Fix Android cryptographic key pair storage.

This patch fixes an issue with the way public/private key pairs that were generated from keygen are installed on the system. - First, the generated data bytes were not in a format that the system supports. - Second, the public and private key pairs were swapped when they were sent to the CertInstaller activity. This fixes both issues at the same time. BUG=124660 Review URL: https://chromiumcodereview.appspot.com/11260015 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@164088 0039d316-1c4b-4281-b951-d872f2087c98
author: digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-10-25 16:28:44 +0000
committer: digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2012-10-25 16:28:44 +0000
commit: 547d54cfb170b6571053587a3b8f618ff21d26ed (patch)
tree: 8fc9012a94ba6c4832b8a9eb98365ea49b836653 /net/android
parent: 5a5451fa96d619004b3edf86aee73c4aa30f4246 (diff)
download: chromium_src-547d54cfb170b6571053587a3b8f618ff21d26ed.zip
chromium_src-547d54cfb170b6571053587a3b8f618ff21d26ed.tar.gz
chromium_src-547d54cfb170b6571053587a3b8f618ff21d26ed.tar.bz2
2 files changed, 26 insertions, 11 deletions
diff --git a/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java b/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java
index 28208a7..ff05ec8 100644
--- a/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java
+++ b/net/android/java/src/org/chromium/net/AndroidNetworkLibrary.java
@@ -7,6 +7,7 @@ package org.chromium.net;
 import android.content.ActivityNotFoundException;
 import android.content.Context;
 import android.content.Intent;
+import android.security.KeyChain;
 import android.util.Log;
 
 import org.chromium.base.CalledByNative;
@@ -30,24 +31,31 @@ class AndroidNetworkLibrary {
     private static final String TAG = AndroidNetworkLibrary.class.getName();
 
     /**
-     * Stores the key pair into the CertInstaller application.
+     * Stores the key pair through the CertInstaller activity.
+     * @param context: current application context.
+     * @param public_key: The public key bytes as DER-encoded SubjectPublicKeyInfo (X.509)
+     * @param private_key: The private key as DER-encoded PrivateKeyInfo (PKCS#8).
+     * @return: true on success, false on failure.
+     *
+     * Note that failure means that the function could not launch the CertInstaller
+     * activity. Whether the keys are valid or properly installed will be indicated
+     * by the CertInstaller UI itself.
      */
     @CalledByNative
     static public boolean storeKeyPair(Context context, byte[] public_key, byte[] private_key) {
-        // This is based on android.security.Credentials.install()
-        // TODO(joth): Use KeyChain API instead of hard-coding constants here:
-        // http://crbug.com/124660
+        // TODO(digit): Use KeyChain official extra values to pass the public and private
+        // keys when they're available. The "KEY" and "PKEY" hard-coded constants were taken
+        // from the platform sources, since there are no official KeyChain.EXTRA_XXX definitions
+        // for them. b/5859651
         try {
-            Intent intent = new Intent("android.credentials.INSTALL");
-            intent.setClassName("com.android.certinstaller",
-                    "com.android.certinstaller.CertInstallerMain");
-            intent.putExtra("KEY", private_key);
-            intent.putExtra("PKEY", public_key);
+            Intent intent = KeyChain.createInstallIntent();
+            intent.putExtra("PKEY", private_key);
+            intent.putExtra("KEY", public_key);
             intent.addFlags(Intent.FLAG_ACTIVITY_NEW_TASK);
             context.startActivity(intent);
             return true;
         } catch (ActivityNotFoundException e) {
-            Log.w(TAG, "could not store certificate: " + e);
+            Log.w(TAG, "could not store key pair: " + e);
         }
         return false;
     }
diff --git a/net/android/network_library.h b/net/android/network_library.h
index a0cf7d3..7836b55 100644
--- a/net/android/network_library.h
+++ b/net/android/network_library.h
@@ -33,7 +33,14 @@ VerifyResult VerifyX509CertChain(const std::vector<std::string>& cert_chain,
                                  const std::string& auth_type);
 
 // Helper for the <keygen> handler. Passes the DER-encoded key  pair via
-// JNI to the Credentials store.
+// JNI to the Credentials store. Note that the public key must be a DER
+// encoded SubjectPublicKeyInfo (X.509), as returned by i2d_PUBKEY()
+// (and *not* i2d_PublicKey(), which returns a PKCS#1 key).
+//
+// Also, the private key must be in PKCS#8 format, as returned by
+// i2d_PKCS8_PRIV_KEY_INFO(EVP_PKEY2PKCS8(pkey)), which is a different
+// format than what i2d_PrivateKey() returns, so don't use it either.
+//
 bool StoreKeyPair(const uint8* public_key,
                   size_t public_len,
                   const uint8* private_key,
author	digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-10-25 16:28:44 +0000
committer	digit@chromium.org <digit@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2012-10-25 16:28:44 +0000
commit	547d54cfb170b6571053587a3b8f618ff21d26ed (patch)
tree	8fc9012a94ba6c4832b8a9eb98365ea49b836653 /net/android
parent	5a5451fa96d619004b3edf86aee73c4aa30f4246 (diff)
download	chromium_src-547d54cfb170b6571053587a3b8f618ff21d26ed.zip chromium_src-547d54cfb170b6571053587a3b8f618ff21d26ed.tar.gz chromium_src-547d54cfb170b6571053587a3b8f618ff21d26ed.tar.bz2