SignApk: update SignApk to support SHA256withRSA signing
Change-Id: I849b05addba69b74c9b0b65de5b24dd233e57d7c
diff --git a/tools/signapk/SignApk.java b/tools/signapk/SignApk.java
index adfe9a3..716ea3b 100644
--- a/tools/signapk/SignApk.java
+++ b/tools/signapk/SignApk.java
@@ -78,8 +78,26 @@
import javax.crypto.spec.PBEKeySpec;
/**
- * Command line tool to sign JAR files (including APKs and OTA updates) in
- * a way compatible with the mincrypt verifier, using SHA1 and RSA keys.
+ * HISTORICAL NOTE:
+ *
+ * Prior to the keylimepie release, SignApk ignored the signature
+ * algorithm specified in the certificate and always used SHA1withRSA.
+ *
+ * Starting with keylimepie, we support SHA256withRSA, and use the
+ * signature algorithm in the certificate to select which to use
+ * (SHA256withRSA or SHA1withRSA).
+ *
+ * Because there are old keys still in use whose certificate actually
+ * says "MD5withRSA", we treat these as though they say "SHA1withRSA"
+ * for compatibility with older releases. This can be changed by
+ * altering the getAlgorithm() function below.
+ */
+
+
+/**
+ * Command line tool to sign JAR files (including APKs and OTA
+ * updates) in a way compatible with the mincrypt verifier, using RSA
+ * keys and SHA1 or SHA-256.
*/
class SignApk {
private static final String CERT_SF_NAME = "META-INF/CERT.SF";
@@ -91,6 +109,27 @@
private static Provider sBouncyCastleProvider;
+ // bitmasks for which hash algorithms we need the manifest to include.
+ private static final int USE_SHA1 = 1;
+ private static final int USE_SHA256 = 2;
+
+ /**
+ * Return one of USE_SHA1 or USE_SHA256 according to the signature
+ * algorithm specified in the cert.
+ */
+ private static int getAlgorithm(X509Certificate cert) {
+ String sigAlg = cert.getSigAlgName();
+ if ("SHA1withRSA".equals(sigAlg) ||
+ "MD5withRSA".equals(sigAlg)) { // see "HISTORICAL NOTE" above.
+ return USE_SHA1;
+ } else if ("SHA256withRSA".equals(sigAlg)) {
+ return USE_SHA256;
+ } else {
+ throw new IllegalArgumentException("unsupported signature algorithm \"" + sigAlg +
+ "\" in cert [" + cert.getSubjectDN());
+ }
+ }
+
// Files matching this pattern are not copied to the output.
private static Pattern stripPattern =
Pattern.compile("^(META-INF/((.*)[.](SF|RSA|DSA)|com/android/otacert))|(" +
@@ -182,8 +221,11 @@
}
}
- /** Add the SHA1 of every file to the manifest, creating it if necessary. */
- private static Manifest addDigestsToManifest(JarFile jar)
+ /**
+ * Add the hash(es) of every file to the manifest, creating it if
+ * necessary.
+ */
+ private static Manifest addDigestsToManifest(JarFile jar, int hashes)
throws IOException, GeneralSecurityException {
Manifest input = jar.getManifest();
Manifest output = new Manifest();
@@ -195,7 +237,15 @@
main.putValue("Created-By", "1.0 (Android SignApk)");
}
- MessageDigest md = MessageDigest.getInstance("SHA1");
+ MessageDigest md_sha1 = null;
+ MessageDigest md_sha256 = null;
+ if ((hashes & USE_SHA1) != 0) {
+ md_sha1 = MessageDigest.getInstance("SHA1");
+ }
+ if ((hashes & USE_SHA256) != 0) {
+ md_sha256 = MessageDigest.getInstance("SHA256");
+ }
+
byte[] buffer = new byte[4096];
int num;
@@ -216,14 +266,21 @@
(stripPattern == null || !stripPattern.matcher(name).matches())) {
InputStream data = jar.getInputStream(entry);
while ((num = data.read(buffer)) > 0) {
- md.update(buffer, 0, num);
+ if (md_sha1 != null) md_sha1.update(buffer, 0, num);
+ if (md_sha256 != null) md_sha256.update(buffer, 0, num);
}
Attributes attr = null;
if (input != null) attr = input.getAttributes(name);
attr = attr != null ? new Attributes(attr) : new Attributes();
- attr.putValue("SHA1-Digest",
- new String(Base64.encode(md.digest()), "ASCII"));
+ if (md_sha1 != null) {
+ attr.putValue("SHA1-Digest",
+ new String(Base64.encode(md_sha1.digest()), "ASCII"));
+ }
+ if (md_sha256 != null) {
+ attr.putValue("SHA-256-Digest",
+ new String(Base64.encode(md_sha256.digest()), "ASCII"));
+ }
output.getEntries().put(name, attr);
}
}
@@ -241,9 +298,10 @@
private static void addOtacert(JarOutputStream outputJar,
File publicKeyFile,
long timestamp,
- Manifest manifest)
+ Manifest manifest,
+ int hash)
throws IOException, GeneralSecurityException {
- MessageDigest md = MessageDigest.getInstance("SHA1");
+ MessageDigest md = MessageDigest.getInstance(hash == USE_SHA1 ? "SHA1" : "SHA256");
JarEntry je = new JarEntry(OTACERT_NAME);
je.setTime(timestamp);
@@ -258,7 +316,7 @@
input.close();
Attributes attr = new Attributes();
- attr.putValue("SHA1-Digest",
+ attr.putValue(hash == USE_SHA1 ? "SHA1-Digest" : "SHA-256-Digest",
new String(Base64.encode(md.digest()), "ASCII"));
manifest.getEntries().put(OTACERT_NAME, attr);
}
@@ -293,14 +351,16 @@
}
/** Write a .SF file with a digest of the specified manifest. */
- private static void writeSignatureFile(Manifest manifest, OutputStream out)
+ private static void writeSignatureFile(Manifest manifest, OutputStream out,
+ int hash)
throws IOException, GeneralSecurityException {
Manifest sf = new Manifest();
Attributes main = sf.getMainAttributes();
main.putValue("Signature-Version", "1.0");
main.putValue("Created-By", "1.0 (Android SignApk)");
- MessageDigest md = MessageDigest.getInstance("SHA1");
+ MessageDigest md = MessageDigest.getInstance(
+ hash == USE_SHA256 ? "SHA256" : "SHA1");
PrintStream print = new PrintStream(
new DigestOutputStream(new ByteArrayOutputStream(), md),
true, "UTF-8");
@@ -308,7 +368,7 @@
// Digest of the entire manifest
manifest.write(print);
print.flush();
- main.putValue("SHA1-Digest-Manifest",
+ main.putValue(hash == USE_SHA256 ? "SHA-256-Digest-Manifest" : "SHA1-Digest-Manifest",
new String(Base64.encode(md.digest()), "ASCII"));
Map<String, Attributes> entries = manifest.getEntries();
@@ -322,7 +382,7 @@
print.flush();
Attributes sfAttr = new Attributes();
- sfAttr.putValue("SHA1-Digest",
+ sfAttr.putValue(hash == USE_SHA256 ? "SHA-256-Digest" : "SHA1-Digest-Manifest",
new String(Base64.encode(md.digest()), "ASCII"));
sf.getEntries().put(entry.getKey(), sfAttr);
}
@@ -353,7 +413,8 @@
JcaCertStore certs = new JcaCertStore(certList);
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
- ContentSigner sha1Signer = new JcaContentSignerBuilder("SHA1withRSA")
+ ContentSigner signer = new JcaContentSignerBuilder(
+ getAlgorithm(publicKey) == USE_SHA256 ? "SHA256withRSA" : "SHA1withRSA")
.setProvider(sBouncyCastleProvider)
.build(privateKey);
gen.addSignerInfoGenerator(
@@ -362,7 +423,7 @@
.setProvider(sBouncyCastleProvider)
.build())
.setDirectSignature(true)
- .build(sha1Signer, publicKey));
+ .build(signer, publicKey));
gen.addCertificates(certs);
CMSSignedData sigData = gen.generate(data, false);
@@ -499,14 +560,19 @@
signer = new WholeFileSignerOutputStream(out, outputStream);
JarOutputStream outputJar = new JarOutputStream(signer);
- Manifest manifest = addDigestsToManifest(inputJar);
+ int hash = getAlgorithm(publicKey);
+
+ // Assume the certificate is valid for at least an hour.
+ long timestamp = publicKey.getNotBefore().getTime() + 3600L * 1000;
+
+ Manifest manifest = addDigestsToManifest(inputJar, hash);
+ copyFiles(manifest, inputJar, outputJar, timestamp);
+ addOtacert(outputJar, publicKeyFile, timestamp, manifest, hash);
+
signFile(manifest, inputJar,
new X509Certificate[]{ publicKey },
new PrivateKey[]{ privateKey },
outputJar);
- // Assume the certificate is valid for at least an hour.
- long timestamp = publicKey.getNotBefore().getTime() + 3600L * 1000;
- addOtacert(outputJar, publicKeyFile, timestamp, manifest);
signer.notifyClosing();
outputJar.close();
@@ -605,13 +671,8 @@
// Assume the certificate is valid for at least an hour.
long timestamp = publicKey[0].getNotBefore().getTime() + 3600L * 1000;
- JarEntry je;
-
- // Everything else
- copyFiles(manifest, inputJar, outputJar, timestamp);
-
// MANIFEST.MF
- je = new JarEntry(JarFile.MANIFEST_NAME);
+ JarEntry je = new JarEntry(JarFile.MANIFEST_NAME);
je.setTime(timestamp);
outputJar.putNextEntry(je);
manifest.write(outputJar);
@@ -624,7 +685,7 @@
je.setTime(timestamp);
outputJar.putNextEntry(je);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
- writeSignatureFile(manifest, baos);
+ writeSignatureFile(manifest, baos, getAlgorithm(publicKey[k]));
byte[] signedData = baos.toByteArray();
outputJar.write(signedData);
@@ -671,14 +732,21 @@
JarFile inputJar = null;
FileOutputStream outputFile = null;
+ int hashes = 0;
try {
File firstPublicKeyFile = new File(args[argstart+0]);
X509Certificate[] publicKey = new X509Certificate[numKeys];
- for (int i = 0; i < numKeys; ++i) {
- int argNum = argstart + i*2;
- publicKey[i] = readPublicKey(new File(args[argNum]));
+ try {
+ for (int i = 0; i < numKeys; ++i) {
+ int argNum = argstart + i*2;
+ publicKey[i] = readPublicKey(new File(args[argNum]));
+ hashes |= getAlgorithm(publicKey[i]);
+ }
+ } catch (IllegalArgumentException e) {
+ System.err.println(e);
+ System.exit(1);
}
// Set the ZIP file timestamp to the starting valid time
@@ -710,8 +778,9 @@
// (~0.1% on full OTA packages I tested).
outputJar.setLevel(9);
- signFile(addDigestsToManifest(inputJar), inputJar,
- publicKey, privateKey, outputJar);
+ Manifest manifest = addDigestsToManifest(inputJar, hashes);
+ copyFiles(manifest, inputJar, outputJar, timestamp);
+ signFile(manifest, inputJar, publicKey, privateKey, outputJar);
outputJar.close();
}
} catch (Exception e) {
