diff --git a/tools/releasetools/apex_utils.py b/tools/releasetools/apex_utils.py index ae9b79326..1c6193804 100644 --- a/tools/releasetools/apex_utils.py +++ b/tools/releasetools/apex_utils.py @@ -169,7 +169,7 @@ class ApexApkSigner(object): def SignApexPayload(avbtool, payload_file, payload_key_path, payload_key_name, - algorithm, salt, no_hashtree, signing_args=None): + algorithm, salt, hash_algorithm, no_hashtree, signing_args=None): """Signs a given payload_file with the payload key.""" # Add the new footer. Old footer, if any, will be replaced by avbtool. cmd = [avbtool, 'add_hashtree_footer', @@ -178,7 +178,8 @@ def SignApexPayload(avbtool, payload_file, payload_key_path, payload_key_name, '--key', payload_key_path, '--prop', 'apex.key:{}'.format(payload_key_name), '--image', payload_file, - '--salt', salt] + '--salt', salt, + '--hash_algorithm', hash_algorithm] if no_hashtree: cmd.append('--no_hashtree') if signing_args: @@ -235,11 +236,11 @@ def ParseApexPayloadInfo(avbtool, payload_path): 'Failed to get APEX payload info for {}:\n{}'.format( payload_path, e)) - # Extract the Algorithm / Salt / Prop info / Tree size from payload (i.e. an - # image signed with avbtool). For example, + # Extract the Algorithm / Hash Algorithm / Salt / Prop info / Tree size from + # payload (i.e. an image signed with avbtool). For example, # Algorithm: SHA256_RSA4096 PAYLOAD_INFO_PATTERN = ( - r'^\s*(?PAlgorithm|Salt|Prop|Tree Size)\:\s*(?P.*?)$') + r'^\s*(?PAlgorithm|Hash Algorithm|Salt|Prop|Tree Size)\:\s*(?P.*?)$') payload_info_matcher = re.compile(PAYLOAD_INFO_PATTERN) payload_info = {} @@ -273,7 +274,7 @@ def ParseApexPayloadInfo(avbtool, payload_path): payload_info[key] = value # Sanity check. - for key in ('Algorithm', 'Salt', 'apex.key'): + for key in ('Algorithm', 'Salt', 'apex.key', 'Hash Algorithm'): if key not in payload_info: raise ApexInfoError( 'Failed to find {} prop in {}'.format(key, payload_path)) @@ -326,6 +327,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw, payload_info['apex.key'], payload_info['Algorithm'], payload_info['Salt'], + payload_info['Hash Algorithm'], no_hashtree, signing_args) diff --git a/tools/releasetools/test_apex_utils.py b/tools/releasetools/test_apex_utils.py index e19bc90b3..7b4a4b0c7 100644 --- a/tools/releasetools/test_apex_utils.py +++ b/tools/releasetools/test_apex_utils.py @@ -50,11 +50,12 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase): payload_file = self._GetTestPayload() apex_utils.SignApexPayload( 'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048', - self.SALT, no_hashtree=True) + self.SALT, 'sha256', no_hashtree=True) payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file) self.assertEqual('SHA256_RSA2048', payload_info['Algorithm']) self.assertEqual(self.SALT, payload_info['Salt']) self.assertEqual('testkey', payload_info['apex.key']) + self.assertEqual('sha256', payload_info['Hash Algorithm']) self.assertEqual('0 bytes', payload_info['Tree Size']) @test_utils.SkipIfExternalToolsUnavailable() @@ -62,7 +63,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase): payload_file = self._GetTestPayload() apex_utils.SignApexPayload( 'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048', - self.SALT, no_hashtree=True) + self.SALT, 'sha256', no_hashtree=True) apex_utils.VerifyApexPayload( 'avbtool', payload_file, self.payload_key, True) @@ -71,7 +72,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase): payload_file = self._GetTestPayload() apex_utils.SignApexPayload( 'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048', - self.SALT, no_hashtree=False) + self.SALT, 'sha256', no_hashtree=False) apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key) payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file) self.assertEqual('4096 bytes', payload_info['Tree Size']) @@ -81,7 +82,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase): payload_file = self._GetTestPayload() apex_utils.SignApexPayload( 'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048', - self.SALT, no_hashtree=True) + self.SALT, 'sha256', no_hashtree=True) apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key, no_hashtree=True) payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file) @@ -98,7 +99,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase): 'avbtool', payload_file, self.payload_key, - 'testkey', 'SHA256_RSA2048', self.SALT, + 'testkey', 'SHA256_RSA2048', self.SALT, 'sha256', True, payload_signer_args) apex_utils.VerifyApexPayload( @@ -115,6 +116,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase): 'testkey', 'SHA256_RSA2048', self.SALT, + 'sha256', no_hashtree=True) @test_utils.SkipIfExternalToolsUnavailable() @@ -122,7 +124,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase): payload_file = self._GetTestPayload() apex_utils.SignApexPayload( 'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048', - self.SALT, True) + self.SALT, 'sha256', True) apex_utils.VerifyApexPayload( 'avbtool', payload_file, self.payload_key, True) self.assertRaises(