Gitiles
Code Review Sign In
review.blissroms.org / platform_system_extras / d66cefd9d9ef9aab181bdf6d429a0f7938cf0cb5^! / .
commitd66cefd9d9ef9aab181bdf6d429a0f7938cf0cb5[log] [tgz]
authorGeremy Condra <gcondra@google.com>Thu Aug 14 16:44:31 2014 -0700
committerPaul Lawrence <paullawrence@google.com>Thu Nov 13 17:38:03 2014 +0000
tree8f0ab4d558b0b681800892b40063a9331be73470
parent844b2e166c6218018e9676994cff8d5d2a8cbf62 [diff]
Fix issues with appended boot signature.

In particular this changes the OID to the SHA1 OID and
appends the full BootSignature.

This is cherry-picked from a WIP bug checked into master, but is complete.
The work in finalized by further changes from Sami Tolvanen

Bug: 15984840
Change-Id: Ic43784fc339b9aedf91363c9ec9a453c3bb53294
(cherry picked from commit 1f2ebbd57e86fb0749aeb453fb337065985ab9c6)
diff --git a/verity/BootSignature.java b/verity/BootSignature.java
index f5ceb30..740e226 100644
--- a/verity/BootSignature.java
+++ b/verity/BootSignature.java

@@ -60,7 +60,7 @@
         this.target = new DERPrintableString(target);
         this.length = new ASN1Integer(length);
         this.algorithmIdentifier = new AlgorithmIdentifier(
-                PKCSObjectIdentifiers.sha256WithRSAEncryption);
+                PKCSObjectIdentifiers.sha1WithRSAEncryption);
     }
 
     public ASN1Object getAuthenticatedAttributes() {
@@ -89,12 +89,7 @@
 
     public byte[] sign(byte[] image, PrivateKey key) throws Exception {
         byte[] signable = generateSignableImage(image);
-        byte[] signature = Utils.sign(key, signable);
-        byte[] signed = Arrays.copyOf(image, image.length + signature.length);
-        for (int i=0; i < signature.length; i++) {
-            signed[i+image.length] = signature[i];
-        }
-        return signed;
+        return Utils.sign(key, signable);
     }
 
     public ASN1Primitive toASN1Primitive() {
@@ -113,8 +108,13 @@
         byte[] image = Utils.read(imagePath);
         BootSignature bootsig = new BootSignature(target, image.length);
         PrivateKey key = Utils.loadPEMPrivateKeyFromFile(keyPath);
-        byte[] signature = bootsig.sign(image, key);
-        Utils.write(signature, outPath);
+        bootsig.setSignature(bootsig.sign(image, key));
+        byte[] encoded_bootsig = bootsig.getEncoded();
+        byte[] image_with_metadata = Arrays.copyOf(image, image.length + encoded_bootsig.length);
+        for (int i=0; i < encoded_bootsig.length; i++) {
+            image_with_metadata[i+image.length] = encoded_bootsig[i];
+        }
+        Utils.write(image_with_metadata, outPath);
     }
 
     // java -cp ../../../out/host/common/obj/JAVA_LIBRARIES/AndroidVerifiedBootSigner_intermediates/classes/ com.android.verity.AndroidVerifiedBootSigner boot ../../../out/target/product/flounder/boot.img ../../../build/target/product/security/verity_private_dev_key /tmp/boot.img.signed