Fix Android cryptographic key pair storage.

This patch fixes an issue with the way public/private key pairs
that were generated from keygen are installed on the system.

- First, the generated data bytes were not in a format that
  the system supports.

- Second, the public and private key pairs were swapped when
  they were sent to the CertInstaller activity.

This fixes both issues at the same time.

BUG=124660


Review URL: https://chromiumcodereview.appspot.com/11260015

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@164088 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 1 deletions

diff --git a/net/android/network_library.h b/net/android/network_library.h
index a0cf7d3..7836b55 100644
--- a/net/android/network_library.h
+++ b/net/android/network_library.h
@@ -33,7 +33,14 @@ VerifyResult VerifyX509CertChain(const std::vector<std::string>& cert_chain,
                                  const std::string& auth_type);
 
 // Helper for the <keygen> handler. Passes the DER-encoded key  pair via
-// JNI to the Credentials store.
+// JNI to the Credentials store. Note that the public key must be a DER
+// encoded SubjectPublicKeyInfo (X.509), as returned by i2d_PUBKEY()
+// (and *not* i2d_PublicKey(), which returns a PKCS#1 key).
+//
+// Also, the private key must be in PKCS#8 format, as returned by
+// i2d_PKCS8_PRIV_KEY_INFO(EVP_PKEY2PKCS8(pkey)), which is a different
+// format than what i2d_PrivateKey() returns, so don't use it either.
+//
 bool StoreKeyPair(const uint8* public_key,
                   size_t public_len,
                   const uint8* private_key,