diff options
author | Sami Tolvanen <samitolvanen@google.com> | 2014-11-24 15:19:18 +0000 |
---|---|---|
committer | Sami Tolvanen <samitolvanen@google.com> | 2014-11-25 10:15:17 +0000 |
commit | 43548de0ef3b04e04ee26c910caf3b379a945b01 (patch) | |
tree | a187f795dbdac34884550539d630b974ace083ec /verity | |
parent | 0acf6e885898254494fb354af5f0bc2062bfeb5e (diff) | |
download | extras-43548de0ef3b04e04ee26c910caf3b379a945b01.tar.gz |
Add EC support back to signing tools
Even though RSA is the only supported algorithm in various
places, add EC support back to Utils.java to allow potential
use in future.
Change-Id: I1e0afbf133c9a6b9edc3873160697cb7c27ea29e
Diffstat (limited to 'verity')
-rw-r--r-- | verity/Utils.java | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/verity/Utils.java b/verity/Utils.java index 3576e3b0..937c2063 100644 --- a/verity/Utils.java +++ b/verity/Utils.java @@ -35,6 +35,8 @@ import java.security.Signature; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; +import java.security.spec.ECPublicKeySpec; +import java.security.spec.ECPrivateKeySpec; import java.security.spec.X509EncodedKeySpec; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.InvalidKeySpecException; @@ -52,6 +54,7 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.util.encoders.Base64; public class Utils { @@ -63,10 +66,16 @@ public class Utils { ID_TO_ALG = new HashMap<String, String>(); ALG_TO_ID = new HashMap<String, String>(); + ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA256.getId(), "SHA256withECDSA"); + ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA384.getId(), "SHA384withECDSA"); + ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA512.getId(), "SHA512withECDSA"); ID_TO_ALG.put(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "SHA1withRSA"); ID_TO_ALG.put(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId(), "SHA256withRSA"); ID_TO_ALG.put(PKCSObjectIdentifiers.sha512WithRSAEncryption.getId(), "SHA512withRSA"); + ALG_TO_ID.put("SHA256withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256.getId()); + ALG_TO_ID.put("SHA384withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384.getId()); + ALG_TO_ID.put("SHA512withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512.getId()); ALG_TO_ID.put("SHA1withRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); ALG_TO_ID.put("SHA256withRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption.getId()); ALG_TO_ID.put("SHA512withRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption.getId()); @@ -208,15 +217,36 @@ public class Utils { } } - private static String getSignatureAlgorithm(Key key) { - if ("RSA".equals(key.getAlgorithm())) { + private static String getSignatureAlgorithm(Key key) throws Exception { + if ("EC".equals(key.getAlgorithm())) { + int curveSize; + KeyFactory factory = KeyFactory.getInstance("EC"); + + if (key instanceof PublicKey) { + ECPublicKeySpec spec = factory.getKeySpec(key, ECPublicKeySpec.class); + curveSize = spec.getParams().getCurve().getField().getFieldSize(); + } else if (key instanceof PrivateKey) { + ECPrivateKeySpec spec = factory.getKeySpec(key, ECPrivateKeySpec.class); + curveSize = spec.getParams().getCurve().getField().getFieldSize(); + } else { + throw new InvalidKeySpecException(); + } + + if (curveSize <= 256) { + return "SHA256withECDSA"; + } else if (curveSize <= 384) { + return "SHA384withECDSA"; + } else { + return "SHA512withECDSA"; + } + } else if ("RSA".equals(key.getAlgorithm())) { return "SHA256withRSA"; } else { throw new IllegalArgumentException("Unsupported key type " + key.getAlgorithm()); } } - static AlgorithmIdentifier getSignatureAlgorithmIdentifier(Key key) { + static AlgorithmIdentifier getSignatureAlgorithmIdentifier(Key key) throws Exception { String id = ALG_TO_ID.get(getSignatureAlgorithm(key)); if (id == null) { |