signingblock

package

v0.0.0-...-2a81e2e Latest Latest Go to latest Published: Oct 31, 2023 License: LGPL-3.0 Imports: 28 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/avast/apkverifier

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
Variables
func ExtractCerts(path string, minSdkVersion, maxSdkVersion int32) (certs [][]*x509.Certificate, err error)
func ExtractCertsReader(r io.ReadSeeker, minSdkVersion, maxSdkVersion int32) (certs [][]*x509.Certificate, err error)
func IsSigningBlockNotFoundError(err error) bool
func PkixNameToString(n *pkix.Name) string
type BlockId
- func (b BlockId) String() string
type FrostingResult
type LineageCertCaps
- func (c LineageCertCaps) String() string
type SignatureAlgorithm
- func (algo SignatureAlgorithm) String() string
type SourceStampCertMismatchError
- func (e *SourceStampCertMismatchError) Error() string
type SourceStampLineageNode
type SourceStampResult
type V3LineageSigningCertificateNode
- func (n *V3LineageSigningCertificateNode) Dump(w io.Writer) error
- func (n *V3LineageSigningCertificateNode) Equal(o *V3LineageSigningCertificateNode) bool
type V3LineageSigningCertificateNodeList
- func (l V3LineageSigningCertificateNodeList) Equal(o V3LineageSigningCertificateNodeList) bool
type V3SigningLineage
type VerificationResult
- func VerifySigningBlock(path string, minSdkVersion, maxSdkVersion int32) (res *VerificationResult, magic uint32, err error)
- func VerifySigningBlockReader(r io.ReadSeeker, minSdkVersion, maxSdkVersion int32) (res *VerificationResult, magic uint32, err error)
- func VerifySigningBlockReaderWithZip(r io.ReadSeeker, minSdkVersion, maxSdkVersion int32, ...) (res *VerificationResult, magic uint32, err error)
- func (r *VerificationResult) ContainsErrors() bool
- func (r *VerificationResult) GetLastError() error

Constants ¶

View Source

const (
	SigRsaPssWithSha256            SignatureAlgorithm = 0x0101
	SigRsaPssWithSha512                               = 0x0102
	SigRsaPkcs1V15WithSha256                          = 0x0103
	SigRsaPkcs1V15WithSha512                          = 0x0104
	SigEcdsaWithSha256                                = 0x0201
	SigEcdsaWithSha512                                = 0x0202
	SigDsaWithSha256                                  = 0x0301
	SigVerityRsaPkcs1V15WithSha256                    = 0x0421
	SigVerityEcdsaWithSha256                          = 0x0423
	SigVerityDsaWithSha256                            = 0x425
)

Variables ¶

View Source

var (
	ErrFrostingInvalidSignature = errors.New("invalid frosting signature")
	ErrFrostingDigestMismatch   = errors.New("frosting apk file digest mismatch")
)

Functions ¶

func ExtractCerts ¶

func ExtractCerts(path string, minSdkVersion, maxSdkVersion int32) (certs [][]*x509.Certificate, err error)

func ExtractCertsReader ¶

func ExtractCertsReader(r io.ReadSeeker, minSdkVersion, maxSdkVersion int32) (certs [][]*x509.Certificate, err error)

func IsSigningBlockNotFoundError ¶

func IsSigningBlockNotFoundError(err error) bool

func PkixNameToString ¶

func PkixNameToString(n *pkix.Name) string

Types ¶

type BlockId ¶

type BlockId uint32

const (
	// BlockIdDependencyMetadata Dependencies metadata generated by Gradle and encrypted by Google Play.
	// "...The data is compressed, encrypted by a Google Play signing key..."
	// https://developer.android.com/studio/releases/gradle-plugin#dependency-metadata
	BlockIdDependencyMetadata BlockId = 0x504b4453

	// BlockIdMeituanMetadata JSON with some metadata, used by Chinese company Meituan
	BlockIdMeituanMetadata BlockId = 0x71777777

	// BlockIdSourceStampV1 Older SourceStamp implementation, you should not encounter this ID
	// https://android.googlesource.com/platform/frameworks/base/+/549ce7a482ed4fe170ca445324fb38c447030404%5E%21/#F0
	BlockIdSourceStampV1 BlockId = 0x2b09189e
)

func (BlockId) String ¶

func (b BlockId) String() string

type FrostingResult ¶

type FrostingResult struct {
	Error        error
	KeySha256    string
	ProtobufInfo []byte
}

type LineageCertCaps ¶

type LineageCertCaps int32

frameworks/base/core/java/android/content/pm/PackageParser.java public @interface CertCapabilities

const (
	CapInstalledData LineageCertCaps = 1  // accept data from already installed pkg with this cert
	CapSharedUserId  LineageCertCaps = 2  // accept sharedUserId with pkg with this cert
	CapPermission    LineageCertCaps = 4  // grant SIGNATURE permissions to pkgs with this cert
	CapRollback      LineageCertCaps = 8  // allow pkg to update to one signed by this certificate
	CapAuth          LineageCertCaps = 16 // allow pkg to continue to have auth access gated by this cert
)

func (LineageCertCaps) String ¶

func (c LineageCertCaps) String() string

type SignatureAlgorithm ¶

type SignatureAlgorithm int32

func (SignatureAlgorithm) String ¶

func (algo SignatureAlgorithm) String() string

type SourceStampCertMismatchError ¶

type SourceStampCertMismatchError struct {
	CertInApkSha256          string
	CertInSigningBlockSha256 string
}

func (*SourceStampCertMismatchError) Error ¶

func (e *SourceStampCertMismatchError) Error() string

type SourceStampLineageNode ¶

type SourceStampLineageNode struct {
	Cert       *x509.Certificate
	ParentAlgo SignatureAlgorithm
	Algo       SignatureAlgorithm
	Signature  []byte
	Flags      int32
}

type SourceStampResult ¶

type SourceStampResult struct {
	Cert        *x509.Certificate
	SigningTime time.Time
	Lineage     []*SourceStampLineageNode
	Errors      []error
	Warnings    []string
}

type V3LineageSigningCertificateNode ¶

type V3LineageSigningCertificateNode struct {
	SigningCert        *x509.Certificate
	ParentSigAlgorithm SignatureAlgorithm
	SigAlgorithm       SignatureAlgorithm
	Signature          []byte
	Flags              LineageCertCaps
}

func (*V3LineageSigningCertificateNode) Dump ¶

func (n *V3LineageSigningCertificateNode) Dump(w io.Writer) error

func (*V3LineageSigningCertificateNode) Equal ¶

func (n *V3LineageSigningCertificateNode) Equal(o *V3LineageSigningCertificateNode) bool

type V3LineageSigningCertificateNodeList ¶

type V3LineageSigningCertificateNodeList []*V3LineageSigningCertificateNode

func (V3LineageSigningCertificateNodeList) Equal ¶

func (l V3LineageSigningCertificateNodeList) Equal(o V3LineageSigningCertificateNodeList) bool

type V3SigningLineage ¶

type V3SigningLineage struct {
	MinSdkVersion int32
	Nodes         V3LineageSigningCertificateNodeList
}

type VerificationResult ¶

type VerificationResult struct {
	Certs          [][]*x509.Certificate
	SchemeId       int
	SigningLineage *V3SigningLineage

	// When APK is signed with v3.1, the v3 result is stored here. Any v3 errors are lifted to the main Warnings/errors though
	ExtraResults map[int]*VerificationResult

	Frosting *FrostingResult

	SourceStamp *SourceStampResult

	// Extra blocks found in the signing block that are not used by apkverifier,
	// either completely unknown, or those found in BlockId constants.
	// Parsed block types (schemeV2, V3, play frosting..) will NOT be in this map.
	// May be nil.
	ExtraBlocks map[BlockId][]byte

	Warnings []string
	Errors   []error
}

func VerifySigningBlock ¶

func VerifySigningBlock(path string, minSdkVersion, maxSdkVersion int32) (res *VerificationResult, magic uint32, err error)

func VerifySigningBlockReader ¶

func VerifySigningBlockReader(r io.ReadSeeker, minSdkVersion, maxSdkVersion int32) (res *VerificationResult, magic uint32, err error)

func VerifySigningBlockReaderWithZip ¶

func VerifySigningBlockReaderWithZip(r io.ReadSeeker, minSdkVersion, maxSdkVersion int32, optionalZip *apkparser.ZipReader) (res *VerificationResult, magic uint32, err error)

func (*VerificationResult) ContainsErrors ¶

func (r *VerificationResult) ContainsErrors() bool

func (*VerificationResult) GetLastError ¶

func (r *VerificationResult) GetLastError() error

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL