Change getAlgorithm value for EdDsa keys

common/src/main/java/org/conscrypt/OpenSslEdDsaKeyFactory.java

@@ -65,7 +65,8 @@ protected <T extends KeySpec> T engineGetKeySpec(Key key, Class<T> keySpec)
         if (keySpec == null) {
             throw new InvalidKeySpecException("keySpec == null");
         }
-        if (!key.getAlgorithm().equals("EdDSA") && !key.getAlgorithm().equals("Ed25519")) {
+        if (!key.getAlgorithm().equals("EdDSA") && !key.getAlgorithm().equals("Ed25519")
+                && !key.getAlgorithm().equals("1.3.101.112")) {
             throw new InvalidKeySpecException("Key must be an EdDSA or Ed25519 key");
         }
         if (key.getEncoded() == null) {

common/src/main/java/org/conscrypt/OpenSslEdDsaPrivateKey.java

@@ -65,9 +65,15 @@ public OpenSslEdDsaPrivateKey(byte[] raw) {
         }
     }
 
+    // This intentionally diverges from the OpenJDK implementation and JEP 339 (which return
+    // "EdDSA") to achieve backwards compatibility with the "AndroidKeyStore" provider, which
+    // supported generation of Ed25519 keys before Conscrypt did. Conscrypt's `getSigAlgName()`
+    // method returns the OID if there is no mapping to an algorithm name and the "AndroidKeyStore"
+    // provider therefore expects the OID as the algorithm name, even if Conscrypt now supports
+    // Ed25519 key generation (which otherwise aligns with JEP 339).
     @Override
     public String getAlgorithm() {
-        return "EdDSA";
+        return "1.3.101.112";
     }
 
     @Override

common/src/main/java/org/conscrypt/OpenSslEdDsaPublicKey.java

@@ -65,9 +65,15 @@ public OpenSslEdDsaPublicKey(byte[] coordinateBytes) {
         }
     }
 
+    // This intentionally diverges from the OpenJDK implementation and JEP 339 (which return
+    // "EdDSA") to achieve backwards compatibility with the "AndroidKeyStore" provider, which
+    // supported generation of Ed25519 keys before Conscrypt did. Conscrypt's `getSigAlgName()`
+    // method returns the OID if there is no mapping to an algorithm name and the "AndroidKeyStore"
+    // provider therefore expects the OID as the algorithm name, even if Conscrypt now supports
+    // Ed25519 key generation (which otherwise aligns with JEP 339).
     @Override
     public String getAlgorithm() {
-        return "EdDSA";
+        return "1.3.101.112";
     }
 
     @Override

common/src/test/java/org/conscrypt/EdDsaTest.java

@@ -236,7 +236,7 @@ public void convertPrivateKeyToAndFromKeySpec_works() throws Exception {
                 decodeHex("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60");
         KeyFactory keyFactory = KeyFactory.getInstance("Ed25519", conscryptProvider);
         PrivateKey privateKey = keyFactory.generatePrivate(new RawKeySpec(rawPrivateKey));
-        assertEquals("EdDSA", privateKey.getAlgorithm());
+        assertEquals("1.3.101.112", privateKey.getAlgorithm());
 
         // RawKeySpec returns the raw private key.
         RawKeySpec rawPrivateKeySpec = keyFactory.getKeySpec(privateKey, RawKeySpec.class);
@@ -269,7 +269,7 @@ public void convertPublicKeyToFromRawKeySpec_works() throws Exception {
                 decodeHex("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a");
         KeyFactory keyFactory = KeyFactory.getInstance("Ed25519", conscryptProvider);
         PublicKey publicKey = keyFactory.generatePublic(new RawKeySpec(rawPublicKey));
-        assertEquals("EdDSA", publicKey.getAlgorithm());
+        assertEquals("1.3.101.112", publicKey.getAlgorithm());
 
         // RawKeySpec returns the raw public key.
         RawKeySpec rawPublicKeySpec = keyFactory.getKeySpec(publicKey, RawKeySpec.class);

common/src/test/java/org/conscrypt/java/security/KeyPairGeneratorTest.java

@@ -244,6 +244,12 @@ private void test_Key(KeyPairGenerator kpg, Key k) throws Exception {
             // have algorithm "ML-DSA".
             expectedAlgorithm = "ML-DSA";
         }
+        if (expectedAlgorithm.startsWith("EDDSA")) {
+            // This intentionally diverges from the OpenJDK implementation and JEP 339 (which return
+            // "EdDSA") to achieve backwards compatibility with the "AndroidKeyStore" provider,
+            // which supported generation of Ed25519 keys before Conscrypt did.
+            expectedAlgorithm = "1.3.101.112";
+        }
         assertEquals(expectedAlgorithm, k.getAlgorithm().toUpperCase(Locale.ROOT));
         if (expectedAlgorithm.equals("DH")) {
             if (k instanceof DHPublicKey) {