Merge "bootstat: Add bootstat to the embedded target to support logging boot time across devices."
diff --git a/CleanSpec.mk b/CleanSpec.mk
index 64d84e3..19cb651 100644
--- a/CleanSpec.mk
+++ b/CleanSpec.mk
@@ -371,6 +371,9 @@
$(call add-clean-step, rm -rf $(PRODUCT_OUT)/system/build.prop)
+# $(PRODUCT_OUT)/recovery/root/sdcard goes from symlink to folder.
+$(call add-clean-step, rm -rf $(PRODUCT_OUT)/recovery/root/sdcard)
+
# ************************************************
# NEWER CLEAN STEPS MUST BE AT THE END OF THE LIST
# ************************************************
diff --git a/core/Makefile b/core/Makefile
index ee15f12..f64dc28 100644
--- a/core/Makefile
+++ b/core/Makefile
@@ -695,6 +695,19 @@
$(hide) zip -qjX $@ $<
$(remove-timestamps-from-package)
+# Carry the public key for update_engine if it's a non-Brillo target that
+# uses the AB updater. We use the same key as otacerts but in RSA public key
+# format.
+ifeq ($(AB_OTA_UPDATER),true)
+ifeq ($(BRILLO),)
+ALL_DEFAULT_INSTALLED_MODULES += $(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem
+$(TARGET_OUT_ETC)/update_engine/update-payload-key.pub.pem: $(addsuffix .x509.pem,$(DEFAULT_KEY_CERT_PAIR))
+ $(hide) rm -f $@
+ $(hide) mkdir -p $(dir $@)
+ $(hide) openssl x509 -pubkey -noout -in $< > $@
+endif
+endif
+
.PHONY: otacerts
otacerts: $(TARGET_OUT_ETC)/security/otacerts.zip
diff --git a/core/binary.mk b/core/binary.mk
index 73d1d22..af8d747 100644
--- a/core/binary.mk
+++ b/core/binary.mk
@@ -733,24 +733,26 @@
aidl_gen_cpp :=
ifneq ($(aidl_src),)
+# Use the intermediates directory to avoid writing our own .cpp -> .o rules.
aidl_gen_cpp_root := $(intermediates)/aidl-generated/src
aidl_gen_include_root := $(intermediates)/aidl-generated/include
-aidl_gen_cpp := $(patsubst %.aidl,%$(LOCAL_CPP_EXTENSION),$(aidl_src))
-aidl_gen_cpp := $(addprefix $(aidl_gen_cpp_root)/,$(aidl_gen_cpp))
+# Multi-architecture builds have distinct intermediates directories.
+# Thus we'll actually generate source for each architecture.
+$(foreach s,$(aidl_src),\
+ $(eval $(call define-aidl-cpp-rule,$(s),$(aidl_gen_cpp_root),aidl_gen_cpp)))
+ifeq ($(BUILDING_WITH_NINJA),true)
+$(foreach cpp,$(aidl_gen_cpp), \
+ $(eval $(cpp) : .KATI_DEPFILE := $(addsuffix .aidl.P,$(basename $(cpp)))))
+else
+ -include $(addsuffix .aidl.P,$(basename $(aidl_gen_cpp)))
+endif
-# TODO(wiley): we could pass down a flag here to only generate the server or
-# client side of the binder interface.
+
$(aidl_gen_cpp) : PRIVATE_MODULE := $(LOCAL_MODULE)
$(aidl_gen_cpp) : PRIVATE_HEADER_OUTPUT_DIR := $(aidl_gen_include_root)
$(aidl_gen_cpp) : PRIVATE_AIDL_FLAGS := $(addprefix -I,$(LOCAL_AIDL_INCLUDES))
-# Multi-architecture builds have distinct intermediates directories.
-# Define rules for both architectures.
-$(aidl_gen_cpp) : $(aidl_gen_cpp_root)/%$(LOCAL_CPP_EXTENSION) : $(LOCAL_PATH)/%.aidl $(AIDL_CPP)
- $(transform-aidl-to-cpp)
--include $(addsuffix .P,$(basename $(aidl_gen_cpp)))
-
# Add generated headers to include paths.
my_c_includes += $(aidl_gen_include_root)
my_export_c_include_dirs += $(aidl_gen_include_root)
@@ -905,6 +907,7 @@
endif
gen_asm_objects := $(gen_S_objects) $(gen_s_objects)
+$(gen_asm_objects): PRIVATE_ARM_CFLAGS := $(normal_objects_cflags)
###########################################################
## o: Include generated .o files in output.
@@ -1041,6 +1044,7 @@
endif
asm_objects := $(dotdot_objects_S) $(dotdot_objects_s) $(asm_objects_S) $(asm_objects_s)
+$(asm_objects): PRIVATE_ARM_CFLAGS := $(normal_objects_cflags)
# .asm for x86/x86_64 needs to be compiled with yasm.
diff --git a/core/config.mk b/core/config.mk
index 1af1995..34be76b 100644
--- a/core/config.mk
+++ b/core/config.mk
@@ -406,6 +406,8 @@
DX := $(HOST_OUT_EXECUTABLES)/dx
MAINDEXCLASSES := $(HOST_OUT_EXECUTABLES)/mainDexClasses
+USE_PREBUILT_SDK_TOOLS_IN_PLACE := true
+
# Override the definitions above for unbundled and PDK builds
ifneq (,$(TARGET_BUILD_APPS)$(filter true,$(TARGET_BUILD_PDK)))
prebuilt_sdk_tools := prebuilts/sdk/tools
diff --git a/core/definitions.mk b/core/definitions.mk
index 623f209..916dfa2 100644
--- a/core/definitions.mk
+++ b/core/definitions.mk
@@ -989,10 +989,22 @@
@mkdir -p $(dir $@)
@mkdir -p $(PRIVATE_HEADER_OUTPUT_DIR)
@echo "Generating C++ from AIDL: $(PRIVATE_MODULE) <= $<"
-$(hide) $(AIDL_CPP) -d$(basename $@).P $(PRIVATE_AIDL_FLAGS) \
+$(hide) $(AIDL_CPP) -d$(basename $@).aidl.P $(PRIVATE_AIDL_FLAGS) \
$< $(PRIVATE_HEADER_OUTPUT_DIR) $@
endef
+## Given a .aidl file path generate the rule to compile it a .cpp file.
+# $(1): a .aidl source file
+# $(2): a directory to place the generated .cpp files in
+# $(3): name of a variable to add the path to the generated source file to
+#
+# You must call this with $(eval).
+define define-aidl-cpp-rule
+define-aidl-cpp-rule-src := $(patsubst %.aidl,%$(LOCAL_CPP_EXTENSION),$(subst ../,dotdot/,$(addprefix $(2)/,$(1))))
+$$(define-aidl-cpp-rule-src) : $(LOCAL_PATH)/$(1) $(AIDL_CPP)
+ $$(transform-aidl-to-cpp)
+$(3) += $$(define-aidl-cpp-rule-src)
+endef
###########################################################
## Commands for running java-event-log-tags.py
diff --git a/tools/releasetools/ota_from_target_files.py b/tools/releasetools/ota_from_target_files.py
index d0636b6..a567760 100755
--- a/tools/releasetools/ota_from_target_files.py
+++ b/tools/releasetools/ota_from_target_files.py
@@ -109,6 +109,7 @@
import multiprocessing
import os
+import subprocess
import tempfile
import zipfile
@@ -1078,6 +1079,124 @@
WriteMetadata(metadata, output_zip)
+def WriteABOTAPackageWithBrilloScript(target_file, output_file,
+ source_file=None):
+ """Generate an Android OTA package that has A/B update payload."""
+
+ # Setup signing keys.
+ if OPTIONS.package_key is None:
+ OPTIONS.package_key = OPTIONS.info_dict.get(
+ "default_system_dev_certificate",
+ "build/target/product/security/testkey")
+
+ # A/B updater expects key in RSA format.
+ cmd = ["openssl", "pkcs8",
+ "-in", OPTIONS.package_key + OPTIONS.private_key_suffix,
+ "-inform", "DER", "-nocrypt"]
+ rsa_key = common.MakeTempFile(prefix="key-", suffix=".key")
+ cmd.extend(["-out", rsa_key])
+ p1 = common.Run(cmd, stdout=subprocess.PIPE)
+ p1.wait()
+ assert p1.returncode == 0, "openssl pkcs8 failed"
+
+ # Stage the output zip package for signing.
+ temp_zip_file = tempfile.NamedTemporaryFile()
+ output_zip = zipfile.ZipFile(temp_zip_file, "w",
+ compression=zipfile.ZIP_DEFLATED)
+
+ # Metadata to comply with Android OTA package format.
+ oem_props = OPTIONS.info_dict.get("oem_fingerprint_properties", None)
+ oem_dict = None
+ if oem_props:
+ if OPTIONS.oem_source is None:
+ raise common.ExternalError("OEM source required for this build")
+ oem_dict = common.LoadDictionaryFromLines(
+ open(OPTIONS.oem_source).readlines())
+
+ metadata = {
+ "post-build": CalculateFingerprint(oem_props, oem_dict,
+ OPTIONS.info_dict),
+ "pre-device": GetOemProperty("ro.product.device", oem_props, oem_dict,
+ OPTIONS.info_dict),
+ "post-timestamp": GetBuildProp("ro.build.date.utc", OPTIONS.info_dict),
+ }
+
+ if source_file is not None:
+ metadata["pre-build"] = CalculateFingerprint(oem_props, oem_dict,
+ OPTIONS.source_info_dict)
+
+ # 1. Generate payload.
+ payload_file = common.MakeTempFile(prefix="payload-", suffix=".bin")
+ cmd = ["brillo_update_payload", "generate",
+ "--payload", payload_file,
+ "--target_image", target_file]
+ if source_file is not None:
+ cmd.extend(["--source_image", source_file])
+ p1 = common.Run(cmd, stdout=subprocess.PIPE)
+ p1.wait()
+ assert p1.returncode == 0, "brillo_update_payload generate failed"
+
+ # 2. Generate hashes of the payload and metadata files.
+ payload_sig_file = common.MakeTempFile(prefix="sig-", suffix=".bin")
+ metadata_sig_file = common.MakeTempFile(prefix="sig-", suffix=".bin")
+ cmd = ["brillo_update_payload", "hash",
+ "--unsigned_payload", payload_file,
+ "--signature_size", "256",
+ "--metadata_hash_file", metadata_sig_file,
+ "--payload_hash_file", payload_sig_file]
+ p1 = common.Run(cmd, stdout=subprocess.PIPE)
+ p1.wait()
+ assert p1.returncode == 0, "brillo_update_payload hash failed"
+
+ # 3. Sign the hashes and insert them back into the payload file.
+ signed_payload_sig_file = common.MakeTempFile(prefix="signed-sig-",
+ suffix=".bin")
+ signed_metadata_sig_file = common.MakeTempFile(prefix="signed-sig-",
+ suffix=".bin")
+ # 3a. Sign the payload hash.
+ cmd = ["openssl", "pkeyutl", "-sign",
+ "-inkey", rsa_key,
+ "-pkeyopt", "digest:sha256",
+ "-in", payload_sig_file,
+ "-out", signed_payload_sig_file]
+ p1 = common.Run(cmd, stdout=subprocess.PIPE)
+ p1.wait()
+ assert p1.returncode == 0, "openssl sign payload failed"
+
+ # 3b. Sign the metadata hash.
+ cmd = ["openssl", "pkeyutl", "-sign",
+ "-inkey", rsa_key,
+ "-pkeyopt", "digest:sha256",
+ "-in", metadata_sig_file,
+ "-out", signed_metadata_sig_file]
+ p1 = common.Run(cmd, stdout=subprocess.PIPE)
+ p1.wait()
+ assert p1.returncode == 0, "openssl sign metadata failed"
+
+ # 3c. Insert the signatures back into the payload file.
+ signed_payload_file = common.MakeTempFile(prefix="signed-payload-",
+ suffix=".bin")
+ cmd = ["brillo_update_payload", "sign",
+ "--unsigned_payload", payload_file,
+ "--payload", signed_payload_file,
+ "--signature_size", "256",
+ "--metadata_signature_file", signed_metadata_sig_file,
+ "--payload_signature_file", signed_payload_sig_file]
+ p1 = common.Run(cmd, stdout=subprocess.PIPE)
+ p1.wait()
+ assert p1.returncode == 0, "brillo_update_payload sign failed"
+
+ # Add the signed payload file into the zip.
+ common.ZipWrite(output_zip, signed_payload_file, arcname="payload.bin",
+ compress_type=zipfile.ZIP_STORED)
+ WriteMetadata(metadata, output_zip)
+
+ # Sign the whole package to comply with the Android OTA package format.
+ common.ZipClose(output_zip)
+ SignOutput(temp_zip_file.name, output_file)
+ temp_zip_file.close()
+
+
class FileDifference(object):
def __init__(self, partition, source_zip, target_zip, output_zip):
self.deferred_patch_list = None
@@ -1683,6 +1802,37 @@
common.Usage(__doc__)
sys.exit(1)
+ # Load the dict file from the zip directly to have a peek at the OTA type.
+ # For packages using A/B update, unzipping is not needed.
+ input_zip = zipfile.ZipFile(args[0], "r")
+ OPTIONS.info_dict = common.LoadInfoDict(input_zip)
+ common.ZipClose(input_zip)
+
+ ab_update = OPTIONS.info_dict.get("ab_update") == "true"
+
+ if ab_update:
+ if OPTIONS.incremental_source is not None:
+ OPTIONS.target_info_dict = OPTIONS.info_dict
+ source_zip = zipfile.ZipFile(OPTIONS.incremental_source, "r")
+ OPTIONS.source_info_dict = common.LoadInfoDict(source_zip)
+ common.ZipClose(source_zip)
+
+ if OPTIONS.verbose:
+ print "--- target info ---"
+ common.DumpInfoDict(OPTIONS.info_dict)
+
+ if OPTIONS.incremental_source is not None:
+ print "--- source info ---"
+ common.DumpInfoDict(OPTIONS.source_info_dict)
+
+ WriteABOTAPackageWithBrilloScript(
+ target_file=args[0],
+ output_file=args[1],
+ source_file=OPTIONS.incremental_source)
+
+ print "done."
+ return
+
if OPTIONS.extra_script is not None:
OPTIONS.extra_script = open(OPTIONS.extra_script).read()
@@ -1714,9 +1864,7 @@
if OPTIONS.device_specific is not None:
OPTIONS.device_specific = os.path.abspath(OPTIONS.device_specific)
- ab_update = OPTIONS.info_dict.get("ab_update") == "true"
-
- if OPTIONS.info_dict.get("no_recovery") == "true" and not ab_update:
+ if OPTIONS.info_dict.get("no_recovery") == "true":
raise common.ExternalError(
"--- target build has specified no recovery ---")
@@ -1740,7 +1888,7 @@
# Non A/B OTAs rely on /cache partition to store temporary files.
cache_size = OPTIONS.info_dict.get("cache_size", None)
- if cache_size is None and not ab_update:
+ if cache_size is None:
print "--- can't determine the cache partition size ---"
OPTIONS.cache_size = cache_size
@@ -1750,11 +1898,7 @@
# Generate a full OTA.
elif OPTIONS.incremental_source is None:
- if ab_update:
- # TODO: Pending for b/25715402.
- pass
- else:
- WriteFullOTAPackage(input_zip, output_zip)
+ WriteFullOTAPackage(input_zip, output_zip)
# Generate an incremental OTA. It will fall back to generate a full OTA on
# failure unless no_fallback_to_full is specified.
diff --git a/tools/signapk/src/com/android/signapk/ApkSignerV2.java b/tools/signapk/src/com/android/signapk/ApkSignerV2.java
new file mode 100644
index 0000000..ee5e72e
--- /dev/null
+++ b/tools/signapk/src/com/android/signapk/ApkSignerV2.java
@@ -0,0 +1,730 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.signapk;
+
+import java.nio.BufferUnderflowException;
+import java.nio.ByteBuffer;
+import java.nio.ByteOrder;
+import java.security.DigestException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.Signature;
+import java.security.SignatureException;
+import java.security.cert.CertificateEncodingException;
+import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.MGF1ParameterSpec;
+import java.security.spec.PSSParameterSpec;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+/**
+ * APK Signature Scheme v2 signer.
+ *
+ * <p>APK Signature Scheme v2 is a whole-file signature scheme which aims to protect every single
+ * bit of the APK, as opposed to the JAR Signature Scheme which protects only the names and
+ * uncompressed contents of ZIP entries.
+ */
+public abstract class ApkSignerV2 {
+ /*
+ * The two main goals of APK Signature Scheme v2 are:
+ * 1. Detect any unauthorized modifications to the APK. This is achieved by making the signature
+ * cover every byte of the APK being signed.
+ * 2. Enable much faster signature and integrity verification. This is achieved by requiring
+ * only a minimal amount of APK parsing before the signature is verified, thus completely
+ * bypassing ZIP entry decompression and by making integrity verification parallelizable by
+ * employing a hash tree.
+ *
+ * The generated signature block is wrapped into an APK Signing Block and inserted into the
+ * original APK immediately before the start of ZIP Central Directory. This is to ensure that
+ * JAR and ZIP parsers continue to work on the signed APK. The APK Signing Block is designed for
+ * extensibility. For example, a future signature scheme could insert its signatures there as
+ * well. The contract of the APK Signing Block is that all contents outside of the block must be
+ * protected by signatures inside the block.
+ */
+
+ public static final int SIGNATURE_RSA_PSS_WITH_SHA256 = 0x0101;
+ public static final int SIGNATURE_RSA_PSS_WITH_SHA512 = 0x0102;
+ public static final int SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA256 = 0x0103;
+ public static final int SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA512 = 0x0104;
+ public static final int SIGNATURE_ECDSA_WITH_SHA256 = 0x0201;
+ public static final int SIGNATURE_ECDSA_WITH_SHA512 = 0x0202;
+ public static final int SIGNATURE_DSA_WITH_SHA256 = 0x0301;
+ public static final int SIGNATURE_DSA_WITH_SHA512 = 0x0302;
+
+ /**
+ * {@code .SF} file header section attribute indicating that the APK is signed not just with
+ * JAR signature scheme but also with APK Signature Scheme v2 or newer. This attribute
+ * facilitates v2 signature stripping detection.
+ *
+ * <p>The attribute contains a comma-separated set of signature scheme IDs.
+ */
+ public static final String SF_ATTRIBUTE_ANDROID_APK_SIGNED_NAME = "X-Android-APK-Signed";
+ // TODO: Adjust the value when signing scheme finalized.
+ public static final String SF_ATTRIBUTE_ANDROID_APK_SIGNED_VALUE = "1234567890";
+
+ private static final int CONTENT_DIGEST_CHUNKED_SHA256 = 0;
+ private static final int CONTENT_DIGEST_CHUNKED_SHA512 = 1;
+
+ private static final int CONTENT_DIGESTED_CHUNK_MAX_SIZE_BYTES = 1024 * 1024;
+
+ private static final byte[] APK_SIGNING_BLOCK_MAGIC =
+ new byte[] {
+ 0x41, 0x50, 0x4b, 0x20, 0x53, 0x69, 0x67, 0x20,
+ 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x20, 0x34, 0x32,
+ };
+ private static final int APK_SIGNATURE_SCHEME_V2_BLOCK_ID = 0x7109871a;
+
+ private ApkSignerV2() {}
+
+ /**
+ * Signer configuration.
+ */
+ public static final class SignerConfig {
+ /** Private key. */
+ public PrivateKey privateKey;
+
+ /**
+ * Certificates, with the first certificate containing the public key corresponding to
+ * {@link #privateKey}.
+ */
+ public List<X509Certificate> certificates;
+
+ /**
+ * List of signature algorithms with which to sign (see {@code SIGNATURE_...} constants).
+ */
+ public List<Integer> signatureAlgorithms;
+ }
+
+ /**
+ * Signs the provided APK using APK Signature Scheme v2 and returns the signed APK as a list of
+ * consecutive chunks.
+ *
+ * <p>NOTE: To enable APK signature verifier to detect v2 signature stripping, header sections
+ * of META-INF/*.SF files of APK being signed must contain the
+ * {@code X-Android-APK-Signed: true} attribute.
+ *
+ * @param inputApk contents of the APK to be signed. The APK starts at the current position
+ * of the buffer and ends at the limit of the buffer.
+ * @param signerConfigs signer configurations, one for each signer.
+ *
+ * @throws ApkParseException if the APK cannot be parsed.
+ * @throws InvalidKeyException if a signing key is not suitable for this signature scheme or
+ * cannot be used in general.
+ * @throws SignatureException if an error occurs when computing digests of generating
+ * signatures.
+ */
+ public static ByteBuffer[] sign(
+ ByteBuffer inputApk,
+ List<SignerConfig> signerConfigs)
+ throws ApkParseException, InvalidKeyException, SignatureException {
+ // Slice/create a view in the inputApk to make sure that:
+ // 1. inputApk is what's between position and limit of the original inputApk, and
+ // 2. changes to position, limit, and byte order are not reflected in the original.
+ ByteBuffer originalInputApk = inputApk;
+ inputApk = originalInputApk.slice();
+ inputApk.order(ByteOrder.LITTLE_ENDIAN);
+
+ // Locate ZIP End of Central Directory (EoCD), Central Directory, and check that Central
+ // Directory is immediately followed by the ZIP End of Central Directory.
+ int eocdOffset = ZipUtils.findZipEndOfCentralDirectoryRecord(inputApk);
+ if (eocdOffset == -1) {
+ throw new ApkParseException("Failed to locate ZIP End of Central Directory");
+ }
+ if (ZipUtils.isZip64EndOfCentralDirectoryLocatorPresent(inputApk, eocdOffset)) {
+ throw new ApkParseException("ZIP64 format not supported");
+ }
+ inputApk.position(eocdOffset);
+ long centralDirSizeLong = ZipUtils.getZipEocdCentralDirectorySizeBytes(inputApk);
+ if (centralDirSizeLong > Integer.MAX_VALUE) {
+ throw new ApkParseException(
+ "ZIP Central Directory size out of range: " + centralDirSizeLong);
+ }
+ int centralDirSize = (int) centralDirSizeLong;
+ long centralDirOffsetLong = ZipUtils.getZipEocdCentralDirectoryOffset(inputApk);
+ if (centralDirOffsetLong > Integer.MAX_VALUE) {
+ throw new ApkParseException(
+ "ZIP Central Directory offset in file out of range: " + centralDirOffsetLong);
+ }
+ int centralDirOffset = (int) centralDirOffsetLong;
+ int expectedEocdOffset = centralDirOffset + centralDirSize;
+ if (expectedEocdOffset < centralDirOffset) {
+ throw new ApkParseException(
+ "ZIP Central Directory extent too large. Offset: " + centralDirOffset
+ + ", size: " + centralDirSize);
+ }
+ if (eocdOffset != expectedEocdOffset) {
+ throw new ApkParseException(
+ "ZIP Central Directory not immeiately followed by ZIP End of"
+ + " Central Directory. CD end: " + expectedEocdOffset
+ + ", EoCD start: " + eocdOffset);
+ }
+
+ // Create ByteBuffers holding the contents of everything before ZIP Central Directory,
+ // ZIP Central Directory, and ZIP End of Central Directory.
+ inputApk.clear();
+ ByteBuffer beforeCentralDir = getByteBuffer(inputApk, centralDirOffset);
+ ByteBuffer centralDir = getByteBuffer(inputApk, eocdOffset - centralDirOffset);
+ // Create a copy of End of Central Directory because we'll need modify its contents later.
+ byte[] eocdBytes = new byte[inputApk.remaining()];
+ inputApk.get(eocdBytes);
+ ByteBuffer eocd = ByteBuffer.wrap(eocdBytes);
+ eocd.order(inputApk.order());
+
+ // Figure which which digests to use for APK contents.
+ Set<Integer> contentDigestAlgorithms = new HashSet<>();
+ for (SignerConfig signerConfig : signerConfigs) {
+ for (int signatureAlgorithm : signerConfig.signatureAlgorithms) {
+ contentDigestAlgorithms.add(
+ getSignatureAlgorithmContentDigestAlgorithm(signatureAlgorithm));
+ }
+ }
+
+ // Compute digests of APK contents.
+ Map<Integer, byte[]> contentDigests; // digest algorithm ID -> digest
+ try {
+ contentDigests =
+ computeContentDigests(
+ contentDigestAlgorithms,
+ new ByteBuffer[] {beforeCentralDir, centralDir, eocd});
+ } catch (DigestException e) {
+ throw new SignatureException("Failed to compute digests of APK", e);
+ }
+
+ // Sign the digests and wrap the signatures and signer info into an APK Signing Block.
+ ByteBuffer apkSigningBlock =
+ ByteBuffer.wrap(generateApkSigningBlock(signerConfigs, contentDigests));
+
+ // Update Central Directory Offset in End of Central Directory Record. Central Directory
+ // follows the APK Signing Block and thus is shifted by the size of the APK Signing Block.
+ centralDirOffset += apkSigningBlock.remaining();
+ eocd.clear();
+ ZipUtils.setZipEocdCentralDirectoryOffset(eocd, centralDirOffset);
+
+ // Follow the Java NIO pattern for ByteBuffer whose contents have been consumed.
+ originalInputApk.position(originalInputApk.limit());
+
+ // Reset positions (to 0) and limits (to capacity) in the ByteBuffers below to follow the
+ // Java NIO pattern for ByteBuffers which are ready for their contents to be read by caller.
+ // Contrary to the name, this does not clear the contents of these ByteBuffer.
+ beforeCentralDir.clear();
+ centralDir.clear();
+ eocd.clear();
+
+ // Insert APK Signing Block immediately before the ZIP Central Directory.
+ return new ByteBuffer[] {
+ beforeCentralDir,
+ apkSigningBlock,
+ centralDir,
+ eocd,
+ };
+ }
+
+ private static Map<Integer, byte[]> computeContentDigests(
+ Set<Integer> digestAlgorithms,
+ ByteBuffer[] contents) throws DigestException {
+ // For each digest algorithm the result is computed as follows:
+ // 1. Each segment of contents is split into consecutive chunks of 1 MB in size.
+ // The final chunk will be shorter iff the length of segment is not a multiple of 1 MB.
+ // No chunks are produced for empty (zero length) segments.
+ // 2. The digest of each chunk is computed over the concatenation of byte 0xa5, the chunk's
+ // length in bytes (uint32 little-endian) and the chunk's contents.
+ // 3. The output digest is computed over the concatenation of the byte 0x5a, the number of
+ // chunks (uint32 little-endian) and the concatenation of digests of chunks of all
+ // segments in-order.
+
+ int chunkCount = 0;
+ for (ByteBuffer input : contents) {
+ chunkCount += getChunkCount(input.remaining(), CONTENT_DIGESTED_CHUNK_MAX_SIZE_BYTES);
+ }
+
+ final Map<Integer, byte[]> digestsOfChunks = new HashMap<>(digestAlgorithms.size());
+ for (int digestAlgorithm : digestAlgorithms) {
+ int digestOutputSizeBytes = getContentDigestAlgorithmOutputSizeBytes(digestAlgorithm);
+ byte[] concatenationOfChunkCountAndChunkDigests =
+ new byte[5 + chunkCount * digestOutputSizeBytes];
+ concatenationOfChunkCountAndChunkDigests[0] = 0x5a;
+ setUnsignedInt32LittleEngian(
+ chunkCount, concatenationOfChunkCountAndChunkDigests, 1);
+ digestsOfChunks.put(digestAlgorithm, concatenationOfChunkCountAndChunkDigests);
+ }
+
+ int chunkIndex = 0;
+ byte[] chunkContentPrefix = new byte[5];
+ chunkContentPrefix[0] = (byte) 0xa5;
+ // Optimization opportunity: digests of chunks can be computed in parallel.
+ for (ByteBuffer input : contents) {
+ while (input.hasRemaining()) {
+ int chunkSize =
+ Math.min(input.remaining(), CONTENT_DIGESTED_CHUNK_MAX_SIZE_BYTES);
+ final ByteBuffer chunk = getByteBuffer(input, chunkSize);
+ for (int digestAlgorithm : digestAlgorithms) {
+ String jcaAlgorithmName =
+ getContentDigestAlgorithmJcaDigestAlgorithm(digestAlgorithm);
+ MessageDigest md;
+ try {
+ md = MessageDigest.getInstance(jcaAlgorithmName);
+ } catch (NoSuchAlgorithmException e) {
+ throw new DigestException(
+ jcaAlgorithmName + " MessageDigest not supported", e);
+ }
+ // Reset position to 0 and limit to capacity. Position would've been modified
+ // by the preceding iteration of this loop. NOTE: Contrary to the method name,
+ // this does not modify the contents of the chunk.
+ chunk.clear();
+ setUnsignedInt32LittleEngian(chunk.remaining(), chunkContentPrefix, 1);
+ md.update(chunkContentPrefix);
+ md.update(chunk);
+ byte[] concatenationOfChunkCountAndChunkDigests =
+ digestsOfChunks.get(digestAlgorithm);
+ int expectedDigestSizeBytes =
+ getContentDigestAlgorithmOutputSizeBytes(digestAlgorithm);
+ int actualDigestSizeBytes =
+ md.digest(
+ concatenationOfChunkCountAndChunkDigests,
+ 5 + chunkIndex * expectedDigestSizeBytes,
+ expectedDigestSizeBytes);
+ if (actualDigestSizeBytes != expectedDigestSizeBytes) {
+ throw new DigestException(
+ "Unexpected output size of " + md.getAlgorithm()
+ + " digest: " + actualDigestSizeBytes);
+ }
+ }
+ chunkIndex++;
+ }
+ }
+
+ Map<Integer, byte[]> result = new HashMap<>(digestAlgorithms.size());
+ for (Map.Entry<Integer, byte[]> entry : digestsOfChunks.entrySet()) {
+ int digestAlgorithm = entry.getKey();
+ byte[] concatenationOfChunkCountAndChunkDigests = entry.getValue();
+ String jcaAlgorithmName = getContentDigestAlgorithmJcaDigestAlgorithm(digestAlgorithm);
+ MessageDigest md;
+ try {
+ md = MessageDigest.getInstance(jcaAlgorithmName);
+ } catch (NoSuchAlgorithmException e) {
+ throw new DigestException(jcaAlgorithmName + " MessageDigest not supported", e);
+ }
+ result.put(digestAlgorithm, md.digest(concatenationOfChunkCountAndChunkDigests));
+ }
+ return result;
+ }
+
+ private static final int getChunkCount(int inputSize, int chunkSize) {
+ return (inputSize + chunkSize - 1) / chunkSize;
+ }
+
+ private static void setUnsignedInt32LittleEngian(int value, byte[] result, int offset) {
+ result[offset] = (byte) (value & 0xff);
+ result[offset + 1] = (byte) ((value >> 8) & 0xff);
+ result[offset + 2] = (byte) ((value >> 16) & 0xff);
+ result[offset + 3] = (byte) ((value >> 24) & 0xff);
+ }
+
+ private static byte[] generateApkSigningBlock(
+ List<SignerConfig> signerConfigs,
+ Map<Integer, byte[]> contentDigests) throws InvalidKeyException, SignatureException {
+ byte[] apkSignatureSchemeV2Block =
+ generateApkSignatureSchemeV2Block(signerConfigs, contentDigests);
+ return generateApkSigningBlock(apkSignatureSchemeV2Block);
+ }
+
+ private static byte[] generateApkSigningBlock(byte[] apkSignatureSchemeV2Block) {
+ // FORMAT:
+ // uint64: size (excluding this field)
+ // repeated ID-value pairs:
+ // uint64: size (excluding this field)
+ // uint32: ID
+ // (size - 4) bytes: value
+ // uint64: size (same as the one above)
+ // uint128: magic
+
+ int resultSize =
+ 8 // size
+ + 8 + 4 + apkSignatureSchemeV2Block.length // v2Block as ID-value pair
+ + 8 // size
+ + 16 // magic
+ ;
+ ByteBuffer result = ByteBuffer.allocate(resultSize);
+ result.order(ByteOrder.LITTLE_ENDIAN);
+ long blockSizeFieldValue = resultSize - 8;
+ result.putLong(blockSizeFieldValue);
+
+ long pairSizeFieldValue = 4 + apkSignatureSchemeV2Block.length;
+ result.putLong(pairSizeFieldValue);
+ result.putInt(APK_SIGNATURE_SCHEME_V2_BLOCK_ID);
+ result.put(apkSignatureSchemeV2Block);
+
+ result.putLong(blockSizeFieldValue);
+ result.put(APK_SIGNING_BLOCK_MAGIC);
+
+ return result.array();
+ }
+
+ private static byte[] generateApkSignatureSchemeV2Block(
+ List<SignerConfig> signerConfigs,
+ Map<Integer, byte[]> contentDigests) throws InvalidKeyException, SignatureException {
+ // FORMAT:
+ // * length-prefixed sequence of length-prefixed signer blocks.
+
+ List<byte[]> signerBlocks = new ArrayList<>(signerConfigs.size());
+ int signerNumber = 0;
+ for (SignerConfig signerConfig : signerConfigs) {
+ signerNumber++;
+ byte[] signerBlock;
+ try {
+ signerBlock = generateSignerBlock(signerConfig, contentDigests);
+ } catch (InvalidKeyException e) {
+ throw new InvalidKeyException("Signer #" + signerNumber + " failed", e);
+ } catch (SignatureException e) {
+ throw new SignatureException("Signer #" + signerNumber + " failed", e);
+ }
+ signerBlocks.add(signerBlock);
+ }
+
+ return encodeAsSequenceOfLengthPrefixedElements(
+ new byte[][] {
+ encodeAsSequenceOfLengthPrefixedElements(signerBlocks),
+ });
+ }
+
+ private static byte[] generateSignerBlock(
+ SignerConfig signerConfig,
+ Map<Integer, byte[]> contentDigests) throws InvalidKeyException, SignatureException {
+ if (signerConfig.certificates.isEmpty()) {
+ throw new SignatureException("No certificates configured for signer");
+ }
+ PublicKey publicKey = signerConfig.certificates.get(0).getPublicKey();
+
+ byte[] encodedPublicKey = encodePublicKey(publicKey);
+
+ V2SignatureSchemeBlock.SignedData signedData = new V2SignatureSchemeBlock.SignedData();
+ try {
+ signedData.certificates = encodeCertificates(signerConfig.certificates);
+ } catch (CertificateEncodingException e) {
+ throw new SignatureException("Failed to encode certificates", e);
+ }
+
+ List<Pair<Integer, byte[]>> digests =
+ new ArrayList<>(signerConfig.signatureAlgorithms.size());
+ for (int signatureAlgorithm : signerConfig.signatureAlgorithms) {
+ int contentDigestAlgorithm =
+ getSignatureAlgorithmContentDigestAlgorithm(signatureAlgorithm);
+ byte[] contentDigest = contentDigests.get(contentDigestAlgorithm);
+ if (contentDigest == null) {
+ throw new RuntimeException(
+ getContentDigestAlgorithmJcaDigestAlgorithm(contentDigestAlgorithm)
+ + " content digest for "
+ + getSignatureAlgorithmJcaSignatureAlgorithm(signatureAlgorithm)
+ + " not computed");
+ }
+ digests.add(Pair.create(signatureAlgorithm, contentDigest));
+ }
+ signedData.digests = digests;
+
+ V2SignatureSchemeBlock.Signer signer = new V2SignatureSchemeBlock.Signer();
+ // FORMAT:
+ // * length-prefixed sequence of length-prefixed digests:
+ // * uint32: signature algorithm ID
+ // * length-prefixed bytes: digest of contents
+ // * length-prefixed sequence of certificates:
+ // * length-prefixed bytes: X.509 certificate (ASN.1 DER encoded).
+ // * length-prefixed sequence of length-prefixed additional attributes:
+ // * uint32: ID
+ // * (length - 4) bytes: value
+ signer.signedData = encodeAsSequenceOfLengthPrefixedElements(new byte[][] {
+ encodeAsSequenceOfLengthPrefixedPairsOfIntAndLengthPrefixedBytes(signedData.digests),
+ encodeAsSequenceOfLengthPrefixedElements(signedData.certificates),
+ // additional attributes
+ new byte[0],
+ });
+ signer.publicKey = encodedPublicKey;
+ signer.signatures = new ArrayList<>();
+ for (int signatureAlgorithm : signerConfig.signatureAlgorithms) {
+ Pair<String, ? extends AlgorithmParameterSpec> signatureParams =
+ getSignatureAlgorithmJcaSignatureAlgorithm(signatureAlgorithm);
+ String jcaSignatureAlgorithm = signatureParams.getFirst();
+ AlgorithmParameterSpec jcaSignatureAlgorithmParams = signatureParams.getSecond();
+ byte[] signatureBytes;
+ try {
+ Signature signature = Signature.getInstance(jcaSignatureAlgorithm);
+ signature.initSign(signerConfig.privateKey);
+ if (jcaSignatureAlgorithmParams != null) {
+ signature.setParameter(jcaSignatureAlgorithmParams);
+ }
+ signature.update(signer.signedData);
+ signatureBytes = signature.sign();
+ } catch (InvalidKeyException e) {
+ throw new InvalidKeyException("Failed sign using " + jcaSignatureAlgorithm, e);
+ } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException
+ | SignatureException e) {
+ throw new SignatureException("Failed sign using " + jcaSignatureAlgorithm, e);
+ }
+
+ try {
+ Signature signature = Signature.getInstance(jcaSignatureAlgorithm);
+ signature.initVerify(publicKey);
+ if (jcaSignatureAlgorithmParams != null) {
+ signature.setParameter(jcaSignatureAlgorithmParams);
+ }
+ signature.update(signer.signedData);
+ if (!signature.verify(signatureBytes)) {
+ throw new SignatureException("Signature did not verify");
+ }
+ } catch (InvalidKeyException e) {
+ throw new InvalidKeyException("Failed to verify generated " + jcaSignatureAlgorithm
+ + " signature using public key from certificate", e);
+ } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException
+ | SignatureException e) {
+ throw new SignatureException("Failed to verify generated " + jcaSignatureAlgorithm
+ + " signature using public key from certificate", e);
+ }
+
+ signer.signatures.add(Pair.create(signatureAlgorithm, signatureBytes));
+ }
+
+ // FORMAT:
+ // * length-prefixed signed data
+ // * length-prefixed sequence of length-prefixed signatures:
+ // * uint32: signature algorithm ID
+ // * length-prefixed bytes: signature of signed data
+ // * length-prefixed bytes: public key (X.509 SubjectPublicKeyInfo, ASN.1 DER encoded)
+ return encodeAsSequenceOfLengthPrefixedElements(
+ new byte[][] {
+ signer.signedData,
+ encodeAsSequenceOfLengthPrefixedPairsOfIntAndLengthPrefixedBytes(
+ signer.signatures),
+ signer.publicKey,
+ });
+ }
+
+ private static final class V2SignatureSchemeBlock {
+ private static final class Signer {
+ public byte[] signedData;
+ public List<Pair<Integer, byte[]>> signatures;
+ public byte[] publicKey;
+ }
+
+ private static final class SignedData {
+ public List<Pair<Integer, byte[]>> digests;
+ public List<byte[]> certificates;
+ }
+ }
+
+ private static byte[] encodePublicKey(PublicKey publicKey) throws InvalidKeyException {
+ byte[] encodedPublicKey = null;
+ if ("X.509".equals(publicKey.getFormat())) {
+ encodedPublicKey = publicKey.getEncoded();
+ }
+ if (encodedPublicKey == null) {
+ try {
+ encodedPublicKey =
+ KeyFactory.getInstance(publicKey.getAlgorithm())
+ .getKeySpec(publicKey, X509EncodedKeySpec.class)
+ .getEncoded();
+ } catch (NoSuchAlgorithmException | InvalidKeySpecException e) {
+ throw new InvalidKeyException(
+ "Failed to obtain X.509 encoded form of public key " + publicKey
+ + " of class " + publicKey.getClass().getName(),
+ e);
+ }
+ }
+ if ((encodedPublicKey == null) || (encodedPublicKey.length == 0)) {
+ throw new InvalidKeyException(
+ "Failed to obtain X.509 encoded form of public key " + publicKey
+ + " of class " + publicKey.getClass().getName());
+ }
+ return encodedPublicKey;
+ }
+
+ public static List<byte[]> encodeCertificates(List<X509Certificate> certificates)
+ throws CertificateEncodingException {
+ List<byte[]> result = new ArrayList<>();
+ for (X509Certificate certificate : certificates) {
+ result.add(certificate.getEncoded());
+ }
+ return result;
+ }
+
+ private static byte[] encodeAsSequenceOfLengthPrefixedElements(List<byte[]> sequence) {
+ return encodeAsSequenceOfLengthPrefixedElements(
+ sequence.toArray(new byte[sequence.size()][]));
+ }
+
+ private static byte[] encodeAsSequenceOfLengthPrefixedElements(byte[][] sequence) {
+ int payloadSize = 0;
+ for (byte[] element : sequence) {
+ payloadSize += 4 + element.length;
+ }
+ ByteBuffer result = ByteBuffer.allocate(payloadSize);
+ result.order(ByteOrder.LITTLE_ENDIAN);
+ for (byte[] element : sequence) {
+ result.putInt(element.length);
+ result.put(element);
+ }
+ return result.array();
+ }
+
+ private static byte[] encodeAsSequenceOfLengthPrefixedPairsOfIntAndLengthPrefixedBytes(
+ List<Pair<Integer, byte[]>> sequence) {
+ int resultSize = 0;
+ for (Pair<Integer, byte[]> element : sequence) {
+ resultSize += 12 + element.getSecond().length;
+ }
+ ByteBuffer result = ByteBuffer.allocate(resultSize);
+ result.order(ByteOrder.LITTLE_ENDIAN);
+ for (Pair<Integer, byte[]> element : sequence) {
+ byte[] second = element.getSecond();
+ result.putInt(8 + second.length);
+ result.putInt(element.getFirst());
+ result.putInt(second.length);
+ result.put(second);
+ }
+ return result.array();
+ }
+
+ /**
+ * Relative <em>get</em> method for reading {@code size} number of bytes from the current
+ * position of this buffer.
+ *
+ * <p>This method reads the next {@code size} bytes at this buffer's current position,
+ * returning them as a {@code ByteBuffer} with start set to 0, limit and capacity set to
+ * {@code size}, byte order set to this buffer's byte order; and then increments the position by
+ * {@code size}.
+ */
+ private static ByteBuffer getByteBuffer(ByteBuffer source, int size) {
+ if (size < 0) {
+ throw new IllegalArgumentException("size: " + size);
+ }
+ int originalLimit = source.limit();
+ int position = source.position();
+ int limit = position + size;
+ if ((limit < position) || (limit > originalLimit)) {
+ throw new BufferUnderflowException();
+ }
+ source.limit(limit);
+ try {
+ ByteBuffer result = source.slice();
+ result.order(source.order());
+ source.position(limit);
+ return result;
+ } finally {
+ source.limit(originalLimit);
+ }
+ }
+
+ private static Pair<String, ? extends AlgorithmParameterSpec>
+ getSignatureAlgorithmJcaSignatureAlgorithm(int sigAlgorithm) {
+ switch (sigAlgorithm) {
+ case SIGNATURE_RSA_PSS_WITH_SHA256:
+ return Pair.create(
+ "SHA256withRSA/PSS",
+ new PSSParameterSpec(
+ "SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 256 / 8, 1));
+ case SIGNATURE_RSA_PSS_WITH_SHA512:
+ return Pair.create(
+ "SHA512withRSA/PSS",
+ new PSSParameterSpec(
+ "SHA-512", "MGF1", MGF1ParameterSpec.SHA512, 512 / 8, 1));
+ case SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA256:
+ return Pair.create("SHA256withRSA", null);
+ case SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA512:
+ return Pair.create("SHA512withRSA", null);
+ case SIGNATURE_ECDSA_WITH_SHA256:
+ return Pair.create("SHA256withECDSA", null);
+ case SIGNATURE_ECDSA_WITH_SHA512:
+ return Pair.create("SHA512withECDSA", null);
+ case SIGNATURE_DSA_WITH_SHA256:
+ return Pair.create("SHA256withDSA", null);
+ case SIGNATURE_DSA_WITH_SHA512:
+ return Pair.create("SHA512withDSA", null);
+ default:
+ throw new IllegalArgumentException(
+ "Unknown signature algorithm: 0x"
+ + Long.toHexString(sigAlgorithm & 0xffffffff));
+ }
+ }
+
+ private static int getSignatureAlgorithmContentDigestAlgorithm(int sigAlgorithm) {
+ switch (sigAlgorithm) {
+ case SIGNATURE_RSA_PSS_WITH_SHA256:
+ case SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA256:
+ case SIGNATURE_ECDSA_WITH_SHA256:
+ case SIGNATURE_DSA_WITH_SHA256:
+ return CONTENT_DIGEST_CHUNKED_SHA256;
+ case SIGNATURE_RSA_PSS_WITH_SHA512:
+ case SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA512:
+ case SIGNATURE_ECDSA_WITH_SHA512:
+ case SIGNATURE_DSA_WITH_SHA512:
+ return CONTENT_DIGEST_CHUNKED_SHA512;
+ default:
+ throw new IllegalArgumentException(
+ "Unknown signature algorithm: 0x"
+ + Long.toHexString(sigAlgorithm & 0xffffffff));
+ }
+ }
+
+ private static String getContentDigestAlgorithmJcaDigestAlgorithm(int digestAlgorithm) {
+ switch (digestAlgorithm) {
+ case CONTENT_DIGEST_CHUNKED_SHA256:
+ return "SHA-256";
+ case CONTENT_DIGEST_CHUNKED_SHA512:
+ return "SHA-512";
+ default:
+ throw new IllegalArgumentException(
+ "Unknown content digest algorthm: " + digestAlgorithm);
+ }
+ }
+
+ private static int getContentDigestAlgorithmOutputSizeBytes(int digestAlgorithm) {
+ switch (digestAlgorithm) {
+ case CONTENT_DIGEST_CHUNKED_SHA256:
+ return 256 / 8;
+ case CONTENT_DIGEST_CHUNKED_SHA512:
+ return 512 / 8;
+ default:
+ throw new IllegalArgumentException(
+ "Unknown content digest algorthm: " + digestAlgorithm);
+ }
+ }
+
+ /**
+ * Indicates that APK file could not be parsed.
+ */
+ public static class ApkParseException extends Exception {
+ private static final long serialVersionUID = 1L;
+
+ public ApkParseException(String message) {
+ super(message);
+ }
+
+ public ApkParseException(String message, Throwable cause) {
+ super(message, cause);
+ }
+ }
+}
diff --git a/tools/signapk/src/com/android/signapk/Pair.java b/tools/signapk/src/com/android/signapk/Pair.java
new file mode 100644
index 0000000..e4a6c92
--- /dev/null
+++ b/tools/signapk/src/com/android/signapk/Pair.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.signapk;
+
+/**
+ * Pair of two elements.
+ */
+public final class Pair<A, B> {
+ private final A mFirst;
+ private final B mSecond;
+
+ private Pair(A first, B second) {
+ mFirst = first;
+ mSecond = second;
+ }
+
+ public static <A, B> Pair<A, B> create(A first, B second) {
+ return new Pair<A, B>(first, second);
+ }
+
+ public A getFirst() {
+ return mFirst;
+ }
+
+ public B getSecond() {
+ return mSecond;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + ((mFirst == null) ? 0 : mFirst.hashCode());
+ result = prime * result + ((mSecond == null) ? 0 : mSecond.hashCode());
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj) {
+ return true;
+ }
+ if (obj == null) {
+ return false;
+ }
+ if (getClass() != obj.getClass()) {
+ return false;
+ }
+ @SuppressWarnings("rawtypes")
+ Pair other = (Pair) obj;
+ if (mFirst == null) {
+ if (other.mFirst != null) {
+ return false;
+ }
+ } else if (!mFirst.equals(other.mFirst)) {
+ return false;
+ }
+ if (mSecond == null) {
+ if (other.mSecond != null) {
+ return false;
+ }
+ } else if (!mSecond.equals(other.mSecond)) {
+ return false;
+ }
+ return true;
+ }
+}
diff --git a/tools/signapk/src/com/android/signapk/SignApk.java b/tools/signapk/src/com/android/signapk/SignApk.java
index 1aeff4f..c6ed2e1 100644
--- a/tools/signapk/src/com/android/signapk/SignApk.java
+++ b/tools/signapk/src/com/android/signapk/SignApk.java
@@ -51,13 +51,16 @@
import java.io.OutputStream;
import java.io.PrintStream;
import java.lang.reflect.Constructor;
+import java.nio.ByteBuffer;
import java.security.DigestOutputStream;
import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
import java.security.Key;
import java.security.KeyFactory;
import java.security.MessageDigest;
import java.security.PrivateKey;
import java.security.Provider;
+import java.security.PublicKey;
import java.security.Security;
import java.security.cert.CertificateEncodingException;
import java.security.cert.CertificateFactory;
@@ -68,6 +71,7 @@
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
+import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.TreeMap;
@@ -102,7 +106,8 @@
/**
* Command line tool to sign JAR files (including APKs and OTA updates) in a way
* compatible with the mincrypt verifier, using EC or RSA keys and SHA1 or
- * SHA-256 (see historical note).
+ * SHA-256 (see historical note). The tool can additionally sign APKs using
+ * APK Signature Scheme v2.
*/
class SignApk {
private static final String CERT_SF_NAME = "META-INF/CERT.SF";
@@ -116,6 +121,9 @@
private static final int USE_SHA1 = 1;
private static final int USE_SHA256 = 2;
+ /** Digest algorithm used when signing the APK using APK Signature Scheme v2. */
+ private static final String APK_SIG_SCHEME_V2_DIGEST_ALGORITHM = "SHA-256";
+
/**
* Minimum Android SDK API Level which accepts JAR signatures which use SHA-256. Older platform
* versions accept only SHA-1 signatures.
@@ -414,12 +422,22 @@
/** Write a .SF file with a digest of the specified manifest. */
private static void writeSignatureFile(Manifest manifest, OutputStream out,
- int hash)
+ int hash, boolean additionallySignedUsingAnApkSignatureScheme)
throws IOException, GeneralSecurityException {
Manifest sf = new Manifest();
Attributes main = sf.getMainAttributes();
main.putValue("Signature-Version", "1.0");
main.putValue("Created-By", "1.0 (Android SignApk)");
+ if (additionallySignedUsingAnApkSignatureScheme) {
+ // Add APK Signature Scheme v2 signature stripping protection.
+ // This attribute indicates that this APK is supposed to have been signed using one or
+ // more APK-specific signature schemes in addition to the standard JAR signature scheme
+ // used by this code. APK signature verifier should reject the APK if it does not
+ // contain a signature for the signature scheme the verifier prefers out of this set.
+ main.putValue(
+ ApkSignerV2.SF_ATTRIBUTE_ANDROID_APK_SIGNED_NAME,
+ ApkSignerV2.SF_ATTRIBUTE_ANDROID_APK_SIGNED_VALUE);
+ }
MessageDigest md = MessageDigest.getInstance(
hash == USE_SHA256 ? "SHA256" : "SHA1");
@@ -712,6 +730,7 @@
new X509Certificate[]{ publicKey },
new PrivateKey[]{ privateKey },
minSdkVersion,
+ false, // Don't sign using APK Signature Scheme v2
outputJar);
signer.notifyClosing();
@@ -808,6 +827,7 @@
private static void signFile(Manifest manifest,
X509Certificate[] publicKey, PrivateKey[] privateKey,
int minSdkVersion,
+ boolean additionallySignedUsingAnApkSignatureScheme,
JarOutputStream outputJar)
throws Exception {
// Assume the certificate is valid for at least an hour.
@@ -827,7 +847,11 @@
je.setTime(timestamp);
outputJar.putNextEntry(je);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
- writeSignatureFile(manifest, baos, getDigestAlgorithm(publicKey[k], minSdkVersion));
+ writeSignatureFile(
+ manifest,
+ baos,
+ getDigestAlgorithm(publicKey[k], minSdkVersion),
+ additionallySignedUsingAnApkSignatureScheme);
byte[] signedData = baos.toByteArray();
outputJar.write(signedData);
@@ -895,6 +919,83 @@
Security.insertProviderAt((Provider) o, 1);
}
+ /**
+ * Converts the provided lists of private keys, their X.509 certificates, and digest algorithms
+ * into a list of APK Signature Scheme v2 {@code SignerConfig} instances.
+ */
+ public static List<ApkSignerV2.SignerConfig> createV2SignerConfigs(
+ PrivateKey[] privateKeys, X509Certificate[] certificates, String[] digestAlgorithms)
+ throws InvalidKeyException {
+ if (privateKeys.length != certificates.length) {
+ throw new IllegalArgumentException(
+ "The number of private keys must match the number of certificates: "
+ + privateKeys.length + " vs" + certificates.length);
+ }
+ List<ApkSignerV2.SignerConfig> result = new ArrayList<>(privateKeys.length);
+ for (int i = 0; i < privateKeys.length; i++) {
+ PrivateKey privateKey = privateKeys[i];
+ X509Certificate certificate = certificates[i];
+ PublicKey publicKey = certificate.getPublicKey();
+ String keyAlgorithm = privateKey.getAlgorithm();
+ if (!keyAlgorithm.equalsIgnoreCase(publicKey.getAlgorithm())) {
+ throw new InvalidKeyException(
+ "Key algorithm of private key #" + (i + 1) + " does not match key"
+ + " algorithm of public key #" + (i + 1) + ": " + keyAlgorithm
+ + " vs " + publicKey.getAlgorithm());
+ }
+ ApkSignerV2.SignerConfig signerConfig = new ApkSignerV2.SignerConfig();
+ signerConfig.privateKey = privateKey;
+ signerConfig.certificates = Collections.singletonList(certificate);
+ List<Integer> signatureAlgorithms = new ArrayList<>(digestAlgorithms.length);
+ for (String digestAlgorithm : digestAlgorithms) {
+ try {
+ signatureAlgorithms.add(
+ getV2SignatureAlgorithm(keyAlgorithm, digestAlgorithm));
+ } catch (IllegalArgumentException e) {
+ throw new InvalidKeyException(
+ "Unsupported key and digest algorithm combination for signer #"
+ + (i + 1),
+ e);
+ }
+ }
+ signerConfig.signatureAlgorithms = signatureAlgorithms;
+ result.add(signerConfig);
+ }
+ return result;
+ }
+
+ private static int getV2SignatureAlgorithm(String keyAlgorithm, String digestAlgorithm) {
+ if ("SHA-256".equalsIgnoreCase(digestAlgorithm)) {
+ if ("RSA".equalsIgnoreCase(keyAlgorithm)) {
+ // Use RSASSA-PKCS1-v1_5 signature scheme instead of RSASSA-PSS to guarantee
+ // deterministic signatures which make life easier for OTA updates (fewer files
+ // changed when deterministic signature schemes are used).
+ return ApkSignerV2.SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA256;
+ } else if ("EC".equalsIgnoreCase(keyAlgorithm)) {
+ return ApkSignerV2.SIGNATURE_ECDSA_WITH_SHA256;
+ } else if ("DSA".equalsIgnoreCase(keyAlgorithm)) {
+ return ApkSignerV2.SIGNATURE_DSA_WITH_SHA256;
+ } else {
+ throw new IllegalArgumentException("Unsupported key algorithm: " + keyAlgorithm);
+ }
+ } else if ("SHA-512".equalsIgnoreCase(digestAlgorithm)) {
+ if ("RSA".equalsIgnoreCase(keyAlgorithm)) {
+ // Use RSASSA-PKCS1-v1_5 signature scheme instead of RSASSA-PSS to guarantee
+ // deterministic signatures which make life easier for OTA updates (fewer files
+ // changed when deterministic signature schemes are used).
+ return ApkSignerV2.SIGNATURE_RSA_PKCS1_V1_5_WITH_SHA512;
+ } else if ("EC".equalsIgnoreCase(keyAlgorithm)) {
+ return ApkSignerV2.SIGNATURE_ECDSA_WITH_SHA512;
+ } else if ("DSA".equalsIgnoreCase(keyAlgorithm)) {
+ return ApkSignerV2.SIGNATURE_DSA_WITH_SHA512;
+ } else {
+ throw new IllegalArgumentException("Unsupported key algorithm: " + keyAlgorithm);
+ }
+ } else {
+ throw new IllegalArgumentException("Unsupported digest algorithm: " + digestAlgorithm);
+ }
+ }
+
private static void usage() {
System.err.println("Usage: signapk [-w] " +
"[-a <alignment>] " +
@@ -922,6 +1023,7 @@
String providerClass = null;
int alignment = 4;
int minSdkVersion = 0;
+ boolean signUsingApkSignatureSchemeV2 = true;
int argstart = 0;
while (argstart < args.length && args[argstart].startsWith("-")) {
@@ -947,6 +1049,7 @@
}
++argstart;
} else if ("--disable-v2".equals(args[argstart])) {
+ signUsingApkSignatureSchemeV2 = false;
++argstart;
} else {
usage();
@@ -998,25 +1101,56 @@
outputFile = new FileOutputStream(outputFilename);
-
+ // NOTE: Signing currently recompresses any compressed entries using Deflate (default
+ // compression level for OTA update files and maximum compession level for APKs).
if (signWholeFile) {
SignApk.signWholeFile(inputJar, firstPublicKeyFile,
publicKey[0], privateKey[0], minSdkVersion, outputFile);
} else {
- JarOutputStream outputJar = new JarOutputStream(outputFile);
-
- // For signing .apks, use the maximum compression to make
- // them as small as possible (since they live forever on
- // the system partition). For OTA packages, use the
- // default compression level, which is much much faster
- // and produces output that is only a tiny bit larger
- // (~0.1% on full OTA packages I tested).
+ // Generate, in memory, an APK signed using standard JAR Signature Scheme.
+ ByteArrayOutputStream v1SignedApkBuf = new ByteArrayOutputStream();
+ JarOutputStream outputJar = new JarOutputStream(v1SignedApkBuf);
+ // Use maximum compression for compressed entries because the APK lives forever on
+ // the system partition.
outputJar.setLevel(9);
-
Manifest manifest = addDigestsToManifest(inputJar, hashes);
copyFiles(manifest, inputJar, outputJar, timestamp, alignment);
- signFile(manifest, publicKey, privateKey, minSdkVersion, outputJar);
+ signFile(
+ manifest,
+ publicKey, privateKey, minSdkVersion, signUsingApkSignatureSchemeV2,
+ outputJar);
outputJar.close();
+ ByteBuffer v1SignedApk = ByteBuffer.wrap(v1SignedApkBuf.toByteArray());
+ v1SignedApkBuf.reset();
+
+ ByteBuffer[] outputChunks;
+ if (signUsingApkSignatureSchemeV2) {
+ // Additionally sign the APK using the APK Signature Scheme v2.
+ ByteBuffer apkContents = v1SignedApk;
+ List<ApkSignerV2.SignerConfig> signerConfigs =
+ createV2SignerConfigs(
+ privateKey,
+ publicKey,
+ new String[] {APK_SIG_SCHEME_V2_DIGEST_ALGORITHM});
+ outputChunks = ApkSignerV2.sign(apkContents, signerConfigs);
+ } else {
+ // Output the JAR-signed APK as is.
+ outputChunks = new ByteBuffer[] {v1SignedApk};
+ }
+
+ // This assumes outputChunks are array-backed. To avoid this assumption, the
+ // code could be rewritten to use FileChannel.
+ for (ByteBuffer outputChunk : outputChunks) {
+ outputFile.write(
+ outputChunk.array(),
+ outputChunk.arrayOffset() + outputChunk.position(),
+ outputChunk.remaining());
+ outputChunk.position(outputChunk.limit());
+ }
+
+ outputFile.close();
+ outputFile = null;
+ return;
}
} catch (Exception e) {
e.printStackTrace();
diff --git a/tools/signapk/src/com/android/signapk/ZipUtils.java b/tools/signapk/src/com/android/signapk/ZipUtils.java
new file mode 100644
index 0000000..b9a17ca
--- /dev/null
+++ b/tools/signapk/src/com/android/signapk/ZipUtils.java
@@ -0,0 +1,163 @@
+/*
+ * Copyright (C) 2016 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.android.signapk;
+
+import java.nio.ByteBuffer;
+import java.nio.ByteOrder;
+
+/**
+ * Assorted ZIP format helpers.
+ *
+ * <p>NOTE: Most helper methods operating on {@code ByteBuffer} instances expect that the byte
+ * order of these buffers is little-endian.
+ */
+public abstract class ZipUtils {
+ private ZipUtils() {}
+
+ private static final int ZIP_EOCD_REC_MIN_SIZE = 22;
+ private static final int ZIP_EOCD_REC_SIG = 0x06054b50;
+ private static final int ZIP_EOCD_CENTRAL_DIR_SIZE_FIELD_OFFSET = 12;
+ private static final int ZIP_EOCD_CENTRAL_DIR_OFFSET_FIELD_OFFSET = 16;
+ private static final int ZIP_EOCD_COMMENT_LENGTH_FIELD_OFFSET = 20;
+
+ private static final int ZIP64_EOCD_LOCATOR_SIZE = 20;
+ private static final int ZIP64_EOCD_LOCATOR_SIG = 0x07064b50;
+
+ private static final int UINT32_MAX_VALUE = 0xffff;
+
+ /**
+ * Returns the position at which ZIP End of Central Directory record starts in the provided
+ * buffer or {@code -1} if the record is not present.
+ *
+ * <p>NOTE: Byte order of {@code zipContents} must be little-endian.
+ */
+ public static int findZipEndOfCentralDirectoryRecord(ByteBuffer zipContents) {
+ assertByteOrderLittleEndian(zipContents);
+
+ // ZIP End of Central Directory (EOCD) record is located at the very end of the ZIP archive.
+ // The record can be identified by its 4-byte signature/magic which is located at the very
+ // beginning of the record. A complication is that the record is variable-length because of
+ // the comment field.
+ // The algorithm for locating the ZIP EOCD record is as follows. We search backwards from
+ // end of the buffer for the EOCD record signature. Whenever we find a signature, we check
+ // the candidate record's comment length is such that the remainder of the record takes up
+ // exactly the remaining bytes in the buffer. The search is bounded because the maximum
+ // size of the comment field is 65535 bytes because the field is an unsigned 32-bit number.
+
+ int archiveSize = zipContents.capacity();
+ if (archiveSize < ZIP_EOCD_REC_MIN_SIZE) {
+ System.out.println("File size smaller than EOCD min size");
+ return -1;
+ }
+ int maxCommentLength = Math.min(archiveSize - ZIP_EOCD_REC_MIN_SIZE, UINT32_MAX_VALUE);
+ int eocdWithEmptyCommentStartPosition = archiveSize - ZIP_EOCD_REC_MIN_SIZE;
+ for (int expectedCommentLength = 0; expectedCommentLength < maxCommentLength;
+ expectedCommentLength++) {
+ int eocdStartPos = eocdWithEmptyCommentStartPosition - expectedCommentLength;
+ if (zipContents.getInt(eocdStartPos) == ZIP_EOCD_REC_SIG) {
+ int actualCommentLength =
+ getUnsignedInt16(
+ zipContents, eocdStartPos + ZIP_EOCD_COMMENT_LENGTH_FIELD_OFFSET);
+ if (actualCommentLength == expectedCommentLength) {
+ return eocdStartPos;
+ }
+ }
+ }
+
+ return -1;
+ }
+
+ /**
+ * Returns {@code true} if the provided buffer contains a ZIP64 End of Central Directory
+ * Locator.
+ *
+ * <p>NOTE: Byte order of {@code zipContents} must be little-endian.
+ */
+ public static final boolean isZip64EndOfCentralDirectoryLocatorPresent(
+ ByteBuffer zipContents, int zipEndOfCentralDirectoryPosition) {
+ assertByteOrderLittleEndian(zipContents);
+
+ // ZIP64 End of Central Directory Locator immediately precedes the ZIP End of Central
+ // Directory Record.
+
+ int locatorPosition = zipEndOfCentralDirectoryPosition - ZIP64_EOCD_LOCATOR_SIZE;
+ if (locatorPosition < 0) {
+ return false;
+ }
+
+ return zipContents.getInt(locatorPosition) == ZIP64_EOCD_LOCATOR_SIG;
+ }
+
+ /**
+ * Returns the offset of the start of the ZIP Central Directory in the archive.
+ *
+ * <p>NOTE: Byte order of {@code zipEndOfCentralDirectory} must be little-endian.
+ */
+ public static long getZipEocdCentralDirectoryOffset(ByteBuffer zipEndOfCentralDirectory) {
+ assertByteOrderLittleEndian(zipEndOfCentralDirectory);
+ return getUnsignedInt32(
+ zipEndOfCentralDirectory,
+ zipEndOfCentralDirectory.position() + ZIP_EOCD_CENTRAL_DIR_OFFSET_FIELD_OFFSET);
+ }
+
+ /**
+ * Sets the offset of the start of the ZIP Central Directory in the archive.
+ *
+ * <p>NOTE: Byte order of {@code zipEndOfCentralDirectory} must be little-endian.
+ */
+ public static void setZipEocdCentralDirectoryOffset(
+ ByteBuffer zipEndOfCentralDirectory, long offset) {
+ assertByteOrderLittleEndian(zipEndOfCentralDirectory);
+ setUnsignedInt32(
+ zipEndOfCentralDirectory,
+ zipEndOfCentralDirectory.position() + ZIP_EOCD_CENTRAL_DIR_OFFSET_FIELD_OFFSET,
+ offset);
+ }
+
+ /**
+ * Returns the size (in bytes) of the ZIP Central Directory.
+ *
+ * <p>NOTE: Byte order of {@code zipEndOfCentralDirectory} must be little-endian.
+ */
+ public static long getZipEocdCentralDirectorySizeBytes(ByteBuffer zipEndOfCentralDirectory) {
+ assertByteOrderLittleEndian(zipEndOfCentralDirectory);
+ return getUnsignedInt32(
+ zipEndOfCentralDirectory,
+ zipEndOfCentralDirectory.position() + ZIP_EOCD_CENTRAL_DIR_SIZE_FIELD_OFFSET);
+ }
+
+ private static void assertByteOrderLittleEndian(ByteBuffer buffer) {
+ if (buffer.order() != ByteOrder.LITTLE_ENDIAN) {
+ throw new IllegalArgumentException("ByteBuffer byte order must be little endian");
+ }
+ }
+
+ private static int getUnsignedInt16(ByteBuffer buffer, int offset) {
+ return buffer.getShort(offset) & 0xffff;
+ }
+
+ private static long getUnsignedInt32(ByteBuffer buffer, int offset) {
+ return buffer.getInt(offset) & 0xffffffffL;
+ }
+
+ private static void setUnsignedInt32(ByteBuffer buffer, int offset, long value) {
+ if ((value < 0) || (value > 0xffffffffL)) {
+ throw new IllegalArgumentException("uint32 value of out range: " + value);
+ }
+ buffer.putInt(buffer.position() + offset, (int) value);
+ }
+}