diff options
author | Geremy Condra <gcondra@google.com> | 2013-07-08 15:03:21 -0700 |
---|---|---|
committer | Geremy Condra <gcondra@google.com> | 2013-08-07 11:38:10 -0700 |
commit | b467218543a3f67eaa40c4edcc4fa12c45e8b3d6 (patch) | |
tree | 28e52f0257d2b3e95e0d0bb4193b4735341279c9 /verity/VeritySigner.java | |
parent | 56e32bcc0d452255025ade806536e3ad02b071e8 (diff) | |
download | extras-b467218543a3f67eaa40c4edcc4fa12c45e8b3d6.tar.gz |
Add verified partition tools.
Change-Id: Icf34336e6d574d62b60fff093ea8abe20358ac89
Diffstat (limited to 'verity/VeritySigner.java')
-rw-r--r-- | verity/VeritySigner.java | 79 |
1 files changed, 79 insertions, 0 deletions
diff --git a/verity/VeritySigner.java b/verity/VeritySigner.java new file mode 100644 index 00000000..f1d95c82 --- /dev/null +++ b/verity/VeritySigner.java @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.verity; + +import sun.misc.BASE64Decoder; +import sun.misc.BASE64Encoder; +import java.io.DataInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.InputStream; +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.Signature; +import java.security.spec.PKCS8EncodedKeySpec; + +class VeritySigner { + + private static byte[] sign(PrivateKey privateKey, byte[] input) throws Exception { + Signature signer = Signature.getInstance("SHA1withRSA"); + signer.initSign(privateKey); + signer.update(input); + return signer.sign(); + } + + private static PKCS8EncodedKeySpec pemToDer(String pem) throws Exception { + pem = pem.replaceAll("^-.*", ""); + String base64_der = pem.replaceAll("-.*$", ""); + BASE64Decoder decoder = new BASE64Decoder(); + byte[] der = decoder.decodeBuffer(base64_der); + return new PKCS8EncodedKeySpec(der); + } + + private static PrivateKey loadPrivateKey(String pem) throws Exception { + PKCS8EncodedKeySpec keySpec = pemToDer(pem); + KeyFactory keyFactory = KeyFactory.getInstance("RSA"); + return (PrivateKey) keyFactory.generatePrivate(keySpec); + } + + private static byte[] read(String path) throws Exception { + File contentFile = new File(path); + byte[] content = new byte[(int)contentFile.length()]; + FileInputStream fis = new FileInputStream(contentFile); + fis.read(content); + fis.close(); + return content; + } + + private static void writeOutput(String path, byte[] output) throws Exception { + FileOutputStream fos = new FileOutputStream(path); + fos.write(output); + fos.close(); + } + + // USAGE: + // VeritySigner <contentfile> <key.pem> <sigfile> + // To verify that this has correct output: + // openssl rsautl -raw -inkey <key.pem> -encrypt -in <sigfile> > /tmp/dump + public static void main(String[] args) throws Exception { + byte[] content = read(args[0]); + PrivateKey privateKey = loadPrivateKey(new String(read(args[1]))); + byte[] signature = sign(privateKey, content); + writeOutput(args[2], signature); + } +} |