Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 25f693688c9a3dc0e4118465fd700f5e11eebb7e^! / . / libs / apkverify / src / v4.rs
commit25f693688c9a3dc0e4118465fd700f5e11eebb7e[log] [tgz]
authorAlan Stokes <alanstokes@google.com>Mon Mar 06 16:51:54 2023 +0000
committerAlan Stokes <alanstokes@google.com>Wed Mar 08 09:31:16 2023 +0000
treea80426d7546049a1d3dae8875e6024abeb34bba9
parent787c7b0aecc96c4644fdfc721cab121d17ba0429 [diff] [blame]
Improve APK signature handling

There are two changes here:

- The maxSdk property of a signature is inclusive not exclusive
  (https://source.android.com/docs/security/features/apksigning/v3),
  so our mapping to a Rust Range was wrong.

- We hard-wired the platform SDK as 31; but really we should use the
  version of the platform we're running on.

I thought the APK Verify library shouldn't really be reading
properties, so instead I changed the function signatures to accept the
current SDK version as a parameter. That does mean duplicating the
code to read it in virtualization manager & microdroid manager, but I
can live with that for now.

Bug: 271500509
Bug: 190343842
Test: atest MicrodroidTests
Test: run a VM from an APK signed with minSdk = 33
Change-Id: I7ec7a201d05a6545847eb9b264abe642de883e0b

diff --git a/libs/apkverify/src/v4.rs b/libs/apkverify/src/v4.rs
index e77ad77..045f4af 100644
--- a/libs/apkverify/src/v4.rs
+++ b/libs/apkverify/src/v4.rs

@@ -37,9 +37,10 @@
 /// [apk_digest]: https://source.android.com/docs/security/apksigning/v4#apk-digest
 pub fn get_apk_digest<R: Read + Seek>(
     apk: R,
+    current_sdk: u32,
     verify: bool,
 ) -> Result<(SignatureAlgorithmID, Box<[u8]>)> {
-    let (signer, mut sections) = extract_signer_and_apk_sections(apk)?;
+    let (signer, mut sections) = extract_signer_and_apk_sections(apk, current_sdk)?;
     let strongest_algorithm_id = signer
         .strongest_signature()?
         .signature_algorithm_id
@@ -148,6 +149,7 @@
     /// function OOMing.
     pub fn create(
         mut apk: &mut R,
+        current_sdk: u32,
         block_size: usize,
         salt: &[u8],
         algorithm: HashAlgorithm,
@@ -175,7 +177,8 @@
         ret.hashing_info.log2_blocksize = log2(block_size);
 
         apk.seek(SeekFrom::Start(start))?;
-        let (signature_algorithm_id, apk_digest) = get_apk_digest(apk, /*verify=*/ false)?;
+        let (signature_algorithm_id, apk_digest) =
+            get_apk_digest(apk, current_sdk, /*verify=*/ false)?;
         ret.signing_info.signature_algorithm_id = signature_algorithm_id;
         ret.signing_info.apk_digest = apk_digest;
         // TODO(jiyong): add a signature to the signing_info struct
@@ -362,8 +365,9 @@
     #[test]
     fn digest_from_apk() {
         let mut input = Cursor::new(include_bytes!("../tests/data/v4-digest-v3-Sha256withEC.apk"));
+        let current_sdk = 31;
         let mut created =
-            V4Signature::create(&mut input, 4096, &[], HashAlgorithm::SHA256).unwrap();
+            V4Signature::create(&mut input, current_sdk, 4096, &[], HashAlgorithm::SHA256).unwrap();
 
         let mut golden = V4Signature::from_idsig_path(format!("{}.idsig", TEST_APK_PATH)).unwrap();