Index: chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkVerifySignature.java |
diff --git a/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkVerifySignature.java b/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkVerifySignature.java |
new file mode 100644 |
index 0000000000000000000000000000000000000000..1c3fb5fa9b640be6e805305467555f8f0f6b3c9f |
--- /dev/null |
+++ b/chrome/android/webapk/libs/client/src/org/chromium/webapk/lib/client/WebApkVerifySignature.java |
@@ -0,0 +1,404 @@ |
+// Copyright 2017 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+package org.chromium.webapk.lib.client; |
+ |
+import static java.nio.ByteOrder.LITTLE_ENDIAN; |
+ |
+import android.support.annotation.IntDef; |
+import android.util.Log; |
+ |
+import java.nio.ByteBuffer; |
+import java.security.PublicKey; |
+import java.security.Signature; |
+import java.util.ArrayList; |
+import java.util.Collections; |
+import java.util.regex.Matcher; |
+import java.util.regex.Pattern; |
+ |
+/** |
+ * WebApkVerifySignature reads in the APK file and verifies the WebApk signature. It reads the |
+ * signature from the zip comment and verifies that it was signed by the public key passed. |
+ */ |
+public class WebApkVerifySignature { |
+ /** Errors codes. */ |
+ @IntDef({ |
+ ERROR_OK, ERROR_BAD_APK, ERROR_EXTRA_FIELD_TOO_LARGE, ERROR_COMMENT_TOO_LARGE, |
+ ERROR_INCORRECT_SIGNATURE, ERROR_SIGNATURE_NOT_FOUND, ERROR_TOO_MANY_META_INF_FILES, |
+ }) |
+ public @interface Error {} |
+ public static final int ERROR_OK = 0; |
+ public static final int ERROR_BAD_APK = 1; |
+ public static final int ERROR_EXTRA_FIELD_TOO_LARGE = 2; |
+ public static final int ERROR_COMMENT_TOO_LARGE = 3; |
+ public static final int ERROR_INCORRECT_SIGNATURE = 4; |
+ public static final int ERROR_SIGNATURE_NOT_FOUND = 5; |
+ public static final int ERROR_TOO_MANY_META_INF_FILES = 6; |
+ |
+ private static final String TAG = "WebApkVerifySignature"; |
+ |
+ /** End Of Central Directory Signature. */ |
+ private static final long EOCD_SIG = 0x06054b50; |
+ |
+ /** Central Directory Signature. */ |
+ private static final long CD_SIG = 0x02014b50; |
+ |
+ /** Local File Header Signature. */ |
+ private static final long LFH_SIG = 0x04034b50; |
+ |
+ /** Minimum end-of-central-directory size in bytes, including variable length file comment. */ |
+ private static final int MIN_EOCD_SIZE = 22; |
+ |
+ /** Max end-of-central-directory size in bytes permitted. */ |
+ private static final int MAX_EOCD_SIZE = 64 * 1024; |
+ |
+ /** Maximum number of META-INF/ files (allowing for dual signing). */ |
+ private static final int MAX_META_INF_FILES = 5; |
+ |
+ /** The signature algorithm used (must also match with HASH). */ |
+ private static final String SIGNING_ALGORITHM = "SHA256withECDSA"; |
+ |
+ /** |
+ * The pattern we look for in the APK/zip comment for signing key. |
+ * An example is "webapk:0000:<hexvalues>". This pattern can appear anywhere |
+ * in the comment but must be separated from any other parts with a |
+ * separator that doesn't look like a hex character. |
+ */ |
+ private static final Pattern WEBAPK_COMMENT_PATTERN = |
+ Pattern.compile("webapk:\\d+:([a-fA-F0-9]+)"); |
+ |
+ /** Maximum comment length permitted. */ |
+ private static final int MAX_COMMENT_LENGTH = 0; |
+ |
+ /** Maximum extra field length permitted. */ |
+ private static final int MAX_EXTRA_LENGTH = 8; |
+ |
+ /** The memory buffer we are going to read the zip from. */ |
+ private final ByteBuffer mBuffer; |
+ |
+ /** Number of total central directory (zip entry) records. */ |
+ private int mRecordCount; |
+ |
+ /** Byte offset from the start where the central directory is found. */ |
+ private int mCentralDirOffset; |
+ |
+ /** The zip archive comment as a UTF-8 string. */ |
+ private String mComment; |
+ |
+ /** |
+ * Sorted list of 'blocks' of memory we will cryptographically hash. We sort the blocks by |
+ * filename to ensure a repeatable order. |
+ */ |
+ private ArrayList<Block> mBlocks; |
+ |
+ /** Block contains metadata about a zip entry. */ |
+ private static class Block implements Comparable<Block> { |
+ String mFilename; |
+ int mPosition; |
+ int mHeaderSize; |
+ int mCompressedSize; |
+ |
+ Block(String filename, int position, int compressedSize) { |
+ mFilename = filename; |
+ mPosition = position; |
+ mHeaderSize = 0; |
+ mCompressedSize = compressedSize; |
+ } |
+ |
+ /** Added for Comparable, sort lexicographically. */ |
+ @Override |
+ public int compareTo(Block o) { |
+ return mFilename.compareTo(o.mFilename); |
+ } |
+ |
+ @Override |
+ public boolean equals(Object o) { |
+ if (!(o instanceof Block)) return false; |
+ return mFilename.equals(((Block) o).mFilename); |
+ } |
+ |
+ @Override |
+ public int hashCode() { |
+ return mFilename.hashCode(); |
+ } |
+ } |
+ |
+ /** Constructor simply 'connects' to buffer passed. */ |
+ public WebApkVerifySignature(ByteBuffer buffer) { |
+ mBuffer = buffer; |
+ mBuffer.order(LITTLE_ENDIAN); |
+ } |
+ |
+ /** |
+ * Read in the comment and directory. If there is no parseable comment we won't read the |
+ * directory as there is no point (for speed). On success, all of our private variables will be |
+ * set. |
+ * @return OK on success. |
+ */ |
+ public int read() { |
+ try { |
+ int err = readEOCD(); |
+ if (err != ERROR_OK) { |
+ return err; |
+ } |
+ // Short circuit if no comment found. |
+ if (parseCommentSignature(mComment) == null) { |
+ return ERROR_SIGNATURE_NOT_FOUND; |
+ } |
+ err = readDirectory(); |
+ if (err != ERROR_OK) { |
+ return err; |
+ } |
+ } catch (Exception e) { |
+ return ERROR_BAD_APK; |
+ } |
+ return ERROR_OK; |
+ } |
+ |
+ /** |
+ * verifySignature hashes all the files and then verifies the signature. |
+ * @param pub The public key that it should be verified against. |
+ * @return ERROR_OK if the public key signature verifies. |
+ */ |
+ public int verifySignature(PublicKey pub) { |
+ byte[] sig = parseCommentSignature(mComment); |
+ if (sig == null || sig.length == 0) { |
+ return ERROR_SIGNATURE_NOT_FOUND; |
+ } |
+ try { |
+ Signature signature = Signature.getInstance(SIGNING_ALGORITHM); |
+ signature.initVerify(pub); |
+ int err = calculateHash(signature); |
+ if (err != ERROR_OK) { |
+ return err; |
+ } |
+ return signature.verify(sig) ? ERROR_OK : ERROR_INCORRECT_SIGNATURE; |
+ } catch (Exception e) { |
+ Log.e(TAG, "Exception calculating signature", e); |
+ return ERROR_INCORRECT_SIGNATURE; |
+ } |
+ } |
+ |
+ /** |
+ * calculateHash goes through each file listed in blocks and calculates the SHA-256 |
+ * cryptographic hash. |
+ * @param sig Signature object you can call update on. |
+ */ |
+ public int calculateHash(Signature sig) throws Exception { |
+ Collections.sort(mBlocks); |
+ int metaInfCount = 0; |
+ for (Block block : mBlocks) { |
+ if (block.mFilename.indexOf("META-INF/") == 0) { |
+ metaInfCount++; |
+ if (metaInfCount > MAX_META_INF_FILES) { |
+ // TODO(scottkirkwood): Add whitelist of files. |
+ return ERROR_TOO_MANY_META_INF_FILES; |
+ } |
+ |
+ // Files that begin with META-INF/ are not part of the hash. |
+ // This is because these signatures are added after we comment signed the rest of |
+ // the APK. |
+ continue; |
+ } |
+ |
+ // Hash the filename length and filename to prevent Horton principle violation. |
+ byte[] filename = block.mFilename.getBytes(); |
+ sig.update(intToLittleEndian(filename.length)); |
+ sig.update(filename); |
+ |
+ // Also hash the block length for the same reason. |
+ sig.update(intToLittleEndian(block.mCompressedSize)); |
+ |
+ seek(block.mPosition + block.mHeaderSize); |
+ ByteBuffer slice = mBuffer.slice(); |
+ slice.limit(block.mCompressedSize); |
+ sig.update(slice); |
+ } |
+ return ERROR_OK; |
+ } |
+ |
+ /** |
+ * intToLittleEndian converts an integer to a little endian array of bytes. |
+ * @param value Integer value to convert. |
+ * @return Array of bytes. |
+ */ |
+ private byte[] intToLittleEndian(int value) { |
+ ByteBuffer buffer = ByteBuffer.allocate(4); |
+ buffer.order(LITTLE_ENDIAN); |
+ buffer.putInt(value); |
+ return buffer.array(); |
+ } |
+ |
+ /** |
+ * Extract the bytes of the signature from the comment. We expect |
+ * "webapk:0000:<hexvalues>" comment followed by hex values. Currently we ignore the |
+ * "key id" which is always "0000". |
+ * @return the bytes of the signature. |
+ */ |
+ static byte[] parseCommentSignature(String comment) { |
+ Matcher m = WEBAPK_COMMENT_PATTERN.matcher(comment); |
+ if (!m.find()) { |
+ return null; |
+ } |
+ String s = m.group(1); |
+ return hexToBytes(s); |
+ } |
+ |
+ /** |
+ * Reads the End of Central Directory Record. |
+ * @return ERROR_OK on success. |
+ */ |
+ private int readEOCD() { |
+ int start = findEOCDStart(); |
+ if (start < 0) { |
+ return ERROR_BAD_APK; |
+ } |
+ // Signature(4), Disk Number(2), Start disk number(2), Records on this disk (2) |
+ seek(start + 10); |
+ mRecordCount = read2(); // Number of Central Directory records |
+ seekDelta(4); // Size of central directory |
+ mCentralDirOffset = read4(); // as bytes from start of file. |
+ int commentLength = read2(); |
+ mComment = readString(commentLength); |
+ return ERROR_OK; |
+ } |
+ |
+ /** |
+ * Reads the central directory and populates {@link mBlocks} with data about each entry. |
+ * @return ERROR_OK on success. |
+ */ |
+ @Error |
+ int readDirectory() { |
+ mBlocks = new ArrayList<>(mRecordCount); |
+ seek(mCentralDirOffset); |
+ for (int i = 0; i < mRecordCount; i++) { |
+ int signature = read4(); |
+ if (signature != CD_SIG) { |
+ Log.d(TAG, "Missing Central Directory Signature"); |
+ return ERROR_BAD_APK; |
+ } |
+ // CreatorVersion(2), ReaderVersion(2), Flags(2), CompressionMethod(2) |
+ // ModifiedTime(2), ModifiedDate(2), CRC32(4) = 16 bytes |
+ seekDelta(16); |
+ int compressedSize = read4(); |
+ seekDelta(4); // uncompressed size |
+ int fileNameLength = read2(); |
+ int extraLen = read2(); |
+ int fileCommentLength = read2(); |
+ seekDelta(8); // DiskNumberStart(2), Internal Attrs(2), External Attrs(4) |
+ int offset = read4(); |
+ String filename = readString(fileNameLength); |
+ seekDelta(extraLen + fileCommentLength); |
+ if (extraLen > MAX_EXTRA_LENGTH) { |
+ return ERROR_EXTRA_FIELD_TOO_LARGE; |
+ } |
+ if (fileCommentLength > MAX_COMMENT_LENGTH) { |
+ return ERROR_COMMENT_TOO_LARGE; |
+ } |
+ mBlocks.add(new Block(filename, offset, compressedSize)); |
+ } |
+ |
+ // Read the 'local file header' block to the size of the header in bytes. |
+ for (Block block : mBlocks) { |
+ seek(block.mPosition); |
+ int signature = read4(); |
+ if (signature != LFH_SIG) { |
+ Log.d(TAG, "LFH Signature missing"); |
+ return ERROR_BAD_APK; |
+ } |
+ // ReaderVersion(2), Flags(2), CompressionMethod(2), |
+ // ModifiedTime (2), ModifiedDate(2), CRC32(4), CompressedSize(4), |
+ // UncompressedSize(4) = 22 bytes |
+ seekDelta(22); |
+ int fileNameLength = read2(); |
+ int extraFieldLength = read2(); |
+ if (extraFieldLength > MAX_EXTRA_LENGTH) { |
+ return ERROR_EXTRA_FIELD_TOO_LARGE; |
+ } |
+ |
+ block.mHeaderSize = |
+ (mBuffer.position() - block.mPosition) + fileNameLength + extraFieldLength; |
+ } |
+ return ERROR_OK; |
+ } |
+ |
+ /** |
+ * We search buffer for EOCD_SIG and return the location where we found it. If the file has no |
+ * comment it should seek only once. |
+ * TODO(scottkirkwood): Use a Boyer-Moore search algorithm. |
+ * @return Offset from start of buffer or -1 if not found. |
+ */ |
+ private int findEOCDStart() { |
+ int offset = mBuffer.limit() - MIN_EOCD_SIZE; |
+ int minSearchOffset = Math.max(0, offset - MAX_EOCD_SIZE); |
+ for (; offset >= minSearchOffset; offset--) { |
+ seek(offset); |
+ if (read4() == EOCD_SIG) { |
+ // found! |
+ return offset; |
+ } |
+ } |
+ return -1; |
+ } |
+ |
+ /** |
+ * Seek to this position. |
+ * @param offset offset from start of file. |
+ */ |
+ private void seek(int offset) { |
+ mBuffer.position(offset); |
+ } |
+ |
+ /** |
+ * Skip forward this number of bytes. |
+ * @param delta number of bytes to seek forward. |
+ */ |
+ private void seekDelta(int delta) { |
+ mBuffer.position(mBuffer.position() + delta); |
+ } |
+ |
+ /** |
+ * Reads two bytes in little endian format. |
+ * @return short value read (as an int). |
+ */ |
+ private int read2() { |
+ return mBuffer.getShort(); |
+ } |
+ |
+ /** |
+ * Reads four bytes in little endian format. |
+ * @return value read. |
+ */ |
+ private int read4() { |
+ return mBuffer.getInt(); |
+ } |
+ |
+ /** Read {@link length} many bytes into a string. */ |
+ private String readString(int length) { |
+ if (length <= 0) { |
+ return ""; |
+ } |
+ byte[] bytes = new byte[length]; |
+ mBuffer.get(bytes); |
+ return new String(bytes); |
+ } |
+ |
+ /** |
+ * Convert a hex string into bytes. We store hex in the signature as zip |
+ * tools often don't like binary strings. |
+ */ |
+ static byte[] hexToBytes(String s) { |
+ int len = s.length(); |
+ if (len % 2 != 0) { |
+ // Odd number of nibbles. |
+ return null; |
+ } |
+ byte[] data = new byte[len / 2]; |
+ for (int i = 0; i < len; i += 2) { |
+ data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) |
+ + Character.digit(s.charAt(i + 1), 16)); |
+ } |
+ return data; |
+ } |
+} |