NOTE: If a key is authorized to be used with no padding, then it can be used with * any padding scheme, both for encryption and signing. */ public static final String ENCRYPTION_PADDING_NONE = "NoPadding"; /** * PKCS#7 encryption padding scheme. */ public static final String ENCRYPTION_PADDING_PKCS7 = "PKCS7Padding"; /** * RSA PKCS#1 v1.5 padding scheme for encryption. */ public static final String ENCRYPTION_PADDING_RSA_PKCS1 = "PKCS1Padding"; /** * RSA Optimal Asymmetric Encryption Padding (OAEP) scheme. */ public static final String ENCRYPTION_PADDING_RSA_OAEP = "OAEPPadding"; /** * @hide */ public static abstract class EncryptionPadding { private EncryptionPadding() {} public static int toKeymaster(@NonNull @EncryptionPaddingEnum String padding) { if (ENCRYPTION_PADDING_NONE.equalsIgnoreCase(padding)) { return KeymasterDefs.KM_PAD_NONE; } else if (ENCRYPTION_PADDING_PKCS7.equalsIgnoreCase(padding)) { return KeymasterDefs.KM_PAD_PKCS7; } else if (ENCRYPTION_PADDING_RSA_PKCS1.equalsIgnoreCase(padding)) { return KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_ENCRYPT; } else if (ENCRYPTION_PADDING_RSA_OAEP.equalsIgnoreCase(padding)) { return KeymasterDefs.KM_PAD_RSA_OAEP; } else { throw new IllegalArgumentException( "Unsupported encryption padding scheme: " + padding); } } @NonNull public static @EncryptionPaddingEnum String fromKeymaster(int padding) { switch (padding) { case KeymasterDefs.KM_PAD_NONE: return ENCRYPTION_PADDING_NONE; case KeymasterDefs.KM_PAD_PKCS7: return ENCRYPTION_PADDING_PKCS7; case KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_ENCRYPT: return ENCRYPTION_PADDING_RSA_PKCS1; case KeymasterDefs.KM_PAD_RSA_OAEP: return ENCRYPTION_PADDING_RSA_OAEP; default: throw new IllegalArgumentException( "Unsupported encryption padding: " + padding); } } @NonNull public static int[] allToKeymaster(@Nullable @EncryptionPaddingEnum String[] paddings) { if ((paddings == null) || (paddings.length == 0)) { return EmptyArray.INT; } int[] result = new int[paddings.length]; for (int i = 0; i < paddings.length; i++) { result[i] = toKeymaster(paddings[i]); } return result; } } /** * @hide */ @Retention(RetentionPolicy.SOURCE) @StringDef({ SIGNATURE_PADDING_RSA_PKCS1, SIGNATURE_PADDING_RSA_PSS, }) public @interface SignaturePaddingEnum {} /** * RSA PKCS#1 v1.5 padding for signatures. */ public static final String SIGNATURE_PADDING_RSA_PKCS1 = "PKCS1"; /** * RSA PKCS#1 v2.1 Probabilistic Signature Scheme (PSS) padding. */ public static final String SIGNATURE_PADDING_RSA_PSS = "PSS"; static abstract class SignaturePadding { private SignaturePadding() {} static int toKeymaster(@NonNull @SignaturePaddingEnum String padding) { switch (padding.toUpperCase(Locale.US)) { case SIGNATURE_PADDING_RSA_PKCS1: return KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN; case SIGNATURE_PADDING_RSA_PSS: return KeymasterDefs.KM_PAD_RSA_PSS; default: throw new IllegalArgumentException( "Unsupported signature padding scheme: " + padding); } } @NonNull static @SignaturePaddingEnum String fromKeymaster(int padding) { switch (padding) { case KeymasterDefs.KM_PAD_RSA_PKCS1_1_5_SIGN: return SIGNATURE_PADDING_RSA_PKCS1; case KeymasterDefs.KM_PAD_RSA_PSS: return SIGNATURE_PADDING_RSA_PSS; default: throw new IllegalArgumentException("Unsupported signature padding: " + padding); } } @NonNull static int[] allToKeymaster(@Nullable @SignaturePaddingEnum String[] paddings) { if ((paddings == null) || (paddings.length == 0)) { return EmptyArray.INT; } int[] result = new int[paddings.length]; for (int i = 0; i < paddings.length; i++) { result[i] = toKeymaster(paddings[i]); } return result; } } /** * @hide */ @Retention(RetentionPolicy.SOURCE) @StringDef({ DIGEST_NONE, DIGEST_MD5, DIGEST_SHA1, DIGEST_SHA224, DIGEST_SHA256, DIGEST_SHA384, DIGEST_SHA512, }) public @interface DigestEnum {} /** * No digest: sign/authenticate the raw message. * *
NOTE: If a key is authorized to be used with no digest, then it can be used with
* any digest.
*/
public static final String DIGEST_NONE = "NONE";
/**
* MD5 digest.
*/
public static final String DIGEST_MD5 = "MD5";
/**
* SHA-1 digest.
*/
public static final String DIGEST_SHA1 = "SHA-1";
/**
* SHA-2 224 (aka SHA-224) digest.
*/
public static final String DIGEST_SHA224 = "SHA-224";
/**
* SHA-2 256 (aka SHA-256) digest.
*/
public static final String DIGEST_SHA256 = "SHA-256";
/**
* SHA-2 384 (aka SHA-384) digest.
*/
public static final String DIGEST_SHA384 = "SHA-384";
/**
* SHA-2 512 (aka SHA-512) digest.
*/
public static final String DIGEST_SHA512 = "SHA-512";
/**
* @hide
*/
public static abstract class Digest {
private Digest() {}
public static int toKeymaster(@NonNull @DigestEnum String digest) {
switch (digest.toUpperCase(Locale.US)) {
case DIGEST_SHA1:
return KeymasterDefs.KM_DIGEST_SHA1;
case DIGEST_SHA224:
return KeymasterDefs.KM_DIGEST_SHA_2_224;
case DIGEST_SHA256:
return KeymasterDefs.KM_DIGEST_SHA_2_256;
case DIGEST_SHA384:
return KeymasterDefs.KM_DIGEST_SHA_2_384;
case DIGEST_SHA512:
return KeymasterDefs.KM_DIGEST_SHA_2_512;
case DIGEST_NONE:
return KeymasterDefs.KM_DIGEST_NONE;
case DIGEST_MD5:
return KeymasterDefs.KM_DIGEST_MD5;
default:
throw new IllegalArgumentException("Unsupported digest algorithm: " + digest);
}
}
@NonNull
public static @DigestEnum String fromKeymaster(int digest) {
switch (digest) {
case KeymasterDefs.KM_DIGEST_NONE:
return DIGEST_NONE;
case KeymasterDefs.KM_DIGEST_MD5:
return DIGEST_MD5;
case KeymasterDefs.KM_DIGEST_SHA1:
return DIGEST_SHA1;
case KeymasterDefs.KM_DIGEST_SHA_2_224:
return DIGEST_SHA224;
case KeymasterDefs.KM_DIGEST_SHA_2_256:
return DIGEST_SHA256;
case KeymasterDefs.KM_DIGEST_SHA_2_384:
return DIGEST_SHA384;
case KeymasterDefs.KM_DIGEST_SHA_2_512:
return DIGEST_SHA512;
default:
throw new IllegalArgumentException("Unsupported digest algorithm: " + digest);
}
}
@NonNull
public static @DigestEnum String fromKeymasterToSignatureAlgorithmDigest(int digest) {
switch (digest) {
case KeymasterDefs.KM_DIGEST_NONE:
return "NONE";
case KeymasterDefs.KM_DIGEST_MD5:
return "MD5";
case KeymasterDefs.KM_DIGEST_SHA1:
return "SHA1";
case KeymasterDefs.KM_DIGEST_SHA_2_224:
return "SHA224";
case KeymasterDefs.KM_DIGEST_SHA_2_256:
return "SHA256";
case KeymasterDefs.KM_DIGEST_SHA_2_384:
return "SHA384";
case KeymasterDefs.KM_DIGEST_SHA_2_512:
return "SHA512";
default:
throw new IllegalArgumentException("Unsupported digest algorithm: " + digest);
}
}
@NonNull
public static @DigestEnum String[] allFromKeymaster(@NonNull Collection