoPadding",
86                 PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$ECB$NoPadding");
87         putSymmetricCipherImpl("AES/ECB/PKCS7Padding",
88                 PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$ECB$PKCS7Padding");
89 
90         putSymmetricCipherImpl("AES/CBC/NoPadding",
91                 PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$CBC$NoPadding");
92         putSymmetricCipherImpl("AES/CBC/PKCS7Padding",
93                 PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$CBC$PKCS7Padding");
94 
95         putSymmetricCipherImpl("AES/CTR/NoPadding",
96                 PACKAGE_NAME + ".AndroidKeyStoreUnauthenticatedAESCipherSpi$CTR$NoPadding");
97 
98         if ("true".equals(android.os.SystemProperties.get(DESEDE_SYSTEM_PROPERTY))) {
99             putSymmetricCipherImpl("DESede/CBC/NoPadding",
100                 PACKAGE_NAME + ".AndroidKeyStore3DESCipherSpi$CBC$NoPadding");
101             putSymmetricCipherImpl("DESede/CBC/PKCS7Padding",
102                 PACKAGE_NAME + ".AndroidKeyStore3DESCipherSpi$CBC$PKCS7Padding");
103 
104             putSymmetricCipherImpl("DESede/ECB/NoPadding",
105                 PACKAGE_NAME + ".AndroidKeyStore3DESCipherSpi$ECB$NoPadding");
106             putSymmetricCipherImpl("DESede/ECB/PKCS7Padding",
107                 PACKAGE_NAME + ".AndroidKeyStore3DESCipherSpi$ECB$PKCS7Padding");
108         }
109 
110         putSymmetricCipherImpl("AES/GCM/NoPadding",
111                 PACKAGE_NAME + ".AndroidKeyStoreAuthenticatedAESCipherSpi$GCM$NoPadding");
112 
113         putAsymmetricCipherImpl("RSA/ECB/NoPadding",
114                 PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$NoPadding");
115         put("Alg.Alias.Cipher.RSA/None/NoPadding", "RSA/ECB/NoPadding");
116         putAsymmetricCipherImpl("RSA/ECB/PKCS1Padding",
117                 PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$PKCS1Padding");
118         put("Alg.Alias.Cipher.RSA/None/PKCS1Padding", "RSA/ECB/PKCS1Padding");
119         putAsymmetricCipherImpl("RSA/ECB/OAEPPadding",
120                 PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA1AndMGF1Padding");
121         put("Alg.Alias.Cipher.RSA/None/OAEPPadding", "RSA/ECB/OAEPPadding");
122         putAsymmetricCipherImpl("RSA/ECB/OAEPWithSHA-1AndMGF1Padding",
123                 PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA1AndMGF1Padding");
124         put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-1AndMGF1Padding",
125                 "RSA/ECB/OAEPWithSHA-1AndMGF1Padding");
126         putAsymmetricCipherImpl("RSA/ECB/OAEPWithSHA-224AndMGF1Padding",
127                 PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA224AndMGF1Padding");
128         put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-224AndMGF1Padding",
129                 "RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
130         putAsymmetricCipherImpl("RSA/ECB/OAEPWithSHA-256AndMGF1Padding",
131                 PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA256AndMGF1Padding");
132         put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-256AndMGF1Padding",
133                 "RSA/ECB/OAEPWithSHA-256AndMGF1Padding");
134         putAsymmetricCipherImpl("RSA/ECB/OAEPWithSHA-384AndMGF1Padding",
135                 PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA384AndMGF1Padding");
136         put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-384AndMGF1Padding",
137                 "RSA/ECB/OAEPWithSHA-384AndMGF1Padding");
138         putAsymmetricCipherImpl("RSA/ECB/OAEPWithSHA-512AndMGF1Padding",
139                 PACKAGE_NAME + ".AndroidKeyStoreRSACipherSpi$OAEPWithSHA512AndMGF1Padding");
140         put("Alg.Alias.Cipher.RSA/None/OAEPWithSHA-512AndMGF1Padding",
141                 "RSA/ECB/OAEPWithSHA-512AndMGF1Padding");
142 
143         // --------------------- java.security.Signature
144         putSignatureImpl("NONEwithRSA",
145                 PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$NONEWithPKCS1Padding");
146 
147         putSignatureImpl("MD5withRSA",
148                 PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$MD5WithPKCS1Padding");
149         put("Alg.Alias.Signature.MD5WithRSAEncryption", "MD5withRSA");
150         put("Alg.Alias.Signature.MD5/RSA", "MD5withRSA");
151         put("Alg.Alias.Signature.1.2.840.113549.1.1.4", "MD5withRSA");
152         put("Alg.Alias.Signature.1.2.840.113549.2.5with1.2.840.113549.1.1.1", "MD5withRSA");
153 
154         putSignatureImpl("SHA1withRSA",
155                 PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA1WithPKCS1Padding");
156         put("Alg.Alias.Signature.SHA1WithRSAEncryption", "SHA1withRSA");
157         put("Alg.Alias.Signature.SHA1/RSA", "SHA1withRSA");
158         put("Alg.Alias.Signature.SHA-1/RSA", "SHA1withRSA");
159         put("Alg.Alias.Signature.1.2.840.113549.1.1.5", "SHA1withRSA");
160         put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.1", "SHA1withRSA");
161         put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.113549.1.1.5", "SHA1withRSA");
162         put("Alg.Alias.Signature.1.3.14.3.2.29", "SHA1withRSA");
163 
164         putSignatureImpl("SHA224withRSA",
165                 PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA224WithPKCS1Padding");
166         put("Alg.Alias.Signature.SHA224WithRSAEncryption", "SHA224withRSA");
167         put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA224withRSA");
168         put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.1",
169                 "SHA224withRSA");
170         put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.113549.1.1.11",
171                 "SHA224withRSA");
172 
173         putSignatureImpl("SHA256withRSA",
174                 PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA256WithPKCS1Padding");
175         put("Alg.Alias.Signature.SHA256WithRSAEncryption", "SHA256withRSA");
176         put("Alg.Alias.Signature.1.2.840.113549.1.1.11", "SHA256withRSA");
177         put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.1",
178                 "SHA256withRSA");
179         put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.113549.1.1.11",
180                 "SHA256withRSA");
181 
182         putSignatureImpl("SHA384withRSA",
183                 PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA384WithPKCS1Padding");
184         put("Alg.Alias.Signature.SHA384WithRSAEncryption", "SHA384withRSA");
185         put("Alg.Alias.Signature.1.2.840.113549.1.1.12", "SHA384withRSA");
186         put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.113549.1.1.1",
187                 "SHA384withRSA");
188 
189         putSignatureImpl("SHA512withRSA",
190                 PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA512WithPKCS1Padding");
191         put("Alg.Alias.Signature.SHA512WithRSAEncryption", "SHA512withRSA");
192         put("Alg.Alias.Signature.1.2.840.113549.1.1.13", "SHA512withRSA");
193         put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.113549.1.1.1",
194                 "SHA512withRSA");
195 
196         putSignatureImpl("SHA1withRSA/PSS",
197                 PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA1WithPSSPadding");
198         putSignatureImpl("SHA224withRSA/PSS",
199                 PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA224WithPSSPadding");
200         putSignatureImpl("SHA256withRSA/PSS",
201                 PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA256WithPSSPadding");
202         putSignatureImpl("SHA384withRSA/PSS",
203                 PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA384WithPSSPadding");
204         putSignatureImpl("SHA512withRSA/PSS",
205                 PACKAGE_NAME + ".AndroidKeyStoreRSASignatureSpi$SHA512WithPSSPadding");
206 
207         putSignatureImpl("NONEwithECDSA",
208                 PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$NONE");
209         putSignatureImpl("Ed25519",
210                 PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$Ed25519");
211 
212         putSignatureImpl("SHA1withECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA1");
213         put("Alg.Alias.Signature.ECDSA", "SHA1withECDSA");
214         put("Alg.Alias.Signature.ECDSAwithSHA1", "SHA1withECDSA");
215         // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA1(1)
216         put("Alg.Alias.Signature.1.2.840.10045.4.1", "SHA1withECDSA");
217         put("Alg.Alias.Signature.1.3.14.3.2.26with1.2.840.10045.2.1", "SHA1withECDSA");
218 
219         // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3)
220         putSignatureImpl("SHA224withECDSA",
221                 PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA224");
222         // ecdsa-with-SHA224(1)
223         put("Alg.Alias.Signature.1.2.840.10045.4.3.1", "SHA224withECDSA");
224         put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.4with1.2.840.10045.2.1", "SHA224withECDSA");
225 
226         // iso(1) member-body(2) us(840) ansi-x962(10045) signatures(4) ecdsa-with-SHA2(3)
227         putSignatureImpl("SHA256withECDSA",
228                 PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA256");
229         // ecdsa-with-SHA256(2)
230         put("Alg.Alias.Signature.1.2.840.10045.4.3.2", "SHA256withECDSA");
231         put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.1with1.2.840.10045.2.1", "SHA256withECDSA");
232 
233         putSignatureImpl("SHA384withECDSA",
234                 PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA384");
235         // ecdsa-with-SHA384(3)
236         put("Alg.Alias.Signature.1.2.840.10045.4.3.3", "SHA384withECDSA");
237         put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.2with1.2.840.10045.2.1", "SHA384withECDSA");
238 
239         putSignatureImpl("SHA512withECDSA",
240                 PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA512");
241         // ecdsa-with-SHA512(4)
242         put("Alg.Alias.Signature.1.2.840.10045.4.3.4", "SHA512withECDSA");
243         put("Alg.Alias.Signature.2.16.840.1.101.3.4.2.3with1.2.840.10045.2.1", "SHA512withECDSA");
244     }
245 
putMacImpl(String algorithm, String implClass)246     private void putMacImpl(String algorithm, String implClass) {
247         put("Mac." + algorithm, implClass);
248         put("Mac." + algorithm + " SupportedKeyClasses", KEYSTORE_SECRET_KEY_CLASS_NAME);
249     }
250 
putSymmetricCipherImpl(String transformation, String implClass)251     private void putSymmetricCipherImpl(String transformation, String implClass) {
252         put("Cipher." + transformation, implClass);
253         put("Cipher." + transformation + " SupportedKeyClasses", KEYSTORE_SECRET_KEY_CLASS_NAME);
254     }
255 
putAsymmetricCipherImpl(String transformation, String implClass)256     private void putAsymmetricCipherImpl(String transformation, String implClass) {
257         put("Cipher." + transformation, implClass);
258         put("Cipher." + transformation + " SupportedKeyClasses",
259                 KEYSTORE_PRIVATE_KEY_CLASS_NAME);
260     }
261 
putSignatureImpl(String algorithm, String implClass)262     private void putSignatureImpl(String algorithm, String implClass) {
263         put("Signature." + algorithm, implClass);
264         put("Signature." + algorithm + " SupportedKeyClasses",
265                 KEYSTORE_PRIVATE_KEY_CLASS_NAME);
266     }
267 
getSupportedEcdsaSignatureDigests()268     public static String[] getSupportedEcdsaSignatureDigests() {
269         return new String[] {"NONE", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"};
270     }
271 
getSupportedRsaSignatureWithPkcs1PaddingDigests()272     public static String[] getSupportedRsaSignatureWithPkcs1PaddingDigests() {
273         return new String[] {"NONE", "MD5", "SHA-1", "SHA-224", "SHA-256", "SHA-384", "SHA-512"};
274     }
275 }
276