Commit graph

18 commits

Author SHA1 Message Date
xunchang
908ad77af8 Allow RSA 4096 key in package verification
The RSA_verify sitll works for 4096 bits keys. And we just
need to loose the check on modulus.

Sample commands to generate the key & package:
1. openssl genrsa -out keypair.pem 4096
2. openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt \
   -in keypair.pem -out private.pk8
3. openssl req -new -x509 -key keypair.pem -out public.x509.pem \
   -days 365
4. java -Djava.library.path=prebuilts/sdk/tools/linux/lib64 -jar \
   prebuilts/sdk/tools/lib/signapk.jar -w public.x509.pem private.pk8 \
   unsigned.zip signed.zip

Bug: 129163830
Test: unit tests pass
Change-Id: I5a5ff539c9ff1955c02ec2ce4b17563cb92808a4
2019-03-26 12:28:23 -07:00
Tao Bao
2201d08f8d minui: Fix a wrong arg in calling GRSurface::Create().
This is a bug introduced while refactoring init_display_surface(), in
[1]. As a result, user of res_create_multi_display_surface(), which is
effectively `charger` right now, crashes due to buffer overrun.

This CL fixes the wrong arg and adds a sanity test for
res_create_multi_display_surface(). The testdata (battery_scale.png) is
copied from system/core/healthd/images/battery_scale.png.

[1] commit 44820ac1e3.

Bug: 119122296
Test: Run recovery_unit_test on marlin.
Test: Build and boot into charger mode on blueline. Verify that
      `charger` no longer crashes.
Change-Id: Ib6d083e1512a9c3c6eb63874d26d22658921d693
2018-11-26 17:06:53 -08:00
Tao Bao
81ef508bd8 tests: Remove obsolete testdata files.
testdata/jarsigned.zip and testdata/unsigned.zip became dead since
commit 432918603f ("Refactor existing
tests to use gtest").

testdata/patch.bsdiff became dead when applypatch/applypatch.sh was
deleted (commit c3ef089dfa).

Test: Run recovery_unit_test and recovery_component_test.
Change-Id: Ie1a7f8850878593fcb7d4554759a539271ffb207
2018-11-05 09:10:11 -08:00
Tao Bao
cdbe58a2a2 tests: Remove {old,new}.file.
They serve the same purpose as {boot,recovery}.img, except that they're
not structured to be imgdiff'd. Remove the two files and replace all the
uses with {boot,recovery}.img instead.

Bug: 110106408
Test: Run recovery_{unit,component}_test on marlin.
Change-Id: I8e71187d5b0c142ad932f33717f6fae364b43abc
2018-08-20 09:08:35 -07:00
Tianjie Xu
cc61cf6a9f Convert deflate image chunks to raw if the raw data is smaller
The imgpatch will fail on empty deflates because the bspatch won't call
the sink function if the target length is zero.

Instead of compressing an empty string, it's cleaner to not generate such
empty deflate chunks in the patch. Therefore, we can just convert the
chunk type to raw if the target length is smaller than the patch data.

Also adjust some unit tests and add the testdata gzipped_source &
gzipped_target. These two files are ~1K each and are generated by
gzipping two slightly different regular files.

Bug: 79265132
Test: unit tests pass, imgpatch applys successfully on the given src/tgt
Change-Id: I6bfff3251918137f6762a6f9e9551642371a1124
2018-05-24 10:49:54 -07:00
Tao Bao
6cd816859e tests: Add tests for ScreenRecoveryUI.
In order to support that, this CL adds Paths::set_resource_dir() to
override the default resource dir ("/res/images/") that's only available
under recovery. Note that since there're external modules depending on
libminui, it adds a separate function of res_set_resource_dir(), instead
of requiring the dependency on libotautil for everyone.

Test: mmma -j bootable/recovery
Test: Run recovery_unit_test on marlin.
Change-Id: I0a7dcf4476808bea9e634eaffc9676f6cbaf92b7
2018-05-08 15:53:56 -07:00
Tianjie Xu
113fe05ee0 Fix the size mismatch in imgdiff
As we construct the deflate entries of the target zip file with
random data, the total size of the zip file may vary from case
to case. This leads to occasional failures in the split test for
deflate large apk files. This CL fixes the issue by adding two static
zip files in the testdata instead of generating them dynamically.

Bug: 67849209
Test: run the deflate_large_test repeatedly
Change-Id: Iaeffad9205adefa10c9f62f9f088c33c4360a650
2017-10-31 23:31:02 -07:00
Tao Bao
7e61c6a862 tests: Construct two bad packages at runtime for VerifierTest.
For the BadPackage tests from VerifierTest: one alters the footer, and
the other alters the metadata. Move the two tests to be based on
otasigned_v3.zip (they're based on otasigned_v1.zip previously). Also
construct the testdata files dynamically (to save the space and for
better readability).

Test: recovery_component_test
Change-Id: I7604d563f8b4fa0c55fec8730c063384158e3abc
(cherry picked from commit 217d9f9859)
2017-03-27 16:13:01 -07:00
Tao Bao
056e2da679 tests: Construct signature-boundary.zip at runtime.
Test: Observe the same failure with recovery_component_test ("signature
      start: 65535 is larger than comment size: 0").
Change-Id: I98c357b5df2fa4caa9d8eed63af2e945ed99f18a
2017-03-26 23:34:13 -07:00
Tianjie Xu
f69e6a9475 Add a checker for signature boundary in verifier
The 'signature_start' variable marks the location of the signature
from the end of a zip archive. And a boundary check is missing where
'signature_start' should be within the EOCD comment field. This causes
problems when sideloading a malicious package. Also add a corresponding
test.

Bug: 31914369
Test: Verification fails correctly when sideloading recovery_test.zip on
angler.

Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1
2016-12-16 16:01:42 -08:00
Tao Bao
36c3511952 applypatch: Add testcases for applypatch executable.
Refactor applypatch/main.cpp into libapplypatch_modes so that we can add
testcases.

Some changes to applypatch/main.cpp:
 - Replace char** argv with const char**;
 - Use android::base::Split() to split ":";
 - Use android::base::ParseUInt().

Bug: 32383590
Test: Unit tests pass, install-recovery.sh works.

Change-Id: I44e7bfa5ab717d439ea1d0ee9ddb7b2c40bb95a4
2016-11-01 14:40:14 -07:00
Tianjie Xu
8cf5c8f60f Replace minzip with libziparchive
Clean up the duplicated codes that handle the zip files in
bootable/recovery; and rename the library of the remaining
utility functions to libotautil.

Test: Update package installed successfully on angler.
Bug: 19472796

Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
2016-10-17 17:41:51 -07:00
Tao Bao
717b49254b Merge \"Clean up verifier testcases.\"
am: e91aef0ee9

Change-Id: Ia130dc2a7f62ecf1ad40ec03d88a331a31800efa
2016-08-01 19:48:08 +00:00
Tao Bao
5af4b1901d Clean up verifier testcases.
A Certificate is a pair of an RSAPublicKey and a particular hash. So v1
and v3 differ in the hash algorithm (SHA-1 vs SHA-256), similarly for
v2 and v4.

In verifier testcases, we used to load v1/v2 keys with an explicit
argument of "sha256" to test the v3/v4 keys. This CL switches to loading
v3/v4 keys directly and lets load_keys() to handle that, which is the
actual flow we use in practice.

Also remove the "fallback to v1 key" in the testcases, which is not the
actual behavior.

Bug: 30415901
Test: Run the verifier_test component test on device.

Change-Id: I3a2baa64826f1b6c4c367a560090df384c4521bb
2016-08-01 11:32:28 -07:00
Elliott Hughes
6e2a8b11ec resolve merge conflicts of 2bf95ac to nyc-dev-plus-aosp
Change-Id: Iaf232fbe65879bad6e19c7a9600aa6303a491a67
2016-04-12 17:15:40 -07:00
Mattias Nissler
452df6d99c Convert recovery to use BoringSSL instead of mincrypt.
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.

Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
2016-04-06 15:54:17 +02:00
Jed Estep
b8a693bbc7 Port applypatch.sh tests to recovery_component_tests
Bug: 27135282
Change-Id: If53682b591397ddfdb84860a3779b612904d4489
2016-03-11 18:37:34 -08:00
Jed Estep
432918603f Refactor existing tests to use gtest
Bug: 26962907
Change-Id: I5f80636af1740badeff7d08193f08e23f4e4fee1
2016-02-04 10:11:30 -08:00