Commit graph

18 commits

Author SHA1 Message Date
xunchang
f07ed2efeb Create a wrapper class for update package
Creates a new class handle the package in memory and package read from fd.
Define the new interface functions, and make approximate changes to the
verify and install functions.

Bug: 127071893
Test: unit tests pass, sideload a package
Change-Id: I66ab00654df92471184536fd147b237a86e9c5b5
2019-03-11 10:43:52 -07:00
Tianjie Xu
cbe93e6506 Remove the load_keys function
This function is used to parse the result of dumpKeys. It's no longer
needed as we are now parsing the public keys from the zipfile.

Bug: 116655889
Test: unit tests pass
Change-Id: I817906e451664058c644f4329ff499bbe4587ebb
2018-10-24 23:26:59 +00:00
Tianjie Xu
b5110de1b3 Add sanity check when loading public keys for OTA package
For RSA keys, check if it has a 2048 bits modulus, and its public
exponent is 3 or 65537. For EC keys, check if the field size is 256
bits for its curve.

Bug: 116655889
Test: unit tests pass
Change-Id: I5c00f4d2b61c98c434f0b49db232155d5d0770ec
2018-10-24 16:25:09 -07:00
Tianjie Xu
0dd9685311 Load X509 keys from ziparchive
Add a function to parse the zip archive and load the certificate from
all the zip entries with the suffix "x509.pem".

Bug: 116655889
Test: unittests pass
Change-Id: I93bf7aef7462c0623e89fc2d466d7af2d3a758bc
2018-10-18 11:42:01 -07:00
Tianjie Xu
8256698023 Add function to load the key from x509.pem file
We used to convert a pem certificate file to some intermediate plain
text format; and parse that format under recovery mode. This is
uncessary since the x509.pem can be directly parsed with openssl
functions.

Add the function to load the public key from one x509.pem file and
corresponding unit tests. And we will add more cls to extract the pem
files from otacert.zip later.

Bug: 116655889
Test: verify package with 5 supported certficate versions
Change-Id: Ibc6c696c534567f005db75143cc4ef8d4bdea6a0
2018-10-12 11:12:08 -07:00
Mikhail Lappo
b49767c0ba Const modifiers
This functions do not change class variables
Would be good to mark them as const, so
class variables are not changed by coincidence

Change-Id: Iea34f6d26dbd1bde813035160e07ff2a681989e6
2017-03-23 21:52:30 +01:00
Tao Bao
76fdb2419b verify_file: Add constness to a few addresses.
We should not touch any data while verifying packages (or parsing the
in-memory ASN.1 structures).

Test: mmma bootable/recovery
Test: recovery_component_test passes.
Test: recovery_unit_test passes.
Change-Id: Ie990662c6451ec066a1807b3081c9296afbdb0bf
2017-03-20 22:13:56 -07:00
Tao Bao
5e535014dd Drop the dependency on 'ui' in verify_file().
verify_file() has a dependency on the global variable of 'ui' for
posting the verification progress, which requires the users of
libverifier to provide a UI instance.

This CL adds an optional argument to verify_file() so that it can
post the progress through the provided callback function. As a result,
we can drop the MockUI class in verifier_test.cpp.

Test: recovery_component_test passes.
Test: verify_file() posts progress update when installing an OTA.
Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1
2017-03-17 14:07:12 -07:00
Mattias Nissler
452df6d99c Convert recovery to use BoringSSL instead of mincrypt.
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.

Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
2016-04-06 15:54:17 +02:00
Tao Bao
71e3e09ec2 recovery: Refactor verifier and verifier_test.
Move to using std::vector and std::unique_ptr to manage key
certificates to stop memory leaks.

Bug: 26908001
Change-Id: Ia5f799bc8dcc036a0ffae5eaa8d9f6e09abd031c
2016-02-02 21:51:32 -08:00
Doug Zongker
99916f0496 do verification and extraction on memory, not files
Changes minzip and recovery's file signature verification to work on
memory regions, rather than files.

For packages which are regular files, install.cpp now mmap()s them
into memory and then passes the mapped memory to the verifier and to
the minzip library.

Support for files which are raw block maps (which will be used when we
have packages written to encrypted data partitions) is present but
largely untested so far.

Bug: 12188746
Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
2014-01-16 13:29:28 -08:00
Kenny Root
7a4adb5268 Add support for ECDSA signatures
This adds support for key version 5 which is an EC key using the NIST
P-256 curve parameters. OTAs may be signed with these keys using the
ECDSA signature algorithm with SHA-256.

Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
2013-10-10 14:19:19 -07:00
Doug Zongker
30362a6ad1 verifier: update to support certificates using SHA-256
(cherry picked from commit bac7fba027)

Change-Id: I01c38d7fea088622a8b0bbf2c833fa2d969417af
2013-09-25 10:11:46 -07:00
Doug Zongker
6c249f7ae8 move key loading to verifier code
Add an option to verifier_test to load keys from a file, the way the
recovery does.

Change-Id: Icba0e391164f2c1a9fefeab4b0bcb878e91d17b4
2012-11-02 15:09:57 -07:00
Doug Zongker
60151a295c verify whole-file signature instead of jarsigner signatures
In recovery, verify a signature that covers the entire zip file,
instead of using the jarsigner format to verify individual files.

Bug: 1328985
2009-08-14 17:26:33 -07:00
The Android Open Source Project
c24a8e688a auto import from //depot/cupcake/@135843 2009-03-03 19:28:42 -08:00
The Android Open Source Project
ffb48f64fe auto import from //depot/cupcake/@135843 2009-03-03 18:28:14 -08:00
The Android Open Source Project
23580ca27a Initial Contribution 2008-10-21 07:00:00 -07:00