8d1553b9b1be06100ce4f4cc4c8c5088b48995a2 |
|
21-Apr-2018 |
Victor Hsieh <victorhsieh@google.com> |
Verify best signature algorithms of all signers The previous implementation does not verify signature algorithms of all signers. It's possible that the attacker can take an old apk (with digest and signature of old algorithm) and add their own signer block with new/P digest and signature. In this case, the old implementation only verifies the attacker's signature, thus the attacker can change apk content easily. The solution here is to verify digests of all best signature algorithms by all signers. It is expected to increase verification time, if the apk does have multiple signers with different type of digests. Test: apks still install Bug: 78359754 Change-Id: I607edf219c25a2a7adfa27a21a94e9bfefbb6cec Merged-In: I607edf219c25a2a7adfa27a21a94e9bfefbb6cec (cherry picked from commit 2f2ced93e3176d71dbd23e7f71a3d78b6dc09830)
/frameworks/base/core/java/android/util/apk/ApkSigningBlockUtils.java
|
4ba1eeaa0e0468131da08a5c5f461361cac79ff1 |
|
02-Mar-2018 |
Victor Hsieh <victorhsieh@google.com> |
Verify the content length in the verity digest When generating digest for verity, for the last incomplete 4k chunk, the data is padded with 0s. This implies that we can not tell from the digest whether the file contains 0 or not, or how many 0s. Since the verity hash is used by the kernel, the definition cannot be change. Instead, the actual hashed content length is appended to the original digest and is verified before used. Also uprev algorithm IDs. Test: use new apksigner to sign an apk, apk can be installed on device Bug: 30972906 Change-Id: I382af6e4090c7dc3f92d5acb5ac5d02d1f496992
/frameworks/base/core/java/android/util/apk/ApkSigningBlockUtils.java
|
3a0032f30fe34e1f70d67f12af87a7c960ad8110 |
|
21-Feb-2018 |
Victor Hsieh <victorhsieh@google.com> |
Change verity hash algorithm to pad the last chunk As the result, all existing cases takes complete chunk for hashing. Also bump to version number. Test: without also bumping the version, apk with 0x401 hash won't install Test: apk with 0x411 hash installs Bug: 30972906 Change-Id: I48c15c886ac6eab4512f1b2b9744b07e746c6211
/frameworks/base/core/java/android/util/apk/ApkSigningBlockUtils.java
|
07bc80c51b1c099bd1ac5f3056ae739778753af1 |
|
12-Jan-2018 |
Victor Hsieh <victorhsieh@google.com> |
ApkSignatureVerifier: expose verity interfaces Test: the verity install request goes through to installd Bug: 30972906 Change-Id: I3683d6483880291200cd963b7aa4da81c8097724
/frameworks/base/core/java/android/util/apk/ApkSigningBlockUtils.java
|
4acad4c01406c50902733e7a70503c06f0d54dbb |
|
04-Jan-2018 |
Victor Hsieh <victorhsieh@google.com> |
Support 4k chunk based signature algorithms This change makes APK signature verifier accept the 4k-based signature algorithms. Test: build, install apk with such algorithm by apksig Bug: 30972906 Change-Id: I90f32a6779f258605668e44f0d66f53e6890cfa7
/frameworks/base/core/java/android/util/apk/ApkSigningBlockUtils.java
|
67096e08a72beea85979a3aa9fc5b376b2c2b5ad |
|
28-Dec-2017 |
Daniel Cashman <dcashman@google.com> |
Add APK Signature Scheme v3. Add ApkSignatureSchemeV3Verifier to enable APKs to be signed with the new signature scheme. Update the ApkSignatureVerifier to process the results, but only pass on what's needed for the existing interface. In the process, move the ApkSignatureSchemeV2 code into a common area for use by any scheme that makes use of the APK Signature Block. The primary purpose of APK Signature Scheme v3 is to enable applications to rotate their signing key. This is accomplished by augmenting APK Signature Scheme v2 to also include a new Proof-of-rotation struct, which is fundamentally a singly linked list where each of the APK's signing certificates is included in order, along with a signature over the next certificate. Thus, each certificate contains proof that the private key corresponding to the previous one blessed it. This provides evidence to the platform that the new signing certificate should be as trusted as the previously trusted one. This structure also includes some flags for each certificate to indicate to the platform how the APK itself would like to interract/trust the old certificates. Bug: 64686581 Test: Builds, boots, passes android.appsecurity.cts.PkgInstallSignatureVerificationTest Change-Id: I0f98ff13950af78f5d9b269f80d13af8891f7a2d
/frameworks/base/core/java/android/util/apk/ApkSigningBlockUtils.java
|