Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2021 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | //! Utilities for Signature Verification |
| 18 | |
Alice Wang | a66b5c0 | 2022-09-16 07:25:17 +0000 | [diff] [blame] | 19 | // TODO(b/246254355): Remove this once we migrate all the usages of |
| 20 | // raw signature algorithm id to the enum. |
| 21 | #![allow(dead_code)] |
| 22 | |
Alice Wang | 5d0f89a | 2022-09-15 15:06:10 +0000 | [diff] [blame] | 23 | use anyhow::{anyhow, ensure, Error, Result}; |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 24 | use byteorder::{LittleEndian, ReadBytesExt}; |
Andrew Walbran | 117cd5e | 2021-08-13 11:42:13 +0000 | [diff] [blame] | 25 | use bytes::{Buf, BufMut, Bytes, BytesMut}; |
Alice Wang | 5d0f89a | 2022-09-15 15:06:10 +0000 | [diff] [blame] | 26 | use num_traits::FromPrimitive; |
Andrew Scull | c208eb4 | 2022-05-22 16:17:52 +0000 | [diff] [blame] | 27 | use openssl::hash::{DigestBytes, Hasher, MessageDigest}; |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 28 | use std::cmp::min; |
Alice Wang | af1d15b | 2022-09-09 11:09:51 +0000 | [diff] [blame] | 29 | use std::io::{self, Cursor, ErrorKind, Read, Seek, SeekFrom, Take}; |
Jooyung Han | 5d94bfc | 2021-08-06 14:07:49 +0900 | [diff] [blame] | 30 | |
Alice Wang | 5d0f89a | 2022-09-15 15:06:10 +0000 | [diff] [blame] | 31 | use crate::algorithms::SignatureAlgorithmID; |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 32 | use crate::ziputil::{set_central_directory_offset, zip_sections}; |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 33 | |
| 34 | const APK_SIG_BLOCK_MIN_SIZE: u32 = 32; |
| 35 | const APK_SIG_BLOCK_MAGIC: u128 = 0x3234206b636f6c4220676953204b5041; |
| 36 | |
Alice Wang | 5d0f89a | 2022-09-15 15:06:10 +0000 | [diff] [blame] | 37 | // TODO(b/246254355): Migrates usages of raw signature algorithm id to the enum. |
Jooyung Han | 5b4c70e | 2021-08-09 16:36:13 +0900 | [diff] [blame] | 38 | pub const SIGNATURE_RSA_PSS_WITH_SHA256: u32 = 0x0101; |
| 39 | pub const SIGNATURE_RSA_PSS_WITH_SHA512: u32 = 0x0102; |
| 40 | pub const SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA256: u32 = 0x0103; |
| 41 | pub const SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA512: u32 = 0x0104; |
| 42 | pub const SIGNATURE_ECDSA_WITH_SHA256: u32 = 0x0201; |
| 43 | pub const SIGNATURE_ECDSA_WITH_SHA512: u32 = 0x0202; |
| 44 | pub const SIGNATURE_DSA_WITH_SHA256: u32 = 0x0301; |
| 45 | pub const SIGNATURE_VERITY_RSA_PKCS1_V1_5_WITH_SHA256: u32 = 0x0421; |
| 46 | pub const SIGNATURE_VERITY_ECDSA_WITH_SHA256: u32 = 0x0423; |
| 47 | pub const SIGNATURE_VERITY_DSA_WITH_SHA256: u32 = 0x0425; |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 48 | |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 49 | const CHUNK_SIZE_BYTES: u64 = 1024 * 1024; |
| 50 | |
Alice Wang | ed79eab | 2022-09-08 11:16:31 +0000 | [diff] [blame] | 51 | /// The [APK structure] has four major sections: |
| 52 | /// |
| 53 | /// | Zip contents | APK Signing Block | Central directory | EOCD(End of Central Directory) | |
| 54 | /// |
| 55 | /// This structure contains the offset/size information of all the sections except the Zip contents. |
| 56 | /// |
| 57 | /// [APK structure]: https://source.android.com/docs/security/apksigning/v2#apk-signing-block |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 58 | pub struct ApkSections<R> { |
| 59 | inner: R, |
| 60 | signing_block_offset: u32, |
| 61 | signing_block_size: u32, |
| 62 | central_directory_offset: u32, |
| 63 | central_directory_size: u32, |
| 64 | eocd_offset: u32, |
| 65 | eocd_size: u32, |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 66 | } |
| 67 | |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 68 | impl<R: Read + Seek> ApkSections<R> { |
| 69 | pub fn new(reader: R) -> Result<ApkSections<R>> { |
Andrew Walbran | 117cd5e | 2021-08-13 11:42:13 +0000 | [diff] [blame] | 70 | let (mut reader, zip_sections) = zip_sections(reader)?; |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 71 | let (signing_block_offset, signing_block_size) = |
Andrew Walbran | 117cd5e | 2021-08-13 11:42:13 +0000 | [diff] [blame] | 72 | find_signing_block(&mut reader, zip_sections.central_directory_offset)?; |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 73 | Ok(ApkSections { |
Andrew Walbran | 117cd5e | 2021-08-13 11:42:13 +0000 | [diff] [blame] | 74 | inner: reader, |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 75 | signing_block_offset, |
| 76 | signing_block_size, |
| 77 | central_directory_offset: zip_sections.central_directory_offset, |
| 78 | central_directory_size: zip_sections.central_directory_size, |
| 79 | eocd_offset: zip_sections.eocd_offset, |
| 80 | eocd_size: zip_sections.eocd_size, |
| 81 | }) |
| 82 | } |
Jooyung Han | 5d94bfc | 2021-08-06 14:07:49 +0900 | [diff] [blame] | 83 | |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 84 | /// Returns the APK Signature Scheme block contained in the provided file for the given ID |
| 85 | /// and the additional information relevant for verifying the block against the file. |
| 86 | pub fn find_signature(&mut self, block_id: u32) -> Result<Bytes> { |
| 87 | let signing_block = self.bytes(self.signing_block_offset, self.signing_block_size)?; |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 88 | find_signature_scheme_block(Bytes::from(signing_block), block_id) |
| 89 | } |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 90 | |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 91 | /// Computes digest with "signature algorithm" over APK contents, central directory, and EOCD. |
| 92 | /// 1. The digest of each chunk is computed over the concatenation of byte 0xa5, the chunk’s |
| 93 | /// length in bytes (little-endian uint32), and the chunk’s contents. |
| 94 | /// 2. The top-level digest is computed over the concatenation of byte 0x5a, the number of |
| 95 | /// chunks (little-endian uint32), and the concatenation of digests of the chunks in the |
| 96 | /// order the chunks appear in the APK. |
| 97 | /// (see https://source.android.com/security/apksigning/v2#integrity-protected-contents) |
| 98 | pub fn compute_digest(&mut self, signature_algorithm_id: u32) -> Result<Vec<u8>> { |
Alice Wang | 5d0f89a | 2022-09-15 15:06:10 +0000 | [diff] [blame] | 99 | // TODO(b/246254355): Passes the enum SignatureAlgorithmID directly to this method. |
| 100 | let signature_algorithm_id = SignatureAlgorithmID::from_u32(signature_algorithm_id) |
| 101 | .ok_or_else(|| anyhow!("Unsupported algorithm ID: {}", signature_algorithm_id))?; |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 102 | let digester = Digester::new(signature_algorithm_id)?; |
| 103 | |
Andrew Walbran | 117cd5e | 2021-08-13 11:42:13 +0000 | [diff] [blame] | 104 | let mut digests_of_chunks = BytesMut::new(); |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 105 | let mut chunk_count = 0u32; |
| 106 | let mut chunk = vec![0u8; CHUNK_SIZE_BYTES as usize]; |
| 107 | for data in &[ |
| 108 | ApkSections::zip_entries, |
| 109 | ApkSections::central_directory, |
| 110 | ApkSections::eocd_for_verification, |
| 111 | ] { |
| 112 | let mut data = data(self)?; |
| 113 | while data.limit() > 0 { |
| 114 | let chunk_size = min(CHUNK_SIZE_BYTES, data.limit()); |
Chris Wailes | 641fc4a | 2021-12-01 15:03:21 -0800 | [diff] [blame] | 115 | let slice = &mut chunk[..(chunk_size as usize)]; |
| 116 | data.read_exact(slice)?; |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 117 | digests_of_chunks.put_slice( |
Andrew Scull | c208eb4 | 2022-05-22 16:17:52 +0000 | [diff] [blame] | 118 | digester.digest(slice, CHUNK_HEADER_MID, chunk_size as u32)?.as_ref(), |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 119 | ); |
| 120 | chunk_count += 1; |
| 121 | } |
| 122 | } |
Andrew Scull | c208eb4 | 2022-05-22 16:17:52 +0000 | [diff] [blame] | 123 | Ok(digester.digest(&digests_of_chunks, CHUNK_HEADER_TOP, chunk_count)?.as_ref().into()) |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 124 | } |
| 125 | |
| 126 | fn zip_entries(&mut self) -> Result<Take<Box<dyn Read + '_>>> { |
| 127 | scoped_read(&mut self.inner, 0, self.signing_block_offset as u64) |
| 128 | } |
Andrew Walbran | 117cd5e | 2021-08-13 11:42:13 +0000 | [diff] [blame] | 129 | |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 130 | fn central_directory(&mut self) -> Result<Take<Box<dyn Read + '_>>> { |
| 131 | scoped_read( |
| 132 | &mut self.inner, |
| 133 | self.central_directory_offset as u64, |
| 134 | self.central_directory_size as u64, |
| 135 | ) |
| 136 | } |
Andrew Walbran | 117cd5e | 2021-08-13 11:42:13 +0000 | [diff] [blame] | 137 | |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 138 | fn eocd_for_verification(&mut self) -> Result<Take<Box<dyn Read + '_>>> { |
| 139 | let mut eocd = self.bytes(self.eocd_offset, self.eocd_size)?; |
| 140 | // Protection of section 4 (ZIP End of Central Directory) is complicated by the section |
| 141 | // containing the offset of ZIP Central Directory. The offset changes when the size of the |
| 142 | // APK Signing Block changes, for instance, when a new signature is added. Thus, when |
| 143 | // computing digest over the ZIP End of Central Directory, the field containing the offset |
| 144 | // of ZIP Central Directory must be treated as containing the offset of the APK Signing |
| 145 | // Block. |
| 146 | set_central_directory_offset(&mut eocd, self.signing_block_offset)?; |
| 147 | Ok(Read::take(Box::new(Cursor::new(eocd)), self.eocd_size as u64)) |
| 148 | } |
Andrew Walbran | 117cd5e | 2021-08-13 11:42:13 +0000 | [diff] [blame] | 149 | |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 150 | fn bytes(&mut self, offset: u32, size: u32) -> Result<Vec<u8>> { |
| 151 | self.inner.seek(SeekFrom::Start(offset as u64))?; |
| 152 | let mut buf = vec![0u8; size as usize]; |
| 153 | self.inner.read_exact(&mut buf)?; |
| 154 | Ok(buf) |
| 155 | } |
| 156 | } |
| 157 | |
| 158 | fn scoped_read<'a, R: Read + Seek>( |
| 159 | src: &'a mut R, |
| 160 | offset: u64, |
| 161 | size: u64, |
| 162 | ) -> Result<Take<Box<dyn Read + 'a>>> { |
| 163 | src.seek(SeekFrom::Start(offset))?; |
| 164 | Ok(Read::take(Box::new(src), size)) |
| 165 | } |
| 166 | |
| 167 | struct Digester { |
Alice Wang | 5d0f89a | 2022-09-15 15:06:10 +0000 | [diff] [blame] | 168 | message_digest: MessageDigest, |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 169 | } |
| 170 | |
| 171 | const CHUNK_HEADER_TOP: &[u8] = &[0x5a]; |
| 172 | const CHUNK_HEADER_MID: &[u8] = &[0xa5]; |
Andrew Walbran | 117cd5e | 2021-08-13 11:42:13 +0000 | [diff] [blame] | 173 | |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 174 | impl Digester { |
Alice Wang | 5d0f89a | 2022-09-15 15:06:10 +0000 | [diff] [blame] | 175 | fn new(signature_algorithm_id: SignatureAlgorithmID) -> Result<Digester> { |
| 176 | let message_digest = |
| 177 | signature_algorithm_id.to_content_digest_algorithm().new_message_digest()?; |
| 178 | Ok(Digester { message_digest }) |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 179 | } |
Andrew Walbran | 117cd5e | 2021-08-13 11:42:13 +0000 | [diff] [blame] | 180 | |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 181 | // v2/v3 digests are computed after prepending "header" byte and "size" info. |
Andrew Scull | c208eb4 | 2022-05-22 16:17:52 +0000 | [diff] [blame] | 182 | fn digest(&self, data: &[u8], header: &[u8], size: u32) -> Result<DigestBytes> { |
Alice Wang | 5d0f89a | 2022-09-15 15:06:10 +0000 | [diff] [blame] | 183 | let mut hasher = Hasher::new(self.message_digest)?; |
Alice Wang | 9807322 | 2022-09-09 14:08:19 +0000 | [diff] [blame] | 184 | hasher.update(header)?; |
| 185 | hasher.update(&size.to_le_bytes())?; |
| 186 | hasher.update(data)?; |
| 187 | Ok(hasher.finish()?) |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 188 | } |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 189 | } |
| 190 | |
Jooyung Han | 5d94bfc | 2021-08-06 14:07:49 +0900 | [diff] [blame] | 191 | fn find_signing_block<T: Read + Seek>( |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 192 | reader: &mut T, |
| 193 | central_directory_offset: u32, |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 194 | ) -> Result<(u32, u32)> { |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 195 | // FORMAT: |
| 196 | // OFFSET DATA TYPE DESCRIPTION |
| 197 | // * @+0 bytes uint64: size in bytes (excluding this field) |
| 198 | // * @+8 bytes payload |
| 199 | // * @-24 bytes uint64: size in bytes (same as the one above) |
| 200 | // * @-16 bytes uint128: magic |
Alice Wang | af1d15b | 2022-09-09 11:09:51 +0000 | [diff] [blame] | 201 | ensure!( |
| 202 | central_directory_offset >= APK_SIG_BLOCK_MIN_SIZE, |
| 203 | "APK too small for APK Signing Block. ZIP Central Directory offset: {}", |
| 204 | central_directory_offset |
| 205 | ); |
Jooyung Han | 5d94bfc | 2021-08-06 14:07:49 +0900 | [diff] [blame] | 206 | reader.seek(SeekFrom::Start((central_directory_offset - 24) as u64))?; |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 207 | let size_in_footer = reader.read_u64::<LittleEndian>()? as u32; |
Alice Wang | af1d15b | 2022-09-09 11:09:51 +0000 | [diff] [blame] | 208 | ensure!( |
| 209 | reader.read_u128::<LittleEndian>()? == APK_SIG_BLOCK_MAGIC, |
| 210 | "No APK Signing Block before ZIP Central Directory" |
| 211 | ); |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 212 | let total_size = size_in_footer + 8; |
| 213 | let signing_block_offset = central_directory_offset |
| 214 | .checked_sub(total_size) |
| 215 | .ok_or_else(|| anyhow!("APK Signing Block size out of range: {}", size_in_footer))?; |
Jooyung Han | 5d94bfc | 2021-08-06 14:07:49 +0900 | [diff] [blame] | 216 | reader.seek(SeekFrom::Start(signing_block_offset as u64))?; |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 217 | let size_in_header = reader.read_u64::<LittleEndian>()? as u32; |
Alice Wang | af1d15b | 2022-09-09 11:09:51 +0000 | [diff] [blame] | 218 | // This corresponds to APK Signature Scheme v3 verification step 1a. |
| 219 | ensure!( |
| 220 | size_in_header == size_in_footer, |
| 221 | "APK Signing Block sizes in header and footer do not match: {} vs {}", |
| 222 | size_in_header, |
| 223 | size_in_footer |
| 224 | ); |
Jooyung Han | d839785 | 2021-08-10 16:29:36 +0900 | [diff] [blame] | 225 | Ok((signing_block_offset, total_size)) |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 226 | } |
| 227 | |
| 228 | fn find_signature_scheme_block(buf: Bytes, block_id: u32) -> Result<Bytes> { |
| 229 | // FORMAT: |
| 230 | // OFFSET DATA TYPE DESCRIPTION |
| 231 | // * @+0 bytes uint64: size in bytes (excluding this field) |
| 232 | // * @+8 bytes pairs |
| 233 | // * @-24 bytes uint64: size in bytes (same as the one above) |
| 234 | // * @-16 bytes uint128: magic |
| 235 | let mut pairs = buf.slice(8..(buf.len() - 24)); |
| 236 | let mut entry_count = 0; |
| 237 | while pairs.has_remaining() { |
| 238 | entry_count += 1; |
Alice Wang | af1d15b | 2022-09-09 11:09:51 +0000 | [diff] [blame] | 239 | ensure!( |
| 240 | pairs.remaining() >= 8, |
| 241 | "Insufficient data to read size of APK Signing Block entry #{}", |
| 242 | entry_count |
| 243 | ); |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 244 | let length = pairs.get_u64_le(); |
| 245 | let mut pair = pairs.split_to(length as usize); |
| 246 | let id = pair.get_u32_le(); |
| 247 | if id == block_id { |
| 248 | return Ok(pair); |
| 249 | } |
| 250 | } |
Alice Wang | af1d15b | 2022-09-09 11:09:51 +0000 | [diff] [blame] | 251 | let context = |
| 252 | format!("No APK Signature Scheme block in APK Signing Block with ID: {}", block_id); |
| 253 | Err(Error::new(io::Error::from(ErrorKind::NotFound)).context(context)) |
Jooyung Han | 12a0b70 | 2021-08-05 23:20:31 +0900 | [diff] [blame] | 254 | } |
| 255 | |
Alice Wang | ed79eab | 2022-09-08 11:16:31 +0000 | [diff] [blame] | 256 | #[cfg(test)] |
| 257 | mod tests { |
| 258 | use super::*; |
| 259 | use byteorder::LittleEndian; |
| 260 | use std::fs::File; |
| 261 | use std::mem::size_of_val; |
| 262 | |
Alice Wang | af1d15b | 2022-09-09 11:09:51 +0000 | [diff] [blame] | 263 | use crate::v3::{to_hex_string, APK_SIGNATURE_SCHEME_V3_BLOCK_ID}; |
Alice Wang | 9807322 | 2022-09-09 14:08:19 +0000 | [diff] [blame] | 264 | |
Alice Wang | ed79eab | 2022-09-08 11:16:31 +0000 | [diff] [blame] | 265 | const CENTRAL_DIRECTORY_HEADER_SIGNATURE: u32 = 0x02014b50; |
| 266 | |
| 267 | #[test] |
| 268 | fn test_apk_sections() { |
| 269 | let apk_file = File::open("tests/data/v3-only-with-ecdsa-sha512-p521.apk").unwrap(); |
| 270 | let apk_sections = ApkSections::new(apk_file).unwrap(); |
| 271 | let mut reader = &apk_sections.inner; |
| 272 | |
| 273 | // Checks APK Signing Block. |
| 274 | assert_eq!( |
| 275 | apk_sections.signing_block_offset + apk_sections.signing_block_size, |
| 276 | apk_sections.central_directory_offset |
| 277 | ); |
| 278 | let apk_signature_offset = SeekFrom::Start( |
| 279 | apk_sections.central_directory_offset as u64 - size_of_val(&APK_SIG_BLOCK_MAGIC) as u64, |
| 280 | ); |
| 281 | reader.seek(apk_signature_offset).unwrap(); |
| 282 | assert_eq!(reader.read_u128::<LittleEndian>().unwrap(), APK_SIG_BLOCK_MAGIC); |
| 283 | |
| 284 | // Checks Central directory. |
| 285 | assert_eq!(reader.read_u32::<LittleEndian>().unwrap(), CENTRAL_DIRECTORY_HEADER_SIGNATURE); |
| 286 | assert_eq!( |
| 287 | apk_sections.central_directory_offset + apk_sections.central_directory_size, |
| 288 | apk_sections.eocd_offset |
| 289 | ); |
| 290 | |
| 291 | // Checks EOCD. |
| 292 | assert_eq!( |
| 293 | reader.metadata().unwrap().len(), |
| 294 | (apk_sections.eocd_offset + apk_sections.eocd_size) as u64 |
| 295 | ); |
| 296 | } |
Alice Wang | 9807322 | 2022-09-09 14:08:19 +0000 | [diff] [blame] | 297 | |
| 298 | #[test] |
| 299 | fn test_apk_digest() { |
| 300 | let apk_file = File::open("tests/data/v3-only-with-dsa-sha256-1024.apk").unwrap(); |
| 301 | let mut apk_sections = ApkSections::new(apk_file).unwrap(); |
| 302 | let digest = apk_sections.compute_digest(SIGNATURE_DSA_WITH_SHA256).unwrap(); |
| 303 | assert_eq!( |
| 304 | "0DF2426EA33AEDAF495D88E5BE0C6A1663FF0A81C5ED12D5B2929AE4B4300F2F", |
| 305 | to_hex_string(&digest[..]) |
| 306 | ); |
| 307 | } |
Alice Wang | af1d15b | 2022-09-09 11:09:51 +0000 | [diff] [blame] | 308 | |
| 309 | #[test] |
| 310 | fn test_apk_sections_cannot_find_signature() { |
| 311 | let apk_file = File::open("tests/data/v2-only-two-signers.apk").unwrap(); |
| 312 | let mut apk_sections = ApkSections::new(apk_file).unwrap(); |
| 313 | let result = apk_sections.find_signature(APK_SIGNATURE_SCHEME_V3_BLOCK_ID); |
| 314 | |
| 315 | assert!(result.is_err()); |
| 316 | let error = result.unwrap_err(); |
| 317 | assert_eq!(error.downcast_ref::<io::Error>().unwrap().kind(), ErrorKind::NotFound); |
| 318 | assert!( |
| 319 | error.to_string().contains(&APK_SIGNATURE_SCHEME_V3_BLOCK_ID.to_string()), |
| 320 | "Error should contain the block ID: {}", |
| 321 | error |
| 322 | ); |
| 323 | } |
| 324 | |
| 325 | #[test] |
| 326 | fn test_apk_sections_find_signature() { |
| 327 | let apk_file = File::open("tests/data/v3-only-with-dsa-sha256-1024.apk").unwrap(); |
| 328 | let mut apk_sections = ApkSections::new(apk_file).unwrap(); |
| 329 | let signature = apk_sections.find_signature(APK_SIGNATURE_SCHEME_V3_BLOCK_ID).unwrap(); |
| 330 | |
| 331 | let expected_v3_signature_block_size = 1289; // Only for this specific APK |
| 332 | assert_eq!(signature.len(), expected_v3_signature_block_size); |
| 333 | } |
Alice Wang | ed79eab | 2022-09-08 11:16:31 +0000 | [diff] [blame] | 334 | } |