Loading keystore/java/android/security/CertTool.java +2 −2 Original line number Diff line number Diff line Loading @@ -72,7 +72,7 @@ public class CertTool { private native String getPkcs12PrivateKey(int handle); private native String popPkcs12CertificateStack(int handle); private native void freePkcs12Handle(int handle); private native String generateCertificateRequest(int bits, String subject); private native String generateCertificateRequest(int bits, String challenge); private native boolean isPkcs12Keystore(byte[] data); private native int generateX509Certificate(byte[] data); private native boolean isCaCertificate(int handle); Loading Loading @@ -124,7 +124,7 @@ public class CertTool { public String generateKeyPair(int keyStrengthIndex, String challenge, String dirName) { return generateCertificateRequest(getKeyLength(keyStrengthIndex), dirName); challenge); } private Intent prepareIntent(String title, byte[] data, String namespace, Loading keystore/jni/cert.c +22 −34 Original line number Diff line number Diff line Loading @@ -36,17 +36,17 @@ static char emsg[][30] = { STR(ERR_CONSTRUCT_NEW_DATA), STR(ERR_RSA_KEYGEN), STR(ERR_X509_PROCESS), STR(ERR_BIO_READ), STR(ERR_SPKAC_TOO_LONG), STR(ERR_INVALID_ARGS), }; static void save_in_store(X509_REQ *req, EVP_PKEY *pkey) static void save_in_store(EVP_PKEY *pkey) { EVP_PKEY *newpkey = EVP_PKEY_new(); RSA *rsa = EVP_PKEY_get1_RSA(pkey); EVP_PKEY_set1_RSA(newpkey, rsa); PKEY_STORE_free(pkey_store[store_index]); pkey_store[store_index].key_len = i2d_X509_PUBKEY(req->req_info->pubkey, &pkey_store[store_index].public_key); pkey_store[store_index].key_len = i2d_RSAPublicKey(rsa, &pkey_store[store_index].public_key); pkey_store[store_index++].pkey = newpkey; store_index %= KEYGEN_STORE_SIZE; RSA_free(rsa); Loading @@ -69,17 +69,19 @@ static EVP_PKEY *get_pkey_from_store(X509 *cert) return (i == KEYGEN_STORE_SIZE) ? NULL : pkey_store[i].pkey; } int gen_csr(int bits, const char *organizations, char reply[REPLY_MAX]) int gen_csr(int bits, const char *challenge, char reply[REPLY_MAX]) { int len, ret_code = 0; BIGNUM *bn = NULL; BIO *bio = NULL; char *spkstr = NULL; EVP_PKEY *pkey = NULL; RSA *rsa = NULL; X509_REQ *req = NULL; X509_NAME *name = NULL; NETSCAPE_SPKI *req = NULL; if ((bio = BIO_new(BIO_s_mem())) == NULL) goto err; if (challenge == NULL) { ret_code = ERR_INVALID_ARGS; goto err; } if ((bits != KEYLENGTH_MEDIUM) && (bits != KEYLENGTH_MAXIMUM)) { ret_code = ERR_INVALID_KEY_LENGTH; Loading @@ -87,7 +89,7 @@ int gen_csr(int bits, const char *organizations, char reply[REPLY_MAX]) } if (((pkey = EVP_PKEY_new()) == NULL) || ((req = X509_REQ_new()) == NULL) || ((req = NETSCAPE_SPKI_new()) == NULL) || ((rsa = RSA_new()) == NULL) || ((bn = BN_new()) == NULL)) { ret_code = ERR_CONSTRUCT_NEW_DATA; goto err; Loading @@ -100,40 +102,26 @@ int gen_csr(int bits, const char *organizations, char reply[REPLY_MAX]) goto err; } // rsa will be part of the req, it will be freed in X509_REQ_free(req) rsa = NULL; ASN1_STRING_set(req->spkac->challenge, challenge, (int)strlen(challenge)); NETSCAPE_SPKI_set_pubkey(req, pkey); NETSCAPE_SPKI_sign(req, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(req); X509_REQ_set_pubkey(req, pkey); name = X509_REQ_get_subject_name(req); X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char *)"US", -1, -1, 0); X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (const unsigned char *) ANDROID_KEYSTORE, -1, -1, 0); X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (const unsigned char *)organizations, -1, -1, 0); if (!X509_REQ_sign(req, pkey, EVP_md5()) || (PEM_write_bio_X509_REQ(bio, req) <= 0)) { ret_code = ERR_X509_PROCESS; goto err; } if ((len = BIO_read(bio, reply, REPLY_MAX - 1)) > 0) { reply[len] = 0; save_in_store(req, pkey); if ((strlcpy(reply, spkstr, REPLY_MAX)) < REPLY_MAX) { save_in_store(pkey); } else { ret_code = ERR_BIO_READ; ret_code = ERR_SPKAC_TOO_LONG; } err: if (rsa) RSA_free(rsa); if (bn) BN_free(bn); if (req) X509_REQ_free(req); if (req) NETSCAPE_SPKI_free(req); if (pkey) EVP_PKEY_free(pkey); if (bio) BIO_free(bio); if (spkstr) OPENSSL_free(spkstr); if ((ret_code > 0) && (ret_code < ERR_MAXIMUM)) LOGE(emsg[ret_code]); return ret_code; return -ret_code; } PKCS12 *get_p12_handle(const char *buf, int bufLen) Loading keystore/jni/cert.h +3 −2 Original line number Diff line number Diff line Loading @@ -32,8 +32,9 @@ #define ERR_CONSTRUCT_NEW_DATA 2 #define ERR_RSA_KEYGEN 3 #define ERR_X509_PROCESS 4 #define ERR_BIO_READ 5 #define ERR_MAXIMUM 6 #define ERR_SPKAC_TOO_LONG 5 #define ERR_INVALID_ARGS 6 #define ERR_MAXIMUM 7 typedef struct { EVP_PKEY *pkey; Loading Loading
keystore/java/android/security/CertTool.java +2 −2 Original line number Diff line number Diff line Loading @@ -72,7 +72,7 @@ public class CertTool { private native String getPkcs12PrivateKey(int handle); private native String popPkcs12CertificateStack(int handle); private native void freePkcs12Handle(int handle); private native String generateCertificateRequest(int bits, String subject); private native String generateCertificateRequest(int bits, String challenge); private native boolean isPkcs12Keystore(byte[] data); private native int generateX509Certificate(byte[] data); private native boolean isCaCertificate(int handle); Loading Loading @@ -124,7 +124,7 @@ public class CertTool { public String generateKeyPair(int keyStrengthIndex, String challenge, String dirName) { return generateCertificateRequest(getKeyLength(keyStrengthIndex), dirName); challenge); } private Intent prepareIntent(String title, byte[] data, String namespace, Loading
keystore/jni/cert.c +22 −34 Original line number Diff line number Diff line Loading @@ -36,17 +36,17 @@ static char emsg[][30] = { STR(ERR_CONSTRUCT_NEW_DATA), STR(ERR_RSA_KEYGEN), STR(ERR_X509_PROCESS), STR(ERR_BIO_READ), STR(ERR_SPKAC_TOO_LONG), STR(ERR_INVALID_ARGS), }; static void save_in_store(X509_REQ *req, EVP_PKEY *pkey) static void save_in_store(EVP_PKEY *pkey) { EVP_PKEY *newpkey = EVP_PKEY_new(); RSA *rsa = EVP_PKEY_get1_RSA(pkey); EVP_PKEY_set1_RSA(newpkey, rsa); PKEY_STORE_free(pkey_store[store_index]); pkey_store[store_index].key_len = i2d_X509_PUBKEY(req->req_info->pubkey, &pkey_store[store_index].public_key); pkey_store[store_index].key_len = i2d_RSAPublicKey(rsa, &pkey_store[store_index].public_key); pkey_store[store_index++].pkey = newpkey; store_index %= KEYGEN_STORE_SIZE; RSA_free(rsa); Loading @@ -69,17 +69,19 @@ static EVP_PKEY *get_pkey_from_store(X509 *cert) return (i == KEYGEN_STORE_SIZE) ? NULL : pkey_store[i].pkey; } int gen_csr(int bits, const char *organizations, char reply[REPLY_MAX]) int gen_csr(int bits, const char *challenge, char reply[REPLY_MAX]) { int len, ret_code = 0; BIGNUM *bn = NULL; BIO *bio = NULL; char *spkstr = NULL; EVP_PKEY *pkey = NULL; RSA *rsa = NULL; X509_REQ *req = NULL; X509_NAME *name = NULL; NETSCAPE_SPKI *req = NULL; if ((bio = BIO_new(BIO_s_mem())) == NULL) goto err; if (challenge == NULL) { ret_code = ERR_INVALID_ARGS; goto err; } if ((bits != KEYLENGTH_MEDIUM) && (bits != KEYLENGTH_MAXIMUM)) { ret_code = ERR_INVALID_KEY_LENGTH; Loading @@ -87,7 +89,7 @@ int gen_csr(int bits, const char *organizations, char reply[REPLY_MAX]) } if (((pkey = EVP_PKEY_new()) == NULL) || ((req = X509_REQ_new()) == NULL) || ((req = NETSCAPE_SPKI_new()) == NULL) || ((rsa = RSA_new()) == NULL) || ((bn = BN_new()) == NULL)) { ret_code = ERR_CONSTRUCT_NEW_DATA; goto err; Loading @@ -100,40 +102,26 @@ int gen_csr(int bits, const char *organizations, char reply[REPLY_MAX]) goto err; } // rsa will be part of the req, it will be freed in X509_REQ_free(req) rsa = NULL; ASN1_STRING_set(req->spkac->challenge, challenge, (int)strlen(challenge)); NETSCAPE_SPKI_set_pubkey(req, pkey); NETSCAPE_SPKI_sign(req, pkey, EVP_md5()); spkstr = NETSCAPE_SPKI_b64_encode(req); X509_REQ_set_pubkey(req, pkey); name = X509_REQ_get_subject_name(req); X509_NAME_add_entry_by_txt(name, "C", MBSTRING_ASC, (const unsigned char *)"US", -1, -1, 0); X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_ASC, (const unsigned char *) ANDROID_KEYSTORE, -1, -1, 0); X509_NAME_add_entry_by_txt(name, "O", MBSTRING_ASC, (const unsigned char *)organizations, -1, -1, 0); if (!X509_REQ_sign(req, pkey, EVP_md5()) || (PEM_write_bio_X509_REQ(bio, req) <= 0)) { ret_code = ERR_X509_PROCESS; goto err; } if ((len = BIO_read(bio, reply, REPLY_MAX - 1)) > 0) { reply[len] = 0; save_in_store(req, pkey); if ((strlcpy(reply, spkstr, REPLY_MAX)) < REPLY_MAX) { save_in_store(pkey); } else { ret_code = ERR_BIO_READ; ret_code = ERR_SPKAC_TOO_LONG; } err: if (rsa) RSA_free(rsa); if (bn) BN_free(bn); if (req) X509_REQ_free(req); if (req) NETSCAPE_SPKI_free(req); if (pkey) EVP_PKEY_free(pkey); if (bio) BIO_free(bio); if (spkstr) OPENSSL_free(spkstr); if ((ret_code > 0) && (ret_code < ERR_MAXIMUM)) LOGE(emsg[ret_code]); return ret_code; return -ret_code; } PKCS12 *get_p12_handle(const char *buf, int bufLen) Loading
keystore/jni/cert.h +3 −2 Original line number Diff line number Diff line Loading @@ -32,8 +32,9 @@ #define ERR_CONSTRUCT_NEW_DATA 2 #define ERR_RSA_KEYGEN 3 #define ERR_X509_PROCESS 4 #define ERR_BIO_READ 5 #define ERR_MAXIMUM 6 #define ERR_SPKAC_TOO_LONG 5 #define ERR_INVALID_ARGS 6 #define ERR_MAXIMUM 7 typedef struct { EVP_PKEY *pkey; Loading
