summaryrefslogtreecommitdiff
path: root/keystore/java/android/security/KeymasterUtils.java
diff options
context:
space:
mode:
authorAlex Klyubin <klyubin@google.com>2015-05-06 15:43:52 -0700
committerAlex Klyubin <klyubin@google.com>2015-05-06 15:59:56 -0700
commit4d5443f37f2bc58be8d22ed50024c39a5a1fbc8f (patch)
tree016b3ed1215270328be03600065a50c341c10137 /keystore/java/android/security/KeymasterUtils.java
parent6223ec129b256526d8c30920271b2ee3960bcf1f (diff)
Define String constants for AndroidKeyStore crypto.
This defines the String enum values based on JCA standard names for key algorithm, block mode, padding schemes, and digests. This should make it safer to interact with AndroidKeyStore code that uses JCA strings. This was requested by API Council. Bug: 18088752 Change-Id: I241d9225a13b85479d0a84e49d0a98cbc77e5817
Diffstat (limited to 'keystore/java/android/security/KeymasterUtils.java')
-rw-r--r--keystore/java/android/security/KeymasterUtils.java281
1 files changed, 0 insertions, 281 deletions
diff --git a/keystore/java/android/security/KeymasterUtils.java b/keystore/java/android/security/KeymasterUtils.java
index aa44ecda3ed7..df67ae76b39c 100644
--- a/keystore/java/android/security/KeymasterUtils.java
+++ b/keystore/java/android/security/KeymasterUtils.java
@@ -21,11 +21,6 @@ import android.hardware.fingerprint.FingerprintManager;
import android.security.keymaster.KeymasterArguments;
import android.security.keymaster.KeymasterDefs;
-import libcore.util.EmptyArray;
-
-import java.util.Collection;
-import java.util.Locale;
-
/**
* @hide
*/
@@ -33,152 +28,6 @@ public abstract class KeymasterUtils {
private KeymasterUtils() {}
- public static int getKeymasterAlgorithmFromJcaSecretKeyAlgorithm(String jcaKeyAlgorithm) {
- if ("AES".equalsIgnoreCase(jcaKeyAlgorithm)) {
- return KeymasterDefs.KM_ALGORITHM_AES;
- } else if (jcaKeyAlgorithm.toUpperCase(Locale.US).startsWith("HMAC")) {
- return KeymasterDefs.KM_ALGORITHM_HMAC;
- } else {
- throw new IllegalArgumentException(
- "Unsupported secret key algorithm: " + jcaKeyAlgorithm);
- }
- }
-
- public static String getJcaSecretKeyAlgorithm(int keymasterAlgorithm, int keymasterDigest) {
- switch (keymasterAlgorithm) {
- case KeymasterDefs.KM_ALGORITHM_AES:
- if (keymasterDigest != -1) {
- throw new IllegalArgumentException(
- "Digest not supported for AES key: " + keymasterDigest);
- }
- return "AES";
- case KeymasterDefs.KM_ALGORITHM_HMAC:
- switch (keymasterDigest) {
- case KeymasterDefs.KM_DIGEST_SHA1:
- return "HmacSHA1";
- case KeymasterDefs.KM_DIGEST_SHA_2_224:
- return "HmacSHA224";
- case KeymasterDefs.KM_DIGEST_SHA_2_256:
- return "HmacSHA256";
- case KeymasterDefs.KM_DIGEST_SHA_2_384:
- return "HmacSHA384";
- case KeymasterDefs.KM_DIGEST_SHA_2_512:
- return "HmacSHA512";
- default:
- throw new IllegalArgumentException(
- "Unsupported HMAC digest: " + keymasterDigest);
- }
- default:
- throw new IllegalArgumentException("Unsupported algorithm: " + keymasterAlgorithm);
- }
- }
-
- public static String getJcaKeyPairAlgorithmFromKeymasterAlgorithm(int keymasterAlgorithm) {
- switch (keymasterAlgorithm) {
- case KeymasterDefs.KM_ALGORITHM_RSA:
- return "RSA";
- case KeymasterDefs.KM_ALGORITHM_EC:
- return "EC";
- default:
- throw new IllegalArgumentException("Unsupported algorithm: " + keymasterAlgorithm);
- }
- }
-
- public static int getKeymasterDigestfromJcaSecretKeyAlgorithm(String jcaKeyAlgorithm) {
- String algorithmUpper = jcaKeyAlgorithm.toUpperCase(Locale.US);
- if (algorithmUpper.startsWith("HMAC")) {
- String digestUpper = algorithmUpper.substring("HMAC".length());
- switch (digestUpper) {
- case "MD5":
- return KeymasterDefs.KM_DIGEST_MD5;
- case "SHA1":
- return KeymasterDefs.KM_DIGEST_SHA1;
- case "SHA224":
- return KeymasterDefs.KM_DIGEST_SHA_2_224;
- case "SHA256":
- return KeymasterDefs.KM_DIGEST_SHA_2_256;
- case "SHA384":
- return KeymasterDefs.KM_DIGEST_SHA_2_384;
- case "SHA512":
- return KeymasterDefs.KM_DIGEST_SHA_2_512;
- default:
- throw new IllegalArgumentException("Unsupported HMAC digest: " + digestUpper);
- }
- } else {
- return -1;
- }
- }
-
- public static int getKeymasterDigestFromJcaDigestAlgorithm(String jcaDigestAlgorithm) {
- if (jcaDigestAlgorithm.equalsIgnoreCase("SHA-1")) {
- return KeymasterDefs.KM_DIGEST_SHA1;
- } else if (jcaDigestAlgorithm.equalsIgnoreCase("SHA-224")) {
- return KeymasterDefs.KM_DIGEST_SHA_2_224;
- } else if (jcaDigestAlgorithm.equalsIgnoreCase("SHA-256")) {
- return KeymasterDefs.KM_DIGEST_SHA_2_256;
- } else if (jcaDigestAlgorithm.equalsIgnoreCase("SHA-384")) {
- return KeymasterDefs.KM_DIGEST_SHA_2_384;
- } else if (jcaDigestAlgorithm.equalsIgnoreCase("SHA-512")) {
- return KeymasterDefs.KM_DIGEST_SHA_2_512;
- } else if (jcaDigestAlgorithm.equalsIgnoreCase("NONE")) {
- return KeymasterDefs.KM_DIGEST_NONE;
- } else if (jcaDigestAlgorithm.equalsIgnoreCase("MD5")) {
- return KeymasterDefs.KM_DIGEST_MD5;
- } else {
- throw new IllegalArgumentException(
- "Unsupported digest algorithm: " + jcaDigestAlgorithm);
- }
- }
-
- public static String getJcaDigestAlgorithmFromKeymasterDigest(int keymasterDigest) {
- switch (keymasterDigest) {
- case KeymasterDefs.KM_DIGEST_NONE:
- return "NONE";
- case KeymasterDefs.KM_DIGEST_MD5:
- return "MD5";
- case KeymasterDefs.KM_DIGEST_SHA1:
- return "SHA-1";
- case KeymasterDefs.KM_DIGEST_SHA_2_224:
- return "SHA-224";
- case KeymasterDefs.KM_DIGEST_SHA_2_256:
- return "SHA-256";
- case KeymasterDefs.KM_DIGEST_SHA_2_384:
- return "SHA-384";
- case KeymasterDefs.KM_DIGEST_SHA_2_512:
- return "SHA-512";
- default:
- throw new IllegalArgumentException(
- "Unsupported digest algorithm: " + keymasterDigest);
- }
- }
-
- public static String[] getJcaDigestAlgorithmsFromKeymasterDigests(
- Collection<Integer> keymasterDigests) {
- if (keymasterDigests.isEmpty()) {
- return EmptyArray.STRING;
- }
- String[] result = new String[keymasterDigests.size()];
- int offset = 0;
- for (int keymasterDigest : keymasterDigests) {
- result[offset] = getJcaDigestAlgorithmFromKeymasterDigest(keymasterDigest);
- offset++;
- }
- return result;
- }
-
- public static int[] getKeymasterDigestsFromJcaDigestAlgorithms(String[] jcaDigestAlgorithms) {
- if ((jcaDigestAlgorithms == null) || (jcaDigestAlgorithms.length == 0)) {
- return EmptyArray.INT;
- }
- int[] result = new int[jcaDigestAlgorithms.length];
- int offset = 0;
- for (String jcaDigestAlgorithm : jcaDigestAlgorithms) {
- result[offset] = getKeymasterDigestFromJcaDigestAlgorithm(jcaDigestAlgorithm);
- offset++;
- }
- return result;
- }
-
public static int getDigestOutputSizeBits(int keymasterDigest) {
switch (keymasterDigest) {
case KeymasterDefs.KM_DIGEST_NONE:
@@ -200,60 +49,6 @@ public abstract class KeymasterUtils {
}
}
- public static int getKeymasterBlockModeFromJcaBlockMode(String jcaBlockMode) {
- if ("ECB".equalsIgnoreCase(jcaBlockMode)) {
- return KeymasterDefs.KM_MODE_ECB;
- } else if ("CBC".equalsIgnoreCase(jcaBlockMode)) {
- return KeymasterDefs.KM_MODE_CBC;
- } else if ("CTR".equalsIgnoreCase(jcaBlockMode)) {
- return KeymasterDefs.KM_MODE_CTR;
- } else if ("GCM".equalsIgnoreCase(jcaBlockMode)) {
- return KeymasterDefs.KM_MODE_GCM;
- } else {
- throw new IllegalArgumentException("Unsupported block mode: " + jcaBlockMode);
- }
- }
-
- public static String getJcaBlockModeFromKeymasterBlockMode(int keymasterBlockMode) {
- switch (keymasterBlockMode) {
- case KeymasterDefs.KM_MODE_ECB:
- return "ECB";
- case KeymasterDefs.KM_MODE_CBC:
- return "CBC";
- case KeymasterDefs.KM_MODE_CTR:
- return "CTR";
- case KeymasterDefs.KM_MODE_GCM:
- return "GCM";
- default:
- throw new IllegalArgumentException("Unsupported block mode: " + keymasterBlockMode);
- }
- }
-
- public static String[] getJcaBlockModesFromKeymasterBlockModes(
- Collection<Integer> keymasterBlockModes) {
- if ((keymasterBlockModes == null) || (keymasterBlockModes.isEmpty())) {
- return EmptyArray.STRING;
- }
- String[] result = new String[keymasterBlockModes.size()];
- int offset = 0;
- for (int keymasterBlockMode : keymasterBlockModes) {
- result[offset] = getJcaBlockModeFromKeymasterBlockMode(keymasterBlockMode);
- offset++;
- }
- return result;
- }
-
- public static int[] getKeymasterBlockModesFromJcaBlockModes(String[] jcaBlockModes) {
- if ((jcaBlockModes == null) || (jcaBlockModes.length == 0)) {
- return EmptyArray.INT;
- }
- int[] result = new int[jcaBlockModes.length];
- for (int i = 0; i < jcaBlockModes.length; i++) {
- result[i] = getKeymasterBlockModeFromJcaBlockMode(jcaBlockModes[i]);
- }
- return result;
- }
-
public static boolean isKeymasterBlockModeIndCpaCompatible(int keymasterBlockMode) {
switch (keymasterBlockMode) {
case KeymasterDefs.KM_MODE_ECB:
@@ -267,82 +62,6 @@ public abstract class KeymasterUtils {
}
}
- public static int getKeymasterPaddingFromJcaEncryptionPadding(String jcaPadding) {
- if ("NoPadding".equalsIgnoreCase(jcaPadding)) {
- return KeymasterDefs.KM_PAD_NONE;
- } else if ("PKCS7Padding".equalsIgnoreCase(jcaPadding)) {
- return KeymasterDefs.KM_PAD_PKCS7;
- } else if ("PKCS1Padding".equalsIgnoreCase(jcaPadding)) {
- return KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_ENCRYPT;
- } else if ("OEAPPadding".equalsIgnoreCase(jcaPadding)) {
- return KeymasterDefs.KM_PAD_RSA_OAEP;
- } else {
- throw new IllegalArgumentException(
- "Unsupported encryption padding scheme: " + jcaPadding);
- }
- }
-
- public static String getJcaEncryptionPaddingFromKeymasterPadding(int keymasterPadding) {
- switch (keymasterPadding) {
- case KeymasterDefs.KM_PAD_NONE:
- return "NoPadding";
- case KeymasterDefs.KM_PAD_PKCS7:
- return "PKCS7Padding";
- case KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_ENCRYPT:
- return "PKCS1Padding";
- case KeymasterDefs.KM_PAD_RSA_OAEP:
- return "OEAPPadding";
- default:
- throw new IllegalArgumentException(
- "Unsupported encryption padding: " + keymasterPadding);
- }
- }
-
- public static int getKeymasterPaddingFromJcaSignaturePadding(String jcaPadding) {
- if ("PKCS#1".equalsIgnoreCase(jcaPadding)) {
- return KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN;
- } if ("PSS".equalsIgnoreCase(jcaPadding)) {
- return KeymasterDefs.KM_PAD_RSA_PSS;
- } else {
- throw new IllegalArgumentException(
- "Unsupported signature padding scheme: " + jcaPadding);
- }
- }
-
- public static String getJcaSignaturePaddingFromKeymasterPadding(int keymasterPadding) {
- switch (keymasterPadding) {
- case KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN:
- return "PKCS#1";
- case KeymasterDefs.KM_PAD_RSA_PSS:
- return "PSS";
- default:
- throw new IllegalArgumentException(
- "Unsupported signature padding: " + keymasterPadding);
- }
- }
-
- public static int[] getKeymasterPaddingsFromJcaEncryptionPaddings(String[] jcaPaddings) {
- if ((jcaPaddings == null) || (jcaPaddings.length == 0)) {
- return EmptyArray.INT;
- }
- int[] result = new int[jcaPaddings.length];
- for (int i = 0; i < jcaPaddings.length; i++) {
- result[i] = getKeymasterPaddingFromJcaEncryptionPadding(jcaPaddings[i]);
- }
- return result;
- }
-
- public static int[] getKeymasterPaddingsFromJcaSignaturePaddings(String[] jcaPaddings) {
- if ((jcaPaddings == null) || (jcaPaddings.length == 0)) {
- return EmptyArray.INT;
- }
- int[] result = new int[jcaPaddings.length];
- for (int i = 0; i < jcaPaddings.length; i++) {
- result[i] = getKeymasterPaddingFromJcaSignaturePadding(jcaPaddings[i]);
- }
- return result;
- }
-
/**
* Adds keymaster arguments to express the key's authorization policy supported by user
* authentication.
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-03 11:58:29 +0000