Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 67096e08 authored by Daniel Cashman's avatar Daniel Cashman Committed by Dan Cashman
Browse files

Add APK Signature Scheme v3. 

Add ApkSignatureSchemeV3Verifier to enable APKs to be signed with
the new signature scheme.  Update the ApkSignatureVerifier to process
the results, but only pass on what's needed for the existing interface.

In the process, move the ApkSignatureSchemeV2 code into a common
area for use by any scheme that makes use of the APK Signature Block.

The primary purpose of APK Signature Scheme v3 is to enable applications
to rotate their signing key.  This is accomplished by augmenting APK
Signature Scheme v2 to also include a new Proof-of-rotation struct, which
is fundamentally a singly linked list where each of the APK's signing
certificates is included in order, along with a signature over the next
certificate.  Thus, each certificate contains proof that the private key
corresponding to the previous one blessed it.  This provides evidence to
the platform that the new signing certificate should be as trusted as
the previously trusted one.  This structure also includes some flags for
each certificate to indicate to the platform how the APK itself would
like to interract/trust the old certificates.

Bug: 64686581
Test: Builds, boots, passes
      android.appsecurity.cts.PkgInstallSignatureVerificationTest
Change-Id: I0f98ff13950af78f5d9b269f80d13af8891f7a2d
parent dc4cb146

core/java/android/util/apk/ApkSignatureSchemeV2Verifier.java

+59 −780

File changed.

Preview size limit exceeded, changes collapsed.

core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java

0 → 100644
+543 −0

File added.

Preview size limit exceeded, changes collapsed.

core/java/android/util/apk/ApkSignatureVerifier.java

+94 −1

File changed.

Preview size limit exceeded, changes collapsed.

core/java/android/util/apk/ApkSigningBlockUtils.java

0 → 100644
+663 −0

File added.

Preview size limit exceeded, changes collapsed.

core/java/android/util/apk/VerbatimX509Certificate.java

0 → 100644
+38 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2018 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



package android.util.apk;



import java.security.cert.CertificateEncodingException;

import java.security.cert.X509Certificate;



/**

 * For legacy reasons we need to return exactly the original encoded certificate bytes, instead

 * of letting the underlying implementation have a shot at re-encoding the data.

 */

class VerbatimX509Certificate extends WrappedX509Certificate {

    private final byte[] mEncodedVerbatim;



    VerbatimX509Certificate(X509Certificate wrapped, byte[] encodedVerbatim) {

        super(wrapped);

        this.mEncodedVerbatim = encodedVerbatim;

    }



    @Override

    public byte[] getEncoded() throws CertificateEncodingException {

        return mEncodedVerbatim;

    }

}