summaryrefslogtreecommitdiffstats
path: root/tools
diff options
context:
space:
mode:
Diffstat (limited to 'tools')
-rw-r--r--tools/dumpkey/Android.mk (renamed from tools/ota/Android.mk)21
-rw-r--r--tools/dumpkey/DumpPublicKey.java270
-rw-r--r--tools/dumpkey/DumpPublicKey.mf1
-rw-r--r--tools/ota/add-property-tag.c141
-rw-r--r--tools/ota/check-lost+found.c145
-rw-r--r--tools/ota/convert-to-bmp.py79
6 files changed, 276 insertions, 381 deletions
diff --git a/tools/ota/Android.mk b/tools/dumpkey/Android.mk
index 142c3b257..31549146d 100644
--- a/tools/ota/Android.mk
+++ b/tools/dumpkey/Android.mk
@@ -15,19 +15,8 @@
LOCAL_PATH := $(call my-dir)
include $(CLEAR_VARS)
-LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_MODULE := add-property-tag
-LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
-LOCAL_MODULE_TAGS := debug
-LOCAL_SRC_FILES := add-property-tag.c
-LOCAL_STATIC_LIBRARIES := libc
-include $(BUILD_EXECUTABLE)
-
-include $(CLEAR_VARS)
-LOCAL_FORCE_STATIC_EXECUTABLE := true
-LOCAL_MODULE := check-lost+found
-LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES)
-LOCAL_MODULE_TAGS := debug
-LOCAL_SRC_FILES := check-lost+found.c
-LOCAL_STATIC_LIBRARIES := libcutils libc
-include $(BUILD_EXECUTABLE)
+LOCAL_MODULE := dumpkey
+LOCAL_SRC_FILES := DumpPublicKey.java
+LOCAL_JAR_MANIFEST := DumpPublicKey.mf
+LOCAL_STATIC_JAVA_LIBRARIES := bouncycastle-host
+include $(BUILD_HOST_JAVA_LIBRARY)
diff --git a/tools/dumpkey/DumpPublicKey.java b/tools/dumpkey/DumpPublicKey.java
new file mode 100644
index 000000000..3eb139842
--- /dev/null
+++ b/tools/dumpkey/DumpPublicKey.java
@@ -0,0 +1,270 @@
+/*
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.dumpkey;
+
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+import java.io.FileInputStream;
+import java.math.BigInteger;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.security.KeyStore;
+import java.security.Key;
+import java.security.PublicKey;
+import java.security.Security;
+import java.security.interfaces.ECPublicKey;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.ECPoint;
+
+/**
+ * Command line tool to extract RSA public keys from X.509 certificates
+ * and output source code with data initializers for the keys.
+ * @hide
+ */
+class DumpPublicKey {
+ /**
+ * @param key to perform sanity checks on
+ * @return version number of key. Supported versions are:
+ * 1: 2048-bit RSA key with e=3 and SHA-1 hash
+ * 2: 2048-bit RSA key with e=65537 and SHA-1 hash
+ * 3: 2048-bit RSA key with e=3 and SHA-256 hash
+ * 4: 2048-bit RSA key with e=65537 and SHA-256 hash
+ * @throws Exception if the key has the wrong size or public exponent
+ */
+ static int checkRSA(RSAPublicKey key, boolean useSHA256) throws Exception {
+ BigInteger pubexp = key.getPublicExponent();
+ BigInteger modulus = key.getModulus();
+ int version;
+
+ if (pubexp.equals(BigInteger.valueOf(3))) {
+ version = useSHA256 ? 3 : 1;
+ } else if (pubexp.equals(BigInteger.valueOf(65537))) {
+ version = useSHA256 ? 4 : 2;
+ } else {
+ throw new Exception("Public exponent should be 3 or 65537 but is " +
+ pubexp.toString(10) + ".");
+ }
+
+ if (modulus.bitLength() != 2048) {
+ throw new Exception("Modulus should be 2048 bits long but is " +
+ modulus.bitLength() + " bits.");
+ }
+
+ return version;
+ }
+
+ /**
+ * @param key to perform sanity checks on
+ * @return version number of key. Supported versions are:
+ * 5: 256-bit EC key with curve NIST P-256
+ * @throws Exception if the key has the wrong size or public exponent
+ */
+ static int checkEC(ECPublicKey key) throws Exception {
+ if (key.getParams().getCurve().getField().getFieldSize() != 256) {
+ throw new Exception("Curve must be NIST P-256");
+ }
+
+ return 5;
+ }
+
+ /**
+ * Perform sanity check on public key.
+ */
+ static int check(PublicKey key, boolean useSHA256) throws Exception {
+ if (key instanceof RSAPublicKey) {
+ return checkRSA((RSAPublicKey) key, useSHA256);
+ } else if (key instanceof ECPublicKey) {
+ if (!useSHA256) {
+ throw new Exception("Must use SHA-256 with EC keys!");
+ }
+ return checkEC((ECPublicKey) key);
+ } else {
+ throw new Exception("Unsupported key class: " + key.getClass().getName());
+ }
+ }
+
+ /**
+ * @param key to output
+ * @return a String representing this public key. If the key is a
+ * version 1 key, the string will be a C initializer; this is
+ * not true for newer key versions.
+ */
+ static String printRSA(RSAPublicKey key, boolean useSHA256) throws Exception {
+ int version = check(key, useSHA256);
+
+ BigInteger N = key.getModulus();
+
+ StringBuilder result = new StringBuilder();
+
+ int nwords = N.bitLength() / 32; // # of 32 bit integers in modulus
+
+ if (version > 1) {
+ result.append("v");
+ result.append(Integer.toString(version));
+ result.append(" ");
+ }
+
+ result.append("{");
+ result.append(nwords);
+
+ BigInteger B = BigInteger.valueOf(0x100000000L); // 2^32
+ BigInteger N0inv = B.subtract(N.modInverse(B)); // -1 / N[0] mod 2^32
+
+ result.append(",0x");
+ result.append(N0inv.toString(16));
+
+ BigInteger R = BigInteger.valueOf(2).pow(N.bitLength());
+ BigInteger RR = R.multiply(R).mod(N); // 2^4096 mod N
+
+ // Write out modulus as little endian array of integers.
+ result.append(",{");
+ for (int i = 0; i < nwords; ++i) {
+ long n = N.mod(B).longValue();
+ result.append(n);
+
+ if (i != nwords - 1) {
+ result.append(",");
+ }
+
+ N = N.divide(B);
+ }
+ result.append("}");
+
+ // Write R^2 as little endian array of integers.
+ result.append(",{");
+ for (int i = 0; i < nwords; ++i) {
+ long rr = RR.mod(B).longValue();
+ result.append(rr);
+
+ if (i != nwords - 1) {
+ result.append(",");
+ }
+
+ RR = RR.divide(B);
+ }
+ result.append("}");
+
+ result.append("}");
+ return result.toString();
+ }
+
+ /**
+ * @param key to output
+ * @return a String representing this public key. If the key is a
+ * version 1 key, the string will be a C initializer; this is
+ * not true for newer key versions.
+ */
+ static String printEC(ECPublicKey key) throws Exception {
+ int version = checkEC(key);
+
+ StringBuilder result = new StringBuilder();
+
+ result.append("v");
+ result.append(Integer.toString(version));
+ result.append(" ");
+
+ BigInteger X = key.getW().getAffineX();
+ BigInteger Y = key.getW().getAffineY();
+ int nbytes = key.getParams().getCurve().getField().getFieldSize() / 8; // # of 32 bit integers in X coordinate
+
+ result.append("{");
+ result.append(nbytes);
+
+ BigInteger B = BigInteger.valueOf(0x100L); // 2^8
+
+ // Write out Y coordinate as array of characters.
+ result.append(",{");
+ for (int i = 0; i < nbytes; ++i) {
+ long n = X.mod(B).longValue();
+ result.append(n);
+
+ if (i != nbytes - 1) {
+ result.append(",");
+ }
+
+ X = X.divide(B);
+ }
+ result.append("}");
+
+ // Write out Y coordinate as array of characters.
+ result.append(",{");
+ for (int i = 0; i < nbytes; ++i) {
+ long n = Y.mod(B).longValue();
+ result.append(n);
+
+ if (i != nbytes - 1) {
+ result.append(",");
+ }
+
+ Y = Y.divide(B);
+ }
+ result.append("}");
+
+ result.append("}");
+ return result.toString();
+ }
+
+ static String print(PublicKey key, boolean useSHA256) throws Exception {
+ if (key instanceof RSAPublicKey) {
+ return printRSA((RSAPublicKey) key, useSHA256);
+ } else if (key instanceof ECPublicKey) {
+ return printEC((ECPublicKey) key);
+ } else {
+ throw new Exception("Unsupported key class: " + key.getClass().getName());
+ }
+ }
+
+ public static void main(String[] args) {
+ if (args.length < 1) {
+ System.err.println("Usage: DumpPublicKey certfile ... > source.c");
+ System.exit(1);
+ }
+ Security.addProvider(new BouncyCastleProvider());
+ try {
+ for (int i = 0; i < args.length; i++) {
+ FileInputStream input = new FileInputStream(args[i]);
+ CertificateFactory cf = CertificateFactory.getInstance("X.509");
+ X509Certificate cert = (X509Certificate) cf.generateCertificate(input);
+
+ boolean useSHA256 = false;
+ String sigAlg = cert.getSigAlgName();
+ if ("SHA1withRSA".equals(sigAlg) || "MD5withRSA".equals(sigAlg)) {
+ // SignApk has historically accepted "MD5withRSA"
+ // certificates, but treated them as "SHA1withRSA"
+ // anyway. Continue to do so for backwards
+ // compatibility.
+ useSHA256 = false;
+ } else if ("SHA256withRSA".equals(sigAlg) || "SHA256withECDSA".equals(sigAlg)) {
+ useSHA256 = true;
+ } else {
+ System.err.println(args[i] + ": unsupported signature algorithm \"" +
+ sigAlg + "\"");
+ System.exit(1);
+ }
+
+ PublicKey key = cert.getPublicKey();
+ check(key, useSHA256);
+ System.out.print(print(key, useSHA256));
+ System.out.println(i < args.length - 1 ? "," : "");
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ System.exit(1);
+ }
+ System.exit(0);
+ }
+}
diff --git a/tools/dumpkey/DumpPublicKey.mf b/tools/dumpkey/DumpPublicKey.mf
new file mode 100644
index 000000000..7bb3bc88d
--- /dev/null
+++ b/tools/dumpkey/DumpPublicKey.mf
@@ -0,0 +1 @@
+Main-Class: com.android.dumpkey.DumpPublicKey
diff --git a/tools/ota/add-property-tag.c b/tools/ota/add-property-tag.c
deleted file mode 100644
index aab30b2d0..000000000
--- a/tools/ota/add-property-tag.c
+++ /dev/null
@@ -1,141 +0,0 @@
-/*
- * Copyright (C) 2008 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <ctype.h>
-#include <errno.h>
-#include <getopt.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-/*
- * Append a tag to a property value in a .prop file if it isn't already there.
- * Normally used to modify build properties to record incremental updates.
- */
-
-// Return nonzero if the tag should be added to this line.
-int should_tag(const char *line, const char *propname) {
- const char *prop = strstr(line, propname);
- if (prop == NULL) return 0;
-
- // Make sure this is actually the property name (not an accidental hit)
- const char *ptr;
- for (ptr = line; ptr < prop && isspace(*ptr); ++ptr) ;
- if (ptr != prop) return 0; // Must be at the beginning of the line
-
- for (ptr += strlen(propname); *ptr != '\0' && isspace(*ptr); ++ptr) ;
- return (*ptr == '='); // Must be followed by a '='
-}
-
-// Remove existing tags from the line, return the following number (if any)
-int remove_tag(char *line, const char *tag) {
- char *pos = strstr(line, tag);
- if (pos == NULL) return 0;
-
- char *end;
- int num = strtoul(pos + strlen(tag), &end, 10);
- strcpy(pos, end);
- return num;
-}
-
-// Write line to output with the tag added, adding a number (if >0)
-void write_tagged(FILE *out, const char *line, const char *tag, int number) {
- const char *end = line + strlen(line);
- while (end > line && isspace(end[-1])) --end;
- if (number > 0) {
- fprintf(out, "%.*s%s%d%s", (int)(end - line), line, tag, number, end);
- } else {
- fprintf(out, "%.*s%s%s", (int)(end - line), line, tag, end);
- }
-}
-
-int main(int argc, char **argv) {
- const char *filename = "/system/build.prop";
- const char *propname = "ro.build.fingerprint";
- const char *tag = NULL;
- int do_remove = 0, do_number = 0;
-
- int opt;
- while ((opt = getopt(argc, argv, "f:p:rn")) != -1) {
- switch (opt) {
- case 'f': filename = optarg; break;
- case 'p': propname = optarg; break;
- case 'r': do_remove = 1; break;
- case 'n': do_number = 1; break;
- case '?': return 2;
- }
- }
-
- if (argc != optind + 1) {
- fprintf(stderr,
- "usage: add-property-tag [flags] tag-to-add\n"
- "flags: -f /dir/file.prop (default /system/build.prop)\n"
- " -p prop.name (default ro.build.fingerprint)\n"
- " -r (if set, remove the tag rather than adding it)\n"
- " -n (if set, add and increment a number after the tag)\n");
- return 2;
- }
-
- tag = argv[optind];
- FILE *input = fopen(filename, "r");
- if (input == NULL) {
- fprintf(stderr, "can't read %s: %s\n", filename, strerror(errno));
- return 1;
- }
-
- char tmpname[PATH_MAX];
- snprintf(tmpname, sizeof(tmpname), "%s.tmp", filename);
- FILE *output = fopen(tmpname, "w");
- if (output == NULL) {
- fprintf(stderr, "can't write %s: %s\n", tmpname, strerror(errno));
- return 1;
- }
-
- int found = 0;
- char line[4096];
- while (fgets(line, sizeof(line), input)) {
- if (!should_tag(line, propname)) {
- fputs(line, output); // Pass through unmodified
- } else {
- found = 1;
- int number = remove_tag(line, tag);
- if (do_remove) {
- fputs(line, output); // Remove the tag but don't re-add it
- } else {
- write_tagged(output, line, tag, number + do_number);
- }
- }
- }
-
- fclose(input);
- fclose(output);
-
- if (!found) {
- fprintf(stderr, "property %s not found in %s\n", propname, filename);
- remove(tmpname);
- return 1;
- }
-
- if (rename(tmpname, filename)) {
- fprintf(stderr, "can't rename %s to %s: %s\n",
- tmpname, filename, strerror(errno));
- remove(tmpname);
- return 1;
- }
-
- return 0;
-}
diff --git a/tools/ota/check-lost+found.c b/tools/ota/check-lost+found.c
deleted file mode 100644
index 8ce12d39f..000000000
--- a/tools/ota/check-lost+found.c
+++ /dev/null
@@ -1,145 +0,0 @@
-/*
- * Copyright (C) 2008 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/klog.h>
-#include <sys/reboot.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <time.h>
-#include <unistd.h>
-
-#include "private/android_filesystem_config.h"
-
-// Sentinel file used to track whether we've forced a reboot
-static const char *kMarkerFile = "/data/misc/check-lost+found-rebooted-2";
-
-// Output file in tombstones directory (first 8K will be uploaded)
-static const char *kOutputDir = "/data/tombstones";
-static const char *kOutputFile = "/data/tombstones/check-lost+found-log";
-
-// Partitions to check
-static const char *kPartitions[] = { "/system", "/data", "/cache", NULL };
-
-/*
- * 1. If /data/misc/forced-reboot is missing, touch it & force "unclean" boot.
- * 2. Write a log entry with the number of files in lost+found directories.
- */
-
-int main(int argc __attribute__((unused)), char **argv __attribute__((unused))) {
- mkdir(kOutputDir, 0755);
- chown(kOutputDir, AID_SYSTEM, AID_SYSTEM);
- FILE *out = fopen(kOutputFile, "a");
- if (out == NULL) {
- fprintf(stderr, "Can't write %s: %s\n", kOutputFile, strerror(errno));
- return 1;
- }
-
- // Note: only the first 8K of log will be uploaded, so be terse.
- time_t start = time(NULL);
- fprintf(out, "*** check-lost+found ***\nStarted: %s", ctime(&start));
-
- struct stat st;
- if (stat(kMarkerFile, &st)) {
- // No reboot marker -- need to force an unclean reboot.
- // But first, try to create the marker file. If that fails,
- // skip the reboot, so we don't get caught in an infinite loop.
-
- int fd = open(kMarkerFile, O_WRONLY|O_CREAT, 0444);
- if (fd >= 0 && close(fd) == 0) {
- fprintf(out, "Wrote %s, rebooting\n", kMarkerFile);
- fflush(out);
- sync(); // Make sure the marker file is committed to disk
-
- // If possible, dirty each of these partitions before rebooting,
- // to make sure the filesystem has to do a scan on mount.
- int i;
- for (i = 0; kPartitions[i] != NULL; ++i) {
- char fn[PATH_MAX];
- snprintf(fn, sizeof(fn), "%s/%s", kPartitions[i], "dirty");
- fd = open(fn, O_WRONLY|O_CREAT, 0444);
- if (fd >= 0) { // Don't sweat it if we can't write the file.
- TEMP_FAILURE_RETRY(write(fd, fn, sizeof(fn))); // write, you know, some data
- close(fd);
- unlink(fn);
- }
- }
-
- reboot(RB_AUTOBOOT); // reboot immediately, with dirty filesystems
- fprintf(out, "Reboot failed?!\n");
- exit(1);
- } else {
- fprintf(out, "Can't write %s: %s\n", kMarkerFile, strerror(errno));
- }
- } else {
- fprintf(out, "Found %s\n", kMarkerFile);
- }
-
- int i;
- for (i = 0; kPartitions[i] != NULL; ++i) {
- char fn[PATH_MAX];
- snprintf(fn, sizeof(fn), "%s/%s", kPartitions[i], "lost+found");
- DIR *dir = opendir(fn);
- if (dir == NULL) {
- fprintf(out, "Can't open %s: %s\n", fn, strerror(errno));
- } else {
- int count = 0;
- struct dirent *ent;
- while ((ent = readdir(dir))) {
- if (strcmp(ent->d_name, ".") && strcmp(ent->d_name, ".."))
- ++count;
- }
- closedir(dir);
- if (count > 0) {
- fprintf(out, "OMGZ FOUND %d FILES IN %s\n", count, fn);
- } else {
- fprintf(out, "%s is clean\n", fn);
- }
- }
- }
-
- char dmesg[131073];
- int len = klogctl(KLOG_READ_ALL, dmesg, sizeof(dmesg) - 1);
- if (len < 0) {
- fprintf(out, "Can't read kernel log: %s\n", strerror(errno));
- } else { // To conserve space, only write lines with certain keywords
- fprintf(out, "--- Kernel log ---\n");
- dmesg[len] = '\0';
- char *saveptr, *line;
- int in_yaffs = 0;
- for (line = strtok_r(dmesg, "\n", &saveptr); line != NULL;
- line = strtok_r(NULL, "\n", &saveptr)) {
- if (strstr(line, "yaffs: dev is")) in_yaffs = 1;
-
- if (in_yaffs ||
- strstr(line, "yaffs") ||
- strstr(line, "mtd") ||
- strstr(line, "msm_nand")) {
- fprintf(out, "%s\n", line);
- }
-
- if (strstr(line, "yaffs_read_super: isCheckpointed")) in_yaffs = 0;
- }
- }
-
- return 0;
-}
diff --git a/tools/ota/convert-to-bmp.py b/tools/ota/convert-to-bmp.py
deleted file mode 100644
index 446c09da8..000000000
--- a/tools/ota/convert-to-bmp.py
+++ /dev/null
@@ -1,79 +0,0 @@
-#!/usr/bin/python2.4
-
-"""A simple script to convert asset images to BMP files, that supports
-RGBA image."""
-
-import struct
-import Image
-import sys
-
-infile = sys.argv[1]
-outfile = sys.argv[2]
-
-if not outfile.endswith(".bmp"):
- print >> sys.stderr, "Warning: I'm expecting to write BMP files."
-
-im = Image.open(infile)
-if im.mode == 'RGB':
- im.save(outfile)
-elif im.mode == 'RGBA':
- # Python Imaging Library doesn't write RGBA BMP files, so we roll
- # our own.
-
- BMP_HEADER_FMT = ("<" # little-endian
- "H" # signature
- "L" # file size
- "HH" # reserved (set to 0)
- "L" # offset to start of bitmap data)
- )
-
- BITMAPINFO_HEADER_FMT= ("<" # little-endian
- "L" # size of this struct
- "L" # width
- "L" # height
- "H" # planes (set to 1)
- "H" # bit count
- "L" # compression (set to 0 for minui)
- "L" # size of image data (0 if uncompressed)
- "L" # x pixels per meter (1)
- "L" # y pixels per meter (1)
- "L" # colors used (0)
- "L" # important colors (0)
- )
-
- fileheadersize = struct.calcsize(BMP_HEADER_FMT)
- infoheadersize = struct.calcsize(BITMAPINFO_HEADER_FMT)
-
- header = struct.pack(BMP_HEADER_FMT,
- 0x4d42, # "BM" in little-endian
- (fileheadersize + infoheadersize +
- im.size[0] * im.size[1] * 4),
- 0, 0,
- fileheadersize + infoheadersize)
-
- info = struct.pack(BITMAPINFO_HEADER_FMT,
- infoheadersize,
- im.size[0],
- im.size[1],
- 1,
- 32,
- 0,
- 0,
- 1,
- 1,
- 0,
- 0)
-
- f = open(outfile, "wb")
- f.write(header)
- f.write(info)
- data = im.tostring()
- for j in range(im.size[1]-1, -1, -1): # rows bottom-to-top
- for i in range(j*im.size[0]*4, (j+1)*im.size[0]*4, 4):
- f.write(data[i+2]) # B
- f.write(data[i+1]) # G
- f.write(data[i+0]) # R
- f.write(data[i+3]) # A
- f.close()
-else:
- print >> sys.stderr, "Don't know how to handle image mode '%s'." % (im.mode,)