signingblock

package

v0.0.0-...-ba8d6ae Latest Latest Go to latest Published: Jul 29, 2024 License: LGPL-3.0 Imports: 28 Imported by: 2

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/avast/apkverifier

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ExtractCerts(path string, minSdkVersion, maxSdkVersion int32) (certs [][]*x509.Certificate, err error)
func ExtractCertsReader(r io.ReadSeeker, minSdkVersion, maxSdkVersion int32) (certs [][]*x509.Certificate, err error)
func IsSigningBlockNotFoundError(err error) bool
func PkixNameToString(n *pkix.Name) string
type BlockId
- func (b BlockId) String() string
type FrostingResult
type LineageCertCaps
- func (c LineageCertCaps) String() string
type SignatureAlgorithm
- func (algo SignatureAlgorithm) String() string
type SourceStampCertMismatchError
- func (e *SourceStampCertMismatchError) Error() string
type SourceStampLineageNode
type SourceStampResult
type V3LineageSigningCertificateNode
- func (n *V3LineageSigningCertificateNode) Dump(w io.Writer) error
- func (n *V3LineageSigningCertificateNode) Equal(o *V3LineageSigningCertificateNode) bool
type V3LineageSigningCertificateNodeList
- func (l V3LineageSigningCertificateNodeList) Equal(o V3LineageSigningCertificateNodeList) bool
type V3SigningLineage
type VerificationResult
- func VerifySigningBlock(path string, minSdkVersion, maxSdkVersion int32) (res *VerificationResult, magic uint32, err error)
- func VerifySigningBlockReader(r io.ReadSeeker, minSdkVersion, maxSdkVersion int32) (res *VerificationResult, magic uint32, err error)
- func VerifySigningBlockReaderWithZip(r io.ReadSeeker, minSdkVersion, maxSdkVersion int32, ...) (res *VerificationResult, magic uint32, err error)
- func (r *VerificationResult) ContainsErrors() bool
- func (r *VerificationResult) GetLastError() error

Constants ¶

View Source

const (
	SigRsaPssWithSha256            SignatureAlgorithm = 0x0101
	SigRsaPssWithSha512                               = 0x0102
	SigRsaPkcs1V15WithSha256                          = 0x0103
	SigRsaPkcs1V15WithSha512                          = 0x0104
	SigEcdsaWithSha256                                = 0x0201
	SigEcdsaWithSha512                                = 0x0202
	SigDsaWithSha256                                  = 0x0301
	SigVerityRsaPkcs1V15WithSha256                    = 0x0421
	SigVerityEcdsaWithSha256                          = 0x0423
	SigVerityDsaWithSha256                            = 0x425
)

Variables ¶

View Source

var (
	ErrFrostingInvalidSignature = errors.New("invalid frosting signature")
	ErrFrostingDigestMismatch   = errors.New("frosting apk file digest mismatch")
)

Functions ¶

func ExtractCerts ¶

func ExtractCerts(path string, minSdkVersion, maxSdkVersion int32) (certs [][]*x509.Certificate, err error)

func ExtractCertsReader ¶

func ExtractCertsReader(r io.ReadSeeker, minSdkVersion, maxSdkVersion int32) (certs [][]*x509.Certificate, err error)

func IsSigningBlockNotFoundError ¶

func IsSigningBlockNotFoundError(err error) bool

func PkixNameToString ¶

func PkixNameToString(n *pkix.Name) string

Types ¶

type BlockId ¶

type BlockId uint32

const (
	// BlockIdDependencyMetadata Dependencies metadata generated by Gradle and encrypted by Google Play.
	// "...The data is compressed, encrypted by a Google Play signing key..."
	// https://developer.android.com/studio/releases/gradle-plugin#dependency-metadata
	BlockIdDependencyMetadata BlockId = 0x504b4453

	// BlockIdMeituanMetadata JSON with some metadata, used by Chinese company Meituan
	BlockIdMeituanMetadata BlockId = 0x71777777

	// BlockIdSourceStampV1 Older SourceStamp implementation, you should not encounter this ID
	// https://android.googlesource.com/platform/frameworks/base/+/549ce7a482ed4fe170ca445324fb38c447030404%5E%21/#F0
	BlockIdSourceStampV1 BlockId = 0x2b09189e
)

func (BlockId) String ¶

func (b BlockId) String() string

type FrostingResult ¶

type FrostingResult struct {
	Error        error
	KeySha256    string
	ProtobufInfo []byte
}

type LineageCertCaps ¶

type LineageCertCaps int32

frameworks/base/core/java/android/content/pm/PackageParser.java public @interface CertCapabilities

const (
	CapInstalledData LineageCertCaps = 1  // accept data from already installed pkg with this cert
	CapSharedUserId  LineageCertCaps = 2  // accept sharedUserId with pkg with this cert
	CapPermission    LineageCertCaps = 4  // grant SIGNATURE permissions to pkgs with this cert
	CapRollback      LineageCertCaps = 8  // allow pkg to update to one signed by this certificate
	CapAuth          LineageCertCaps = 16 // allow pkg to continue to have auth access gated by this cert
)

func (LineageCertCaps) String ¶

func (c LineageCertCaps) String() string

type SignatureAlgorithm ¶

type SignatureAlgorithm int32

func (SignatureAlgorithm) String ¶

func (algo SignatureAlgorithm) String() string

type SourceStampCertMismatchError ¶

type SourceStampCertMismatchError struct {
	CertInApkSha256          string
	CertInSigningBlockSha256 string
}

func (*SourceStampCertMismatchError) Error ¶

func (e *SourceStampCertMismatchError) Error() string

type SourceStampLineageNode ¶

type SourceStampLineageNode struct {
	Cert       *x509.Certificate
	ParentAlgo SignatureAlgorithm
	Algo       SignatureAlgorithm
	Signature  []byte
	Flags      int32
}

type SourceStampResult ¶

type SourceStampResult struct {
	Cert        *x509.Certificate
	SigningTime time.Time
	Lineage     []*SourceStampLineageNode
	Errors      []error
	Warnings    []string
}

type V3LineageSigningCertificateNode ¶

type V3LineageSigningCertificateNode struct {
	SigningCert        *x509.Certificate
	ParentSigAlgorithm SignatureAlgorithm
	SigAlgorithm       SignatureAlgorithm
	Signature          []byte
	Flags              LineageCertCaps
}

func (*V3LineageSigningCertificateNode) Dump ¶

func (n *V3LineageSigningCertificateNode) Dump(w io.Writer) error

func (*V3LineageSigningCertificateNode) Equal ¶

func (n *V3LineageSigningCertificateNode) Equal(o *V3LineageSigningCertificateNode) bool

type V3LineageSigningCertificateNodeList ¶

type V3LineageSigningCertificateNodeList []*V3LineageSigningCertificateNode

func (V3LineageSigningCertificateNodeList) Equal ¶

func (l V3LineageSigningCertificateNodeList) Equal(o V3LineageSigningCertificateNodeList) bool

type V3SigningLineage ¶

type V3SigningLineage struct {
	MinSdkVersion int32
	Nodes         V3LineageSigningCertificateNodeList
}

type VerificationResult ¶

type VerificationResult struct {
	Certs          [][]*x509.Certificate
	SchemeId       int
	SigningLineage *V3SigningLineage

	// When APK is signed with v3.1, the v3 result is stored here. Any v3 errors are lifted to the main Warnings/errors though
	ExtraResults map[int]*VerificationResult

	Frosting *FrostingResult

	SourceStamp *SourceStampResult

	// Extra blocks found in the signing block that are not used by apkverifier,
	// either completely unknown, or those found in BlockId constants.
	// Parsed block types (schemeV2, V3, play frosting..) will NOT be in this map.
	// May be nil.
	ExtraBlocks map[BlockId][]byte

	Warnings []string
	Errors   []error
}

func VerifySigningBlock ¶

func VerifySigningBlock(path string, minSdkVersion, maxSdkVersion int32) (res *VerificationResult, magic uint32, err error)

func VerifySigningBlockReader ¶

func VerifySigningBlockReader(r io.ReadSeeker, minSdkVersion, maxSdkVersion int32) (res *VerificationResult, magic uint32, err error)

func VerifySigningBlockReaderWithZip ¶

func VerifySigningBlockReaderWithZip(r io.ReadSeeker, minSdkVersion, maxSdkVersion int32, optionalZip *apkparser.ZipReader) (res *VerificationResult, magic uint32, err error)

func (*VerificationResult) ContainsErrors ¶

func (r *VerificationResult) ContainsErrors() bool

func (*VerificationResult) GetLastError ¶

func (r *VerificationResult) GetLastError() error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL