Mercurial > 510Connectbot

annotate src/ch/ethz/ssh2/crypto/SecureRandomFix.java @ 345:663637117cf8

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
compensate for SecureRandom bug on older devices
author Carl Byington <carl@five-ten-sg.com>
date Thu, 31 Jul 2014 18:43:40 -0700
parents
children d6ab7b606a50
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
345
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
1 //
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
2 // Copyright (C) 2014 by 510 Software Group
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
3 // licensed under the GPLv3 or later
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
4
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
5 package ch.ethz.ssh2.crypto;
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
6
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
7 import java.security.SecureRandom;
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
8
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
9
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
10 class SecureRandomFix extends SecureRandom {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
11
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
12 // http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
13
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
14 private static final int VERSION_CODE_JELLY_BEAN_MR2 = 18;
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
15 private static final byte[] BUILD_FINGERPRINT_AND_DEVICE_SERIAL =
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
16 getBuildFingerprintAndDeviceSerial();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
17
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
18 private static byte[] generateReasonableSeed() {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
19 try {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
20 ByteArrayOutputStream seedBuffer = new ByteArrayOutputStream();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
21 DataOutputStream seedBufferOut =
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
22 new DataOutputStream(seedBuffer);
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
23 seedBufferOut.writeLong(System.currentTimeMillis());
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
24 seedBufferOut.writeLong(System.nanoTime());
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
25 seedBufferOut.writeInt(Process.myPid());
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
26 seedBufferOut.writeInt(Process.myUid());
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
27 seedBufferOut.write(BUILD_FINGERPRINT_AND_DEVICE_SERIAL);
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
28 seedBufferOut.close();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
29 return seedBuffer.toByteArray();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
30 } catch (IOException e) {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
31 throw new SecurityException("Failed to generate seed", e);
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
32 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
33 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
34
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
35 /**
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
36 * Gets the hardware serial number of this device.
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
37 *
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
38 * @return serial number or {@code null} if not available.
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
39 */
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
40 private static String getDeviceSerialNumber() {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
41 // We're using the Reflection API because Build.SERIAL is only available
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
42 // since API Level 9 (Gingerbread, Android 2.3).
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
43 try {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
44 return (String) Build.class.getField("SERIAL").get(null);
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
45 } catch (Exception ignored) {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
46 return null;
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
47 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
48 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
49
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
50 private static byte[] getBuildFingerprintAndDeviceSerial() {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
51 StringBuilder result = new StringBuilder();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
52 String fingerprint = Build.FINGERPRINT;
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
53 if (fingerprint != null) {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
54 result.append(fingerprint);
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
55 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
56 String serial = getDeviceSerialNumber();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
57 if (serial != null) {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
58 result.append(serial);
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
59 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
60 try {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
61 return result.toString().getBytes("UTF-8");
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
62 } catch (UnsupportedEncodingException e) {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
63 throw new RuntimeException("UTF-8 encoding not supported");
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
64 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
65 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
66
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
67 public SecureRandomFix() {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
68 super();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
69 if (Build.VERSION.SDK_INT > VERSION_CODE_JELLY_BEAN_MR2) {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
70 // No need to apply the fix
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
71 return;
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
72 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
73 setSeed(generateReasonableSeed());
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
74 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
75 }