AndroidKeyStore.java revision a3f6a49ab37290eeeb8db0f41ec0f1cb74a68be7
1// Copyright 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5package org.chromium.net; 6 7import android.util.Log; 8 9import org.chromium.base.CalledByNative; 10import org.chromium.base.JNINamespace; 11 12import java.lang.reflect.Method; 13import java.security.NoSuchAlgorithmException; 14import java.security.PrivateKey; 15import java.security.Signature; 16import java.security.interfaces.DSAKey; 17import java.security.interfaces.DSAParams; 18import java.security.interfaces.DSAPrivateKey; 19import java.security.interfaces.ECKey; 20import java.security.interfaces.ECPrivateKey; 21import java.security.interfaces.RSAKey; 22import java.security.interfaces.RSAPrivateKey; 23import java.security.spec.ECParameterSpec; 24 25@JNINamespace("net::android") 26public class AndroidKeyStore { 27 28 private static final String TAG = "AndroidKeyStore"; 29 30 //////////////////////////////////////////////////////////////////// 31 // 32 // Message signing support. 33 34 /** 35 * Returns the public modulus of a given RSA private key as a byte 36 * buffer. 37 * This can be used by native code to convert the modulus into 38 * an OpenSSL BIGNUM object. Required to craft a custom native RSA 39 * object where RSA_size() works as expected. 40 * 41 * @param key A PrivateKey instance, must implement RSAKey. 42 * @return A byte buffer corresponding to the modulus. This is 43 * big-endian representation of a BigInteger. 44 */ 45 @CalledByNative 46 public static byte[] getRSAKeyModulus(PrivateKey key) { 47 if (key instanceof RSAKey) { 48 return ((RSAKey) key).getModulus().toByteArray(); 49 } else { 50 Log.w(TAG, "Not a RSAKey instance!"); 51 return null; 52 } 53 } 54 55 /** 56 * Returns the 'Q' parameter of a given DSA private key as a byte 57 * buffer. 58 * This can be used by native code to convert it into an OpenSSL BIGNUM 59 * object where DSA_size() works as expected. 60 * 61 * @param key A PrivateKey instance. Must implement DSAKey. 62 * @return A byte buffer corresponding to the Q parameter. This is 63 * a big-endian representation of a BigInteger. 64 */ 65 @CalledByNative 66 public static byte[] getDSAKeyParamQ(PrivateKey key) { 67 if (key instanceof DSAKey) { 68 DSAParams params = ((DSAKey) key).getParams(); 69 return params.getQ().toByteArray(); 70 } else { 71 Log.w(TAG, "Not a DSAKey instance!"); 72 return null; 73 } 74 } 75 76 /** 77 * Returns the 'order' parameter of a given ECDSA private key as a 78 * a byte buffer. 79 * @param key A PrivateKey instance. Must implement ECKey. 80 * @return A byte buffer corresponding to the 'order' parameter. 81 * This is a big-endian representation of a BigInteger. 82 */ 83 @CalledByNative 84 public static byte[] getECKeyOrder(PrivateKey key) { 85 if (key instanceof ECKey) { 86 ECParameterSpec params = ((ECKey) key).getParams(); 87 return params.getOrder().toByteArray(); 88 } else { 89 Log.w(TAG, "Not an ECKey instance!"); 90 return null; 91 } 92 } 93 94 /** 95 * Returns the encoded data corresponding to a given PrivateKey. 96 * Note that this will fail for platform keys on Android 4.0.4 97 * and higher. It can be used on 4.0.3 and older platforms to 98 * route around the platform bug described below. 99 * @param key A PrivateKey instance 100 * @return encoded key as PKCS#8 byte array, can be null. 101 */ 102 @CalledByNative 103 public static byte[] getPrivateKeyEncodedBytes(PrivateKey key) { 104 return key.getEncoded(); 105 } 106 107 /** 108 * Sign a given message with a given PrivateKey object. This method 109 * shall only be used to implement signing in the context of SSL 110 * client certificate support. 111 * 112 * The message will actually be a hash, computed by OpenSSL itself, 113 * depending on the type of the key. The result should match exactly 114 * what the vanilla implementations of the following OpenSSL function 115 * calls do: 116 * 117 * - For a RSA private key, this should be equivalent to calling 118 * RSA_private_encrypt(..., RSA_PKCS1_PADDING), i.e. it must 119 * generate a raw RSA signature. The message must be either a 120 * combined, 36-byte MD5+SHA1 message digest or a DigestInfo 121 * value wrapping a message digest. 122 * 123 * - For a DSA and ECDSA private keys, this should be equivalent to 124 * calling DSA_sign(0,...) and ECDSA_sign(0,...) respectively. The 125 * message must be a hash and the function shall compute a direct 126 * DSA/ECDSA signature for it. 127 * 128 * @param privateKey The PrivateKey handle. 129 * @param message The message to sign. 130 * @return signature as a byte buffer. 131 * 132 * Important: Due to a platform bug, this function will always fail on 133 * Android < 4.2 for RSA PrivateKey objects. See the 134 * getOpenSSLHandleForPrivateKey() below for work-around. 135 */ 136 @CalledByNative 137 public static byte[] rawSignDigestWithPrivateKey(PrivateKey privateKey, 138 byte[] message) { 139 // Get the Signature for this key. 140 Signature signature = null; 141 // Hint: Algorithm names come from: 142 // http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html 143 try { 144 if (privateKey instanceof RSAPrivateKey) { 145 // IMPORTANT: Due to a platform bug, this will throw NoSuchAlgorithmException 146 // on Android 4.0.x and 4.1.x. Fixed in 4.2 and higher. 147 // See https://android-review.googlesource.com/#/c/40352/ 148 signature = Signature.getInstance("NONEwithRSA"); 149 } else if (privateKey instanceof DSAPrivateKey) { 150 signature = Signature.getInstance("NONEwithDSA"); 151 } else if (privateKey instanceof ECPrivateKey) { 152 signature = Signature.getInstance("NONEwithECDSA"); 153 } 154 } catch (NoSuchAlgorithmException e) { 155 ; 156 } 157 158 if (signature == null) { 159 Log.e(TAG, "Unsupported private key algorithm: " + privateKey.getAlgorithm()); 160 return null; 161 } 162 163 // Sign the message. 164 try { 165 signature.initSign(privateKey); 166 signature.update(message); 167 return signature.sign(); 168 } catch (Exception e) { 169 Log.e(TAG, "Exception while signing message with " + privateKey.getAlgorithm() + 170 " private key: " + e); 171 return null; 172 } 173 } 174 175 /** 176 * Return the type of a given PrivateKey object. This is an integer 177 * that maps to one of the values defined by org.chromium.net.PrivateKeyType, 178 * which is itself auto-generated from net/android/private_key_type_list.h 179 * @param privateKey The PrivateKey handle 180 * @return key type, or PrivateKeyType.INVALID if unknown. 181 */ 182 @CalledByNative 183 public static int getPrivateKeyType(PrivateKey privateKey) { 184 if (privateKey instanceof RSAPrivateKey) 185 return PrivateKeyType.RSA; 186 if (privateKey instanceof DSAPrivateKey) 187 return PrivateKeyType.DSA; 188 if (privateKey instanceof ECPrivateKey) 189 return PrivateKeyType.ECDSA; 190 else 191 return PrivateKeyType.INVALID; 192 } 193 194 /** 195 * Return the system EVP_PKEY handle corresponding to a given PrivateKey 196 * object, obtained through reflection. 197 * 198 * This shall only be used when the "NONEwithRSA" signature is not 199 * available, as described in rawSignDigestWithPrivateKey(). I.e. 200 * never use this on Android 4.2 or higher. 201 * 202 * This can only work in Android 4.0.4 and higher, for older versions 203 * of the platform (e.g. 4.0.3), there is no system OpenSSL EVP_PKEY, 204 * but the private key contents can be retrieved directly with 205 * the getEncoded() method. 206 * 207 * This assumes that the target device uses a vanilla AOSP 208 * implementation of its java.security classes, which is also 209 * based on OpenSSL (fortunately, no OEM has apperently changed to 210 * a different implementation, according to the Android team). 211 * 212 * Note that the object returned was created with the platform version 213 * of OpenSSL, and _not_ the one that comes with Chromium. Whether the 214 * object can be used safely with the Chromium OpenSSL library depends 215 * on differences between their actual ABI / implementation details. 216 * 217 * To better understand what's going on below, please refer to the 218 * following source files in the Android 4.0.4 and 4.1 source trees: 219 * libcore/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLRSAPrivateKey.java 220 * libcore/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp 221 * 222 * @param privateKey The PrivateKey handle. 223 * @return The EVP_PKEY handle, as a 32-bit integer (0 if not available) 224 */ 225 @CalledByNative 226 public static int getOpenSSLHandleForPrivateKey(PrivateKey privateKey) { 227 // Sanity checks 228 if (privateKey == null) { 229 Log.e(TAG, "privateKey == null"); 230 return 0; 231 } 232 if (!(privateKey instanceof RSAPrivateKey)) { 233 Log.e(TAG, "does not implement RSAPrivateKey"); 234 return 0; 235 } 236 // First, check that this is a proper instance of OpenSSLRSAPrivateKey 237 // or one of its sub-classes. 238 Class<?> superClass; 239 try { 240 superClass = Class.forName( 241 "org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey"); 242 } catch (Exception e) { 243 // This may happen if the target device has a completely different 244 // implementation of the java.security APIs, compared to vanilla 245 // Android. Highly unlikely, but still possible. 246 Log.e(TAG, "Cannot find system OpenSSLRSAPrivateKey class: " + e); 247 return 0; 248 } 249 if (!superClass.isInstance(privateKey)) { 250 // This may happen if the PrivateKey was not created by the "AndroidOpenSSL" 251 // provider, which should be the default. That could happen if an OEM decided 252 // to implement a different default provider. Also highly unlikely. 253 Log.e(TAG, "Private key is not an OpenSSLRSAPrivateKey instance, its class name is:" + 254 privateKey.getClass().getCanonicalName()); 255 return 0; 256 } 257 258 try { 259 // Use reflection to invoke the 'getOpenSSLKey()' method on 260 // the private key. This returns another Java object that wraps 261 // a native EVP_PKEY. Note that the method is final, so calling 262 // the superclass implementation is ok. 263 Method getKey = superClass.getDeclaredMethod("getOpenSSLKey"); 264 getKey.setAccessible(true); 265 Object opensslKey = null; 266 try { 267 opensslKey = getKey.invoke(privateKey); 268 } finally { 269 getKey.setAccessible(false); 270 } 271 if (opensslKey == null) { 272 // Bail when detecting OEM "enhancement". 273 Log.e(TAG, "getOpenSSLKey() returned null"); 274 return 0; 275 } 276 277 // Use reflection to invoke the 'getPkeyContext' method on the 278 // result of the getOpenSSLKey(). This is an 32-bit integer 279 // which is the address of an EVP_PKEY object. 280 Method getPkeyContext; 281 try { 282 getPkeyContext = opensslKey.getClass().getDeclaredMethod("getPkeyContext"); 283 } catch (Exception e) { 284 // Bail here too, something really not working as expected. 285 Log.e(TAG, "No getPkeyContext() method on OpenSSLKey member:" + e); 286 return 0; 287 } 288 getPkeyContext.setAccessible(true); 289 int evp_pkey = 0; 290 try { 291 evp_pkey = (Integer) getPkeyContext.invoke(opensslKey); 292 } finally { 293 getPkeyContext.setAccessible(false); 294 } 295 if (evp_pkey == 0) { 296 // The PrivateKey is probably rotten for some reason. 297 Log.e(TAG, "getPkeyContext() returned null"); 298 } 299 return evp_pkey; 300 301 } catch (Exception e) { 302 Log.e(TAG, "Exception while trying to retrieve system EVP_PKEY handle: " + e); 303 return 0; 304 } 305 } 306} 307