diff --git a/service/src/main/java/io/github/a13e300/tricky_store/keystore/CertHack.java b/service/src/main/java/io/github/a13e300/tricky_store/keystore/CertHack.java index db9b5a1..3b811c0 100644 --- a/service/src/main/java/io/github/a13e300/tricky_store/keystore/CertHack.java +++ b/service/src/main/java/io/github/a13e300/tricky_store/keystore/CertHack.java @@ -48,7 +48,6 @@ import java.nio.charset.StandardCharsets; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.MessageDigest; -import java.security.SecureRandom; import java.security.Security; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; @@ -66,7 +65,6 @@ import java.util.List; import java.util.Map; import java.util.Objects; import java.util.Set; -import java.util.concurrent.ThreadLocalRandom; import javax.security.auth.x500.X500Principal; @@ -203,7 +201,7 @@ public final class CertHack { signer = new JcaContentSignerBuilder(leaf.getSigAlgName()) .build(k.keyPair.getPrivate()); - byte[] verifiedBootKey = null; + byte[] verifiedBootKey = UtilKt.getBootKey(); byte[] verifiedBootHash = null; try { if (!(rootOfTrust instanceof ASN1Sequence r)) { @@ -216,13 +214,8 @@ public final class CertHack { Logger.e("failed to get verified boot key or hash from original, use randomly generated instead", t); } - if (verifiedBootKey == null) { - verifiedBootKey = new byte[32]; - ThreadLocalRandom.current().nextBytes(verifiedBootKey); - } if (verifiedBootHash == null) { - verifiedBootHash = new byte[32]; - ThreadLocalRandom.current().nextBytes(verifiedBootHash); + verifiedBootHash = UtilKt.getBootHash(); } ASN1Encodable[] rootOfTrustEnc = { @@ -344,16 +337,8 @@ public final class CertHack { private static Extension createExtension(KeyGenParameters params, int uid) { try { - SecureRandom random = new SecureRandom(); - - byte[] key = new byte[32]; - byte[] hash = UtilKt.getBootHashFromProp(); - - random.nextBytes(key); - if (hash == null || hash.length != 32) { - hash = new byte[32]; - random.nextBytes(hash); - } + byte[] key = UtilKt.getBootKey(); + byte[] hash = UtilKt.getBootHash(); ASN1Encodable[] rootOfTrustEncodables = {new DEROctetString(key), ASN1Boolean.TRUE, new ASN1Enumerated(0), new DEROctetString(hash)}; diff --git a/service/src/main/java/io/github/a13e300/tricky_store/util.kt b/service/src/main/java/io/github/a13e300/tricky_store/util.kt index 2fa785a..a4dd165 100644 --- a/service/src/main/java/io/github/a13e300/tricky_store/util.kt +++ b/service/src/main/java/io/github/a13e300/tricky_store/util.kt @@ -3,18 +3,30 @@ package io.github.a13e300.tricky_store import android.content.pm.IPackageManager import android.os.Build import android.os.SystemProperties +import java.util.concurrent.ThreadLocalRandom fun getTransactCode(clazz: Class<*>, method: String) = clazz.getDeclaredField("TRANSACTION_$method").apply { isAccessible = true } .getInt(null) // 2 -@OptIn(ExperimentalStdlibApi::class) -val bootHashFromProp by lazy { - val b = SystemProperties.get("ro.boot.vbmeta.digest", null) ?: return@lazy null - if (b.length != 64) return@lazy null - b.hexToByteArray() +val bootHash by lazy { + getBootHashFromProp() ?: randomBytes() } +// TODO: get verified boot keys +val bootKey by lazy { + randomBytes() +} + +@OptIn(ExperimentalStdlibApi::class) +fun getBootHashFromProp(): ByteArray? { + val b = SystemProperties.get("ro.boot.vbmeta.digest", null) ?: return null + if (b.length != 64) return null + return b.hexToByteArray() +} + +fun randomBytes() = ByteArray(32).also { ThreadLocalRandom.current().nextBytes(it) } + val patchLevel by lazy { Build.VERSION.SECURITY_PATCH.convertPatchLevel(false) }