Updated v4 signature processing.
Passing to libincfs.so.
Obtaining and verifying, including v3 digest check.
go/apk-v4-signature-format
Test: atest PackageManagerShellCommandTest
Bug: b/151241461
Change-Id: Id61f5716b9f9b55d6ab1ebca5a7ecb1c6e54570a
diff --git a/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java b/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java
index abd04cc..79eb9f6 100644
--- a/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java
+++ b/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java
@@ -16,6 +16,8 @@
package android.util.apk;
+import static android.util.apk.ApkSigningBlockUtils.CONTENT_DIGEST_CHUNKED_SHA256;
+import static android.util.apk.ApkSigningBlockUtils.CONTENT_DIGEST_CHUNKED_SHA512;
import static android.util.apk.ApkSigningBlockUtils.CONTENT_DIGEST_VERITY_CHUNKED_SHA256;
import static android.util.apk.ApkSigningBlockUtils.compareSignatureAlgorithm;
import static android.util.apk.ApkSigningBlockUtils.getContentDigestAlgorithmJcaDigestAlgorithm;
@@ -211,6 +213,12 @@
verityDigest, apk.length(), signatureInfo);
}
+ if (contentDigests.containsKey(CONTENT_DIGEST_CHUNKED_SHA512)) {
+ result.digest = contentDigests.get(CONTENT_DIGEST_CHUNKED_SHA512);
+ } else if (contentDigests.containsKey(CONTENT_DIGEST_CHUNKED_SHA256)) {
+ result.digest = contentDigests.get(CONTENT_DIGEST_CHUNKED_SHA256);
+ }
+
return result;
}
@@ -568,6 +576,7 @@
public final VerifiedProofOfRotation por;
public byte[] verityRootHash;
+ public byte[] digest;
public VerifiedSigner(X509Certificate[] certs, VerifiedProofOfRotation por) {
this.certs = certs;