Merge "Keystore: Wire up Ed25519 signing"

2 files changed, 24 insertions, 2 deletions

diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreBCWorkaroundProvider.java b/keystore/java/android/security/keystore2/AndroidKeyStoreBCWorkaroundProvider.java
index 9ad6f3adbd33..6fff52a20062 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreBCWorkaroundProvider.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreBCWorkaroundProvider.java
@@ -206,6 +206,8 @@ class AndroidKeyStoreBCWorkaroundProvider extends Provider {
 
         putSignatureImpl("NONEwithECDSA",
                 PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$NONE");
+        putSignatureImpl("Ed25519",
+                PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$Ed25519");
 
         putSignatureImpl("SHA1withECDSA", PACKAGE_NAME + ".AndroidKeyStoreECDSASignatureSpi$SHA1");
         put("Alg.Alias.Signature.ECDSA", "SHA1withECDSA");
diff --git a/keystore/java/android/security/keystore2/AndroidKeyStoreECDSASignatureSpi.java b/keystore/java/android/security/keystore2/AndroidKeyStoreECDSASignatureSpi.java
index 8289671de212..5216a908826b 100644
--- a/keystore/java/android/security/keystore2/AndroidKeyStoreECDSASignatureSpi.java
+++ b/keystore/java/android/security/keystore2/AndroidKeyStoreECDSASignatureSpi.java
@@ -29,7 +29,10 @@ import libcore.util.EmptyArray;
 import java.io.ByteArrayOutputStream;
 import java.security.InvalidKeyException;
 import java.security.SignatureSpi;
+import java.security.spec.NamedParameterSpec;
+import java.util.Arrays;
 import java.util.List;
+import java.util.Set;
 
 /**
  * Base class for {@link SignatureSpi} providing Android KeyStore backed ECDSA signatures.
@@ -37,6 +40,10 @@ import java.util.List;
  * @hide
  */
 abstract class AndroidKeyStoreECDSASignatureSpi extends AndroidKeyStoreSignatureSpiBase {
+    private static final Set<String> ACCEPTED_SIGNING_SCHEMES = Set.of(
+            KeyProperties.KEY_ALGORITHM_EC.toLowerCase(),
+            NamedParameterSpec.ED25519.getName().toLowerCase(),
+            "eddsa");
 
     public final static class NONE extends AndroidKeyStoreECDSASignatureSpi {
         public NONE() {
@@ -114,6 +121,18 @@ abstract class AndroidKeyStoreECDSASignatureSpi extends AndroidKeyStoreSignature
         }
     }
 
+    public static final class Ed25519 extends AndroidKeyStoreECDSASignatureSpi {
+        public Ed25519() {
+            // Ed25519 uses an internal digest system.
+            super(KeymasterDefs.KM_DIGEST_NONE);
+        }
+
+        @Override
+        protected String getAlgorithm() {
+            return NamedParameterSpec.ED25519.getName();
+        }
+    }
+
     public final static class SHA1 extends AndroidKeyStoreECDSASignatureSpi {
         public SHA1() {
             super(KeymasterDefs.KM_DIGEST_SHA1);
@@ -174,9 +193,10 @@ abstract class AndroidKeyStoreECDSASignatureSpi extends AndroidKeyStoreSignature
 
     @Override
     protected final void initKey(AndroidKeyStoreKey key) throws InvalidKeyException {
-        if (!KeyProperties.KEY_ALGORITHM_EC.equalsIgnoreCase(key.getAlgorithm())) {
+        if (!ACCEPTED_SIGNING_SCHEMES.contains(key.getAlgorithm().toLowerCase())) {
             throw new InvalidKeyException("Unsupported key algorithm: " + key.getAlgorithm()
-                    + ". Only" + KeyProperties.KEY_ALGORITHM_EC + " supported");
+                    + ". Only" + Arrays.toString(ACCEPTED_SIGNING_SCHEMES.stream().toArray())
+                    + " supported");
         }
 
         long keySizeBits = -1;