otasign

package

v0.0.0-...-68651e5 Latest Latest Go to latest Published: Jan 13, 2019 License: Apache-2.0 Imports: 11 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Fi5t/playground-android

Links

Open Source Insights

Documentation ¶

Overview ¶

Package otasign contains code to sign Android system images and OTA images.

Index ¶

type AlgorithmID
type AuthAttr
type BootImage
- func NewBootImage(b []byte) (*BootImage, error)
type BootSig
- func NewBootSig(target string, b []byte) *BootSig
- func ParseBootSig(b []byte) (*BootSig, error)
type BootSigASN1

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AlgorithmID ¶

type AlgorithmID struct {
	Algorithm  asn1.ObjectIdentifier
	Parameters asn1.RawValue `asn1:"optional"`
}

type AuthAttr ¶

type AuthAttr struct {
	Target string
	Length int
}

type BootImage ¶

type BootImage struct {
	// contains filtered or unexported fields
}

BootImage represents a bootable Android partition image.

func NewBootImage ¶

func NewBootImage(b []byte) (*BootImage, error)

NewBootImage parses the provided bytes as an Android boot image. This involves inspecting the header and computing length of the raw image (i.e. the image without any existing signature).

func (*BootImage) ComputeLength ¶

func (img *BootImage) ComputeLength() int

ComputeLength returns the raw size of the partition image -- that is, with any existing signatures stripped. As the Android bootable image header was defined before the verified boot scheme was, the header contains no offset for the signature block. Thus we must recompute the original image's size from the header block, and then discard any bytes appended to it by a previous signing operation.

func (*BootImage) IsSigned ¶

func (img *BootImage) IsSigned() bool

IsSigned indicates whether `img` is signed under the Android Verified Boot scheme.

func (*BootImage) Marshal ¶

func (img *BootImage) Marshal() []byte

Marshal returns a []byte representation of `img`, including any signatures.

func (*BootImage) Sign ¶

func (img *BootImage) Sign(target string, sc *android.SigningCert) error

Sign the boot image in `img` for a particular mount point target using the provided certificate.

func (*BootImage) Verify ¶

func (img *BootImage) Verify(cert *x509.Certificate) error

Verify returns a non-nil error if `img` is not signed, or if its signature fails to verify. It returns a nil error on success.

type BootSig ¶

type BootSig struct {
	BootSigASN1
	// contains filtered or unexported fields
}

BootSig represents a boot signature block for an Android bootable partition image. It implements the "Android Verified Boot" specification at https://source.android.com/security/verifiedboot/verified-boot

Currently only RSA signatures using SHA-2/256 or SHA-2/512 are supported.

func NewBootSig ¶

func NewBootSig(target string, b []byte) *BootSig

NewBootSig prepares a new signature tree for use in signing a partition image.

func ParseBootSig ¶

func ParseBootSig(b []byte) (*BootSig, error)

ParseBootSig parses its input as a signature block for an Android bootable partition image. Essentially it unmarshals the DER-encoded ASN.1 input, and the inspects the resulting struct tree for correctness. A non-nil error indicates either a low-level asn1 parse error or a logical error.

func (*BootSig) Marshal ¶

func (sig *BootSig) Marshal() []byte

Marshal returns the DER-encoded ASN.1 signature block bytes, as defined by the Android spec.

func (*BootSig) Sign ¶

func (sig *BootSig) Sign(target string, sc *android.SigningCert) error

Sign generates the signature from the tree structure represented by `sig`. Once Marshal()ed, the resulting bytes can be appended to a boot image.

func (*BootSig) Signer ¶

func (sig *BootSig) Signer() *x509.Certificate

Signer returns the certificate used to sign the block represented by `sig`.

func (*BootSig) Verify ¶

func (sig *BootSig) Verify(b []byte) error

Verify validates the signature in `sig` over the input `b`. Note that `b` must be the "signable bytes" representation of the bootable partition image (i.e. padded, etc.) and not necessarily the raw bytes as in the image file per se.

type BootSigASN1 ¶

type BootSigASN1 struct {
	Version      int
	Cert         asn1.RawValue
	AlgorithmIDs AlgorithmID
	AuthAttrs    AuthAttr
	Signature    []byte
}

BootSigASN1 is used along with AuthAttr and AlgorithmID to marshal and unmarshal boot image signature blocks to/from DER-encoded ASN.1 format via the encoding/asn1 library.

Source Files ¶

View all Source files

boot.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL