Updated v4 signature processing.
Passing to libincfs.so.
Obtaining and verifying, including v3 digest check.
go/apk-v4-signature-format
Test: atest PackageManagerShellCommandTest
Bug: b/151241461
Change-Id: Id61f5716b9f9b55d6ab1ebca5a7ecb1c6e54570a
diff --git a/services/core/jni/com_android_server_pm_PackageManagerShellCommandDataLoader.cpp b/services/core/jni/com_android_server_pm_PackageManagerShellCommandDataLoader.cpp
index 6f9d012..b96fbf5 100644
--- a/services/core/jni/com_android_server_pm_PackageManagerShellCommandDataLoader.cpp
+++ b/services/core/jni/com_android_server_pm_PackageManagerShellCommandDataLoader.cpp
@@ -172,26 +172,25 @@
BlockHeader readHeader(std::span<uint8_t>& data);
-static inline int32_t readBEInt32(borrowed_fd fd) {
+static inline int32_t readLEInt32(borrowed_fd fd) {
int32_t result;
ReadFully(fd, &result, sizeof(result));
- result = int32_t(be32toh(result));
+ result = int32_t(le32toh(result));
return result;
}
static inline std::vector<char> readBytes(borrowed_fd fd) {
- int32_t size = readBEInt32(fd);
+ int32_t size = readLEInt32(fd);
std::vector<char> result(size);
ReadFully(fd, result.data(), size);
return result;
}
static inline int32_t skipIdSigHeaders(borrowed_fd fd) {
- readBEInt32(fd); // version
- readBytes(fd); // verityRootHash
- readBytes(fd); // v3Digest
- readBytes(fd); // pkcs7SignatureBlock
- return readBEInt32(fd); // size of the verity tree
+ readLEInt32(fd); // version
+ readBytes(fd); // hashingInfo
+ readBytes(fd); // signingInfo
+ return readLEInt32(fd); // size of the verity tree
}
static inline IncFsSize verityTreeSizeForFile(IncFsSize fileSize) {
diff --git a/services/incremental/BinderIncrementalService.cpp b/services/incremental/BinderIncrementalService.cpp
index 3fcb57a..2dbbc5a 100644
--- a/services/incremental/BinderIncrementalService.cpp
+++ b/services/incremental/BinderIncrementalService.cpp
@@ -178,15 +178,9 @@
nfp.size = params.size;
nfp.metadata = {(const char*)params.metadata.data(), (IncFsSize)params.metadata.size()};
if (!params.signature) {
- nfp.verification = {};
+ nfp.signature = {};
} else {
- nfp.verification.hashAlgorithm = IncFsHashAlgortithm(params.signature->hashAlgorithm);
- nfp.verification.rootHash = {(const char*)params.signature->rootHash.data(),
- (IncFsSize)params.signature->rootHash.size()};
- nfp.verification.additionalData = {(const char*)params.signature->additionalData.data(),
- (IncFsSize)params.signature->additionalData.size()};
- nfp.verification.signature = {(const char*)params.signature->signature.data(),
- (IncFsSize)params.signature->signature.size()};
+ nfp.signature = {(const char*)params.signature->data(), (IncFsSize)params.signature->size()};
}
return {0, id, nfp};
}
diff --git a/services/incremental/IncrementalService.cpp b/services/incremental/IncrementalService.cpp
index cccd0133..7275936 100644
--- a/services/incremental/IncrementalService.cpp
+++ b/services/incremental/IncrementalService.cpp
@@ -1155,7 +1155,7 @@
// Create new lib file without signature info
incfs::NewFileParams libFileParams{};
libFileParams.size = uncompressedLen;
- libFileParams.verification.hashAlgorithm = INCFS_HASH_NONE;
+ libFileParams.signature = {};
// Metadata of the new lib file is its relative path
IncFsSpan libFileMetadata;
libFileMetadata.data = targetLibPath.c_str();