From aeec0b2076f229f15e465ae630d26e88f7b3a8f1 Mon Sep 17 00:00:00 2001 From: Tianjie Xu Date: Mon, 29 Oct 2018 11:14:09 -0700 Subject: Delete the dumpkey host tool We used to dump the public key files into some text format; and parse them under recovery. But now we have switched to read the certificates directly from the zip files; and there's no caller of this dumpkey host tool any more. Bug: 116655889 Test: mma Change-Id: I115592e2a894b3375495c81cb249d1bed1a5d973 --- tools/dumpkey/Android.bp | 27 ---- tools/dumpkey/DumpPublicKey.java | 270 --------------------------------------- tools/dumpkey/DumpPublicKey.mf | 1 - 3 files changed, 298 deletions(-) delete mode 100644 tools/dumpkey/Android.bp delete mode 100644 tools/dumpkey/DumpPublicKey.java delete mode 100644 tools/dumpkey/DumpPublicKey.mf diff --git a/tools/dumpkey/Android.bp b/tools/dumpkey/Android.bp deleted file mode 100644 index eb45e3176..000000000 --- a/tools/dumpkey/Android.bp +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright (C) 2018 The Android Open Source Project -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -java_library_host { - name: "dumpkey", - - manifest: "DumpPublicKey.mf", - - srcs: [ - "DumpPublicKey.java", - ], - - static_libs: [ - "bouncycastle-host", - ], -} diff --git a/tools/dumpkey/DumpPublicKey.java b/tools/dumpkey/DumpPublicKey.java deleted file mode 100644 index 3eb139842..000000000 --- a/tools/dumpkey/DumpPublicKey.java +++ /dev/null @@ -1,270 +0,0 @@ -/* - * Copyright (C) 2008 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.dumpkey; - -import org.bouncycastle.jce.provider.BouncyCastleProvider; - -import java.io.FileInputStream; -import java.math.BigInteger; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.security.KeyStore; -import java.security.Key; -import java.security.PublicKey; -import java.security.Security; -import java.security.interfaces.ECPublicKey; -import java.security.interfaces.RSAPublicKey; -import java.security.spec.ECPoint; - -/** - * Command line tool to extract RSA public keys from X.509 certificates - * and output source code with data initializers for the keys. - * @hide - */ -class DumpPublicKey { - /** - * @param key to perform sanity checks on - * @return version number of key. Supported versions are: - * 1: 2048-bit RSA key with e=3 and SHA-1 hash - * 2: 2048-bit RSA key with e=65537 and SHA-1 hash - * 3: 2048-bit RSA key with e=3 and SHA-256 hash - * 4: 2048-bit RSA key with e=65537 and SHA-256 hash - * @throws Exception if the key has the wrong size or public exponent - */ - static int checkRSA(RSAPublicKey key, boolean useSHA256) throws Exception { - BigInteger pubexp = key.getPublicExponent(); - BigInteger modulus = key.getModulus(); - int version; - - if (pubexp.equals(BigInteger.valueOf(3))) { - version = useSHA256 ? 3 : 1; - } else if (pubexp.equals(BigInteger.valueOf(65537))) { - version = useSHA256 ? 4 : 2; - } else { - throw new Exception("Public exponent should be 3 or 65537 but is " + - pubexp.toString(10) + "."); - } - - if (modulus.bitLength() != 2048) { - throw new Exception("Modulus should be 2048 bits long but is " + - modulus.bitLength() + " bits."); - } - - return version; - } - - /** - * @param key to perform sanity checks on - * @return version number of key. Supported versions are: - * 5: 256-bit EC key with curve NIST P-256 - * @throws Exception if the key has the wrong size or public exponent - */ - static int checkEC(ECPublicKey key) throws Exception { - if (key.getParams().getCurve().getField().getFieldSize() != 256) { - throw new Exception("Curve must be NIST P-256"); - } - - return 5; - } - - /** - * Perform sanity check on public key. - */ - static int check(PublicKey key, boolean useSHA256) throws Exception { - if (key instanceof RSAPublicKey) { - return checkRSA((RSAPublicKey) key, useSHA256); - } else if (key instanceof ECPublicKey) { - if (!useSHA256) { - throw new Exception("Must use SHA-256 with EC keys!"); - } - return checkEC((ECPublicKey) key); - } else { - throw new Exception("Unsupported key class: " + key.getClass().getName()); - } - } - - /** - * @param key to output - * @return a String representing this public key. If the key is a - * version 1 key, the string will be a C initializer; this is - * not true for newer key versions. - */ - static String printRSA(RSAPublicKey key, boolean useSHA256) throws Exception { - int version = check(key, useSHA256); - - BigInteger N = key.getModulus(); - - StringBuilder result = new StringBuilder(); - - int nwords = N.bitLength() / 32; // # of 32 bit integers in modulus - - if (version > 1) { - result.append("v"); - result.append(Integer.toString(version)); - result.append(" "); - } - - result.append("{"); - result.append(nwords); - - BigInteger B = BigInteger.valueOf(0x100000000L); // 2^32 - BigInteger N0inv = B.subtract(N.modInverse(B)); // -1 / N[0] mod 2^32 - - result.append(",0x"); - result.append(N0inv.toString(16)); - - BigInteger R = BigInteger.valueOf(2).pow(N.bitLength()); - BigInteger RR = R.multiply(R).mod(N); // 2^4096 mod N - - // Write out modulus as little endian array of integers. - result.append(",{"); - for (int i = 0; i < nwords; ++i) { - long n = N.mod(B).longValue(); - result.append(n); - - if (i != nwords - 1) { - result.append(","); - } - - N = N.divide(B); - } - result.append("}"); - - // Write R^2 as little endian array of integers. - result.append(",{"); - for (int i = 0; i < nwords; ++i) { - long rr = RR.mod(B).longValue(); - result.append(rr); - - if (i != nwords - 1) { - result.append(","); - } - - RR = RR.divide(B); - } - result.append("}"); - - result.append("}"); - return result.toString(); - } - - /** - * @param key to output - * @return a String representing this public key. If the key is a - * version 1 key, the string will be a C initializer; this is - * not true for newer key versions. - */ - static String printEC(ECPublicKey key) throws Exception { - int version = checkEC(key); - - StringBuilder result = new StringBuilder(); - - result.append("v"); - result.append(Integer.toString(version)); - result.append(" "); - - BigInteger X = key.getW().getAffineX(); - BigInteger Y = key.getW().getAffineY(); - int nbytes = key.getParams().getCurve().getField().getFieldSize() / 8; // # of 32 bit integers in X coordinate - - result.append("{"); - result.append(nbytes); - - BigInteger B = BigInteger.valueOf(0x100L); // 2^8 - - // Write out Y coordinate as array of characters. - result.append(",{"); - for (int i = 0; i < nbytes; ++i) { - long n = X.mod(B).longValue(); - result.append(n); - - if (i != nbytes - 1) { - result.append(","); - } - - X = X.divide(B); - } - result.append("}"); - - // Write out Y coordinate as array of characters. - result.append(",{"); - for (int i = 0; i < nbytes; ++i) { - long n = Y.mod(B).longValue(); - result.append(n); - - if (i != nbytes - 1) { - result.append(","); - } - - Y = Y.divide(B); - } - result.append("}"); - - result.append("}"); - return result.toString(); - } - - static String print(PublicKey key, boolean useSHA256) throws Exception { - if (key instanceof RSAPublicKey) { - return printRSA((RSAPublicKey) key, useSHA256); - } else if (key instanceof ECPublicKey) { - return printEC((ECPublicKey) key); - } else { - throw new Exception("Unsupported key class: " + key.getClass().getName()); - } - } - - public static void main(String[] args) { - if (args.length < 1) { - System.err.println("Usage: DumpPublicKey certfile ... > source.c"); - System.exit(1); - } - Security.addProvider(new BouncyCastleProvider()); - try { - for (int i = 0; i < args.length; i++) { - FileInputStream input = new FileInputStream(args[i]); - CertificateFactory cf = CertificateFactory.getInstance("X.509"); - X509Certificate cert = (X509Certificate) cf.generateCertificate(input); - - boolean useSHA256 = false; - String sigAlg = cert.getSigAlgName(); - if ("SHA1withRSA".equals(sigAlg) || "MD5withRSA".equals(sigAlg)) { - // SignApk has historically accepted "MD5withRSA" - // certificates, but treated them as "SHA1withRSA" - // anyway. Continue to do so for backwards - // compatibility. - useSHA256 = false; - } else if ("SHA256withRSA".equals(sigAlg) || "SHA256withECDSA".equals(sigAlg)) { - useSHA256 = true; - } else { - System.err.println(args[i] + ": unsupported signature algorithm \"" + - sigAlg + "\""); - System.exit(1); - } - - PublicKey key = cert.getPublicKey(); - check(key, useSHA256); - System.out.print(print(key, useSHA256)); - System.out.println(i < args.length - 1 ? "," : ""); - } - } catch (Exception e) { - e.printStackTrace(); - System.exit(1); - } - System.exit(0); - } -} diff --git a/tools/dumpkey/DumpPublicKey.mf b/tools/dumpkey/DumpPublicKey.mf deleted file mode 100644 index 7bb3bc88d..000000000 --- a/tools/dumpkey/DumpPublicKey.mf +++ /dev/null @@ -1 +0,0 @@ -Main-Class: com.android.dumpkey.DumpPublicKey -- cgit v1.2.3