1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.content.pm; 18 19 import android.annotation.IntDef; 20 import android.annotation.NonNull; 21 import android.os.Parcel; 22 import android.os.Parcelable; 23 24 import com.android.internal.util.DataClass; 25 26 import java.io.DataInputStream; 27 import java.io.DataOutputStream; 28 import java.io.IOException; 29 import java.lang.annotation.Retention; 30 import java.lang.annotation.RetentionPolicy; 31 32 /** 33 * A typed checksum. 34 * 35 * @see ApkChecksum 36 * @see PackageManager#requestChecksums 37 */ 38 @DataClass(genConstDefs = false) 39 public final class Checksum implements Parcelable { 40 /** 41 * Root SHA256 hash of a 4K Merkle tree computed over all file bytes. 42 * <a href="https://source.android.com/security/apksigning/v4">See APK Signature Scheme V4</a>. 43 * <a href="https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git/tree/Documentation/filesystems/fsverity.rst">See fs-verity</a>. 44 * 45 * Recommended for all new applications. 46 * Can be used by kernel to enforce authenticity and integrity of the APK. 47 * <a href="https://git.kernel.org/pub/scm/fs/fscrypt/fscrypt.git/tree/Documentation/filesystems/fsverity.rst#">See fs-verity for details</a> 48 * 49 * @see PackageManager#requestChecksums 50 */ 51 public static final int TYPE_WHOLE_MERKLE_ROOT_4K_SHA256 = 0x00000001; 52 53 /** 54 * MD5 hash computed over all file bytes. 55 * 56 * @see PackageManager#requestChecksums 57 * @deprecated Not platform enforced. Cryptographically broken and unsuitable for further use. 58 * Use platform enforced digests e.g. {@link #TYPE_WHOLE_MERKLE_ROOT_4K_SHA256}. 59 * Provided for completeness' sake and to support legacy usecases. 60 */ 61 @Deprecated 62 public static final int TYPE_WHOLE_MD5 = 0x00000002; 63 64 /** 65 * SHA1 hash computed over all file bytes. 66 * 67 * @see PackageManager#requestChecksums 68 * @deprecated Not platform enforced. Broken and should not be used. 69 * Use platform enforced digests e.g. {@link #TYPE_WHOLE_MERKLE_ROOT_4K_SHA256}. 70 * Provided for completeness' sake and to support legacy usecases. 71 */ 72 @Deprecated 73 public static final int TYPE_WHOLE_SHA1 = 0x00000004; 74 75 /** 76 * SHA256 hash computed over all file bytes. 77 * @deprecated Not platform enforced. 78 * Use platform enforced digests e.g. {@link #TYPE_WHOLE_MERKLE_ROOT_4K_SHA256}. 79 * Provided for completeness' sake and to support legacy usecases. 80 * 81 * @see PackageManager#requestChecksums 82 */ 83 @Deprecated 84 public static final int TYPE_WHOLE_SHA256 = 0x00000008; 85 86 /** 87 * SHA512 hash computed over all file bytes. 88 * @deprecated Not platform enforced. 89 * Use platform enforced digests e.g. {@link #TYPE_WHOLE_MERKLE_ROOT_4K_SHA256}. 90 * Provided for completeness' sake and to support legacy usecases. 91 * 92 * @see PackageManager#requestChecksums 93 */ 94 @Deprecated 95 public static final int TYPE_WHOLE_SHA512 = 0x00000010; 96 97 /** 98 * Root SHA256 hash of a 1M Merkle tree computed over protected content. 99 * Excludes signing block. 100 * <a href="https://source.android.com/security/apksigning/v2">See APK Signature Scheme V2</a>. 101 * 102 * @see PackageManager#requestChecksums 103 */ 104 public static final int TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256 = 0x00000020; 105 106 /** 107 * Root SHA512 hash of a 1M Merkle tree computed over protected content. 108 * Excludes signing block. 109 * <a href="https://source.android.com/security/apksigning/v2">See APK Signature Scheme V2</a>. 110 * 111 * @see PackageManager#requestChecksums 112 */ 113 public static final int TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512 = 0x00000040; 114 115 /** @hide */ 116 @IntDef(prefix = {"TYPE_"}, value = { 117 TYPE_WHOLE_MERKLE_ROOT_4K_SHA256, 118 TYPE_WHOLE_MD5, 119 TYPE_WHOLE_SHA1, 120 TYPE_WHOLE_SHA256, 121 TYPE_WHOLE_SHA512, 122 TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256, 123 TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512, 124 }) 125 @Retention(RetentionPolicy.SOURCE) 126 public @interface Type {} 127 128 /** @hide */ 129 @IntDef(flag = true, prefix = {"TYPE_"}, value = { 130 TYPE_WHOLE_MERKLE_ROOT_4K_SHA256, 131 TYPE_WHOLE_MD5, 132 TYPE_WHOLE_SHA1, 133 TYPE_WHOLE_SHA256, 134 TYPE_WHOLE_SHA512, 135 TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256, 136 TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512, 137 }) 138 @Retention(RetentionPolicy.SOURCE) 139 public @interface TypeMask {} 140 141 /** 142 * Serialize checksum to the stream in binary format. 143 * @hide 144 */ writeToStream(@onNull DataOutputStream dos, @NonNull Checksum checksum)145 public static void writeToStream(@NonNull DataOutputStream dos, @NonNull Checksum checksum) 146 throws IOException { 147 dos.writeInt(checksum.getType()); 148 149 final byte[] valueBytes = checksum.getValue(); 150 dos.writeInt(valueBytes.length); 151 dos.write(valueBytes); 152 } 153 154 /** 155 * Deserialize checksum previously stored in 156 * {@link #writeToStream(DataOutputStream, Checksum)}. 157 * @hide 158 */ readFromStream(@onNull DataInputStream dis)159 public static @NonNull Checksum readFromStream(@NonNull DataInputStream dis) 160 throws IOException { 161 final int type = dis.readInt(); 162 163 final byte[] valueBytes = new byte[dis.readInt()]; 164 dis.read(valueBytes); 165 return new Checksum(type, valueBytes); 166 } 167 168 /** 169 * Checksum type. 170 */ 171 private final @Checksum.Type int mType; 172 /** 173 * Checksum value. 174 */ 175 private final @NonNull byte[] mValue; 176 177 178 179 // Code below generated by codegen v1.0.23. 180 // 181 // DO NOT MODIFY! 182 // CHECKSTYLE:OFF Generated code 183 // 184 // To regenerate run: 185 // $ codegen $ANDROID_BUILD_TOP/frameworks/base/core/java/android/content/pm/Checksum.java 186 // 187 // To exclude the generated code from IntelliJ auto-formatting enable (one-time): 188 // Settings > Editor > Code Style > Formatter Control 189 //@formatter:off 190 191 192 /** 193 * Creates a new Checksum. 194 * 195 * @param type 196 * Checksum type. 197 * @param value 198 * Checksum value. 199 */ 200 @DataClass.Generated.Member Checksum( @hecksum.Type int type, @NonNull byte[] value)201 public Checksum( 202 @Checksum.Type int type, 203 @NonNull byte[] value) { 204 this.mType = type; 205 com.android.internal.util.AnnotationValidations.validate( 206 Checksum.Type.class, null, mType); 207 this.mValue = value; 208 com.android.internal.util.AnnotationValidations.validate( 209 NonNull.class, null, mValue); 210 211 // onConstructed(); // You can define this method to get a callback 212 } 213 214 /** 215 * Checksum type. 216 */ 217 @DataClass.Generated.Member getType()218 public @Checksum.Type int getType() { 219 return mType; 220 } 221 222 /** 223 * Checksum value. 224 */ 225 @DataClass.Generated.Member getValue()226 public @NonNull byte[] getValue() { 227 return mValue; 228 } 229 230 @Override 231 @DataClass.Generated.Member writeToParcel(@onNull Parcel dest, int flags)232 public void writeToParcel(@NonNull Parcel dest, int flags) { 233 // You can override field parcelling by defining methods like: 234 // void parcelFieldName(Parcel dest, int flags) { ... } 235 236 dest.writeInt(mType); 237 dest.writeByteArray(mValue); 238 } 239 240 @Override 241 @DataClass.Generated.Member describeContents()242 public int describeContents() { return 0; } 243 244 /** @hide */ 245 @SuppressWarnings({"unchecked", "RedundantCast"}) 246 @DataClass.Generated.Member Checksum(@onNull Parcel in)247 /* package-private */ Checksum(@NonNull Parcel in) { 248 // You can override field unparcelling by defining methods like: 249 // static FieldType unparcelFieldName(Parcel in) { ... } 250 251 int type = in.readInt(); 252 byte[] value = in.createByteArray(); 253 254 this.mType = type; 255 com.android.internal.util.AnnotationValidations.validate( 256 Checksum.Type.class, null, mType); 257 this.mValue = value; 258 com.android.internal.util.AnnotationValidations.validate( 259 NonNull.class, null, mValue); 260 261 // onConstructed(); // You can define this method to get a callback 262 } 263 264 @DataClass.Generated.Member 265 public static final @NonNull Parcelable.Creator<Checksum> CREATOR 266 = new Parcelable.Creator<Checksum>() { 267 @Override 268 public Checksum[] newArray(int size) { 269 return new Checksum[size]; 270 } 271 272 @Override 273 public Checksum createFromParcel(@NonNull Parcel in) { 274 return new Checksum(in); 275 } 276 }; 277 278 @DataClass.Generated( 279 time = 1619810358402L, 280 codegenVersion = "1.0.23", 281 sourceFile = "frameworks/base/core/java/android/content/pm/Checksum.java", 282 inputSignatures = "public static final int TYPE_WHOLE_MERKLE_ROOT_4K_SHA256\npublic static final @java.lang.Deprecated int TYPE_WHOLE_MD5\npublic static final @java.lang.Deprecated int TYPE_WHOLE_SHA1\npublic static final @java.lang.Deprecated int TYPE_WHOLE_SHA256\npublic static final @java.lang.Deprecated int TYPE_WHOLE_SHA512\npublic static final int TYPE_PARTIAL_MERKLE_ROOT_1M_SHA256\npublic static final int TYPE_PARTIAL_MERKLE_ROOT_1M_SHA512\nprivate final @android.content.pm.Checksum.Type int mType\nprivate final @android.annotation.NonNull byte[] mValue\npublic static void writeToStream(java.io.DataOutputStream,android.content.pm.Checksum)\npublic static @android.annotation.NonNull android.content.pm.Checksum readFromStream(java.io.DataInputStream)\nclass Checksum extends java.lang.Object implements [android.os.Parcelable]\n@com.android.internal.util.DataClass(genConstDefs=false)") 283 @Deprecated __metadata()284 private void __metadata() {} 285 286 287 //@formatter:on 288 // End of generated code 289 290 } 291