diff options
| author | Sami Tolvanen <samitolvanen@google.com> | 2014-11-25 17:39:22 +0000 |
|---|---|---|
| committer | Android (Google) Code Review <android-gerrit@google.com> | 2014-11-25 17:39:23 +0000 |
| commit | 6c8b3eb8323dd418d86199e525255d4ef2aa8e86 (patch) | |
| tree | f412fe13f5e9f9f57bfcf785a93a69b07d0729b6 /verity | |
| parent | 4de50955bb8a5b086c63352371e7bcde70f0a4e5 (diff) | |
| parent | 43548de0ef3b04e04ee26c910caf3b379a945b01 (diff) | |
| download | extras-6c8b3eb8323dd418d86199e525255d4ef2aa8e86.tar.gz | |
Merge "Add EC support back to signing tools"
Diffstat (limited to 'verity')
| -rw-r--r-- | verity/Utils.java | 36 |
1 files changed, 33 insertions, 3 deletions
diff --git a/verity/Utils.java b/verity/Utils.java index 3576e3b0..937c2063 100644 --- a/verity/Utils.java +++ b/verity/Utils.java @@ -35,6 +35,8 @@ import java.security.Signature; import java.security.cert.Certificate; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; +import java.security.spec.ECPublicKeySpec; +import java.security.spec.ECPrivateKeySpec; import java.security.spec.X509EncodedKeySpec; import java.security.spec.PKCS8EncodedKeySpec; import java.security.spec.InvalidKeySpecException; @@ -52,6 +54,7 @@ import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.AlgorithmIdentifier; +import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; import org.bouncycastle.util.encoders.Base64; public class Utils { @@ -63,10 +66,16 @@ public class Utils { ID_TO_ALG = new HashMap<String, String>(); ALG_TO_ID = new HashMap<String, String>(); + ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA256.getId(), "SHA256withECDSA"); + ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA384.getId(), "SHA384withECDSA"); + ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA512.getId(), "SHA512withECDSA"); ID_TO_ALG.put(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "SHA1withRSA"); ID_TO_ALG.put(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId(), "SHA256withRSA"); ID_TO_ALG.put(PKCSObjectIdentifiers.sha512WithRSAEncryption.getId(), "SHA512withRSA"); + ALG_TO_ID.put("SHA256withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256.getId()); + ALG_TO_ID.put("SHA384withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384.getId()); + ALG_TO_ID.put("SHA512withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512.getId()); ALG_TO_ID.put("SHA1withRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); ALG_TO_ID.put("SHA256withRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption.getId()); ALG_TO_ID.put("SHA512withRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption.getId()); @@ -208,15 +217,36 @@ public class Utils { } } - private static String getSignatureAlgorithm(Key key) { - if ("RSA".equals(key.getAlgorithm())) { + private static String getSignatureAlgorithm(Key key) throws Exception { + if ("EC".equals(key.getAlgorithm())) { + int curveSize; + KeyFactory factory = KeyFactory.getInstance("EC"); + + if (key instanceof PublicKey) { + ECPublicKeySpec spec = factory.getKeySpec(key, ECPublicKeySpec.class); + curveSize = spec.getParams().getCurve().getField().getFieldSize(); + } else if (key instanceof PrivateKey) { + ECPrivateKeySpec spec = factory.getKeySpec(key, ECPrivateKeySpec.class); + curveSize = spec.getParams().getCurve().getField().getFieldSize(); + } else { + throw new InvalidKeySpecException(); + } + + if (curveSize <= 256) { + return "SHA256withECDSA"; + } else if (curveSize <= 384) { + return "SHA384withECDSA"; + } else { + return "SHA512withECDSA"; + } + } else if ("RSA".equals(key.getAlgorithm())) { return "SHA256withRSA"; } else { throw new IllegalArgumentException("Unsupported key type " + key.getAlgorithm()); } } - static AlgorithmIdentifier getSignatureAlgorithmIdentifier(Key key) { + static AlgorithmIdentifier getSignatureAlgorithmIdentifier(Key key) throws Exception { String id = ALG_TO_ID.get(getSignatureAlgorithm(key)); if (id == null) { |