Documentation
¶
Overview ¶
Package otasign contains code to sign Android system images and OTA images.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AlgorithmID ¶
type AlgorithmID struct {
Algorithm asn1.ObjectIdentifier
Parameters asn1.RawValue `asn1:"optional"`
}
type BootImage ¶
type BootImage struct {
// contains filtered or unexported fields
}
BootImage represents a bootable Android partition image.
func NewBootImage ¶
NewBootImage parses the provided bytes as an Android boot image. This involves inspecting the header and computing length of the raw image (i.e. the image without any existing signature).
func (*BootImage) ComputeLength ¶
ComputeLength returns the raw size of the partition image -- that is, with any existing signatures stripped. As the Android bootable image header was defined before the verified boot scheme was, the header contains no offset for the signature block. Thus we must recompute the original image's size from the header block, and then discard any bytes appended to it by a previous signing operation.
func (*BootImage) IsSigned ¶
IsSigned indicates whether `img` is signed under the Android Verified Boot scheme.
func (*BootImage) Marshal ¶
Marshal returns a []byte representation of `img`, including any signatures.
type BootSig ¶
type BootSig struct {
BootSigASN1
// contains filtered or unexported fields
}
BootSig represents a boot signature block for an Android bootable partition image. It implements the "Android Verified Boot" specification at https://source.android.com/security/verifiedboot/verified-boot
Currently only RSA signatures using SHA-2/256 or SHA-2/512 are supported.
func NewBootSig ¶
NewBootSig prepares a new signature tree for use in signing a partition image.
func ParseBootSig ¶
ParseBootSig parses its input as a signature block for an Android bootable partition image. Essentially it unmarshals the DER-encoded ASN.1 input, and the inspects the resulting struct tree for correctness. A non-nil error indicates either a low-level asn1 parse error or a logical error.
func (*BootSig) Marshal ¶
Marshal returns the DER-encoded ASN.1 signature block bytes, as defined by the Android spec.
func (*BootSig) Sign ¶
Sign generates the signature from the tree structure represented by `sig`. Once Marshal()ed, the resulting bytes can be appended to a boot image.
func (*BootSig) Signer ¶
func (sig *BootSig) Signer() *x509.Certificate
Signer returns the certificate used to sign the block represented by `sig`.
type BootSigASN1 ¶
type BootSigASN1 struct {
Version int
Cert asn1.RawValue
AlgorithmIDs AlgorithmID
AuthAttrs AuthAttr
Signature []byte
}
BootSigASN1 is used along with AuthAttr and AlgorithmID to marshal and unmarshal boot image signature blocks to/from DER-encoded ASN.1 format via the encoding/asn1 library.
Source Files