diff options
author | Eran Messeri <eranm@google.com> | 2019-03-05 15:30:16 +0000 |
---|---|---|
committer | Eran Messeri <eranm@google.com> | 2019-03-07 13:48:47 +0000 |
commit | c3ddd7691366c76dc0c249cd2096b4d5b06d92f3 (patch) | |
tree | 7b45ce79333ca87afdfbed872e9741abc3b1f6f7 | |
parent | e2614760243f43a3f8b7887bb7feab3b2b8f68f3 (diff) | |
download | CertInstaller-c3ddd7691366c76dc0c249cd2096b4d5b06d92f3.tar.gz |
Fix key algorithm serialization
The CredentialHelper assumed that the key algorithm for the private key
imported was always RSA.
Fix that incorrect assumption by saving the user key algorithm.
Bug: 127385358
Test: Manual, install EC key.
Change-Id: I3e1e1e7249f78f15a38d80584f7f969acdc2de24
-rw-r--r-- | res/values/strings.xml | 2 | ||||
-rw-r--r-- | src/com/android/certinstaller/CredentialHelper.java | 17 |
2 files changed, 14 insertions, 5 deletions
diff --git a/res/values/strings.xml b/res/values/strings.xml index ebe3c1a..020a014 100644 --- a/res/values/strings.xml +++ b/res/values/strings.xml @@ -38,6 +38,8 @@ <!-- Item found in the PKCS12 keystore being investigated [CHAR LIMIT=NONE] --> <string name="one_userkey">one user key</string> + <!-- Type of key found in the PKCS12 keystore being investigated [CHAR LIMIT=NONE] --> + <string name="userkey_type">Algorithm: </string> <!-- Item found in the PKCS12 keystore being investigated [CHAR LIMIT=NONE] --> <string name="one_usercrt">one user certificate</string> <!-- Item found in the PKCS12 keystore being investigated [CHAR LIMIT=NONE] --> diff --git a/src/com/android/certinstaller/CredentialHelper.java b/src/com/android/certinstaller/CredentialHelper.java index 9a222d4..72219c8 100644 --- a/src/com/android/certinstaller/CredentialHelper.java +++ b/src/com/android/certinstaller/CredentialHelper.java @@ -61,6 +61,7 @@ import java.util.List; class CredentialHelper { private static final String DATA_KEY = "data"; private static final String CERTS_KEY = "crts"; + private static final String USER_KEY_ALGORITHM = "user_key_algorithm"; private static final String TAG = "CredentialHelper"; @@ -106,6 +107,8 @@ class CredentialHelper { outStates.putString(KeyChain.EXTRA_NAME, mName); outStates.putInt(Credentials.EXTRA_INSTALL_AS_UID, mUid); if (mUserKey != null) { + Log.d(TAG, "Key algorithm: " + mUserKey.getAlgorithm()); + outStates.putString(USER_KEY_ALGORITHM, mUserKey.getAlgorithm()); outStates.putByteArray(Credentials.USER_PRIVATE_KEY, mUserKey.getEncoded()); } @@ -126,9 +129,11 @@ class CredentialHelper { mBundle = (HashMap) savedStates.getSerializable(DATA_KEY); mName = savedStates.getString(KeyChain.EXTRA_NAME); mUid = savedStates.getInt(Credentials.EXTRA_INSTALL_AS_UID, -1); - byte[] bytes = savedStates.getByteArray(Credentials.USER_PRIVATE_KEY); - if (bytes != null) { - setPrivateKey(bytes); + String userKeyAlgorithm = savedStates.getString(USER_KEY_ALGORITHM); + byte[] userKeyBytes = savedStates.getByteArray(Credentials.USER_PRIVATE_KEY); + Log.d(TAG, "Loaded key algorithm: " + userKeyAlgorithm); + if (userKeyAlgorithm != null && userKeyBytes != null) { + setPrivateKey(userKeyAlgorithm, userKeyBytes); } ArrayList<byte[]> certs = Util.fromBytes(savedStates.getByteArray(CERTS_KEY)); @@ -201,9 +206,9 @@ class CredentialHelper { return (mUserKey != null) || hasUserCertificate() || hasCaCerts(); } - void setPrivateKey(byte[] bytes) { + void setPrivateKey(String algorithm, byte[] bytes) { try { - KeyFactory keyFactory = KeyFactory.getInstance("RSA"); + KeyFactory keyFactory = KeyFactory.getInstance(algorithm); mUserKey = keyFactory.generatePrivate(new PKCS8EncodedKeySpec(bytes)); } catch (NoSuchAlgorithmException e) { throw new AssertionError(e); @@ -230,6 +235,8 @@ class CredentialHelper { String newline = "<br>"; if (mUserKey != null) { sb.append(context.getString(R.string.one_userkey)).append(newline); + sb.append(context.getString(R.string.userkey_type)).append(mUserKey.getAlgorithm()) + .append(newline); } if (mUserCert != null) { sb.append(context.getString(R.string.one_usercrt)).append(newline); |