Test APK section zip methods with real APK files
This CL also renames some variables to make them consistent with
the apk structure spec.
Test: atest libapkverify.test
Change-Id: Iba2a060916a59f295e702d4ef5a3618076acf4ed
diff --git a/libs/apkverify/Android.bp b/libs/apkverify/Android.bp
index ab9265d..50d7a60 100644
--- a/libs/apkverify/Android.bp
+++ b/libs/apkverify/Android.bp
@@ -30,6 +30,7 @@
name: "libapkverify.test",
defaults: ["libapkverify.defaults"],
test_suites: ["general-tests"],
+ data: ["tests/data/*"],
}
rust_test {
diff --git a/libs/apkverify/src/sigutil.rs b/libs/apkverify/src/sigutil.rs
index 2b2f9da..7034527 100644
--- a/libs/apkverify/src/sigutil.rs
+++ b/libs/apkverify/src/sigutil.rs
@@ -49,6 +49,13 @@
const CHUNK_SIZE_BYTES: u64 = 1024 * 1024;
+/// The [APK structure] has four major sections:
+///
+/// | Zip contents | APK Signing Block | Central directory | EOCD(End of Central Directory) |
+///
+/// This structure contains the offset/size information of all the sections except the Zip contents.
+///
+/// [APK structure]: https://source.android.com/docs/security/apksigning/v2#apk-signing-block
pub struct ApkSections<R> {
inner: R,
signing_block_offset: u32,
@@ -295,3 +302,44 @@
_ => bail!("Unknown digest algorithm: {}", id),
}
}
+
+#[cfg(test)]
+mod tests {
+ use super::*;
+ use byteorder::LittleEndian;
+ use std::fs::File;
+ use std::mem::size_of_val;
+
+ const CENTRAL_DIRECTORY_HEADER_SIGNATURE: u32 = 0x02014b50;
+
+ #[test]
+ fn test_apk_sections() {
+ let apk_file = File::open("tests/data/v3-only-with-ecdsa-sha512-p521.apk").unwrap();
+ let apk_sections = ApkSections::new(apk_file).unwrap();
+ let mut reader = &apk_sections.inner;
+
+ // Checks APK Signing Block.
+ assert_eq!(
+ apk_sections.signing_block_offset + apk_sections.signing_block_size,
+ apk_sections.central_directory_offset
+ );
+ let apk_signature_offset = SeekFrom::Start(
+ apk_sections.central_directory_offset as u64 - size_of_val(&APK_SIG_BLOCK_MAGIC) as u64,
+ );
+ reader.seek(apk_signature_offset).unwrap();
+ assert_eq!(reader.read_u128::<LittleEndian>().unwrap(), APK_SIG_BLOCK_MAGIC);
+
+ // Checks Central directory.
+ assert_eq!(reader.read_u32::<LittleEndian>().unwrap(), CENTRAL_DIRECTORY_HEADER_SIGNATURE);
+ assert_eq!(
+ apk_sections.central_directory_offset + apk_sections.central_directory_size,
+ apk_sections.eocd_offset
+ );
+
+ // Checks EOCD.
+ assert_eq!(
+ reader.metadata().unwrap().len(),
+ (apk_sections.eocd_offset + apk_sections.eocd_size) as u64
+ );
+ }
+}
diff --git a/libs/apkverify/src/ziputil.rs b/libs/apkverify/src/ziputil.rs
index ebb66e0..8badff2 100644
--- a/libs/apkverify/src/ziputil.rs
+++ b/libs/apkverify/src/ziputil.rs
@@ -14,17 +14,18 @@
* limitations under the License.
*/
-//! Utilities for zip handling
+//! Utilities for zip handling of APK files.
use anyhow::{bail, Result};
use bytes::{Buf, BufMut};
use std::io::{Read, Seek, SeekFrom};
use zip::ZipArchive;
-const EOCD_MIN_SIZE: usize = 22;
+const EOCD_SIZE_WITHOUT_COMMENT: usize = 22;
const EOCD_CENTRAL_DIRECTORY_SIZE_FIELD_OFFSET: usize = 12;
const EOCD_CENTRAL_DIRECTORY_OFFSET_FIELD_OFFSET: usize = 16;
-const EOCD_MAGIC: u32 = 0x06054b50;
+/// End of Central Directory signature
+const EOCD_SIGNATURE: u32 = 0x06054b50;
const ZIP64_MARK: u32 = 0xffffffff;
#[derive(Debug, PartialEq, Eq)]
@@ -39,7 +40,7 @@
pub fn zip_sections<R: Read + Seek>(mut reader: R) -> Result<(R, ZipSections)> {
// open a zip to parse EOCD
let archive = ZipArchive::new(reader)?;
- let eocd_size = archive.comment().len() + EOCD_MIN_SIZE;
+ let eocd_size = archive.comment().len() + EOCD_SIZE_WITHOUT_COMMENT;
if archive.offset() != 0 {
bail!("Invalid ZIP: offset should be 0, but {}.", archive.offset());
}
@@ -49,7 +50,7 @@
let eocd_offset = reader.seek(SeekFrom::Current(0))? as u32;
let mut eocd = vec![0u8; eocd_size as usize];
reader.read_exact(&mut eocd)?;
- if (&eocd[0..]).get_u32_le() != EOCD_MAGIC {
+ if (&eocd[0..]).get_u32_le() != EOCD_SIGNATURE {
bail!("Invalid ZIP: ZipArchive::new() should point EOCD after reading.");
}
let (central_directory_size, central_directory_offset) = get_central_directory(&eocd)?;
@@ -72,7 +73,7 @@
}
fn get_central_directory(buf: &[u8]) -> Result<(u32, u32)> {
- if buf.len() < EOCD_MIN_SIZE {
+ if buf.len() < EOCD_SIZE_WITHOUT_COMMENT {
bail!("Invalid EOCD size: {}", buf.len());
}
let mut buf = &buf[EOCD_CENTRAL_DIRECTORY_SIZE_FIELD_OFFSET..];
@@ -83,7 +84,7 @@
/// Update EOCD's central_directory_offset field.
pub fn set_central_directory_offset(buf: &mut [u8], value: u32) -> Result<()> {
- if buf.len() < EOCD_MIN_SIZE {
+ if buf.len() < EOCD_SIZE_WITHOUT_COMMENT {
bail!("Invalid EOCD size: {}", buf.len());
}
(&mut buf[EOCD_CENTRAL_DIRECTORY_OFFSET_FIELD_OFFSET..]).put_u32_le(value);
@@ -94,6 +95,8 @@
mod tests {
use super::*;
use crate::testing::assert_contains;
+ use byteorder::{LittleEndian, ReadBytesExt};
+ use std::fs::File;
use std::io::{Cursor, Write};
use zip::{write::FileOptions, ZipWriter};
@@ -107,7 +110,10 @@
#[test]
fn test_zip_sections() {
let (cursor, sections) = zip_sections(create_test_zip()).unwrap();
- assert_eq!(sections.eocd_offset, (cursor.get_ref().len() - EOCD_MIN_SIZE) as u32);
+ assert_eq!(
+ sections.eocd_offset,
+ (cursor.get_ref().len() - EOCD_SIZE_WITHOUT_COMMENT) as u32
+ );
}
#[test]
@@ -118,7 +124,7 @@
// insert garbage between CD and EOCD.
// by the way, to mock zip-rs, use CD as garbage. This is implementation detail of zip-rs,
// which reads CD at (eocd_offset - cd_size) instead of at cd_offset from EOCD.
- let (pre_eocd, eocd) = buf.split_at(buf.len() - EOCD_MIN_SIZE);
+ let (pre_eocd, eocd) = buf.split_at(buf.len() - EOCD_SIZE_WITHOUT_COMMENT);
let (_, cd_offset) = get_central_directory(eocd).unwrap();
let cd = &pre_eocd[cd_offset as usize..];
@@ -127,4 +133,24 @@
assert!(res.is_err());
assert_contains(&res.err().unwrap().to_string(), "Invalid ZIP: offset should be 0");
}
+
+ #[test]
+ fn test_zip_sections_with_apk() {
+ let apk = File::open("tests/data/v3-only-with-stamp.apk").unwrap();
+ let (mut reader, sections) = zip_sections(apk).unwrap();
+
+ // Checks Central directory.
+ assert_eq!(
+ sections.central_directory_offset + sections.central_directory_size,
+ sections.eocd_offset
+ );
+
+ // Checks EOCD.
+ reader.seek(SeekFrom::Start(sections.eocd_offset as u64)).unwrap();
+ assert_eq!(reader.read_u32::<LittleEndian>().unwrap(), EOCD_SIGNATURE);
+ assert_eq!(
+ reader.metadata().unwrap().len(),
+ (sections.eocd_offset + sections.eocd_size) as u64
+ );
+ }
}