Mercurial > 510Connectbot
comparison src/ch/ethz/ssh2/crypto/SecureRandomFix.java @ 345:663637117cf8
compensate for SecureRandom bug on older devices
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Thu, 31 Jul 2014 18:43:40 -0700 |
| parents | |
| children | d6ab7b606a50 |
comparison
equal
deleted
inserted
replaced
| 344:b40bc65fa09a | 345:663637117cf8 |
|---|---|
| 1 // | |
| 2 // Copyright (C) 2014 by 510 Software Group | |
| 3 // licensed under the GPLv3 or later | |
| 4 | |
| 5 package ch.ethz.ssh2.crypto; | |
| 6 | |
| 7 import java.security.SecureRandom; | |
| 8 | |
| 9 | |
| 10 class SecureRandomFix extends SecureRandom { | |
| 11 | |
| 12 // http://android-developers.blogspot.com/2013/08/some-securerandom-thoughts.html | |
| 13 | |
| 14 private static final int VERSION_CODE_JELLY_BEAN_MR2 = 18; | |
| 15 private static final byte[] BUILD_FINGERPRINT_AND_DEVICE_SERIAL = | |
| 16 getBuildFingerprintAndDeviceSerial(); | |
| 17 | |
| 18 private static byte[] generateReasonableSeed() { | |
| 19 try { | |
| 20 ByteArrayOutputStream seedBuffer = new ByteArrayOutputStream(); | |
| 21 DataOutputStream seedBufferOut = | |
| 22 new DataOutputStream(seedBuffer); | |
| 23 seedBufferOut.writeLong(System.currentTimeMillis()); | |
| 24 seedBufferOut.writeLong(System.nanoTime()); | |
| 25 seedBufferOut.writeInt(Process.myPid()); | |
| 26 seedBufferOut.writeInt(Process.myUid()); | |
| 27 seedBufferOut.write(BUILD_FINGERPRINT_AND_DEVICE_SERIAL); | |
| 28 seedBufferOut.close(); | |
| 29 return seedBuffer.toByteArray(); | |
| 30 } catch (IOException e) { | |
| 31 throw new SecurityException("Failed to generate seed", e); | |
| 32 } | |
| 33 } | |
| 34 | |
| 35 /** | |
| 36 * Gets the hardware serial number of this device. | |
| 37 * | |
| 38 * @return serial number or {@code null} if not available. | |
| 39 */ | |
| 40 private static String getDeviceSerialNumber() { | |
| 41 // We're using the Reflection API because Build.SERIAL is only available | |
| 42 // since API Level 9 (Gingerbread, Android 2.3). | |
| 43 try { | |
| 44 return (String) Build.class.getField("SERIAL").get(null); | |
| 45 } catch (Exception ignored) { | |
| 46 return null; | |
| 47 } | |
| 48 } | |
| 49 | |
| 50 private static byte[] getBuildFingerprintAndDeviceSerial() { | |
| 51 StringBuilder result = new StringBuilder(); | |
| 52 String fingerprint = Build.FINGERPRINT; | |
| 53 if (fingerprint != null) { | |
| 54 result.append(fingerprint); | |
| 55 } | |
| 56 String serial = getDeviceSerialNumber(); | |
| 57 if (serial != null) { | |
| 58 result.append(serial); | |
| 59 } | |
| 60 try { | |
| 61 return result.toString().getBytes("UTF-8"); | |
| 62 } catch (UnsupportedEncodingException e) { | |
| 63 throw new RuntimeException("UTF-8 encoding not supported"); | |
| 64 } | |
| 65 } | |
| 66 | |
| 67 public SecureRandomFix() { | |
| 68 super(); | |
| 69 if (Build.VERSION.SDK_INT > VERSION_CODE_JELLY_BEAN_MR2) { | |
| 70 // No need to apply the fix | |
| 71 return; | |
| 72 } | |
| 73 setSeed(generateReasonableSeed()); | |
| 74 } | |
| 75 } |