verity/BootSignature.java - platform/system/extras - Git at Google

 /*
  * Copyright (C) 2014 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 package com.android.verity;

 import java.io.IOException;
 import java.security.PrivateKey;
 import java.util.Arrays;
 import org.bouncycastle.asn1.ASN1Encodable;
 import org.bouncycastle.asn1.ASN1EncodableVector;
 import org.bouncycastle.asn1.ASN1Integer;
 import org.bouncycastle.asn1.ASN1Object;
 import org.bouncycastle.asn1.ASN1Primitive;
 import org.bouncycastle.asn1.DEROctetString;
 import org.bouncycastle.asn1.DERPrintableString;
 import org.bouncycastle.asn1.DERSequence;
 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
 import org.bouncycastle.asn1.util.ASN1Dump;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;

 /**
  *    AndroidVerifiedBootSignature DEFINITIONS ::=
  *    BEGIN
  *        FormatVersion ::= INTEGER
  *        AlgorithmIdentifier ::=  SEQUENCE {
  *            algorithm OBJECT IDENTIFIER,
  *            parameters ANY DEFINED BY algorithm OPTIONAL
  *        }
  *        AuthenticatedAttributes ::= SEQUENCE {
  *            target CHARACTER STRING,
  *            length INTEGER
  *        }
  *        Signature ::= OCTET STRING
  *     END
  */

 public class BootSignature extends ASN1Object
 {
     private ASN1Integer             formatVersion;
     private AlgorithmIdentifier     algorithmIdentifier;
     private DERPrintableString      target;
     private ASN1Integer             length;
     private DEROctetString          signature;

     public BootSignature(String target, int length) {
         this.formatVersion = new ASN1Integer(0);
         this.target = new DERPrintableString(target);
         this.length = new ASN1Integer(length);
         this.algorithmIdentifier = new AlgorithmIdentifier(
                 PKCSObjectIdentifiers.sha256WithRSAEncryption);
     }

     public ASN1Object getAuthenticatedAttributes() {
         ASN1EncodableVector attrs = new ASN1EncodableVector();
         attrs.add(target);
         attrs.add(length);
         return new DERSequence(attrs);
     }

     public byte[] getEncodedAuthenticatedAttributes() throws IOException {
         return getAuthenticatedAttributes().getEncoded();
     }

     public void setSignature(byte[] sig) {
         signature = new DEROctetString(sig);
     }

     public byte[] generateSignableImage(byte[] image) throws IOException {
         byte[] attrs = getEncodedAuthenticatedAttributes();
         byte[] signable = Arrays.copyOf(image, image.length + attrs.length);
         for (int i=0; i < attrs.length; i++) {
             signable[i+image.length] = attrs[i];
         }
         return signable;
     }

     public byte[] sign(byte[] image, PrivateKey key) throws Exception {
         byte[] signable = generateSignableImage(image);
         byte[] signature = Utils.sign(key, signable);
         byte[] signed = Arrays.copyOf(image, image.length + signature.length);
         for (int i=0; i < signature.length; i++) {
             signed[i+image.length] = signature[i];
         }
         return signed;
     }

     public ASN1Primitive toASN1Primitive() {
         ASN1EncodableVector v = new ASN1EncodableVector();
         v.add(formatVersion);
         v.add(algorithmIdentifier);
         v.add(getAuthenticatedAttributes());
         v.add(signature);
         return new DERSequence(v);
     }

     public static void doSignature( String target,
                                     String imagePath,
                                     String keyPath,
                                     String outPath) throws Exception {
         byte[] image = Utils.read(imagePath);
         BootSignature bootsig = new BootSignature(target, image.length);
         PrivateKey key = Utils.loadPEMPrivateKeyFromFile(keyPath);
         byte[] signature = bootsig.sign(image, key);
         Utils.write(signature, outPath);
     }

     // java -cp ../../../out/host/common/obj/JAVA_LIBRARIES/AndroidVerifiedBootSigner_intermediates/classes/ com.android.verity.AndroidVerifiedBootSigner boot ../../../out/target/product/flounder/boot.img ../../../build/target/product/security/verity_private_dev_key /tmp/boot.img.signed
     public static void main(String[] args) throws Exception {
         doSignature(args[0], args[1], args[2], args[3]);
     }
 }
	/*
	* Copyright (C) 2014 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	package com.android.verity;

	import java.io.IOException;
	import java.security.PrivateKey;
	import java.util.Arrays;
	import org.bouncycastle.asn1.ASN1Encodable;
	import org.bouncycastle.asn1.ASN1EncodableVector;
	import org.bouncycastle.asn1.ASN1Integer;
	import org.bouncycastle.asn1.ASN1Object;
	import org.bouncycastle.asn1.ASN1Primitive;
	import org.bouncycastle.asn1.DEROctetString;
	import org.bouncycastle.asn1.DERPrintableString;
	import org.bouncycastle.asn1.DERSequence;
	import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
	import org.bouncycastle.asn1.util.ASN1Dump;
	import org.bouncycastle.asn1.x509.AlgorithmIdentifier;

	/**
	* AndroidVerifiedBootSignature DEFINITIONS ::=
	* BEGIN
	* FormatVersion ::= INTEGER
	* AlgorithmIdentifier ::= SEQUENCE {
	* algorithm OBJECT IDENTIFIER,
	* parameters ANY DEFINED BY algorithm OPTIONAL
	* }
	* AuthenticatedAttributes ::= SEQUENCE {
	* target CHARACTER STRING,
	* length INTEGER
	* }
	* Signature ::= OCTET STRING
	* END
	*/

	public class BootSignature extends ASN1Object
	{
	private ASN1Integer formatVersion;
	private AlgorithmIdentifier algorithmIdentifier;
	private DERPrintableString target;
	private ASN1Integer length;
	private DEROctetString signature;

	public BootSignature(String target, int length) {
	this.formatVersion = new ASN1Integer(0);
	this.target = new DERPrintableString(target);
	this.length = new ASN1Integer(length);
	this.algorithmIdentifier = new AlgorithmIdentifier(
	PKCSObjectIdentifiers.sha256WithRSAEncryption);
	}

	public ASN1Object getAuthenticatedAttributes() {
	ASN1EncodableVector attrs = new ASN1EncodableVector();
	attrs.add(target);
	attrs.add(length);
	return new DERSequence(attrs);
	}

	public byte[] getEncodedAuthenticatedAttributes() throws IOException {
	return getAuthenticatedAttributes().getEncoded();
	}

	public void setSignature(byte[] sig) {
	signature = new DEROctetString(sig);
	}

	public byte[] generateSignableImage(byte[] image) throws IOException {
	byte[] attrs = getEncodedAuthenticatedAttributes();
	byte[] signable = Arrays.copyOf(image, image.length + attrs.length);
	for (int i=0; i < attrs.length; i++) {
	signable[i+image.length] = attrs[i];
	}
	return signable;
	}

	public byte[] sign(byte[] image, PrivateKey key) throws Exception {
	byte[] signable = generateSignableImage(image);
	byte[] signature = Utils.sign(key, signable);
	byte[] signed = Arrays.copyOf(image, image.length + signature.length);
	for (int i=0; i < signature.length; i++) {
	signed[i+image.length] = signature[i];
	}
	return signed;
	}

	public ASN1Primitive toASN1Primitive() {
	ASN1EncodableVector v = new ASN1EncodableVector();
	v.add(formatVersion);
	v.add(algorithmIdentifier);
	v.add(getAuthenticatedAttributes());
	v.add(signature);
	return new DERSequence(v);
	}

	public static void doSignature( String target,
	String imagePath,
	String keyPath,
	String outPath) throws Exception {
	byte[] image = Utils.read(imagePath);
	BootSignature bootsig = new BootSignature(target, image.length);
	PrivateKey key = Utils.loadPEMPrivateKeyFromFile(keyPath);
	byte[] signature = bootsig.sign(image, key);
	Utils.write(signature, outPath);
	}

	// java -cp ../../../out/host/common/obj/JAVA_LIBRARIES/AndroidVerifiedBootSigner_intermediates/classes/ com.android.verity.AndroidVerifiedBootSigner boot ../../../out/target/product/flounder/boot.img ../../../build/target/product/security/verity_private_dev_key /tmp/boot.img.signed
	public static void main(String[] args) throws Exception {
	doSignature(args[0], args[1], args[2], args[3]);
	}
	}