xref: /aosp_15_r20/cts/hostsidetests/appsecurity/res/pkgsigverify/generate-apks.sh (revision b7c941bb3fa97aba169d73cee0bed2de8ac964bf) 
1*b7c941bbSAndroid Build Coastguard Worker#!/usr/bin/env bash
2*b7c941bbSAndroid Build Coastguard WorkerDIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]:-$0}";)" &> /dev/null && pwd 2> /dev/null;)"
3*b7c941bbSAndroid Build Coastguard Worker
4*b7c941bbSAndroid Build Coastguard Worker# Generating the APKs for certain methods
5*b7c941bbSAndroid Build Coastguard Worker# Run this script from the repo's top-level directory.
6*b7c941bbSAndroid Build Coastguard Worker
7*b7c941bbSAndroid Build Coastguard Worker# testInstallV4WithV2NoVeritySigner (without verity)
8*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha256withDSA.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
9*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha256withEC.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
10*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha256withRSA.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
11*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha512withEC.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
12*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-4096.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-4096.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha512withRSA.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
13*b7c941bbSAndroid Build Coastguard Worker
14*b7c941bbSAndroid Build Coastguard Worker# testInstallV4WithV2VeritySigner (with verity, and only for the DSA key / the smaller-sized keys of RSA/EC, since the verity algorithm is not used otherwise)
15*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --verity-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha256withDSA-Verity.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
16*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --verity-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha256withEC-Verity.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
17*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled --verity-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v2-Sha256withRSA-Verity.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
18*b7c941bbSAndroid Build Coastguard Worker
19*b7c941bbSAndroid Build Coastguard Worker# testInstallV4WithV3NoVeritySigner (without verity)
20*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha256withDSA.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
21*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha256withEC.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
22*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha256withRSA.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
23*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha512withEC.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
24*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-4096.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-4096.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha512withRSA.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
25*b7c941bbSAndroid Build Coastguard Worker
26*b7c941bbSAndroid Build Coastguard Worker# testInstallV4WithV3VeritySigner (with verity, and only for the DSA key / the smaller-sized keys of RSA/EC, since the verity algorithm is not used otherwise)
27*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --verity-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha256withDSA-Verity.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
28*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --verity-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha256withEC-Verity.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
29*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --verity-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/rsa-2048.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-Sha256withRSA-Verity.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
30*b7c941bbSAndroid Build Coastguard Worker
31*b7c941bbSAndroid Build Coastguard Worker# testV4IncToV3NonInc* tests
32*b7c941bbSAndroid Build Coastguard Workerapksigner rotate --out ~/tmp/rotated_key --old-signer   --key /ssd/android/cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert /ssd/android/cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem --new-signer  --key /ssd/android/cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.pk8 --cert /ssd/android/cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.x509.pem
33*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled  --key cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/dsa-3072.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v3-noninc-dsa-3072-appv1.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
34*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled  --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v3-noninc-ec-p256-appv1.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
35*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v1-signing-enabled false --v2-signing-enabled false --v3-signing-enabled true  --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v3-noninc-ec-p384-rotated-ec-p256-appv2.apk --lineage /tmp/ec_p256_to_ec_384_rotated_key cts/hostsidetests/appsecurity/res/pkgsigverify/originalv2.apk
36*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v1-signing-enabled false --v2-signing-enabled false --v3-signing-enabled true  --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v3-noninc-ec-p384-appv2.apk cts/hostsidetests/appsecurity/res/pkgsigverify/originalv2.apk
37*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled  --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v3-noninc-ec-p256-appv2.apk cts/hostsidetests/appsecurity/res/pkgsigverify/originalv2.apk
38*b7c941bbSAndroid Build Coastguard Worker
39*b7c941bbSAndroid Build Coastguard Worker# testV4IncToV2NonInc* tests
40*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled  --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v2-noninc-ec-p256-appv1.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
41*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v1-signing-enabled false --v2-signing-enabled true --v3-signing-enabled false  --v4-signing-enabled --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p384.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v2-noninc-ec-p384-appv2.apk cts/hostsidetests/appsecurity/res/pkgsigverify/originalv2.apk
42*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled true --v3-signing-enabled false --v4-signing-enabled  --key cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.pk8 --cert cts/hostsidetests/appsecurity/certs/pkgsigverify/ec-p256.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-inc-to-v2-noninc-ec-p256-appv2.apk cts/hostsidetests/appsecurity/res/pkgsigverify/originalv2.apk
43*b7c941bbSAndroid Build Coastguard Worker
44*b7c941bbSAndroid Build Coastguard Worker# testInstallV4With* tests
45*b7c941bbSAndroid Build Coastguard Workerapksigner sign --v2-signing-enabled false --v3-signing-enabled true --v4-signing-enabled --key vendor/google/certs/devkeys/devkey.pk8 --cert vendor/google/certs/devkeys/devkey.x509.pem -out cts/hostsidetests/appsecurity/res/pkgsigverify/v4-digest-v3-128bytes-additional-data.apk cts/hostsidetests/appsecurity/res/pkgsigverify/original.apk
46*b7c941bbSAndroid Build Coastguard Worker
47*b7c941bbSAndroid Build Coastguard Worker# testInstallV41* tests
48*b7c941bbSAndroid Build Coastguard Workerapksigner sign --in "${DIR}"/CtsSignatureQueryService_v2-tgt-33.apk --cert "${DIR}"/../../certs/pkgsigverify/ec-p256.x509.pem --key "${DIR}"/../../certs/pkgsigverify/ec-p256.pk8 --next-signer --cert "${DIR}"/../../certs/pkgsigverify/ec-p256_2.x509.pem --key "${DIR}"/../../certs/pkgsigverify/ec-p256_2.pk8 --lineage "${DIR}"/../../certs/pkgsigverify/ec-p256-por_1_2-default-caps --rotation-min-sdk-version 33 --v4-signing-enabled
49*b7c941bbSAndroid Build Coastguard Workerapksigner sign --in "${DIR}"/CtsSignatureQueryService_v3-tgt-33.apk --cert "${DIR}"/../../certs/pkgsigverify/ec-p256.x509.pem --key "${DIR}"/../../certs/pkgsigverify/ec-p256.pk8 --next-signer --cert "${DIR}"/../../certs/pkgsigverify/ec-p256_2.x509.pem --key "${DIR}"/../../certs/pkgsigverify/ec-p256_2.pk8 --lineage "${DIR}"/../../certs/pkgsigverify/ec-p256-por_1_2-default-caps --rotation-min-sdk-version 33 --v4-signing-enabled
50*b7c941bbSAndroid Build Coastguard Workerapksigner sign --in "${DIR}"/CtsSignatureQueryServiceTest_v2-tgt-33.apk --cert "${DIR}"/../../certs/pkgsigverify/ec-p256.x509.pem --key "${DIR}"/../../certs/pkgsigverify/ec-p256.pk8 --next-signer --cert "${DIR}"/../../certs/pkgsigverify/ec-p256_2.x509.pem --key "${DIR}"/../../certs/pkgsigverify/ec-p256_2.pk8 --lineage "${DIR}"/../../certs/pkgsigverify/ec-p256-por_1_2-default-caps --rotation-min-sdk-version 33 --v4-signing-enabled
51