jaiden
/
apk-tools
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: jaiden:c1e106d9e9bf0830912955285efb141bb3a0c79c
Branches Tags
jaiden:cute-signatures
...
compare: jaiden:986852c6ea867b3b0d4d287d1964fa140555c2ae
Branches Tags
jaiden:cute-signatures

5 Commits
c1e106d9e9 ... 986852c6ea

Author SHA1 Message Date
Aydin Mercan 986852c6ea
extract/v2: simply finding the signature type 2022-08-10 17:00:53 +03:00
Aydin Mercan e24dc0a88b
trust: add draft seperate public/secret loading 
It isn't clear where secret keys will be located at but this should at
least allow for cleaner seperation in lists.
 2022-08-10 16:54:51 +03:00
Aydin Mercan 06d32f6c02
crypto/signature: introduce domain seperation 
It might seem a bit like unnecessary bikeshedding but it shouldn't hurt
anyone.
 2022-08-10 16:51:22 +03:00
Aydin Mercan fa22da2fb3
crypto/digest: simply state in oneshot calculation 2022-08-10 16:46:01 +03:00
Aydin Mercan 6dccdfc791
apk: better messaging when crypto init fails 2022-08-10 16:39:47 +03:00
8 changed files with 53 additions and 19 deletions
Show Stats Expand all files Collapse all files

2
src/adb.c
View File

@ -1180,7 +1180,7 @@ int adb_trust_write_signatures(struct apk_trust *trust, struct adb *db, struct a
struct adb_sign_v0 v0;
unsigned char buf[ADB_MAX_SIGNATURE_LEN];
} sig;
struct apk_trust_key *tkey;
struct apk_trust_secret_key *tkey;
apk_blob_t md;
size_t siglen;
int r;

2
src/apk.c
View File

@ -442,7 +442,7 @@ int main(int argc, char **argv)
}
if (apk_crypto_init() != 0) {
apk_err(out, "failure to initialize");
apk_err(out, "Failure to initialize cryptographic functionality");
return 1;
}

2
src/apk_trust.h
View File

@ -18,7 +18,7 @@ struct apk_trust_key {
char *filename;
};
struct apk_trust_secret {
struct apk_trust_secret_key {
struct list_head key_node;
struct apk_secret_key key;
char *filename;

5
src/crypto_digest.c
View File

@ -93,7 +93,10 @@ uint8_t apk_digest_from_blob(struct apk_digest *d, apk_blob_t b)
int apk_digest_calc(struct apk_digest *d, uint8_t alg, const void *ptr, size_t sz)
{
union digest_state state;
union {
br_sha1_context sha1;
br_md5_context md5;
} state;
switch (alg) {
case APK_DIGEST_SHA256:

7
src/crypto_public.c
View File

@ -314,6 +314,7 @@ void apk_public_key_free(struct apk_public_key *pub)
int apk_verify_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
{
const uint8_t domain_seperator[5] = {'q', 't', 's', 'e', 'p'};
uint8_t digest;
switch (signature_type) {
@ -335,6 +336,12 @@ int apk_verify_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type
return -APKE_CRYPTO_ERROR;
}
if (signature_type == APK_SIGNATURE_CUTE) {
if (apk_digest_ctx_update(dctx, domain_seperator, 5) != 0) {
return -APKE_CRYPTO_ERROR;
}
}
return 0;
}

7
src/crypto_secret.c
View File

@ -311,6 +311,7 @@ void apk_secret_key_free(struct apk_secret_key *sec)
int apk_sign_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
{
const uint8_t domain_seperator[5] = {'q', 't', 's', 'e', 'p'};
uint8_t digest;
switch (signature_type) {
@ -332,6 +333,12 @@ int apk_sign_digest_start(struct apk_digest_ctx *dctx, uint16_t signature_type)
return -APKE_CRYPTO_ERROR;
}
if (signature_type == APK_SIGNATURE_CUTE) {
if (apk_digest_ctx_update(dctx, domain_seperator, 5) != 0) {
return -APKE_CRYPTO_ERROR;
}
}
return 0;
}

24
src/extract_v2.c
View File

@ -107,20 +107,17 @@ static int check_signing_key_trust(struct apk_sign_ctx *sctx)
static int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, const struct apk_file_info *fi, struct apk_istream *is)
{
static struct {
char type[8];
uint8_t alg;
} signature_type[] = {
{"RSA256", APK_SIGNATURE_RSA256},
{"RSA512", APK_SIGNATURE_RSA512},
{"CUTE", APK_SIGNATURE_CUTE},
{"RSA", APK_SIGNATURE_RSA},
static const char *signature_type[4] = {
[APK_SIGNATURE_RSA] = "RSA",
[APK_SIGNATURE_RSA512] = "RSA512",
[APK_SIGNATURE_RSA256] = "RSA256",
[APK_SIGNATURE_CUTE] = "CUTE",
};
uint16_t signature_alg = APK_SIGNATURE_MAX;
struct apk_public_key *public_key;
const char *name = NULL;
int r, i;
int r;
if (ctx->data_started) {
return 1;
@ -166,10 +163,11 @@ static int apk_sign_ctx_process_file(struct apk_sign_ctx *ctx, const struct apk_
|| ctx->signature.public_key != NULL)
return 0;
for (i = 0; i < ARRAY_SIZE(signature_type); i++) {
size_t slen = strlen(signature_type[i].type);
if (strncmp(&fi->name[6], signature_type[i].type, slen) == 0 && fi->name[6 + slen] == '.') {
signature_alg = signature_type[i].alg;
for (uint16_t i = 0; i < ARRAY_SIZE(signature_type); i++) {
size_t slen = strlen(signature_type[i]);
if (strncmp(&fi->name[6], signature_type[i], slen) == 0 && fi->name[6 + slen] == '.') {
signature_alg = i;
name = &fi->name[6 + slen + 1];
break;
}

23
src/trust.c
View File

@ -21,6 +21,25 @@ static struct apk_trust_key *apk_trust_load_public(int dirfd, const char *filena
return key;
}
static struct apk_trust_secret_key *apk_trust_load_secret(int dirfd, const char *filename)
{
struct apk_trust_secret_key *key;
int r;
key = calloc(1, sizeof *key);
if (!key) return ERR_PTR(-ENOMEM);
r = apk_secret_key_load(&key->key, dirfd, filename);
if (r != 0) {
free(key);
return ERR_PTR(r);
}
list_init(&key->key_node);
key->filename = strdup(filename);
return key;
}
static int __apk_trust_load_pubkey(void *pctx, int dirfd, const char *filename)
{
struct apk_trust *trust = pctx;
@ -93,11 +112,11 @@ static int option_parse_signing(void *ctx, struct apk_ctx *ac, int optch, const
{
struct apk_trust *trust = &ac->trust;
struct apk_out *out = &ac->out;
struct apk_trust_key *key;
struct apk_trust_secret_key *key;
switch (optch) {
case OPT_SIGN_sign_key:
key = apk_trust_load_public(AT_FDCWD, optarg);
key = apk_trust_load_secret(AT_FDCWD, optarg);
if (IS_ERR(key)) {
apk_err(out, "Failed to load signing key: %s: %s",
optarg, apk_error_str(PTR_ERR(key)));