1 /* 2 * Copyright (C) 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.verity; 18 19 import java.lang.reflect.Constructor; 20 import java.io.File; 21 import java.io.ByteArrayInputStream; 22 import java.io.Console; 23 import java.io.FileInputStream; 24 import java.io.FileOutputStream; 25 import java.io.InputStreamReader; 26 import java.io.IOException; 27 import java.security.GeneralSecurityException; 28 import java.security.Key; 29 import java.security.PrivateKey; 30 import java.security.PublicKey; 31 import java.security.KeyFactory; 32 import java.security.Provider; 33 import java.security.Security; 34 import java.security.Signature; 35 import java.security.cert.Certificate; 36 import java.security.cert.CertificateFactory; 37 import java.security.cert.X509Certificate; 38 import java.security.spec.ECPublicKeySpec; 39 import java.security.spec.ECPrivateKeySpec; 40 import java.security.spec.X509EncodedKeySpec; 41 import java.security.spec.PKCS8EncodedKeySpec; 42 import java.security.spec.InvalidKeySpecException; 43 import java.util.Arrays; 44 import java.util.HashMap; 45 import java.util.Map; 46 47 import javax.crypto.Cipher; 48 import javax.crypto.EncryptedPrivateKeyInfo; 49 import javax.crypto.SecretKeyFactory; 50 import javax.crypto.spec.PBEKeySpec; 51 52 import org.bouncycastle.asn1.ASN1InputStream; 53 import org.bouncycastle.asn1.ASN1ObjectIdentifier; 54 import org.bouncycastle.asn1.pkcs.PrivateKeyInfo; 55 import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; 56 import org.bouncycastle.asn1.x509.AlgorithmIdentifier; 57 import org.bouncycastle.asn1.x9.X9ObjectIdentifiers; 58 import org.bouncycastle.util.encoders.Base64; 59 60 public class Utils { 61 62 private static final Map<String, String> ID_TO_ALG; 63 private static final Map<String, String> ALG_TO_ID; 64 65 static { 66 ID_TO_ALG = new HashMap<String, String>(); 67 ALG_TO_ID = new HashMap<String, String>(); 68 X9ObjectIdentifiers.ecdsa_with_SHA256.getId()69 ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA256.getId(), "SHA256withECDSA"); X9ObjectIdentifiers.ecdsa_with_SHA384.getId()70 ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA384.getId(), "SHA384withECDSA"); X9ObjectIdentifiers.ecdsa_with_SHA512.getId()71 ID_TO_ALG.put(X9ObjectIdentifiers.ecdsa_with_SHA512.getId(), "SHA512withECDSA"); PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()72 ID_TO_ALG.put(PKCSObjectIdentifiers.sha1WithRSAEncryption.getId(), "SHA1withRSA"); PKCSObjectIdentifiers.sha256WithRSAEncryption.getId()73 ID_TO_ALG.put(PKCSObjectIdentifiers.sha256WithRSAEncryption.getId(), "SHA256withRSA"); PKCSObjectIdentifiers.sha512WithRSAEncryption.getId()74 ID_TO_ALG.put(PKCSObjectIdentifiers.sha512WithRSAEncryption.getId(), "SHA512withRSA"); 75 76 ALG_TO_ID.put("SHA256withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA256.getId()); 77 ALG_TO_ID.put("SHA384withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA384.getId()); 78 ALG_TO_ID.put("SHA512withECDSA", X9ObjectIdentifiers.ecdsa_with_SHA512.getId()); 79 ALG_TO_ID.put("SHA1withRSA", PKCSObjectIdentifiers.sha1WithRSAEncryption.getId()); 80 ALG_TO_ID.put("SHA256withRSA", PKCSObjectIdentifiers.sha256WithRSAEncryption.getId()); 81 ALG_TO_ID.put("SHA512withRSA", PKCSObjectIdentifiers.sha512WithRSAEncryption.getId()); 82 } 83 loadProviderIfNecessary(String providerClassName)84 private static void loadProviderIfNecessary(String providerClassName) { 85 if (providerClassName == null) { 86 return; 87 } 88 89 final Class<?> klass; 90 try { 91 final ClassLoader sysLoader = ClassLoader.getSystemClassLoader(); 92 if (sysLoader != null) { 93 klass = sysLoader.loadClass(providerClassName); 94 } else { 95 klass = Class.forName(providerClassName); 96 } 97 } catch (ClassNotFoundException e) { 98 e.printStackTrace(); 99 System.exit(1); 100 return; 101 } 102 103 Constructor<?> constructor = null; 104 for (Constructor<?> c : klass.getConstructors()) { 105 if (c.getParameterTypes().length == 0) { 106 constructor = c; 107 break; 108 } 109 } 110 if (constructor == null) { 111 System.err.println("No zero-arg constructor found for " + providerClassName); 112 System.exit(1); 113 return; 114 } 115 116 final Object o; 117 try { 118 o = constructor.newInstance(); 119 } catch (Exception e) { 120 e.printStackTrace(); 121 System.exit(1); 122 return; 123 } 124 if (!(o instanceof Provider)) { 125 System.err.println("Not a Provider class: " + providerClassName); 126 System.exit(1); 127 } 128 129 Security.insertProviderAt((Provider) o, 1); 130 } 131 pemToDer(String pem)132 static byte[] pemToDer(String pem) throws Exception { 133 pem = pem.replaceAll("^-.*", ""); 134 String base64_der = pem.replaceAll("-.*$", ""); 135 return Base64.decode(base64_der); 136 } 137 decryptPrivateKey(byte[] encryptedPrivateKey)138 private static PKCS8EncodedKeySpec decryptPrivateKey(byte[] encryptedPrivateKey) 139 throws GeneralSecurityException { 140 EncryptedPrivateKeyInfo epkInfo; 141 try { 142 epkInfo = new EncryptedPrivateKeyInfo(encryptedPrivateKey); 143 } catch (IOException ex) { 144 // Probably not an encrypted key. 145 return null; 146 } 147 148 char[] password = System.console().readPassword("Password for the private key file: "); 149 150 SecretKeyFactory skFactory = SecretKeyFactory.getInstance(epkInfo.getAlgName()); 151 Key key = skFactory.generateSecret(new PBEKeySpec(password)); 152 Arrays.fill(password, '\0'); 153 154 Cipher cipher = Cipher.getInstance(epkInfo.getAlgName()); 155 cipher.init(Cipher.DECRYPT_MODE, key, epkInfo.getAlgParameters()); 156 157 try { 158 return epkInfo.getKeySpec(cipher); 159 } catch (InvalidKeySpecException ex) { 160 System.err.println("Password may be bad."); 161 throw ex; 162 } 163 } 164 loadDERPrivateKey(byte[] der)165 static PrivateKey loadDERPrivateKey(byte[] der) throws Exception { 166 PKCS8EncodedKeySpec spec = decryptPrivateKey(der); 167 168 if (spec == null) { 169 spec = new PKCS8EncodedKeySpec(der); 170 } 171 172 ASN1InputStream bIn = new ASN1InputStream(new ByteArrayInputStream(spec.getEncoded())); 173 PrivateKeyInfo pki = PrivateKeyInfo.getInstance(bIn.readObject()); 174 String algOid = pki.getPrivateKeyAlgorithm().getAlgorithm().getId(); 175 176 return KeyFactory.getInstance(algOid).generatePrivate(spec); 177 } 178 loadPEMPrivateKey(byte[] pem)179 static PrivateKey loadPEMPrivateKey(byte[] pem) throws Exception { 180 byte[] der = pemToDer(new String(pem)); 181 return loadDERPrivateKey(der); 182 } 183 loadPEMPrivateKeyFromFile(String keyFname)184 static PrivateKey loadPEMPrivateKeyFromFile(String keyFname) throws Exception { 185 return loadPEMPrivateKey(read(keyFname)); 186 } 187 loadDERPrivateKeyFromFile(String keyFname)188 static PrivateKey loadDERPrivateKeyFromFile(String keyFname) throws Exception { 189 return loadDERPrivateKey(read(keyFname)); 190 } 191 loadDERPublicKey(byte[] der)192 static PublicKey loadDERPublicKey(byte[] der) throws Exception { 193 X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(der); 194 KeyFactory factory = KeyFactory.getInstance("RSA"); 195 return factory.generatePublic(publicKeySpec); 196 } 197 loadPEMPublicKey(byte[] pem)198 static PublicKey loadPEMPublicKey(byte[] pem) throws Exception { 199 byte[] der = pemToDer(new String(pem)); 200 X509EncodedKeySpec publicKeySpec = new X509EncodedKeySpec(der); 201 KeyFactory factory = KeyFactory.getInstance("RSA"); 202 return factory.generatePublic(publicKeySpec); 203 } 204 loadPEMPublicKeyFromFile(String keyFname)205 static PublicKey loadPEMPublicKeyFromFile(String keyFname) throws Exception { 206 return loadPEMPublicKey(read(keyFname)); 207 } 208 loadDERPublicKeyFromFile(String keyFname)209 static PublicKey loadDERPublicKeyFromFile(String keyFname) throws Exception { 210 return loadDERPublicKey(read(keyFname)); 211 } 212 loadPEMCertificate(String fname)213 static X509Certificate loadPEMCertificate(String fname) throws Exception { 214 try (FileInputStream fis = new FileInputStream(fname)) { 215 CertificateFactory cf = CertificateFactory.getInstance("X.509"); 216 return (X509Certificate) cf.generateCertificate(fis); 217 } 218 } 219 getSignatureAlgorithm(Key key)220 private static String getSignatureAlgorithm(Key key) throws Exception { 221 if ("EC".equals(key.getAlgorithm())) { 222 int curveSize; 223 KeyFactory factory = KeyFactory.getInstance("EC"); 224 225 if (key instanceof PublicKey) { 226 ECPublicKeySpec spec = factory.getKeySpec(key, ECPublicKeySpec.class); 227 curveSize = spec.getParams().getCurve().getField().getFieldSize(); 228 } else if (key instanceof PrivateKey) { 229 ECPrivateKeySpec spec = factory.getKeySpec(key, ECPrivateKeySpec.class); 230 curveSize = spec.getParams().getCurve().getField().getFieldSize(); 231 } else { 232 throw new InvalidKeySpecException(); 233 } 234 235 if (curveSize <= 256) { 236 return "SHA256withECDSA"; 237 } else if (curveSize <= 384) { 238 return "SHA384withECDSA"; 239 } else { 240 return "SHA512withECDSA"; 241 } 242 } else if ("RSA".equals(key.getAlgorithm())) { 243 return "SHA256withRSA"; 244 } else { 245 throw new IllegalArgumentException("Unsupported key type " + key.getAlgorithm()); 246 } 247 } 248 getSignatureAlgorithmIdentifier(Key key)249 static AlgorithmIdentifier getSignatureAlgorithmIdentifier(Key key) throws Exception { 250 String id = ALG_TO_ID.get(getSignatureAlgorithm(key)); 251 252 if (id == null) { 253 throw new IllegalArgumentException("Unsupported key type " + key.getAlgorithm()); 254 } 255 256 return new AlgorithmIdentifier(new ASN1ObjectIdentifier(id)); 257 } 258 verify(PublicKey key, byte[] input, byte[] signature, AlgorithmIdentifier algId)259 static boolean verify(PublicKey key, byte[] input, byte[] signature, 260 AlgorithmIdentifier algId) throws Exception { 261 String algName = ID_TO_ALG.get(algId.getAlgorithm().getId()); 262 263 if (algName == null) { 264 throw new IllegalArgumentException("Unsupported algorithm " + algId.getAlgorithm()); 265 } 266 267 Signature verifier = Signature.getInstance(algName); 268 verifier.initVerify(key); 269 verifier.update(input); 270 271 return verifier.verify(signature); 272 } 273 sign(PrivateKey privateKey, byte[] input)274 static byte[] sign(PrivateKey privateKey, byte[] input) throws Exception { 275 Signature signer = Signature.getInstance(getSignatureAlgorithm(privateKey)); 276 signer.initSign(privateKey); 277 signer.update(input); 278 return signer.sign(); 279 } 280 read(String fname)281 static byte[] read(String fname) throws Exception { 282 long offset = 0; 283 File f = new File(fname); 284 long length = f.length(); 285 byte[] image = new byte[(int)length]; 286 FileInputStream fis = new FileInputStream(f); 287 while (offset < length) { 288 offset += fis.read(image, (int)offset, (int)(length - offset)); 289 } 290 fis.close(); 291 return image; 292 } 293 write(byte[] data, String fname)294 static void write(byte[] data, String fname) throws Exception{ 295 FileOutputStream out = new FileOutputStream(fname); 296 out.write(data); 297 out.close(); 298 } 299 } 300