Commit graph

40 commits

Author SHA1 Message Date
Tao Bao
09e468f84c Move rangeset.h and print_sha1.h into otautil.
Also drop the "bootable/recovery" path in LOCAL_C_INCLUDES from
applypatch modules.

Test: lunch aosp_{angler,bullhead,fugu,dragon,sailfish}-userdebug;
      mmma bootable/recovery
Change-Id: Idd602a796894f971ee4f8fa3eafe36c42d9de986
2017-10-10 15:52:11 -07:00
Tianjie Xu
de6735e80c Fix the android-cloexec-* warnings in bootable/recovery
Add the O_CLOEXEC or 'e' accordingly.

Bug: 63510015
Test: recovery tests pass
Change-Id: I7094bcc6af22c9687eb535116b2ca6a59178b303
2017-07-19 12:17:41 -07:00
Tao Bao
92d8772c49 Merge "Const modifiers"
am: 4efd353d8f

Change-Id: I8ae993749d5f2c58cc5ef23f90845cf5a0bf756d
2017-03-24 20:32:39 +00:00
Mikhail Lappo
b49767c0ba Const modifiers
This functions do not change class variables
Would be good to mark them as const, so
class variables are not changed by coincidence

Change-Id: Iea34f6d26dbd1bde813035160e07ff2a681989e6
2017-03-23 21:52:30 +01:00
Tao Bao
d7846b7303 Merge "Refactor asn1_decoder functions into a class."
am: ea3d0b923d

Change-Id: I581e85f453fe1dc8b3a7cb6a7b660539f99ec55e
2017-03-22 17:07:14 +00:00
Tao Bao
861c53c6c5 Refactor asn1_decoder functions into a class.
Test: mmma bootable/recovery
Test: recovery_unit_test passes.
Test: recovery_component_test passes.
Change-Id: If0bf25993158eaebeedff55ba4f4dd0f6e5f937d
2017-03-21 15:17:43 -07:00
Tao Bao
43bd2c8414 Merge "verify_file: Add constness to a few addresses."
am: 5b2bf90e13

Change-Id: I6e04bf2bc3dc8c978edafafcbb41401189865233
2017-03-21 19:09:37 +00:00
Tao Bao
76fdb2419b verify_file: Add constness to a few addresses.
We should not touch any data while verifying packages (or parsing the
in-memory ASN.1 structures).

Test: mmma bootable/recovery
Test: recovery_component_test passes.
Test: recovery_unit_test passes.
Change-Id: Ie990662c6451ec066a1807b3081c9296afbdb0bf
2017-03-20 22:13:56 -07:00
Tao Bao
b2617e882e Merge "Remove the dead #include's in verifier.cpp."
am: 64d25024b9

Change-Id: I36aed07781b1b9bff0ffe6cabeb5d1f3b8546072
2017-03-20 16:24:23 +00:00
Tao Bao
d7bf82eb53 Remove the dead #include's in verifier.cpp.
A follow-up to commit 5e535014dd.
Also clean up Android.mk, since libverifier no longer needs anything
from libminui.

Test: mmma bootable/recovery
Test: recovery_component_test passes.
Change-Id: I1c11e4bbeef67ca34a2054debf1f5b280d509217
2017-03-18 09:28:42 -07:00
Tao Bao
553c7bd307 resolve merge conflicts of 90d3f20c to stage-aosp-master
Test: I solemnly swear I tested this conflict resolution.
Change-Id: I9c1806eceb56712c4b3d1c67d54f4b21bd3fe50a
2017-03-18 07:33:26 -07:00
Tao Bao
5e535014dd Drop the dependency on 'ui' in verify_file().
verify_file() has a dependency on the global variable of 'ui' for
posting the verification progress, which requires the users of
libverifier to provide a UI instance.

This CL adds an optional argument to verify_file() so that it can
post the progress through the provided callback function. As a result,
we can drop the MockUI class in verifier_test.cpp.

Test: recovery_component_test passes.
Test: verify_file() posts progress update when installing an OTA.
Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1
2017-03-17 14:07:12 -07:00
Tianjie Xu
97ea844aca resolve build error when merging 0f7f7e21
Test: mma
Change-Id: Ibdcf7b47e54d3739fb922f66996365763d2acfef
2017-01-18 15:15:17 -08:00
Tianjie Xu
8a45adb243 Add a checker for signature boundary in verifier am: 54ea136fde am: 0a34b17c8b am: fb80b4f72d am: d3d5e54a45 am: 6ea9888d51 am: a055eb93c3 am: 15ca2a4763 am: ca50d7b66a am: 64f0de7a13 am: e4ec60e045
am: e0d3b0ceab

Change-Id: I4fe8bdd81f8250b862b0018f0a52a76d37ee9d88
2017-01-18 22:42:19 +00:00
Tianjie Xu
ca50d7b66a Add a checker for signature boundary in verifier am: 54ea136fde am: 0a34b17c8b am: fb80b4f72d am: d3d5e54a45 am: 6ea9888d51 am: a055eb93c3
am: 15ca2a4763

Change-Id: I5481d39f0d2fdb92c95e964d2a55512f4df3acb3
2017-01-18 22:34:18 +00:00
Tianjie Xu
d3d5e54a45 Add a checker for signature boundary in verifier am: 54ea136fde am: 0a34b17c8b
am: fb80b4f72d

Change-Id: Iba2da78981e4bd7a2b263b2f6b18ab6c176e5fc8
2017-01-18 22:26:47 +00:00
Tianjie Xu
54ea136fde Add a checker for signature boundary in verifier
The 'signature_start' variable marks the location of the signature
from the end of a zip archive. And a boundary check is missing where
'signature_start' should be within the EOCD comment field. This causes
problems when sideloading a malicious package. Also add a corresponding
test.

Bug: 31914369
Test: Verification fails correctly when sideloading recovery_test.zip on
angler.

Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1
(cherry-picked from f69e6a9475)
2016-12-16 16:24:09 -08:00
Tao Bao
ac9d94d19c Revert "Revert "Some cleanups to recovery.""
This reverts commit 8584fcf677.

This CL re-lands commit c0319b60f5.
The "stage" and "reason" variables are now declared as global by
dropping the static qualifier, because they may be used by vendor
recovery libraries.

Test: lunch aosp_angler-userdebug; mmma bootable/recovery
Test: lunch aosp_dragon-userdebug; mmma bootable/recovery

Change-Id: I252c346f450079478cff22bbff01590b8ab2e2b3
2016-11-03 11:57:46 -07:00
Dan Albert
8584fcf677 Revert "Some cleanups to recovery."
This reverts commit c0319b60f5.

Reason for revert: Broke builds.

Change-Id: I82aa880b83de5ae6c36fd7567cb001920559a972
2016-10-27 03:08:08 +00:00
Tao Bao
c0319b60f5 Some cleanups to recovery.
- Remove the duplicate gCurrentUI variable in recovery.cpp;
- Refactor the load/save of locale functions;
- Clean up ui_print() to get rid of 256-byte buffer limit;
- Declare ui in common.h;
- Move the typedef of Volume into roots.h.

Test: Build and boot into recovery image.

Change-Id: Ia28c116858ca754133127a5ff9c722af67ad55b7
2016-10-26 14:36:42 -07:00
Tianjie Xu
8cf5c8f60f Replace minzip with libziparchive
Clean up the duplicated codes that handle the zip files in
bootable/recovery; and rename the library of the remaining
utility functions to libotautil.

Test: Update package installed successfully on angler.
Bug: 19472796

Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
2016-10-17 17:41:51 -07:00
Tianjie Xu
7b0ad9c638 Switch recovery to libbase logging
Clean up the recovery image and switch to libbase logging.

Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
2016-09-01 18:33:25 +00:00
Tao Bao
5e3aa78c8b Merge "recovery: Dump the signature in the zip package." into nyc-dev
am: 34ca089

* commit '34ca0892f4ae440becbe8097e7b68cd5a6d494d3':
  recovery: Dump the signature in the zip package.

Change-Id: I22eb6256f3204f2eac80e729cd0cd5b862b45863
2016-04-22 23:49:53 +00:00
Tao Bao
e179276f7d recovery: Dump the signature in the zip package.
We have been occasionally seeing "signature verification failed" error
message when applying an update. Make more verbose output to help
debugging.

Bug: 28246534
Change-Id: Id83633adc9b86b3fd36abbb504e430f0816f12e4
2016-04-20 14:44:29 -07:00
Elliott Hughes
1864feb8d2 Decrease OTA package verification times further.
am: dd895d0

* commit 'dd895d0adaa691a078f18a95a7f5ac0eaf776cae':
  Decrease OTA package verification times further.

Change-Id: If3bee4cbe66e576193556472776a232c9460af9a
2016-04-20 15:21:34 +00:00
Elliott Hughes
dd895d0ada Decrease OTA package verification times further.
Timing from Nexus 5X:

      89 MiB OTA update package: 1.4 s -> 0.6 s (decreased by 57%)
    1196 MiB OTA update package: 8.0 s -> 7.5 s (decreased by 6%)

Bug: http://b/28135231
Change-Id: Id91f2ad15df2bffb9f8a4b4ec5a57657a02847ec
2016-04-19 15:24:38 -07:00
Treehugger Robot
d911d81450 Merge "Fix IWYU errors." am: 51dcd0d
am: 405db92

* commit '405db92b6e6384f0f22ba6be338c08e8f1aad345':
  Fix IWYU errors.

Change-Id: Iedb6480e232c560ff9095f5593f13ad412616e4d
2016-04-16 01:58:03 +00:00
David Benjamin
a86392ea92 Fix IWYU errors.
This fixes build errors with BoringSSL master. (The cpp file uses functions
from bn.h and neither it nor the header includes it.)

Change-Id: If7f38aa0b931aa7940079bc006c7283b31f3b774
2016-04-15 20:27:44 -04:00
Elliott Hughes
8febafa67e Use BoringSSL instead of mincrypt to speed up package verification.
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.

Cherry-pick of 452df6d99c, with
merge conflict resolution, extra logging in verifier.cpp, and
an increase in the hash chunk size from 4KiB to 1MiB.

Bug: http://b/28135231
Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
2016-04-13 16:39:56 -07:00
Mattias Nissler
452df6d99c Convert recovery to use BoringSSL instead of mincrypt.
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.

Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
2016-04-06 15:54:17 +02:00
Tao Bao
71e3e09ec2 recovery: Refactor verifier and verifier_test.
Move to using std::vector and std::unique_ptr to manage key
certificates to stop memory leaks.

Bug: 26908001
Change-Id: Ia5f799bc8dcc036a0ffae5eaa8d9f6e09abd031c
2016-02-02 21:51:32 -08:00
Elliott Hughes
26dbad2b98 Add missing includes.
Change-Id: I0737456e0221ebe9cc854d65c95a7d37d0869d56
2015-01-28 12:09:05 -08:00
Mark Salyzyn
679baa06b7 am 4b6de1ba: am 026ebe02: Merge "Recovery 64-bit compile issues"
* commit '4b6de1ba1ce0fff95c18a8abb7ba6e5762006d49':
  Recovery 64-bit compile issues
2014-03-14 21:35:41 +00:00
Mark Salyzyn
f3bb31c32f Recovery 64-bit compile issues
Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
2014-03-14 13:51:39 -07:00
Doug Zongker
99916f0496 do verification and extraction on memory, not files
Changes minzip and recovery's file signature verification to work on
memory regions, rather than files.

For packages which are regular files, install.cpp now mmap()s them
into memory and then passes the mapped memory to the verifier and to
the minzip library.

Support for files which are raw block maps (which will be used when we
have packages written to encrypted data partitions) is present but
largely untested so far.

Bug: 12188746
Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
2014-01-16 13:29:28 -08:00
Kenny Root
7a4adb5268 Add support for ECDSA signatures
This adds support for key version 5 which is an EC key using the NIST
P-256 curve parameters. OTAs may be signed with these keys using the
ECDSA signature algorithm with SHA-256.

Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
2013-10-10 14:19:19 -07:00
Doug Zongker
30362a6ad1 verifier: update to support certificates using SHA-256
(cherry picked from commit bac7fba027)

Change-Id: I01c38d7fea088622a8b0bbf2c833fa2d969417af
2013-09-25 10:11:46 -07:00
Doug Zongker
6c249f7ae8 move key loading to verifier code
Add an option to verifier_test to load keys from a file, the way the
recovery does.

Change-Id: Icba0e391164f2c1a9fefeab4b0bcb878e91d17b4
2012-11-02 15:09:57 -07:00
Doug Zongker
211aebc4e0 refactor ui functions into a class
Move all the functions in ui.c to be members of a ScreenRecoveryUI
class, which is a subclass of an abstract RecoveryUI class.  Recovery
then creates a global singleton instance of this class and then invoke
the methods to drive the UI.  We use this to allow substitution of a
different RecoveryUI implementation for devices with radically
different form factors (eg, that don't have a screen).

Change-Id: I76bdd34eca506149f4cc07685df6a4890473f3d9
2011-10-31 14:15:02 -07:00
Doug Zongker
28ce47cfa6 turn recovery into a C++ binary
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555
2011-10-31 10:24:09 -07:00
Renamed from verifier.c (Browse further)