Merge "sign_apex.py respects hash algorithm"
This commit is contained in:
Treehugger Robot
Gerrit Code Review
commit
ed67178e4a
|
|
@ -169,7 +169,7 @@ class ApexApkSigner(object):
|
|||
|
||||
|
||||
def SignApexPayload(avbtool, payload_file, payload_key_path, payload_key_name,
|
||||
algorithm, salt, no_hashtree, signing_args=None):
|
||||
algorithm, salt, hash_algorithm, no_hashtree, signing_args=None):
|
||||
"""Signs a given payload_file with the payload key."""
|
||||
# Add the new footer. Old footer, if any, will be replaced by avbtool.
|
||||
cmd = [avbtool, 'add_hashtree_footer',
|
||||
|
|
@ -178,7 +178,8 @@ def SignApexPayload(avbtool, payload_file, payload_key_path, payload_key_name,
|
|||
'--key', payload_key_path,
|
||||
'--prop', 'apex.key:{}'.format(payload_key_name),
|
||||
'--image', payload_file,
|
||||
'--salt', salt]
|
||||
'--salt', salt,
|
||||
'--hash_algorithm', hash_algorithm]
|
||||
if no_hashtree:
|
||||
cmd.append('--no_hashtree')
|
||||
if signing_args:
|
||||
|
|
@ -235,11 +236,11 @@ def ParseApexPayloadInfo(avbtool, payload_path):
|
|||
'Failed to get APEX payload info for {}:\n{}'.format(
|
||||
payload_path, e))
|
||||
|
||||
# Extract the Algorithm / Salt / Prop info / Tree size from payload (i.e. an
|
||||
# image signed with avbtool). For example,
|
||||
# Extract the Algorithm / Hash Algorithm / Salt / Prop info / Tree size from
|
||||
# payload (i.e. an image signed with avbtool). For example,
|
||||
# Algorithm: SHA256_RSA4096
|
||||
PAYLOAD_INFO_PATTERN = (
|
||||
r'^\s*(?P<key>Algorithm|Salt|Prop|Tree Size)\:\s*(?P<value>.*?)$')
|
||||
r'^\s*(?P<key>Algorithm|Hash Algorithm|Salt|Prop|Tree Size)\:\s*(?P<value>.*?)$')
|
||||
payload_info_matcher = re.compile(PAYLOAD_INFO_PATTERN)
|
||||
|
||||
payload_info = {}
|
||||
|
|
@ -273,7 +274,7 @@ def ParseApexPayloadInfo(avbtool, payload_path):
|
|||
payload_info[key] = value
|
||||
|
||||
# Sanity check.
|
||||
for key in ('Algorithm', 'Salt', 'apex.key'):
|
||||
for key in ('Algorithm', 'Salt', 'apex.key', 'Hash Algorithm'):
|
||||
if key not in payload_info:
|
||||
raise ApexInfoError(
|
||||
'Failed to find {} prop in {}'.format(key, payload_path))
|
||||
|
|
@ -326,6 +327,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw,
|
|||
payload_info['apex.key'],
|
||||
payload_info['Algorithm'],
|
||||
payload_info['Salt'],
|
||||
payload_info['Hash Algorithm'],
|
||||
no_hashtree,
|
||||
signing_args)
|
||||
|
||||
|
|
|
|||
|
|
@ -50,11 +50,12 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
|
|||
payload_file = self._GetTestPayload()
|
||||
apex_utils.SignApexPayload(
|
||||
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
|
||||
self.SALT, no_hashtree=True)
|
||||
self.SALT, 'sha256', no_hashtree=True)
|
||||
payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
|
||||
self.assertEqual('SHA256_RSA2048', payload_info['Algorithm'])
|
||||
self.assertEqual(self.SALT, payload_info['Salt'])
|
||||
self.assertEqual('testkey', payload_info['apex.key'])
|
||||
self.assertEqual('sha256', payload_info['Hash Algorithm'])
|
||||
self.assertEqual('0 bytes', payload_info['Tree Size'])
|
||||
|
||||
@test_utils.SkipIfExternalToolsUnavailable()
|
||||
|
|
@ -62,7 +63,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
|
|||
payload_file = self._GetTestPayload()
|
||||
apex_utils.SignApexPayload(
|
||||
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
|
||||
self.SALT, no_hashtree=True)
|
||||
self.SALT, 'sha256', no_hashtree=True)
|
||||
apex_utils.VerifyApexPayload(
|
||||
'avbtool', payload_file, self.payload_key, True)
|
||||
|
||||
|
|
@ -71,7 +72,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
|
|||
payload_file = self._GetTestPayload()
|
||||
apex_utils.SignApexPayload(
|
||||
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
|
||||
self.SALT, no_hashtree=False)
|
||||
self.SALT, 'sha256', no_hashtree=False)
|
||||
apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key)
|
||||
payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
|
||||
self.assertEqual('4096 bytes', payload_info['Tree Size'])
|
||||
|
|
@ -81,7 +82,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
|
|||
payload_file = self._GetTestPayload()
|
||||
apex_utils.SignApexPayload(
|
||||
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
|
||||
self.SALT, no_hashtree=True)
|
||||
self.SALT, 'sha256', no_hashtree=True)
|
||||
apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key,
|
||||
no_hashtree=True)
|
||||
payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
|
||||
|
|
@ -98,7 +99,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
|
|||
'avbtool',
|
||||
payload_file,
|
||||
self.payload_key,
|
||||
'testkey', 'SHA256_RSA2048', self.SALT,
|
||||
'testkey', 'SHA256_RSA2048', self.SALT, 'sha256',
|
||||
True,
|
||||
payload_signer_args)
|
||||
apex_utils.VerifyApexPayload(
|
||||
|
|
@ -115,6 +116,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
|
|||
'testkey',
|
||||
'SHA256_RSA2048',
|
||||
self.SALT,
|
||||
'sha256',
|
||||
no_hashtree=True)
|
||||
|
||||
@test_utils.SkipIfExternalToolsUnavailable()
|
||||
|
|
@ -122,7 +124,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
|
|||
payload_file = self._GetTestPayload()
|
||||
apex_utils.SignApexPayload(
|
||||
'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
|
||||
self.SALT, True)
|
||||
self.SALT, 'sha256', True)
|
||||
apex_utils.VerifyApexPayload(
|
||||
'avbtool', payload_file, self.payload_key, True)
|
||||
self.assertRaises(
|
||||
|
|
|
|||
Loading…
Reference in New Issue