Android/frameworks_base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[framework] Extract v3 digest for v4 checking correctly

Browse Source 
Use the same ordering of digest algorithms as the apksigner and
the general v3 checking do.

Test: adb install --incremental <apk> with v4 signature
Bug: b/151241461
Change-Id: I5c4c8339d7fd2ba127bd0f453efc9c04a8be7ac7
This commit is contained in:
Yurii Zubrytskyi
2020-03-16 18:20:56 -07:00
committed by Alex Buynytskyy
parent 4af7ee3edc
commit 087cf41e51
1 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java
View File

@@ -213,15 +213,24 @@ public class ApkSignatureSchemeV3Verifier {
verityDigest, apk.length(), signatureInfo);
}
if (contentDigests.containsKey(CONTENT_DIGEST_CHUNKED_SHA512)) {
result.digest = contentDigests.get(CONTENT_DIGEST_CHUNKED_SHA512);
} else if (contentDigests.containsKey(CONTENT_DIGEST_CHUNKED_SHA256)) {
result.digest = contentDigests.get(CONTENT_DIGEST_CHUNKED_SHA256);
}
result.digest = pickBestV3DigestForV4(contentDigests);
return result;
}
// Keep in sync with pickBestV3DigestForV4 in apksigner.V3SchemeVerifier.
private static byte[] pickBestV3DigestForV4(Map<Integer, byte[]> contentDigests) {
final int[] orderedContentDigestTypes =
{CONTENT_DIGEST_CHUNKED_SHA512, CONTENT_DIGEST_VERITY_CHUNKED_SHA256,
CONTENT_DIGEST_CHUNKED_SHA256};
for (int contentDigestType : orderedContentDigestTypes) {
if (contentDigests.containsKey(contentDigestType)) {
return contentDigests.get(contentDigestType);
}
}
return null;
}
private static VerifiedSigner verifySigner(
ByteBuffer signerBlock,
Map<Integer, byte[]> contentDigests,