blob: 2ab94cb4556dd32c9a2ca99138411373db371802 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
/*
* Copyright (C) 2013 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.android.verity;
import org.bouncycastle.util.encoders.Base64;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.InputStream;
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.Signature;
import java.security.spec.PKCS8EncodedKeySpec;
class VeritySigner {
private static byte[] sign(PrivateKey privateKey, byte[] input) throws Exception {
Signature signer = Signature.getInstance("SHA1withRSA");
signer.initSign(privateKey);
signer.update(input);
return signer.sign();
}
private static PKCS8EncodedKeySpec pemToDer(String pem) throws Exception {
pem = pem.replaceAll("^-.*", "");
String base64_der = pem.replaceAll("-.*$", "");
byte[] der = Base64.decode(base64_der);
return new PKCS8EncodedKeySpec(der);
}
private static PrivateKey loadPrivateKey(String pem) throws Exception {
PKCS8EncodedKeySpec keySpec = pemToDer(pem);
KeyFactory keyFactory = KeyFactory.getInstance("RSA");
return (PrivateKey) keyFactory.generatePrivate(keySpec);
}
private static byte[] read(String path) throws Exception {
File contentFile = new File(path);
byte[] content = new byte[(int)contentFile.length()];
FileInputStream fis = new FileInputStream(contentFile);
fis.read(content);
fis.close();
return content;
}
private static void writeOutput(String path, byte[] output) throws Exception {
FileOutputStream fos = new FileOutputStream(path);
fos.write(output);
fos.close();
}
// USAGE:
// VeritySigner <contentfile> <key.pem> <sigfile>
// To verify that this has correct output:
// openssl rsautl -raw -inkey <key.pem> -encrypt -in <sigfile> > /tmp/dump
public static void main(String[] args) throws Exception {
byte[] content = read(args[0]);
PrivateKey privateKey = loadPrivateKey(new String(read(args[1])));
byte[] signature = sign(privateKey, content);
writeOutput(args[2], signature);
}
}
|