diff options
| author | Doug Zongker <dougz@android.com> | 2013-04-10 09:22:02 -0700 |
|---|---|---|
| committer | Doug Zongker <dougz@android.com> | 2013-04-10 14:33:31 -0700 |
| commit | 515e1639ef0ab5e3149fafeffce826cf654d616f (patch) | |
| tree | 2705b5fddfefbb667de7b4057ba1593864fb42e3 /libmincrypt/tools/DumpPublicKey.java | |
| parent | 5cad7119761d3074497fbf33f2cd5854ae5c19d6 (diff) | |
| download | system_core-515e1639ef0ab5e3149fafeffce826cf654d616f.tar.gz system_core-515e1639ef0ab5e3149fafeffce826cf654d616f.tar.bz2 system_core-515e1639ef0ab5e3149fafeffce826cf654d616f.zip | |
mincrypt: support SHA-256 hash algorithm
- adds a library to compute the SHA-256 hash
- updates the RSA verifier to take an argument specifying either SHA-1
or SHA-256
- updates DumpPublicKey to with new "key" version numbers for
specifying SHA-256
- adds new argument to adb auth code to maintain existing behavior
Change-Id: I5b1406cf57c2b8993f6032eda3e29139f7740839
Diffstat (limited to 'libmincrypt/tools/DumpPublicKey.java')
| -rw-r--r-- | libmincrypt/tools/DumpPublicKey.java | 41 |
1 files changed, 30 insertions, 11 deletions
diff --git a/libmincrypt/tools/DumpPublicKey.java b/libmincrypt/tools/DumpPublicKey.java index 12b4f5629..718911627 100644 --- a/libmincrypt/tools/DumpPublicKey.java +++ b/libmincrypt/tools/DumpPublicKey.java @@ -19,7 +19,7 @@ package com.android.dumpkey; import java.io.FileInputStream; import java.math.BigInteger; import java.security.cert.CertificateFactory; -import java.security.cert.Certificate; +import java.security.cert.X509Certificate; import java.security.KeyStore; import java.security.Key; import java.security.PublicKey; @@ -34,20 +34,22 @@ class DumpPublicKey { /** * @param key to perform sanity checks on * @return version number of key. Supported versions are: - * 1: 2048-bit key with e=3 - * 2: 2048-bit key with e=65537 + * 1: 2048-bit RSA key with e=3 and SHA-1 hash + * 2: 2048-bit RSA key with e=65537 and SHA-1 hash + * 3: 2048-bit RSA key with e=3 and SHA-256 hash + * 4: 2048-bit RSA key with e=65537 and SHA-256 hash * @throws Exception if the key has the wrong size or public exponent */ - static int check(RSAPublicKey key) throws Exception { + static int check(RSAPublicKey key, boolean useSHA256) throws Exception { BigInteger pubexp = key.getPublicExponent(); BigInteger modulus = key.getModulus(); int version; if (pubexp.equals(BigInteger.valueOf(3))) { - version = 1; + version = useSHA256 ? 3 : 1; } else if (pubexp.equals(BigInteger.valueOf(65537))) { - version = 2; + version = useSHA256 ? 4 : 2; } else { throw new Exception("Public exponent should be 3 or 65537 but is " + pubexp.toString(10) + "."); @@ -67,8 +69,8 @@ class DumpPublicKey { * version 1 key, the string will be a C initializer; this is * not true for newer key versions. */ - static String print(RSAPublicKey key) throws Exception { - int version = check(key); + static String print(RSAPublicKey key, boolean useSHA256) throws Exception { + int version = check(key, useSHA256); BigInteger N = key.getModulus(); @@ -135,10 +137,27 @@ class DumpPublicKey { for (int i = 0; i < args.length; i++) { FileInputStream input = new FileInputStream(args[i]); CertificateFactory cf = CertificateFactory.getInstance("X.509"); - Certificate cert = cf.generateCertificate(input); + X509Certificate cert = (X509Certificate) cf.generateCertificate(input); + + boolean useSHA256 = false; + String sigAlg = cert.getSigAlgName(); + if ("SHA1withRSA".equals(sigAlg) || "MD5withRSA".equals(sigAlg)) { + // SignApk has historically accepted "MD5withRSA" + // certificates, but treated them as "SHA1withRSA" + // anyway. Continue to do so for backwards + // compatibility. + useSHA256 = false; + } else if ("SHA256withRSA".equals(sigAlg)) { + useSHA256 = true; + } else { + System.err.println(args[i] + ": unsupported signature algorithm \"" + + sigAlg + "\""); + System.exit(1); + } + RSAPublicKey key = (RSAPublicKey) (cert.getPublicKey()); - check(key); - System.out.print(print(key)); + check(key, useSHA256); + System.out.print(print(key, useSHA256)); System.out.println(i < args.length - 1 ? "," : ""); } } catch (Exception e) { |