1 /* 2 * Copyright (C) 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.apksig.internal.pkcs7; 18 19 import static com.android.apksig.internal.asn1.Asn1DerEncoder.ASN1_DER_NULL; 20 import static com.android.apksig.internal.oid.OidConstants.OID_DIGEST_SHA1; 21 import static com.android.apksig.internal.oid.OidConstants.OID_DIGEST_SHA256; 22 import static com.android.apksig.internal.oid.OidConstants.OID_SIG_DSA; 23 import static com.android.apksig.internal.oid.OidConstants.OID_SIG_EC_PUBLIC_KEY; 24 import static com.android.apksig.internal.oid.OidConstants.OID_SIG_RSA; 25 import static com.android.apksig.internal.oid.OidConstants.OID_SIG_SHA256_WITH_DSA; 26 import static com.android.apksig.internal.oid.OidConstants.OID_TO_JCA_DIGEST_ALG; 27 import static com.android.apksig.internal.oid.OidConstants.OID_TO_JCA_SIGNATURE_ALG; 28 29 import com.android.apksig.internal.apk.v1.DigestAlgorithm; 30 import com.android.apksig.internal.asn1.Asn1Class; 31 import com.android.apksig.internal.asn1.Asn1Field; 32 import com.android.apksig.internal.asn1.Asn1OpaqueObject; 33 import com.android.apksig.internal.asn1.Asn1Type; 34 import com.android.apksig.internal.util.Pair; 35 36 import java.security.InvalidKeyException; 37 import java.security.PublicKey; 38 import java.security.Signature; 39 import java.security.SignatureException; 40 41 /** 42 * PKCS #7 {@code AlgorithmIdentifier} as specified in RFC 5652. 43 */ 44 @Asn1Class(type = Asn1Type.SEQUENCE) 45 public class AlgorithmIdentifier { 46 47 @Asn1Field(index = 0, type = Asn1Type.OBJECT_IDENTIFIER) 48 public String algorithm; 49 50 @Asn1Field(index = 1, type = Asn1Type.ANY, optional = true) 51 public Asn1OpaqueObject parameters; 52 AlgorithmIdentifier()53 public AlgorithmIdentifier() {} 54 AlgorithmIdentifier(String algorithmOid, Asn1OpaqueObject parameters)55 public AlgorithmIdentifier(String algorithmOid, Asn1OpaqueObject parameters) { 56 this.algorithm = algorithmOid; 57 this.parameters = parameters; 58 } 59 60 /** 61 * Returns the PKCS #7 {@code DigestAlgorithm} to use when signing using the specified digest 62 * algorithm. 63 */ getSignerInfoDigestAlgorithmOid( DigestAlgorithm digestAlgorithm)64 public static AlgorithmIdentifier getSignerInfoDigestAlgorithmOid( 65 DigestAlgorithm digestAlgorithm) { 66 switch (digestAlgorithm) { 67 case SHA1: 68 return new AlgorithmIdentifier(OID_DIGEST_SHA1, ASN1_DER_NULL); 69 case SHA256: 70 return new AlgorithmIdentifier(OID_DIGEST_SHA256, ASN1_DER_NULL); 71 } 72 throw new IllegalArgumentException("Unsupported digest algorithm: " + digestAlgorithm); 73 } 74 75 /** 76 * Returns the JCA {@link Signature} algorithm and PKCS #7 {@code SignatureAlgorithm} to use 77 * when signing with the specified key and digest algorithm. 78 */ getSignerInfoSignatureAlgorithm( PublicKey publicKey, DigestAlgorithm digestAlgorithm, boolean deterministicDsaSigning)79 public static Pair<String, AlgorithmIdentifier> getSignerInfoSignatureAlgorithm( 80 PublicKey publicKey, DigestAlgorithm digestAlgorithm, boolean deterministicDsaSigning) 81 throws InvalidKeyException { 82 String keyAlgorithm = publicKey.getAlgorithm(); 83 String jcaDigestPrefixForSigAlg; 84 switch (digestAlgorithm) { 85 case SHA1: 86 jcaDigestPrefixForSigAlg = "SHA1"; 87 break; 88 case SHA256: 89 jcaDigestPrefixForSigAlg = "SHA256"; 90 break; 91 default: 92 throw new IllegalArgumentException( 93 "Unexpected digest algorithm: " + digestAlgorithm); 94 } 95 if ("RSA".equalsIgnoreCase(keyAlgorithm)) { 96 return Pair.of( 97 jcaDigestPrefixForSigAlg + "withRSA", 98 new AlgorithmIdentifier(OID_SIG_RSA, ASN1_DER_NULL)); 99 } else if ("DSA".equalsIgnoreCase(keyAlgorithm)) { 100 AlgorithmIdentifier sigAlgId; 101 switch (digestAlgorithm) { 102 case SHA1: 103 sigAlgId = 104 new AlgorithmIdentifier(OID_SIG_DSA, ASN1_DER_NULL); 105 break; 106 case SHA256: 107 // DSA signatures with SHA-256 in SignedData are accepted by Android API Level 108 // 21 and higher. However, there are two ways to specify their SignedData 109 // SignatureAlgorithm: dsaWithSha256 (2.16.840.1.101.3.4.3.2) and 110 // dsa (1.2.840.10040.4.1). The latter works only on API Level 22+. Thus, we use 111 // the former. 112 sigAlgId = 113 new AlgorithmIdentifier(OID_SIG_SHA256_WITH_DSA, ASN1_DER_NULL); 114 break; 115 default: 116 throw new IllegalArgumentException( 117 "Unexpected digest algorithm: " + digestAlgorithm); 118 } 119 String signingAlgorithmName = 120 jcaDigestPrefixForSigAlg + (deterministicDsaSigning ? "withDetDSA" : "withDSA"); 121 return Pair.of(signingAlgorithmName, sigAlgId); 122 } else if ("EC".equalsIgnoreCase(keyAlgorithm)) { 123 return Pair.of( 124 jcaDigestPrefixForSigAlg + "withECDSA", 125 new AlgorithmIdentifier(OID_SIG_EC_PUBLIC_KEY, ASN1_DER_NULL)); 126 } else { 127 throw new InvalidKeyException("Unsupported key algorithm: " + keyAlgorithm); 128 } 129 } 130 getJcaSignatureAlgorithm( String digestAlgorithmOid, String signatureAlgorithmOid)131 public static String getJcaSignatureAlgorithm( 132 String digestAlgorithmOid, 133 String signatureAlgorithmOid) throws SignatureException { 134 // First check whether the signature algorithm OID alone is sufficient 135 String result = OID_TO_JCA_SIGNATURE_ALG.get(signatureAlgorithmOid); 136 if (result != null) { 137 return result; 138 } 139 140 // Signature algorithm OID alone is insufficient. Need to combine digest algorithm OID 141 // with signature algorithm OID. 142 String suffix; 143 if (OID_SIG_RSA.equals(signatureAlgorithmOid)) { 144 suffix = "RSA"; 145 } else if (OID_SIG_DSA.equals(signatureAlgorithmOid)) { 146 suffix = "DSA"; 147 } else if (OID_SIG_EC_PUBLIC_KEY.equals(signatureAlgorithmOid)) { 148 suffix = "ECDSA"; 149 } else { 150 throw new SignatureException( 151 "Unsupported JCA Signature algorithm" 152 + " . Digest algorithm: " + digestAlgorithmOid 153 + ", signature algorithm: " + signatureAlgorithmOid); 154 } 155 String jcaDigestAlg = getJcaDigestAlgorithm(digestAlgorithmOid); 156 // Canonical name for SHA-1 with ... is SHA1with, rather than SHA1. Same for all other 157 // SHA algorithms. 158 if (jcaDigestAlg.startsWith("SHA-")) { 159 jcaDigestAlg = "SHA" + jcaDigestAlg.substring("SHA-".length()); 160 } 161 return jcaDigestAlg + "with" + suffix; 162 } 163 getJcaDigestAlgorithm(String oid)164 public static String getJcaDigestAlgorithm(String oid) 165 throws SignatureException { 166 String result = OID_TO_JCA_DIGEST_ALG.get(oid); 167 if (result == null) { 168 throw new SignatureException("Unsupported digest algorithm: " + oid); 169 } 170 return result; 171 } 172 } 173