Merge "SignApk: add support for EC keys"
diff --git a/tools/signapk/SignApk.java b/tools/signapk/SignApk.java
index 716ea3b..a1e422c 100644
--- a/tools/signapk/SignApk.java
+++ b/tools/signapk/SignApk.java
@@ -52,8 +52,10 @@
import java.security.Key;
import java.security.KeyFactory;
import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
+import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
@@ -64,6 +66,7 @@
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
+import java.util.Locale;
import java.util.Map;
import java.util.TreeMap;
import java.util.jar.Attributes;
@@ -83,9 +86,9 @@
* Prior to the keylimepie release, SignApk ignored the signature
* algorithm specified in the certificate and always used SHA1withRSA.
*
- * Starting with keylimepie, we support SHA256withRSA, and use the
- * signature algorithm in the certificate to select which to use
- * (SHA256withRSA or SHA1withRSA).
+ * Starting with JB-MR2, the platform supports SHA256withRSA, so we use
+ * the signature algorithm in the certificate to select which to use
+ * (SHA256withRSA or SHA1withRSA). Also in JB-MR2, EC keys are supported.
*
* Because there are old keys still in use whose certificate actually
* says "MD5withRSA", we treat these as though they say "SHA1withRSA"
@@ -95,15 +98,15 @@
/**
- * Command line tool to sign JAR files (including APKs and OTA
- * updates) in a way compatible with the mincrypt verifier, using RSA
- * keys and SHA1 or SHA-256.
+ * Command line tool to sign JAR files (including APKs and OTA updates) in a way
+ * compatible with the mincrypt verifier, using EC or RSA keys and SHA1 or
+ * SHA-256 (see historical note).
*/
class SignApk {
private static final String CERT_SF_NAME = "META-INF/CERT.SF";
- private static final String CERT_RSA_NAME = "META-INF/CERT.RSA";
+ private static final String CERT_SIG_NAME = "META-INF/CERT.%s";
private static final String CERT_SF_MULTI_NAME = "META-INF/CERT%d.SF";
- private static final String CERT_RSA_MULTI_NAME = "META-INF/CERT%d.RSA";
+ private static final String CERT_SIG_MULTI_NAME = "META-INF/CERT%d.%s";
private static final String OTACERT_NAME = "META-INF/com/android/otacert";
@@ -117,12 +120,12 @@
* Return one of USE_SHA1 or USE_SHA256 according to the signature
* algorithm specified in the cert.
*/
- private static int getAlgorithm(X509Certificate cert) {
- String sigAlg = cert.getSigAlgName();
- if ("SHA1withRSA".equals(sigAlg) ||
- "MD5withRSA".equals(sigAlg)) { // see "HISTORICAL NOTE" above.
+ private static int getDigestAlgorithm(X509Certificate cert) {
+ String sigAlg = cert.getSigAlgName().toUpperCase(Locale.US);
+ if ("SHA1WITHRSA".equals(sigAlg) ||
+ "MD5WITHRSA".equals(sigAlg)) { // see "HISTORICAL NOTE" above.
return USE_SHA1;
- } else if ("SHA256withRSA".equals(sigAlg)) {
+ } else if (sigAlg.startsWith("SHA256WITH")) {
return USE_SHA256;
} else {
throw new IllegalArgumentException("unsupported signature algorithm \"" + sigAlg +
@@ -130,9 +133,26 @@
}
}
+ /** Returns the expected signature algorithm for this key type. */
+ private static String getSignatureAlgorithm(X509Certificate cert) {
+ String sigAlg = cert.getSigAlgName().toUpperCase(Locale.US);
+ String keyType = cert.getPublicKey().getAlgorithm().toUpperCase(Locale.US);
+ if ("RSA".equalsIgnoreCase(keyType)) {
+ if (getDigestAlgorithm(cert) == USE_SHA256) {
+ return "SHA256withRSA";
+ } else {
+ return "SHA1withRSA";
+ }
+ } else if ("EC".equalsIgnoreCase(keyType)) {
+ return "SHA256withECDSA";
+ } else {
+ throw new IllegalArgumentException("unsupported key type: " + keyType);
+ }
+ }
+
// Files matching this pattern are not copied to the output.
private static Pattern stripPattern =
- Pattern.compile("^(META-INF/((.*)[.](SF|RSA|DSA)|com/android/otacert))|(" +
+ Pattern.compile("^(META-INF/((.*)[.](SF|RSA|DSA|EC)|com/android/otacert))|(" +
Pattern.quote(JarFile.MANIFEST_NAME) + ")$");
private static X509Certificate readPublicKey(File file)
@@ -211,16 +231,32 @@
spec = new PKCS8EncodedKeySpec(bytes);
}
- try {
- return KeyFactory.getInstance("RSA").generatePrivate(spec);
- } catch (InvalidKeySpecException ex) {
- return KeyFactory.getInstance("DSA").generatePrivate(spec);
+ PrivateKey key;
+ key = decodeAsKeyType(spec, "RSA");
+ if (key != null) {
+ return key;
}
+
+ key = decodeAsKeyType(spec, "EC");
+ if (key != null) {
+ return key;
+ }
+
+ throw new NoSuchAlgorithmException("Must be an EC or RSA key");
} finally {
input.close();
}
}
+ private static PrivateKey decodeAsKeyType(KeySpec spec, String keyType)
+ throws GeneralSecurityException {
+ try {
+ return KeyFactory.getInstance(keyType).generatePrivate(spec);
+ } catch (InvalidKeySpecException e) {
+ return null;
+ }
+ }
+
/**
* Add the hash(es) of every file to the manifest, creating it if
* necessary.
@@ -413,8 +449,7 @@
JcaCertStore certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
- ContentSigner signer = new JcaContentSignerBuilder(
- getAlgorithm(publicKey) == USE_SHA256 ? "SHA256withRSA" : "SHA1withRSA")
+ ContentSigner signer = new JcaContentSignerBuilder(getSignatureAlgorithm(publicKey))
.setProvider(sBouncyCastleProvider)
.build(privateKey);
gen.addSignerInfoGenerator(
@@ -560,7 +595,7 @@
signer = new WholeFileSignerOutputStream(out, outputStream);
JarOutputStream outputJar = new JarOutputStream(signer);
- int hash = getAlgorithm(publicKey);
+ int hash = getDigestAlgorithm(publicKey);
// Assume the certificate is valid for at least an hour.
long timestamp = publicKey.getNotBefore().getTime() + 3600L * 1000;
@@ -685,13 +720,14 @@
je.setTime(timestamp);
outputJar.putNextEntry(je);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
- writeSignatureFile(manifest, baos, getAlgorithm(publicKey[k]));
+ writeSignatureFile(manifest, baos, getDigestAlgorithm(publicKey[k]));
byte[] signedData = baos.toByteArray();
outputJar.write(signedData);
- // CERT.RSA / CERT#.RSA
- je = new JarEntry(numKeys == 1 ? CERT_RSA_NAME :
- (String.format(CERT_RSA_MULTI_NAME, k)));
+ // CERT.{EC,RSA} / CERT#.{EC,RSA}
+ je = new JarEntry(numKeys == 1 ?
+ (String.format(CERT_SIG_NAME, privateKey[k].getAlgorithm())) :
+ (String.format(CERT_SIG_MULTI_NAME, k, privateKey[k].getAlgorithm())));
je.setTime(timestamp);
outputJar.putNextEntry(je);
writeSignatureBlock(new CMSProcessableByteArray(signedData),
@@ -742,7 +778,7 @@
for (int i = 0; i < numKeys; ++i) {
int argNum = argstart + i*2;
publicKey[i] = readPublicKey(new File(args[argNum]));
- hashes |= getAlgorithm(publicKey[i]);
+ hashes |= getDigestAlgorithm(publicKey[i]);
}
} catch (IllegalArgumentException e) {
System.err.println(e);
@@ -765,6 +801,10 @@
if (signWholeFile) {
+ if (!"RSA".equalsIgnoreCase(privateKey[0].getAlgorithm())) {
+ System.err.println("Cannot sign OTA packages with non-RSA keys");
+ System.exit(1);
+ }
SignApk.signWholeFile(inputJar, firstPublicKeyFile,
publicKey[0], privateKey[0], outputFile);
} else {