Merge "sign_apex.py respects hash algorithm"

tools/releasetools/apex_utils.py

@@ -169,7 +169,7 @@ class ApexApkSigner(object):
 
 
 def SignApexPayload(avbtool, payload_file, payload_key_path, payload_key_name,
-                    algorithm, salt, no_hashtree, signing_args=None):
+                    algorithm, salt, hash_algorithm, no_hashtree, signing_args=None):
   """Signs a given payload_file with the payload key."""
   # Add the new footer. Old footer, if any, will be replaced by avbtool.
   cmd = [avbtool, 'add_hashtree_footer',
@@ -178,7 +178,8 @@ def SignApexPayload(avbtool, payload_file, payload_key_path, payload_key_name,
          '--key', payload_key_path,
          '--prop', 'apex.key:{}'.format(payload_key_name),
          '--image', payload_file,
-         '--salt', salt]
+         '--salt', salt,
+         '--hash_algorithm', hash_algorithm]
   if no_hashtree:
     cmd.append('--no_hashtree')
   if signing_args:
@@ -235,11 +236,11 @@ def ParseApexPayloadInfo(avbtool, payload_path):
         'Failed to get APEX payload info for {}:\n{}'.format(
             payload_path, e))
 
-  # Extract the Algorithm / Salt / Prop info / Tree size from payload (i.e. an
+  # Extract the Algorithm / Hash Algorithm / Salt / Prop info / Tree size from
-  # image signed with avbtool). For example,
+  # payload (i.e. an image signed with avbtool). For example,
   # Algorithm:                SHA256_RSA4096
   PAYLOAD_INFO_PATTERN = (
-      r'^\s*(?P<key>Algorithm|Salt|Prop|Tree Size)\:\s*(?P<value>.*?)$')
+      r'^\s*(?P<key>Algorithm|Hash Algorithm|Salt|Prop|Tree Size)\:\s*(?P<value>.*?)$')
   payload_info_matcher = re.compile(PAYLOAD_INFO_PATTERN)
 
   payload_info = {}
@@ -273,7 +274,7 @@ def ParseApexPayloadInfo(avbtool, payload_path):
       payload_info[key] = value
 
   # Sanity check.
-  for key in ('Algorithm', 'Salt', 'apex.key'):
+  for key in ('Algorithm', 'Salt', 'apex.key', 'Hash Algorithm'):
     if key not in payload_info:
       raise ApexInfoError(
           'Failed to find {} prop in {}'.format(key, payload_path))
@@ -326,6 +327,7 @@ def SignApex(avbtool, apex_data, payload_key, container_key, container_pw,
       payload_info['apex.key'],
       payload_info['Algorithm'],
       payload_info['Salt'],
+      payload_info['Hash Algorithm'],
       no_hashtree,
       signing_args)
 

tools/releasetools/test_apex_utils.py

@@ -50,11 +50,12 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
     payload_file = self._GetTestPayload()
     apex_utils.SignApexPayload(
         'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
-        self.SALT, no_hashtree=True)
+        self.SALT, 'sha256', no_hashtree=True)
     payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
     self.assertEqual('SHA256_RSA2048', payload_info['Algorithm'])
     self.assertEqual(self.SALT, payload_info['Salt'])
     self.assertEqual('testkey', payload_info['apex.key'])
+    self.assertEqual('sha256', payload_info['Hash Algorithm'])
     self.assertEqual('0 bytes', payload_info['Tree Size'])
 
   @test_utils.SkipIfExternalToolsUnavailable()
@@ -62,7 +63,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
     payload_file = self._GetTestPayload()
     apex_utils.SignApexPayload(
         'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
-        self.SALT, no_hashtree=True)
+        self.SALT, 'sha256', no_hashtree=True)
     apex_utils.VerifyApexPayload(
         'avbtool', payload_file, self.payload_key, True)
 
@@ -71,7 +72,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
     payload_file = self._GetTestPayload()
     apex_utils.SignApexPayload(
         'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
-        self.SALT, no_hashtree=False)
+        self.SALT, 'sha256', no_hashtree=False)
     apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key)
     payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
     self.assertEqual('4096 bytes', payload_info['Tree Size'])
@@ -81,7 +82,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
     payload_file = self._GetTestPayload()
     apex_utils.SignApexPayload(
         'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
-        self.SALT, no_hashtree=True)
+        self.SALT, 'sha256', no_hashtree=True)
     apex_utils.VerifyApexPayload('avbtool', payload_file, self.payload_key,
                                  no_hashtree=True)
     payload_info = apex_utils.ParseApexPayloadInfo('avbtool', payload_file)
@@ -98,7 +99,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
         'avbtool',
         payload_file,
         self.payload_key,
-        'testkey', 'SHA256_RSA2048', self.SALT,
+        'testkey', 'SHA256_RSA2048', self.SALT, 'sha256',
         True,
         payload_signer_args)
     apex_utils.VerifyApexPayload(
@@ -115,6 +116,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
         'testkey',
         'SHA256_RSA2048',
         self.SALT,
+        'sha256',
         no_hashtree=True)
 
   @test_utils.SkipIfExternalToolsUnavailable()
@@ -122,7 +124,7 @@ class ApexUtilsTest(test_utils.ReleaseToolsTestCase):
     payload_file = self._GetTestPayload()
     apex_utils.SignApexPayload(
         'avbtool', payload_file, self.payload_key, 'testkey', 'SHA256_RSA2048',
-        self.SALT, True)
+        self.SALT, 'sha256', True)
     apex_utils.VerifyApexPayload(
         'avbtool', payload_file, self.payload_key, True)
     self.assertRaises(