sign_apex.py respects hash algorithm
When sign_apex.py re-signs an apex, the hash algorithm is extracted and
it is used when re-packaging the file.
Bug: 155771970
Test: releasetools_py3_test doesn't regress
(some tests were failed, but they failed even without this change:
test_ApexApkSigner_apkKeyNotPresent (test_apex_utils.ApexUtilsTest) ... ERROR
test_ApexApkSigner_noApkPresent (test_apex_utils.ApexUtilsTest) ... ERROR
test_ApexApkSigner_noAssetDir (test_apex_utils.ApexUtilsTest) ... ERROR
test_ApexApkSigner_signApk (test_apex_utils.ApexUtilsTest) ... ERROR)
Merged-In: I996a33e0208d3dd3a04a31b8dafb27ef995297f2
Change-Id: I996a33e0208d3dd3a04a31b8dafb27ef995297f2
(cherry picked from commit a1887f326c9d46f34beea466c231e899a1163351)
diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py
index ae9b793..1c61938 100644
--- a/tools/releasetools/apex_utils.py
+++ b/tools/releasetools/apex_utils.py
@@ -169,7 +169,7 @@
def SignApexPayload(avbtool, payload_file, payload_key_path, payload_key_name,
- algorithm, salt, no_hashtree, signing_args=None):
+ algorithm, salt, hash_algorithm, no_hashtree, signing_args=None):
"""Signs a given payload_file with the payload key."""
# Add the new footer. Old footer, if any, will be replaced by avbtool.
cmd = [avbtool, 'add_hashtree_footer',
@@ -178,7 +178,8 @@
'--key', payload_key_path,
'--prop', 'apex.key:{}'.format(payload_key_name),
'--image', payload_file,
- '--salt', salt]
+ '--salt', salt,
+ '--hash_algorithm', hash_algorithm]
if no_hashtree:
cmd.append('--no_hashtree')
if signing_args:
@@ -235,11 +236,11 @@
'Failed to get APEX payload info for {}:\n{}'.format(
payload_path, e))
- # Extract the Algorithm / Salt / Prop info / Tree size from payload (i.e. an
- # image signed with avbtool). For example,
+ # Extract the Algorithm / Hash Algorithm / Salt / Prop info / Tree size from
+ # payload (i.e. an image signed with avbtool). For example,
# Algorithm: SHA256_RSA4096
PAYLOAD_INFO_PATTERN = (
- r'^\s*(?P<key>Algorithm|Salt|Prop|Tree Size)\:\s*(?P<value>.*?)$')
+ r'^\s*(?P<key>Algorithm|Hash Algorithm|Salt|Prop|Tree Size)\:\s*(?P<value>.*?)$')
payload_info_matcher = re.compile(PAYLOAD_INFO_PATTERN)
payload_info = {}
@@ -273,7 +274,7 @@
payload_info[key] = value
# Sanity check.
- for key in ('Algorithm', 'Salt', 'apex.key'):
+ for key in ('Algorithm', 'Salt', 'apex.key', 'Hash Algorithm'):
if key not in payload_info:
raise ApexInfoError(
'Failed to find {} prop in {}'.format(key, payload_path))
@@ -326,6 +327,7 @@
payload_info['apex.key'],
payload_info['Algorithm'],
payload_info['Salt'],
+ payload_info['Hash Algorithm'],
no_hashtree,
signing_args)
diff --git a/tools/releasetools/test_apex_utils.py b/tools/releasetools/test_apex_utils.py
index e19bc90..7b4a4b0 100644
--- a/tools/releasetools/test_apex_utils.py
+++ b/tools/releasetools/test_apex_utils.py
@@ -50,11 +50,12 @@
payload_file = self._GetTestPayload()
apex_utils.SignApexPayload(
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
- self.SALT, no_hashtree=True)
+ self.SALT, 'sha256', no_hashtree=True)
payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
self.assertEqual('SHA256_RSA2048', payload_info['Algorithm'])
self.assertEqual(self.SALT, payload_info['Salt'])
self.assertEqual('testkey', payload_info['apex.key'])
+ self.assertEqual('sha256', payload_info['Hash Algorithm'])
self.assertEqual('0 bytes', payload_info['Tree Size'])
@test_utils.SkipIfExternalToolsUnavailable()
@@ -62,7 +63,7 @@
payload_file = self._GetTestPayload()
apex_utils.SignApexPayload(
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
- self.SALT, no_hashtree=True)
+ self.SALT, 'sha256', no_hashtree=True)
apex_utils.VerifyApexPayload(
'avbtool', payload_file, self.payload_key, True)
@@ -71,7 +72,7 @@
payload_file = self._GetTestPayload()
apex_utils.SignApexPayload(
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
- self.SALT, no_hashtree=False)
+ self.SALT, 'sha256', no_hashtree=False)
apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key)
payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
self.assertEqual('4096 bytes', payload_info['Tree Size'])
@@ -81,7 +82,7 @@
payload_file = self._GetTestPayload()
apex_utils.SignApexPayload(
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
- self.SALT, no_hashtree=True)
+ self.SALT, 'sha256', no_hashtree=True)
apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key,
no_hashtree=True)
payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
@@ -98,7 +99,7 @@
'avbtool',
payload_file,
self.payload_key,
- 'testkey', 'SHA256_RSA2048', self.SALT,
+ 'testkey', 'SHA256_RSA2048', self.SALT, 'sha256',
True,
payload_signer_args)
apex_utils.VerifyApexPayload(
@@ -115,6 +116,7 @@
'testkey',
'SHA256_RSA2048',
self.SALT,
+ 'sha256',
no_hashtree=True)
@test_utils.SkipIfExternalToolsUnavailable()
@@ -122,7 +124,7 @@
payload_file = self._GetTestPayload()
apex_utils.SignApexPayload(
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
- self.SALT, True)
+ self.SALT, 'sha256', True)
apex_utils.VerifyApexPayload(
'avbtool', payload_file, self.payload_key, True)
self.assertRaises(