Commit graph

12 commits

Author SHA1 Message Date
Elliott Hughes
dd895d0ada Decrease OTA package verification times further.
Timing from Nexus 5X:

      89 MiB OTA update package: 1.4 s -> 0.6 s (decreased by 57%)
    1196 MiB OTA update package: 8.0 s -> 7.5 s (decreased by 6%)

Bug: http://b/28135231
Change-Id: Id91f2ad15df2bffb9f8a4b4ec5a57657a02847ec
2016-04-19 15:24:38 -07:00
Elliott Hughes
8febafa67e Use BoringSSL instead of mincrypt to speed up package verification.
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.

Cherry-pick of 452df6d99c, with
merge conflict resolution, extra logging in verifier.cpp, and
an increase in the hash chunk size from 4KiB to 1MiB.

Bug: http://b/28135231
Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
2016-04-13 16:39:56 -07:00
Tao Bao
71e3e09ec2 recovery: Refactor verifier and verifier_test.
Move to using std::vector and std::unique_ptr to manage key
certificates to stop memory leaks.

Bug: 26908001
Change-Id: Ia5f799bc8dcc036a0ffae5eaa8d9f6e09abd031c
2016-02-02 21:51:32 -08:00
Elliott Hughes
26dbad2b98 Add missing includes.
Change-Id: I0737456e0221ebe9cc854d65c95a7d37d0869d56
2015-01-28 12:09:05 -08:00
Mark Salyzyn
679baa06b7 am 4b6de1ba: am 026ebe02: Merge "Recovery 64-bit compile issues"
* commit '4b6de1ba1ce0fff95c18a8abb7ba6e5762006d49':
  Recovery 64-bit compile issues
2014-03-14 21:35:41 +00:00
Mark Salyzyn
f3bb31c32f Recovery 64-bit compile issues
Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
2014-03-14 13:51:39 -07:00
Doug Zongker
99916f0496 do verification and extraction on memory, not files
Changes minzip and recovery's file signature verification to work on
memory regions, rather than files.

For packages which are regular files, install.cpp now mmap()s them
into memory and then passes the mapped memory to the verifier and to
the minzip library.

Support for files which are raw block maps (which will be used when we
have packages written to encrypted data partitions) is present but
largely untested so far.

Bug: 12188746
Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
2014-01-16 13:29:28 -08:00
Kenny Root
7a4adb5268 Add support for ECDSA signatures
This adds support for key version 5 which is an EC key using the NIST
P-256 curve parameters. OTAs may be signed with these keys using the
ECDSA signature algorithm with SHA-256.

Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
2013-10-10 14:19:19 -07:00
Doug Zongker
30362a6ad1 verifier: update to support certificates using SHA-256
(cherry picked from commit bac7fba027)

Change-Id: I01c38d7fea088622a8b0bbf2c833fa2d969417af
2013-09-25 10:11:46 -07:00
Doug Zongker
6c249f7ae8 move key loading to verifier code
Add an option to verifier_test to load keys from a file, the way the
recovery does.

Change-Id: Icba0e391164f2c1a9fefeab4b0bcb878e91d17b4
2012-11-02 15:09:57 -07:00
Doug Zongker
211aebc4e0 refactor ui functions into a class
Move all the functions in ui.c to be members of a ScreenRecoveryUI
class, which is a subclass of an abstract RecoveryUI class.  Recovery
then creates a global singleton instance of this class and then invoke
the methods to drive the UI.  We use this to allow substitution of a
different RecoveryUI implementation for devices with radically
different form factors (eg, that don't have a screen).

Change-Id: I76bdd34eca506149f4cc07685df6a4890473f3d9
2011-10-31 14:15:02 -07:00
Doug Zongker
28ce47cfa6 turn recovery into a C++ binary
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555
2011-10-31 10:24:09 -07:00
Renamed from verifier.c (Browse further)