sign_apex.py respects hash algorithm (b3a5402d) · Commits · e / os / android_build

tools/releasetools/apex_utils.py

+8 −6

Original line number	Original line	Diff line number	Diff line
	@@ -169,7 +169,7 @@ class ApexApkSigner(object):


	def SignApexPayload(avbtool, payload_file, payload_key_path, payload_key_name,		def SignApexPayload(avbtool, payload_file, payload_key_path, payload_key_name,
	algorithm, salt, no_hashtree, signing_args=None):		algorithm, salt, hash_algorithm, no_hashtree, signing_args=None):
	"""Signs a given payload_file with the payload key."""		"""Signs a given payload_file with the payload key."""
	# Add the new footer. Old footer, if any, will be replaced by avbtool.		# Add the new footer. Old footer, if any, will be replaced by avbtool.
	cmd = [avbtool, 'add_hashtree_footer',		cmd = [avbtool, 'add_hashtree_footer',
	@@ -178,7 +178,8 @@ def SignApexPayload(avbtool, payload_file, payload_key_path, payload_key_name,
	'--key', payload_key_path,		'--key', payload_key_path,
	'--prop', 'apex.key:{}'.format(payload_key_name),		'--prop', 'apex.key:{}'.format(payload_key_name),
	'--image', payload_file,		'--image', payload_file,
	'--salt', salt]		'--salt', salt,
			'--hash_algorithm', hash_algorithm]
	if no_hashtree:		if no_hashtree:
	cmd.append('--no_hashtree')		cmd.append('--no_hashtree')
	if signing_args:		if signing_args:
	@@ -235,11 +236,11 @@ def ParseApexPayloadInfo(avbtool, payload_path):
	'Failed to get APEX payload info for {}:\n{}'.format(		'Failed to get APEX payload info for {}:\n{}'.format(
	payload_path, e))		payload_path, e))

	# Extract the Algorithm / Salt / Prop info / Tree size from payload (i.e. an		# Extract the Algorithm / Hash Algorithm / Salt / Prop info / Tree size from
	# image signed with avbtool). For example,		# payload (i.e. an image signed with avbtool). For example,
	# Algorithm: SHA256_RSA4096		# Algorithm: SHA256_RSA4096
	PAYLOAD_INFO_PATTERN = (		PAYLOAD_INFO_PATTERN = (
	r'^\s(?P<key>Algorithm\|Salt\|Prop\|Tree Size)\:\s(?P<value>.*?)$')		r'^\s(?P<key>Algorithm\|Hash Algorithm\|Salt\|Prop\|Tree Size)\:\s(?P<value>.*?)$')
	payload_info_matcher = re.compile(PAYLOAD_INFO_PATTERN)		payload_info_matcher = re.compile(PAYLOAD_INFO_PATTERN)

	payload_info = {}		payload_info = {}
	@@ -273,7 +274,7 @@ def ParseApexPayloadInfo(avbtool, payload_path):
	payload_info[key] = value		payload_info[key] = value

	# Sanity check.		# Sanity check.
	for key in ('Algorithm', 'Salt', 'apex.key'):		for key in ('Algorithm', 'Salt', 'apex.key', 'Hash Algorithm'):
	if key not in payload_info:		if key not in payload_info:
	raise ApexInfoError(		raise ApexInfoError(
	'Failed to find {} prop in {}'.format(key, payload_path))		'Failed to find {} prop in {}'.format(key, payload_path))
	@@ -326,6 +327,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw,
	payload_info['apex.key'],		payload_info['apex.key'],
	payload_info['Algorithm'],		payload_info['Algorithm'],
	payload_info['Salt'],		payload_info['Salt'],
			payload_info['Hash Algorithm'],
	no_hashtree,		no_hashtree,
	signing_args)		signing_args)

tools/releasetools/test_apex_utils.py

+8 −6

Original line number	Original line	Diff line number	Diff line
	@@ -50,11 +50,12 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
	payload_file = self._GetTestPayload()		payload_file = self._GetTestPayload()
	apex_utils.SignApexPayload(		apex_utils.SignApexPayload(
	'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',		'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
	self.SALT, no_hashtree=True)		self.SALT, 'sha256', no_hashtree=True)
	payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)		payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
	self.assertEqual('SHA256_RSA2048', payload_info['Algorithm'])		self.assertEqual('SHA256_RSA2048', payload_info['Algorithm'])
	self.assertEqual(self.SALT, payload_info['Salt'])		self.assertEqual(self.SALT, payload_info['Salt'])
	self.assertEqual('testkey', payload_info['apex.key'])		self.assertEqual('testkey', payload_info['apex.key'])
			self.assertEqual('sha256', payload_info['Hash Algorithm'])
	self.assertEqual('0 bytes', payload_info['Tree Size'])		self.assertEqual('0 bytes', payload_info['Tree Size'])

	@test_utils.SkipIfExternalToolsUnavailable()		@test_utils.SkipIfExternalToolsUnavailable()
	@@ -62,7 +63,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
	payload_file = self._GetTestPayload()		payload_file = self._GetTestPayload()
	apex_utils.SignApexPayload(		apex_utils.SignApexPayload(
	'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',		'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
	self.SALT, no_hashtree=True)		self.SALT, 'sha256', no_hashtree=True)
	apex_utils.VerifyApexPayload(		apex_utils.VerifyApexPayload(
	'avbtool', payload_file, self.payload_key, True)		'avbtool', payload_file, self.payload_key, True)

	@@ -71,7 +72,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
	payload_file = self._GetTestPayload()		payload_file = self._GetTestPayload()
	apex_utils.SignApexPayload(		apex_utils.SignApexPayload(
	'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',		'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
	self.SALT, no_hashtree=False)		self.SALT, 'sha256', no_hashtree=False)
	apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key)		apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key)
	payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)		payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
	self.assertEqual('4096 bytes', payload_info['Tree Size'])		self.assertEqual('4096 bytes', payload_info['Tree Size'])
	@@ -81,7 +82,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
	payload_file = self._GetTestPayload()		payload_file = self._GetTestPayload()
	apex_utils.SignApexPayload(		apex_utils.SignApexPayload(
	'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',		'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
	self.SALT, no_hashtree=True)		self.SALT, 'sha256', no_hashtree=True)
	apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key,		apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key,
	no_hashtree=True)		no_hashtree=True)
	payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)		payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
	@@ -98,7 +99,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
	'avbtool',		'avbtool',
	payload_file,		payload_file,
	self.payload_key,		self.payload_key,
	'testkey', 'SHA256_RSA2048', self.SALT,		'testkey', 'SHA256_RSA2048', self.SALT, 'sha256',
	True,		True,
	payload_signer_args)		payload_signer_args)
	apex_utils.VerifyApexPayload(		apex_utils.VerifyApexPayload(
	@@ -115,6 +116,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
	'testkey',		'testkey',
	'SHA256_RSA2048',		'SHA256_RSA2048',
	self.SALT,		self.SALT,
			'sha256',
	no_hashtree=True)		no_hashtree=True)

	@test_utils.SkipIfExternalToolsUnavailable()		@test_utils.SkipIfExternalToolsUnavailable()
	@@ -122,7 +124,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
	payload_file = self._GetTestPayload()		payload_file = self._GetTestPayload()
	apex_utils.SignApexPayload(		apex_utils.SignApexPayload(
	'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',		'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
	self.SALT, True)		self.SALT, 'sha256', True)
	apex_utils.VerifyApexPayload(		apex_utils.VerifyApexPayload(
	'avbtool', payload_file, self.payload_key, True)		'avbtool', payload_file, self.payload_key, True)
	self.assertRaises(		self.assertRaises(