annotate src/ch/ethz/ssh2/crypto/SecureRandomFix.java @ 346:d6ab7b606a50

compensate for SecureRandom bug on older devices
author Carl Byington <carl@five-ten-sg.com>
date Thu, 31 Jul 2014 18:51:21 -0700
parents 663637117cf8
children bb7d8a7babbe
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
345
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
1 //
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
2 // Copyright (C) 2014 by 510 Software Group
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
3 // licensed under the GPLv3 or later
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
4
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
5 package ch.ethz.ssh2.crypto;
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
6
346
d6ab7b606a50 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents: 345
diff changeset
7 import android.os.Build;
d6ab7b606a50 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents: 345
diff changeset
8 import android.os.Process;
d6ab7b606a50 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents: 345
diff changeset
9
d6ab7b606a50 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents: 345
diff changeset
10 import java.io.ByteArrayOutputStream;
d6ab7b606a50 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents: 345
diff changeset
11 import java.io.DataOutputStream;
d6ab7b606a50 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents: 345
diff changeset
12 import java.io.IOException;
d6ab7b606a50 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents: 345
diff changeset
13 import java.io.UnsupportedEncodingException;
345
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
14 import java.security.SecureRandom;
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
15
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
16
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
17 class SecureRandomFix extends SecureRandom {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
18
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
19 // http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
20
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
21 private static final int VERSION_CODE_JELLY_BEAN_MR2 = 18;
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
22 private static final byte[] BUILD_FINGERPRINT_AND_DEVICE_SERIAL =
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
23 getBuildFingerprintAndDeviceSerial();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
24
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
25 private static byte[] generateReasonableSeed() {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
26 try {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
27 ByteArrayOutputStream seedBuffer = new ByteArrayOutputStream();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
28 DataOutputStream seedBufferOut =
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
29 new DataOutputStream(seedBuffer);
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
30 seedBufferOut.writeLong(System.currentTimeMillis());
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
31 seedBufferOut.writeLong(System.nanoTime());
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
32 seedBufferOut.writeInt(Process.myPid());
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
33 seedBufferOut.writeInt(Process.myUid());
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
34 seedBufferOut.write(BUILD_FINGERPRINT_AND_DEVICE_SERIAL);
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
35 seedBufferOut.close();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
36 return seedBuffer.toByteArray();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
37 } catch (IOException e) {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
38 throw new SecurityException("Failed to generate seed", e);
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
39 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
40 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
41
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
42 /**
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
43 * Gets the hardware serial number of this device.
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
44 *
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
45 * @return serial number or {@code null} if not available.
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
46 */
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
47 private static String getDeviceSerialNumber() {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
48 // We're using the Reflection API because Build.SERIAL is only available
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
49 // since API Level 9 (Gingerbread, Android 2.3).
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
50 try {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
51 return (String) Build.class.getField("SERIAL").get(null);
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
52 } catch (Exception ignored) {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
53 return null;
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
54 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
55 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
56
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
57 private static byte[] getBuildFingerprintAndDeviceSerial() {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
58 StringBuilder result = new StringBuilder();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
59 String fingerprint = Build.FINGERPRINT;
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
60 if (fingerprint != null) {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
61 result.append(fingerprint);
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
62 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
63 String serial = getDeviceSerialNumber();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
64 if (serial != null) {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
65 result.append(serial);
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
66 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
67 try {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
68 return result.toString().getBytes("UTF-8");
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
69 } catch (UnsupportedEncodingException e) {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
70 throw new RuntimeException("UTF-8 encoding not supported");
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
71 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
72 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
73
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
74 public SecureRandomFix() {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
75 super();
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
76 if (Build.VERSION.SDK_INT > VERSION_CODE_JELLY_BEAN_MR2) {
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
77 // No need to apply the fix
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
78 return;
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
79 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
80 setSeed(generateReasonableSeed());
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
81 }
663637117cf8 compensate for SecureRandom bug on older devices
Carl Byington <carl@five-ten-sg.com>
parents:
diff changeset
82 }