tequilaOS/platform_bootable_recovery
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

recovery: Dump the signature in the zip package.

Browse source 
We have been occasionally seeing "signature verification failed" error
message when applying an update. Make more verbose output to help
debugging.

Bug: 28246534
Change-Id: Id83633adc9b86b3fd36abbb504e430f0816f12e4
This commit is contained in:
Tao Bao 2016-04-19 22:31:01 -07:00
parent 4eec72d2cf
commit e179276f7d
2 changed files with 20 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
print_sha1.h
View file

@ -22,7 +22,7 @@
#include "openssl/sha.h" #include "openssl/sha.h"
static std::string print_sha1(const uint8_t sha1[SHA_DIGEST_LENGTH], size_t len) { static std::string print_sha1(const uint8_t* sha1, size_t len) {
const char* hex = "0123456789abcdef"; const char* hex = "0123456789abcdef";
std::string result = ""; std::string result = "";
for (size_t i = 0; i < len; ++i) { for (size_t i = 0; i < len; ++i) {
@ -40,4 +40,8 @@ static std::string short_sha1(const uint8_t sha1[SHA_DIGEST_LENGTH]) {
return print_sha1(sha1, 4); return print_sha1(sha1, 4);
} }
static std::string print_hex(const uint8_t* bytes, size_t len) {
return print_sha1(bytes, len);
}
#endif // RECOVERY_PRINT_SHA1_H #endif // RECOVERY_PRINT_SHA1_H

17
verifier.cpp
View file

@ -27,6 +27,7 @@
#include "asn1_decoder.h" #include "asn1_decoder.h"
#include "common.h" #include "common.h"
#include "print_sha1.h"
#include "ui.h" #include "ui.h"
#include "verifier.h" #include "verifier.h"
@ -230,9 +231,14 @@ int verify_file(unsigned char* addr, size_t length,
uint8_t* sig_der = nullptr; uint8_t* sig_der = nullptr;
size_t sig_der_length = 0; size_t sig_der_length = 0;
uint8_t* signature = eocd + eocd_size - signature_start;
size_t signature_size = signature_start - FOOTER_SIZE; size_t signature_size = signature_start - FOOTER_SIZE;
if (!read_pkcs7(eocd + eocd_size - signature_start, signature_size, &sig_der,
&sig_der_length)) { LOGI("signature (offset: 0x%zx, length: %zu): %s\n",
length - signature_start, signature_size,
print_hex(signature, signature_size).c_str());
if (!read_pkcs7(signature, signature_size, &sig_der, &sig_der_length)) {
LOGE("Could not find signature DER block\n"); LOGE("Could not find signature DER block\n");
return VERIFY_FAILURE; return VERIFY_FAILURE;
} }
@ -287,6 +293,13 @@ int verify_file(unsigned char* addr, size_t length,
} }
i++; i++;
} }
if (need_sha1) {
LOGI("SHA-1 digest: %s\n", print_hex(sha1, SHA_DIGEST_LENGTH).c_str());
}
if (need_sha256) {
LOGI("SHA-256 digest: %s\n", print_hex(sha256, SHA256_DIGEST_LENGTH).c_str());
}
free(sig_der); free(sig_der);
LOGE("failed to verify whole-file signature\n"); LOGE("failed to verify whole-file signature\n");
return VERIFY_FAILURE; return VERIFY_FAILURE;