diff options
| author | Geremy Condra <gcondra@google.com> | 2014-08-14 16:44:31 -0700 |
|---|---|---|
| committer | Paul Lawrence <paullawrence@google.com> | 2014-11-13 17:38:03 +0000 |
| commit | d66cefd9d9ef9aab181bdf6d429a0f7938cf0cb5 (patch) | |
| tree | 8f0ab4d558b0b681800892b40063a9331be73470 | |
| parent | 844b2e166c6218018e9676994cff8d5d2a8cbf62 (diff) | |
| download | extras-d66cefd9d9ef9aab181bdf6d429a0f7938cf0cb5.tar.gz | |
Fix issues with appended boot signature.
In particular this changes the OID to the SHA1 OID and
appends the full BootSignature.
This is cherry-picked from a WIP bug checked into master, but is complete.
The work in finalized by further changes from Sami Tolvanen
Bug: 15984840
Change-Id: Ic43784fc339b9aedf91363c9ec9a453c3bb53294
(cherry picked from commit 1f2ebbd57e86fb0749aeb453fb337065985ab9c6)
| -rw-r--r-- | verity/BootSignature.java | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/verity/BootSignature.java b/verity/BootSignature.java index f5ceb304..740e226a 100644 --- a/verity/BootSignature.java +++ b/verity/BootSignature.java @@ -60,7 +60,7 @@ public class BootSignature extends ASN1Object this.target = new DERPrintableString(target); this.length = new ASN1Integer(length); this.algorithmIdentifier = new AlgorithmIdentifier( - PKCSObjectIdentifiers.sha256WithRSAEncryption); + PKCSObjectIdentifiers.sha1WithRSAEncryption); } public ASN1Object getAuthenticatedAttributes() { @@ -89,12 +89,7 @@ public class BootSignature extends ASN1Object public byte[] sign(byte[] image, PrivateKey key) throws Exception { byte[] signable = generateSignableImage(image); - byte[] signature = Utils.sign(key, signable); - byte[] signed = Arrays.copyOf(image, image.length + signature.length); - for (int i=0; i < signature.length; i++) { - signed[i+image.length] = signature[i]; - } - return signed; + return Utils.sign(key, signable); } public ASN1Primitive toASN1Primitive() { @@ -113,8 +108,13 @@ public class BootSignature extends ASN1Object byte[] image = Utils.read(imagePath); BootSignature bootsig = new BootSignature(target, image.length); PrivateKey key = Utils.loadPEMPrivateKeyFromFile(keyPath); - byte[] signature = bootsig.sign(image, key); - Utils.write(signature, outPath); + bootsig.setSignature(bootsig.sign(image, key)); + byte[] encoded_bootsig = bootsig.getEncoded(); + byte[] image_with_metadata = Arrays.copyOf(image, image.length + encoded_bootsig.length); + for (int i=0; i < encoded_bootsig.length; i++) { + image_with_metadata[i+image.length] = encoded_bootsig[i]; + } + Utils.write(image_with_metadata, outPath); } // java -cp ../../../out/host/common/obj/JAVA_LIBRARIES/AndroidVerifiedBootSigner_intermediates/classes/ com.android.verity.AndroidVerifiedBootSigner boot ../../../out/target/product/flounder/boot.img ../../../build/target/product/security/verity_private_dev_key /tmp/boot.img.signed |