recovery: Dump the signature in the zip package.
We have been occasionally seeing "signature verification failed" error message when applying an update. Make more verbose output to help debugging. Bug: 28246534 Change-Id: Id83633adc9b86b3fd36abbb504e430f0816f12e4
This commit is contained in:
Tao Bao
parent
4eec72d2cf
commit
e179276f7d
2 changed files with 20 additions and 3 deletions
|
|
@ -22,7 +22,7 @@
|
|||
|
||||
#include "openssl/sha.h"
|
||||
|
||||
static std::string print_sha1(const uint8_t sha1[SHA_DIGEST_LENGTH], size_t len) {
|
||||
static std::string print_sha1(const uint8_t* sha1, size_t len) {
|
||||
const char* hex = "0123456789abcdef";
|
||||
std::string result = "";
|
||||
for (size_t i = 0; i < len; ++i) {
|
||||
|
|
@ -40,4 +40,8 @@ static std::string short_sha1(const uint8_t sha1[SHA_DIGEST_LENGTH]) {
|
|||
return print_sha1(sha1, 4);
|
||||
}
|
||||
|
||||
static std::string print_hex(const uint8_t* bytes, size_t len) {
|
||||
return print_sha1(bytes, len);
|
||||
}
|
||||
|
||||
#endif // RECOVERY_PRINT_SHA1_H
|
||||
|
|
|
|||
17
verifier.cpp
17
verifier.cpp
|
|
@ -27,6 +27,7 @@
|
|||
|
||||
#include "asn1_decoder.h"
|
||||
#include "common.h"
|
||||
#include "print_sha1.h"
|
||||
#include "ui.h"
|
||||
#include "verifier.h"
|
||||
|
||||
|
|
@ -230,9 +231,14 @@ int verify_file(unsigned char* addr, size_t length,
|
|||
uint8_t* sig_der = nullptr;
|
||||
size_t sig_der_length = 0;
|
||||
|
||||
uint8_t* signature = eocd + eocd_size - signature_start;
|
||||
size_t signature_size = signature_start - FOOTER_SIZE;
|
||||
if (!read_pkcs7(eocd + eocd_size - signature_start, signature_size, &sig_der,
|
||||
&sig_der_length)) {
|
||||
|
||||
LOGI("signature (offset: 0x%zx, length: %zu): %s\n",
|
||||
length - signature_start, signature_size,
|
||||
print_hex(signature, signature_size).c_str());
|
||||
|
||||
if (!read_pkcs7(signature, signature_size, &sig_der, &sig_der_length)) {
|
||||
LOGE("Could not find signature DER block\n");
|
||||
return VERIFY_FAILURE;
|
||||
}
|
||||
|
|
@ -287,6 +293,13 @@ int verify_file(unsigned char* addr, size_t length,
|
|||
}
|
||||
i++;
|
||||
}
|
||||
|
||||
if (need_sha1) {
|
||||
LOGI("SHA-1 digest: %s\n", print_hex(sha1, SHA_DIGEST_LENGTH).c_str());
|
||||
}
|
||||
if (need_sha256) {
|
||||
LOGI("SHA-256 digest: %s\n", print_hex(sha256, SHA256_DIGEST_LENGTH).c_str());
|
||||
}
|
||||
free(sig_der);
|
||||
LOGE("failed to verify whole-file signature\n");
|
||||
return VERIFY_FAILURE;
|
||||
|
|
|
|||
Loading…
Reference in a new issue