diff options
Diffstat (limited to 'keystore/java')
4 files changed, 34 insertions, 4 deletions
diff --git a/keystore/java/android/security/AndroidKeyPairGenerator.java b/keystore/java/android/security/AndroidKeyPairGenerator.java index a0ffb5f..458a46c 100644 --- a/keystore/java/android/security/AndroidKeyPairGenerator.java +++ b/keystore/java/android/security/AndroidKeyPairGenerator.java @@ -17,6 +17,7 @@ package android.security; import com.android.org.bouncycastle.x509.X509V3CertificateGenerator; + import com.android.org.conscrypt.NativeCrypto; import com.android.org.conscrypt.OpenSSLEngine; @@ -33,6 +34,7 @@ import java.security.SecureRandom; import java.security.cert.CertificateEncodingException; import java.security.cert.X509Certificate; import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.DSAParameterSpec; import java.security.spec.InvalidKeySpecException; import java.security.spec.RSAKeyGenParameterSpec; import java.security.spec.X509EncodedKeySpec; @@ -154,6 +156,8 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { private static String getDefaultSignatureAlgorithmForKeyType(String keyType) { if ("RSA".equalsIgnoreCase(keyType)) { return "sha256WithRSA"; + } else if ("DSA".equalsIgnoreCase(keyType)) { + return "sha1WithDSA"; } else if ("EC".equalsIgnoreCase(keyType)) { return "sha256WithECDSA"; } else { @@ -169,6 +173,13 @@ public class AndroidKeyPairGenerator extends KeyPairGeneratorSpi { return new byte[][] { rsaSpec.getPublicExponent().toByteArray() }; } break; + case NativeCrypto.EVP_PKEY_DSA: + if (spec instanceof DSAParameterSpec) { + DSAParameterSpec dsaSpec = (DSAParameterSpec) spec; + return new byte[][] { dsaSpec.getG().toByteArray(), + dsaSpec.getP().toByteArray(), dsaSpec.getQ().toByteArray() }; + } + break; } return null; } diff --git a/keystore/java/android/security/KeyChain.java b/keystore/java/android/security/KeyChain.java index 607817a..131e689 100644 --- a/keystore/java/android/security/KeyChain.java +++ b/keystore/java/android/security/KeyChain.java @@ -379,7 +379,7 @@ public final class KeyChain { */ public static boolean isKeyAlgorithmSupported(String algorithm) { final String algUpper = algorithm.toUpperCase(Locale.US); - return "EC".equals(algUpper) || "RSA".equals(algUpper); + return "DSA".equals(algUpper) || "EC".equals(algUpper) || "RSA".equals(algUpper); } /** diff --git a/keystore/java/android/security/KeyPairGeneratorSpec.java b/keystore/java/android/security/KeyPairGeneratorSpec.java index 6b67f43..4a823cc 100644 --- a/keystore/java/android/security/KeyPairGeneratorSpec.java +++ b/keystore/java/android/security/KeyPairGeneratorSpec.java @@ -26,6 +26,7 @@ import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; import java.security.cert.Certificate; import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.DSAParameterSpec; import java.security.spec.RSAKeyGenParameterSpec; import java.util.Date; @@ -58,6 +59,11 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { * These must be kept in sync with system/security/keystore/defaults.h */ + /* DSA */ + private static final int DSA_DEFAULT_KEY_SIZE = 1024; + private static final int DSA_MIN_KEY_SIZE = 512; + private static final int DSA_MAX_KEY_SIZE = 8192; + /* EC */ private static final int EC_DEFAULT_KEY_SIZE = 256; private static final int EC_MIN_KEY_SIZE = 192; @@ -159,7 +165,9 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { } private static int getDefaultKeySizeForType(int keyType) { - if (keyType == NativeCrypto.EVP_PKEY_EC) { + if (keyType == NativeCrypto.EVP_PKEY_DSA) { + return DSA_DEFAULT_KEY_SIZE; + } else if (keyType == NativeCrypto.EVP_PKEY_EC) { return EC_DEFAULT_KEY_SIZE; } else if (keyType == NativeCrypto.EVP_PKEY_RSA) { return RSA_DEFAULT_KEY_SIZE; @@ -168,7 +176,12 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { } private static void checkValidKeySize(int keyType, int keySize) { - if (keyType == NativeCrypto.EVP_PKEY_EC) { + if (keyType == NativeCrypto.EVP_PKEY_DSA) { + if (keySize < DSA_MIN_KEY_SIZE || keySize > DSA_MAX_KEY_SIZE) { + throw new IllegalArgumentException("DSA keys must be >= " + DSA_MIN_KEY_SIZE + + " and <= " + DSA_MAX_KEY_SIZE); + } + } else if (keyType == NativeCrypto.EVP_PKEY_EC) { if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) { throw new IllegalArgumentException("EC keys must be >= " + EC_MIN_KEY_SIZE + " and <= " + EC_MAX_KEY_SIZE); @@ -185,7 +198,11 @@ public final class KeyPairGeneratorSpec implements AlgorithmParameterSpec { private static void checkCorrectParametersSpec(int keyType, int keySize, AlgorithmParameterSpec spec) { - if (keyType == NativeCrypto.EVP_PKEY_RSA && spec != null) { + if (keyType == NativeCrypto.EVP_PKEY_DSA && spec != null) { + if (!(spec instanceof DSAParameterSpec)) { + throw new IllegalArgumentException("DSA keys must have DSAParameterSpec specified"); + } + } else if (keyType == NativeCrypto.EVP_PKEY_RSA && spec != null) { if (spec instanceof RSAKeyGenParameterSpec) { RSAKeyGenParameterSpec rsaSpec = (RSAKeyGenParameterSpec) spec; if (keySize != -1 && keySize != rsaSpec.getKeysize()) { diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 1dbdbfb..0db8c77 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -71,6 +71,8 @@ public class KeyStore { static int getKeyTypeForAlgorithm(String keyType) throws IllegalArgumentException { if ("RSA".equalsIgnoreCase(keyType)) { return NativeCrypto.EVP_PKEY_RSA; + } else if ("DSA".equalsIgnoreCase(keyType)) { + return NativeCrypto.EVP_PKEY_DSA; } else if ("EC".equalsIgnoreCase(keyType)) { return NativeCrypto.EVP_PKEY_EC; } else { |