0

I'm building AOSP, so lets say i have root for all module in Android. Sure there is OpenSSL library which building and reusing in other modules.

And we have base application (system, external, whatever), which also communicate with native code. And my question is: How to include in local project, existing Android OpenSSL library, to work with it?

Another say, how i can get active instance of OpenSSL/BoringSSL in native code. And also, how to get instance of Android Keystore engine and work with it?

Thanks!

GensaGames
  • 5,538
  • 4
  • 24
  • 53

1 Answers1

1

From the release notes of Android 6.0:

If you’re using the Android NDK in your app, don't link against cryptographic libraries that are not a part of the NDK API, such as libcrypto.so and libssl.so. These libraries are not public APIs, and may change or break without notice across releases and devices. In addition, you may expose yourself to security vulnerabilities. Instead, modify your native code to call the Java cryptography APIs via JNI or to statically link against a cryptography library of your choice.

In your native code besides the C/native API you have access to the Java API as well. Therefore you can write C code that calls the regular Java API for accessing the AndroidKeyStore. You just have to translate the Java code into C code. Accessing the Java API this way is a bit complicated, however it is the safest way (regarding compatibility).

See also

Community
  • 1
  • 1
Robert
  • 39,162
  • 17
  • 99
  • 152
  • Hey! Thanks for answer, it's answered my first question. Also maybe you know about Android Keystore engine (link above). May I use it's that native class? – GensaGames Jul 26 '16 at 09:13
  • Problem that is i want to use PrivateKey from AndroidKeystore, which i can load without pass, and use for encrypt, decrypt in Java. But! I want to use that PrivateKey in native code, but i can't transport they key(keys haven't exponent) in native code, this is problem! – GensaGames Jul 26 '16 at 09:16
  • As I wrote use the Java code for accessing the AndroidKeystore and translate it to native code. It resulting code will be a bit complicated, however it is the recommended way by Google. – Robert Jul 26 '16 at 11:12
  • Sure I can transfer object PrivateKey.java to native! But how i make from them - *EVP_PK in native? – GensaGames Jul 26 '16 at 11:26
  • Regular PrivateKey instances can be converted to their PKCS#8 representation via `getEncoded()`. However AndroidKeystore objects can AFAIK only be used with Java Crypto. therefore you have to use Java for encryption/decryption as well. – Robert Jul 26 '16 at 12:31
  • First of all, PrivateKey entry hasn't exponent, as I said before. So getEncoded() will return null. And finally, this all needed just for working in native(!) code. – GensaGames Jul 26 '16 at 13:38
  • Please read my answer again (second part). You can call nearly every Java function from native code, too. This is what you have to do, use Java functions from within native code. – Robert Jul 26 '16 at 14:34