Add net/android/keystore.h

net/android/java/src/org/chromium/net/AndroidKeyStore.java

Index: net/android/java/src/org/chromium/net/AndroidKeyStore.java
diff --git a/net/android/java/src/org/chromium/net/AndroidKeyStore.java b/net/android/java/src/org/chromium/net/AndroidKeyStore.java
new file mode 100644
index 0000000000000000000000000000000000000000..a322ccb3392faacc9c14912bfddfbca2b9208701
--- /dev/null
+++ b/net/android/java/src/org/chromium/net/AndroidKeyStore.java
@@ -0,0 +1,213 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+package org.chromium.net;
+
+import android.util.Log;
+
+import java.lang.reflect.InvocationTargetException;
+import java.lang.reflect.Method;
+import java.security.interfaces.DSAPrivateKey;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.RSAPrivateKey;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.Signature;
+
+import org.chromium.base.CalledByNative;
+import org.chromium.base.JNINamespace;
+import org.chromium.net.PrivateKeyType;;
+
+@JNINamespace("net::android")
+public class AndroidKeyStore {
+
+    private static final String TAG = AndroidKeyStore.class.getName();
+
+    ////////////////////////////////////////////////////////////////////
+    //
+    // Message signing support.
+    //
+
+    /**
+     * Called from native code to sign a given message with a given
+     * PrivateKey object. This is used to implement SSL client certificate
+     * support through OpenSSL. Thus, it must match the behaviour of the
+     * OpenSSL RSA_sign() / DSA_sign() / ECDSA_sign() functions.
+     * @param privateKey The PrivateKey handle.
+     * @param message The message to sign.

[agl, 2013/01/30 14:28:53]

I'm assuming here that |message| has already been hashed? In the case of RSA
PKCS#1, the message also needs to be wrapped in ASN.1 that describes the hash
function used so I guess that's included for the RSA case too?

Probably worth mentioning that in the comment here.

[digit1, 2013/01/30 16:55:01]

Yes, what the function receives is the actual hash computed by OpenSSL itself,
and it should behave exactly like RSA_sign(NID_md5_sha1,...), since that's what
the library is going to end up calling. I'll update the comment to be more
precise, e.g. copying from the OpenSSL doc:
 """
  If type is NID_md5_sha1, an SSL signature (MD5 and SHA1 message digests with
PKCS #1 padding and no algorithm identifier) is created.
 """

+     * @return signature as a byte buffer.
+     *
+     * Important: Due to a platform bug, this function will always fail on
+     *            Android < 4.2 for RSA PrivateKey objects. See the
+     *            getOpenSSLHandleForPrivateKey() below for work-around.
+     */
+    @CalledByNative
+    public static byte[] signWithPrivateKey(PrivateKey privateKey,

[Ryan Sleevi, 2013/01/31 03:09:53]

perhaps name this "rawSignWithPrivateKey", since it's relying on |message| being
a fully formatted/padded message that is <= modulus length?

[digit1, 2013/01/31 17:44:30]

Done.

+                                            byte[] message) {
+        // Get the Signature for this key.
+        Signature signature = null;
+        // Hint: Algorithm names come from:
+        // http://docs.oracle.com/javase/6/docs/technotes/guides/security/StandardNames.html
+        try {
+            if (privateKey instanceof RSAPrivateKey) {
+                // IMPORTANT: Due to what looks like a platform bug, this will
+                // throw NoSuchAlgorithmException on Android 4.0.x and 4.1.x. Fixed in 4.2
+                // and higher. See https://android-review.googlesource.com/#/c/40352/
+                signature = Signature.getInstance("NONEwithRSA");
+            } else if (privateKey instanceof DSAPrivateKey) {
+                signature = Signature.getInstance("NONEwithDSA");
+            } else if (privateKey instanceof ECPrivateKey) {
+                signature = Signature.getInstance("NONEwithECDSA");
+            }
+        } catch (NoSuchAlgorithmException e) {
+            ;
+        }
+
+        if (signature == null) {
+            Log.e(TAG, "Unsupported private key algorithm: " + privateKey.getAlgorithm());
+            return null;
+        }
+
+        // Sign the message.
+        try {
+            signature.initSign(privateKey);
+            signature.update(message);
+            return signature.sign();
+        } catch (Exception e) {
+            Log.e(TAG, "Exception while signing message with " + privateKey.getAlgorithm() +
+                        " private key: " + e);
+            return null;
+        }
+    }
+
+    /**
+     * Called from native code to return the type of a given PrivateKey
+     * object. This is an integer that maps to one of the values defined
+     * by org.chromium.net.PrivateKeyType, which is itself
+     * auto-generated from net/android/private_key_type_list.h
+     * @param privateKey The PrivateKey handle
+     * @return key type, or PrivateKeyType.INVALID if unknown.
+     */
+    @CalledByNative
+    public static int getPrivateKeyType(PrivateKey privateKey) {
+        if (privateKey instanceof RSAPrivateKey)
+            return PrivateKeyType.RSA;
+        if (privateKey instanceof DSAPrivateKey)
+            return PrivateKeyType.DSA;
+        if (privateKey instanceof ECPrivateKey)
+            return PrivateKeyType.ECDSA;
+        else
+            return PrivateKeyType.INVALID;
+    }
+
+    /**
+     * Called from native code to return the system EVP_PKEY handle
+     * corresponding to a given PrivateKey object, obtained through
+     * reflection (a.k.a. "Evil Hack").
+     *
+     * This shall only be used for RSA private keys on Android 4.0 and
+     * 4.1 in order to work around the platform bug described in the
+     * signWithPrivateKey() comment above (namely that the NONEwithRSA
+     * signature is not available before Android 4.2).
+     *
+     * This assumes that the target device uses a vanilla AOSP
+     * implementation of its java.security classes, which is also
+     * based on OpenSSL (fortunately, no OEM has apperently changed to
+     * a different implementation, according to the Android team).
+     *
+     * Note that the object returned was created with the platform version
+     * of OpenSSL, and _not_ the one that comes with Chromium. Whether the
+     * object can be used safely with the Chromium OpenSSL library depends
+     * on differences between their actual ABI / implementation details.
+     *
+     * To better understand what's going on below, please refer to the
+     * following source files in the Android 4.0 and 4.1 source trees:
+     * libcore/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/OpenSSLRSAPrivateKey.java
+     * libcore/luni/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
+     *
+     * @param privateKey The PrivateKey handle.
+     * @return The EVP_PKEY handle, as a 32-bit integer (0 if not available)
+     */
+    @CalledByNative
+    public static int getOpenSSLHandleForPrivateKey(PrivateKey privateKey) {
+        // Sanity checks
+        if (privateKey == null) {
+            Log.e(TAG, "privateKey == null");
+            return 0;
+        }
+        if (!(privateKey instanceof RSAPrivateKey)) {
+            Log.e(TAG, "does not implement RSAPrivateKey");
+            return 0;
+        }
+        // First, check that this is a proper instance of OpenSSLRSAPrivateKey
+        // or one of its sub-classes.
+        Class<?> superClass;
+        try {
+            superClass = Class.forName(
+                    "org.apache.harmony.xnet.provider.jsse.OpenSSLRSAPrivateKey");
+        } catch (Exception e) {
+            // This may happen if the target device has a completely different
+            // implementation of the java.security APIs, compared to vanilla
+            // Android. Highly unlikely, but still possible.
+            Log.e(TAG, "Cannot find system OpenSSLRSAPrivateKey class: " + e);
+            return 0;
+        }
+        if (!superClass.isInstance(privateKey)) {
+            // This may happen if the PrivateKey was not created by the "AndroidOpenSSL"
+            // provider, which should be the default. That could happen if an OEM decided
+            // to implement a different default provider. Also highly unlikely.
+            Log.e(TAG, "Private key is not an OpenSSLRSAPrivateKey instance, its class name is:" +
+                       privateKey.getClass().getCanonicalName());
+            return 0;
+        }
+
+        try {
+            // Use reflection to invoke the 'getOpenSSLKey()' method on
+            // the private key. This returns another Java object that wraps
+            // a native EVP_PKEY. Note that the method is final, so calling
+            // the superclass implementation is ok.
+            Method getKey = superClass.getDeclaredMethod("getOpenSSLKey");
+            getKey.setAccessible(true);
+            Object opensslKey = null;
+            try {
+                opensslKey = getKey.invoke(privateKey);
+            } finally {
+                getKey.setAccessible(false);
+            }
+            if (opensslKey == null) {
+                // Bail when detecting OEM "enhancement".
+                Log.e(TAG, "getOpenSSLKey() returned null");
+                return 0;
+            }
+
+            // Use reflection to invoke the 'getPkeyContext' method on the
+            // result of the getOpenSSLKey(). This is an integer which

[agl, 2013/01/30 14:28:53]

"which value"? Maybe "This is an integer who's value is the address"...

[digit1, 2013/01/30 16:55:01]

thanks, I'll fix this to "whose value".

+            // value is the address of the wrapper EVP_PKEY object.
+            Method getPkeyContext;
+            try {
+                getPkeyContext = opensslKey.getClass().getDeclaredMethod("getPkeyContext");
+            } catch (Exception e) {
+                // Bail here too, something really not working as expected.
+                Log.e(TAG, "No getPkeyContext() method on OpenSSLKey member:" + e);
+                return 0;
+            }
+            getPkeyContext.setAccessible(true);
+            int evp_pkey = 0;
+            try {
+                evp_pkey = (Integer) getPkeyContext.invoke(opensslKey);
+            } finally {
+                getPkeyContext.setAccessible(false);
+            }
+            if (evp_pkey == 0) {
+                // The PrivateKey is probably rotten for some reason.
+                Log.e(TAG, "getPkeyContext() returned null");
+            }
+            return evp_pkey;

[Ryan Sleevi, 2013/01/31 03:09:53]

I am nervous about the potential for ABI issues here. How do you plan to guard
against breakages?

[digit1, 2013/01/31 17:44:30]

I'm concerned about it too. I think longer term, it would be nice if OpenSSL
could have the option to use a callback to perform the hashing + signing
directly. This assumes that Android 4.0.4 -> 4.1.x provide all the algorithms we
need though, and I didn't take the time to look at the details.

+
+        } catch (Exception e) {
+            Log.e(TAG, "Exception while trying to retrieve system EVP_PKEY handle: " + e);
+            return 0;
+        }
+    }
+}