My favorites | Sign in
Project Home Issues
New issue   Search
for
  Advanced search   Search tips   Subscriptions
Issue 36545: jellybean: PrivateKey from KeyChain causes NullPointerException and segfault
8 people starred this issue and may be notified of changes. Back to list
Status:  Released
Owner:  kr...@android.com
Closed:  Oct 2012
Cc:  b...@google.com


Sign in to add a comment
 
Reported by theactiv...@gmail.com, Aug 21, 2012
clientPrivKey is from KeyChain.getPrivateKey()

This used to work fine on ICS:

String algorithm = "RSA/ECB/PKCS1Padding";
Cipher cipher = Cipher.getInstance(algorithm);
cipher.init(Cipher.ENCRYPT_MODE, clientPrivKey);            
return cipher.doFinal(hash);

On JellyBean, this code first generates an exception:
 java.lang.NullPointerException
 	at java.math.BigInteger.remainder(BigInteger.java:919)
 	at com.android.org.bouncycastle.crypto.engines.RSACoreEngine.processBlock(RSACoreEngine.java:181)
 	at com.android.org.bouncycastle.crypto.engines.RSABlindedEngine.processBlock(RSABlindedEngine.java:109)
 	at com.android.org.bouncycastle.crypto.encodings.PKCS1Encoding.encodeBlock(PKCS1Encoding.java:184)
 	at com.android.org.bouncycastle.crypto.encodings.PKCS1Encoding.processBlock(PKCS1Encoding.java:132)
 	at com.android.org.bouncycastle.jce.provider.JCERSACipher.engineDoFinal(JCERSACipher.java:467)
 	at javax.crypto.Cipher.doFinal(Cipher.java:1111)

And then later a segfault... (attached)

jb_keychain_crash.txt
11.3 KB   View   Download
Sep 23, 2012
#1 tob...@strongswan.org
The NullPointerException could be avoided by using the java.security.Signature class instead of manually creating a digest and encrypting that.  This is because private keys could now be stored in hardware (they are provided by an OpenSSL ENGINE), which means we don't have direct access to the private key anymore (e.g. via getEncoding or getPrivateExponent).

Even so, the problem is that the segfault would still happen.  Actually, just calling KeyChain.getPrivateKey will cause it as soon as the VM garbage collects the returned key.
Oct 8, 2012
Project Member #2 b...@google.com
I believe this is already fixed in a FutureRelease but can try to find another public bug to dup this into or provide an AOSP link if possible with the change before marking closed.
Owner: kr...@android.com
Cc: b...@google.com
Jun 10, 2013
#4 na...@applicat.co.il
Is there any workaround on JellyBeans for getting the private key from KeyCahin?
Jun 10, 2013
Project Member #5 b...@google.com
nadav, this is by design to enable secure private key storage. You can use KeyChain to get a PrivateKey to perform signing and verification operations, but you can't get the raw form of the private key.
Jun 10, 2013
#6 jut...@gmail.com
Really, this is by design?  The problem on Jelly Bean is that a call to KeyChain.getPrivateKey(Context, String) returns an instance of PrivateKey.  When that PrivateKey is garbage collected, the app segfaults.  I believe nadav was asking if there is a workaround for the segfault.  As it stands now, the KeyChain.getPrivateKey API isn't usable on Jelly Bean.
Jun 10, 2013
Project Member #7 b...@google.com
I specifically talking about the fact that the PrivateKey returned by getEncoded returns null. segfaults are not by design. If the segfault happens due to garbage collection, it sounds like the workaround is to keep a reference to the PrivateKey.
Jun 17, 2013
#8 na...@applicat.co.il
The segfault is caused because of objects which are allocated in inner methods which are called by the getPrivateKey method. Thus, holding a reference to the PrivateKey won't resolve the problem. The problem should be fixed in KeyChain implementation or in another class which is used within KeyChain and is part of the android security package.
Jul 25, 2013
#9 lukas.ri...@gmail.com
Is there a way to use the private key for encryption, or is the API limited to signing/verifying?
Jul 25, 2013
Project Member #10 b...@google.com
lukas.ribisch, it is a PrivateKey, so yes it can be used for encryption. The only thing that should not work is getEncoded() which is documented to possibly return null.
Mar 14, 2014
Project Member #11 kr...@android.com
Released in JB-MR1
Status: Released
Sign in to add a comment

Powered by Google Project Hosting