From 3082a9c90b66c82e76c993c5d3c82cf89d514d1a Mon Sep 17 00:00:00 2001
From: ShirkNeko <109797057+ShirkNeko@users.noreply.github.com>
Date: Fri, 11 Apr 2025 01:25:31 +0800
Subject: [PATCH] Remove the SukiSU signature checking function and update the
 related signature verification logic.

---
 kernel/apk_sign.c | 55 +----------------------------------------------
 1 file changed, 1 insertion(+), 54 deletions(-)

diff --git a/kernel/apk_sign.c b/kernel/apk_sign.c
index 5789acc9..c1a2c484 100644
--- a/kernel/apk_sign.c
+++ b/kernel/apk_sign.c
@@ -28,6 +28,7 @@ static struct apk_sign_key {
 	unsigned size;
 	const char *sha256;
 } apk_sign_keys[] = {
+	{EXPECTED_SIZE, EXPECTED_HASH}, // SukiSU
 	{EXPECTED_SIZE_RSUNTK, EXPECTED_HASH_RSUNTK}, // RKSU
 	{EXPECTED_SIZE_NEKO, EXPECTED_HASH_NEKO}, // Neko/KernelSU
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 10, 0)
@@ -84,54 +85,6 @@ static int ksu_sha256(const unsigned char *data, unsigned int datalen,
 	return ret;
 }
 
-static bool check_sukisu_signature(struct file *fp, u32 *size4, loff_t *pos, u32 *offset)
-{
-	struct apk_sign_key suki_key = {EXPECTED_SIZE, EXPECTED_HASH};
-
-	ksu_kernel_read_compat(fp, size4, 0x4, pos); // signer-sequence length
-	ksu_kernel_read_compat(fp, size4, 0x4, pos); // signer length
-	ksu_kernel_read_compat(fp, size4, 0x4, pos); // signed data length
-
-	*offset += 0x4 * 3;
-
-	ksu_kernel_read_compat(fp, size4, 0x4, pos); // digests-sequence length
-
-	*pos += *size4;
-	*offset += 0x4 + *size4;
-
-	ksu_kernel_read_compat(fp, size4, 0x4, pos); // certificates length
-	ksu_kernel_read_compat(fp, size4, 0x4, pos); // certificate length
-	*offset += 0x4 * 2;
-
-	if (*size4 != suki_key.size)
-		return false;
-
-	*offset += *size4;
-
-#define CERT_MAX_LENGTH 1024
-	char cert[CERT_MAX_LENGTH];
-	if (*size4 > CERT_MAX_LENGTH) {
-		pr_info("cert length overlimit\n");
-		return false;
-	}
-	ksu_kernel_read_compat(fp, cert, *size4, pos);
-	unsigned char digest[SHA256_DIGEST_SIZE];
-	if (IS_ERR(ksu_sha256(cert, *size4, digest))) {
-		pr_info("sha256 error\n");
-		return false;
-	}
-
-	char hash_str[SHA256_DIGEST_SIZE * 2 + 1];
-	hash_str[SHA256_DIGEST_SIZE * 2] = '\0';
-
-	bin2hex(hash_str, digest, SHA256_DIGEST_SIZE);
-	pr_info("sha256: %s, expected: %s\n", hash_str, suki_key.sha256);
-	if (strcmp(suki_key.sha256, hash_str) == 0) {
-		return true;
-	}
-	return false;
-}
-
 static bool check_block(struct file *fp, u32 *size4, loff_t *pos, u32 *offset)
 {
 	int i;
@@ -309,12 +262,6 @@ static __always_inline bool check_v2_signature(char *path)
 		offset = 4;
 		if (id == 0x7109871au) {
 			v2_signing_blocks++;
-			// 优先检查 SukiSU 的签名
-			if (check_sukisu_signature(fp, &size4, &pos, &offset)) {
-				v2_signing_valid = true;
-				break;
-			}
-			// 如果 SukiSU 不匹配，继续检查其他签名
 			v2_signing_valid = check_block(fp, &size4, &pos, &offset);
 		} else if (id == 0xf05368c0u) {
 			// http://aospxref.com/android-14.0.0_r2/xref/frameworks/base/core/java/android/util/apk/ApkSignatureSchemeV3Verifier.java#73