Commit graph

9 commits

Author SHA1 Message Date
Tao Bao
32fcdab512 releasetools: Switch to Python logging.
Converts the following files to Python logging.

add_img_to_target_files.py
blockimgdiff.py
build_image.py
check_ota_package_signature.py
common.py
img_from_target_files.py
make_recovery_patch.py
ota_from_target_files.py
sparse_img.py
verity_utils.py

This separates logging outputs from normal outputs, and allows easier
switching between different verbosity levels. It also supports adjusting
logging config via environment variable (LOGGING_CONFIG).

Test: `m dist`
Test: `python -m unittest discover build/make/tools/releasetools`
Change-Id: Idfc3f7aff83e03f41f3c9b5067d64fd595d5192d
2018-10-17 07:51:04 -07:00
Tao Bao
73dd4f45f3 releasetools: Set default stdout and stderr in common.Run().
stdout and stderr will default to subprocess.PIPE and subprocess.STDOUT
respectively (which is the expected behavior from most of the existing
callers), unless caller specifies any of them.

Test: `m dist`
Test: python -m unittest \
          test_common \
          test_add_img_to_target_files \
          test_ota_from_target_files \
          test_validate_target_files
Change-Id: I43b3f08edfa8a9bcfe54baf9848dc705c048e327
2018-10-04 17:05:09 -07:00
Tao Bao
3f15ada51b releasetools: Capture stderr output when calling delta_generator.
Prior to this CL, the call to delta_generator in
check_ota_package_signature.VerifyAbOtaPayload() didn't redirect stderr.
The logs (mostly INFO) on successful verification added noise to the
normal output, which also upset the unittest result parser.

This CL captures stderr outputs from delta_generator, and will only dump
them on error.

Bug: 72884343
Test: `python -m unittest -v test_ota_from_target_files > /dev/null`
      gives clean output.
Test: Inject error into delta_generator. The call to
      check_ota_package_signature correctly dumps both of stdout and
      stderr outputs.
Change-Id: I014a4b21bf758dcf0a4b9963259d6019851935ee
2018-02-05 23:39:23 -08:00
Tao Bao
04e1f012dd releasetools: Fix an issue with pubkey extraction.
When calling 'openssl x509 -pubkey' to extract the public key from a
certificate, openssl 1.0 and 1.1 handle the '-out' parameter
differently. openssl 1.0 doesn't write the output into the specified
filename, which leads to the payload verification failure in
check_ota_package_signature.VerifyAbOtaPayload(). This CL addresses
the issue by always collecting the output from stdout instead.

It also refactors the two copies into common.ExtractPublicKey(), and
adds unittest. get_testdata_dir() is moved into test_utils.py that holds
common utils for running the unittests.

Bug: 72884343
Test: python -m unittest test_common
Test: python -m unittest test_ota_from_target_files
Test: Run sign_target_files_apks with '--replace_ota_keys' on marlin
      target_files zip. Check the payload pubkey replacement.
Test: Trigger the tests with forrest, and tests no longer fail on
      machines with openssl 1.0.1.
Change-Id: Ib0389b360f064053e9aa7cc0546d718e7b23003b
2018-02-04 13:59:52 -08:00
Tao Bao
750385e455 releasetools: Use delta_generator to verify payload signatures.
We used to take a hard approach by parsing the payload with Python
script. This can be done by calling deleta_generator directly, which
also avoids the dependency on protobuf.

- Passing case
$ ./build/make/tools/releasetools/check_ota_package_signature.py \
    build/target/product/security/testkey.x509.pem \
    out/dist/aosp_marlin-ota-eng.zip

Package: out/dist/aosp_marlin-ota-eng.zip
Certificate: build/target/product/security/testkey.x509.pem
  ...
Whole package signature VERIFIED

Verifying A/B OTA payload signatures...
[1215/122842:INFO:generate_delta_main.cc(171)] Verifying signed payload.
[1215/122845:INFO:payload_verifier.cc(93)] signature blob size = 264
[1215/122845:INFO:payload_verifier.cc(112)] Verified correct signature 1 out of 1 signatures.
[1215/122845:INFO:payload_verifier.cc(93)] signature blob size = 264
[1215/122845:INFO:payload_verifier.cc(112)] Verified correct signature 1 out of 1 signatures.
[1215/122845:INFO:generate_delta_main.cc(181)] Done verifying signed payload.

Payload signatures VERIFIED

$ echo $?
0

- Failing case
Sign the whole package file with a different key, but leaving payload entries intact.

$ ./build/make/tools/releasetools/check_ota_package_signature.py \
    testkey2.x509.pem \
    marlin-ota-mismatching.zip
Package: marlin-ota-mismatching.zip
Certificate: testkey2.x509.pem
  ...
Whole package signature VERIFIED

Verifying A/B OTA payload signatures...
[1215/123054:INFO:generate_delta_main.cc(171)] Verifying signed payload.
[1215/123056:INFO:payload_verifier.cc(93)] signature blob size = 264
[1215/123056:ERROR:payload_verifier.cc(118)] None of the 1 signatures is correct. Expected:
[1215/123056:INFO:utils.cc(444)] Logging array of length: 256
[1215/123056:INFO:utils.cc(461)] 0x00000000 : 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff
  ...
[1215/123056:ERROR:payload_verifier.cc(121)] But found decrypted hashes:
[1215/123056:INFO:utils.cc(444)] Logging array of length: 256
[1215/123056:INFO:utils.cc(461)] 0x00000000 : 52 68 78 36 f6 9e cd 2d 5e 9f 31 d5 26 03 c9 aa
  ...
[1215/123056:ERROR:payload_signer.cc(333)] PayloadVerifier::VerifySignature( signature_blob, public_key_path, payload_hash) failed.
[1215/123056:INFO:generate_delta_main.cc(177)] VerifySignedPayload failed

    ERROR: Failed to verify payload with delta_generator: marlin-ota-mismatching.zip

$ echo $?
1

Bug: 65261072
Test: See above.
Change-Id: Id2e065655ec49b80dd2b13c6a859f41913be055b
2017-12-15 12:45:09 -08:00
Tao Bao
d2ae0b0613 check_ota_package_signature.py: Set up PYTHONPATH.
... to include system/update_engine/scripts if ANDROID_BUILD_TOP is set
(e.g. after lunching a target).

Test: ./build/make/tools/releasetools/check_ota_package_signature.py
      works without manually setting PYTHONPATH.
Change-Id: I0c5101fab2dd69cb6a598b909aa04bc4d5f45284
2017-11-21 11:30:27 -08:00
Tao Bao
a198b1e964 releasetools: Validate A/B OTA payload signatures.
$ PYTHONPATH=$PYTHONPATH:system/update_engine/scripts \
    ./build/make/tools/releasetools/check_ota_package_signature.py \
    build/target/product/security/testkey.x509.pem \
    out/dist/aosp_marlin-ota-eng.zip

Package: out/dist/aosp_marlin-ota-eng.zip
Certificate: build/target/product/security/testkey.x509.pem
...
Whole package signature VERIFIED

Verifying A/B OTA payload signatures...
...
Payload signatures VERIFIED

Bug: 65261072
Test: Signed a package and its payload with the right keys; ran the
      command above.
Test: Signed the payload with a different key; ran the command above and
      observed the reported verification failure.
Change-Id: If626ecb327a9826cd0956eef94914c939068a7d1
2017-09-01 14:33:15 -07:00
Tao Bao
4c851b1098 Change the default parameter values in common.MakeTempFile().
tempfile.TemporaryFile() complains when 'None' is passed as the
prefix/suffix. It uses prefix='tmp' and suffix='' as the default values
and we should do the same.

Test: Call check_ota_package_signature.py and ota_from_target_files.py
and they still work.

Change-Id: I7fb023a3fd0b1a57c009631d0c57a7bb8e4cb5a3
2016-09-19 13:58:49 -07:00
Tao Bao
9c63fb59bd Add a script that verifies OTA package signature.
Currently it supports verifying packages signed with RSA algorithms
(v1-v4 as in bootable/recovery/verifier.cpp). No support for ECDSA (v5)
signed packages yet.

$ ./build/tools/releasetools/check_ota_package_signature.py \
    bootable/recovery/tests/testdata/testkey_v1.x509.pem \
    bootable/recovery/tests/testdata/otasigned_v1.zip

Package: bootable/recovery/tests/testdata/otasigned_v1.zip
Certificate: bootable/recovery/tests/testdata/testkey_v1.x509.pem
Comment length: 1738
Signed data length: 2269
Use SHA-256: False
Digest: 115e688ec3b77743070b743453e2fc6ce8754484

VERIFIED

Bug: 31523193
Test: Used the tool to verify existing packages (like above).

Change-Id: I71d3569e858c729cb64825c5c7688ededc397aa8
2016-09-16 15:08:40 -07:00