| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to convert a pem certificate file to some intermediate plain
text format; and parse that format under recovery mode. This is
uncessary since the x509.pem can be directly parsed with openssl
functions.
Add the function to load the public key from one x509.pem file and
corresponding unit tests. And we will add more cls to extract the pem
files from otacert.zip later.
Bug: 116655889
Test: verify package with 5 supported certficate versions
Change-Id: Ibc6c696c534567f005db75143cc4ef8d4bdea6a0
|
|
|
|
|
|
|
|
|
| |
Also drop the "bootable/recovery" path in LOCAL_C_INCLUDES from
applypatch modules.
Test: lunch aosp_{angler,bullhead,fugu,dragon,sailfish}-userdebug;
mmma bootable/recovery
Change-Id: Idd602a796894f971ee4f8fa3eafe36c42d9de986
|
|
|
|
|
|
|
|
| |
Add the O_CLOEXEC or 'e' accordingly.
Bug: 63510015
Test: recovery tests pass
Change-Id: I7094bcc6af22c9687eb535116b2ca6a59178b303
|
|\
| |
| |
| |
| |
| | |
am: 4efd353d8f
Change-Id: I8ae993749d5f2c58cc5ef23f90845cf5a0bf756d
|
| |
| |
| |
| |
| |
| |
| |
| | |
This functions do not change class variables
Would be good to mark them as const, so
class variables are not changed by coincidence
Change-Id: Iea34f6d26dbd1bde813035160e07ff2a681989e6
|
|\|
| |
| |
| |
| |
| | |
am: ea3d0b923d
Change-Id: I581e85f453fe1dc8b3a7cb6a7b660539f99ec55e
|
| |
| |
| |
| |
| |
| |
| | |
Test: mmma bootable/recovery
Test: recovery_unit_test passes.
Test: recovery_component_test passes.
Change-Id: If0bf25993158eaebeedff55ba4f4dd0f6e5f937d
|
|\|
| |
| |
| |
| |
| | |
am: 5b2bf90e13
Change-Id: I6e04bf2bc3dc8c978edafafcbb41401189865233
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We should not touch any data while verifying packages (or parsing the
in-memory ASN.1 structures).
Test: mmma bootable/recovery
Test: recovery_component_test passes.
Test: recovery_unit_test passes.
Change-Id: Ie990662c6451ec066a1807b3081c9296afbdb0bf
|
|\|
| |
| |
| |
| |
| | |
am: 64d25024b9
Change-Id: I36aed07781b1b9bff0ffe6cabeb5d1f3b8546072
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A follow-up to commit 5e535014dd7961fbf812abeaa27f3339775031f1.
Also clean up Android.mk, since libverifier no longer needs anything
from libminui.
Test: mmma bootable/recovery
Test: recovery_component_test passes.
Change-Id: I1c11e4bbeef67ca34a2054debf1f5b280d509217
|
|\|
| |
| |
| |
| | |
Test: I solemnly swear I tested this conflict resolution.
Change-Id: I9c1806eceb56712c4b3d1c67d54f4b21bd3fe50a
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
verify_file() has a dependency on the global variable of 'ui' for
posting the verification progress, which requires the users of
libverifier to provide a UI instance.
This CL adds an optional argument to verify_file() so that it can
post the progress through the provided callback function. As a result,
we can drop the MockUI class in verifier_test.cpp.
Test: recovery_component_test passes.
Test: verify_file() posts progress update when installing an OTA.
Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1
|
| |
| |
| |
| |
| | |
Test: mma
Change-Id: Ibdcf7b47e54d3739fb922f66996365763d2acfef
|
|\ \
| |/
|/|
| |
| |
| | |
am: e0d3b0ceab
Change-Id: I4fe8bdd81f8250b862b0018f0a52a76d37ee9d88
|
| |\
| | |
| | |
| | |
| | |
| | | |
am: 15ca2a4763
Change-Id: I5481d39f0d2fdb92c95e964d2a55512f4df3acb3
|
| | |\
| | | |
| | | |
| | | |
| | | |
| | | | |
am: fb80b4f72d
Change-Id: Iba2da78981e4bd7a2b263b2f6b18ab6c176e5fc8
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
The 'signature_start' variable marks the location of the signature
from the end of a zip archive. And a boundary check is missing where
'signature_start' should be within the EOCD comment field. This causes
problems when sideloading a malicious package. Also add a corresponding
test.
Bug: 31914369
Test: Verification fails correctly when sideloading recovery_test.zip on
angler.
Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1
(cherry-picked from f69e6a9475983b2ad46729e44ab58d2b22cd74d0)
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit 8584fcf677dd45b30121bd0490b06297e6be1871.
This CL re-lands commit c0319b60f56d445c2d1c74f551e01f069b028fe6.
The "stage" and "reason" variables are now declared as global by
dropping the static qualifier, because they may be used by vendor
recovery libraries.
Test: lunch aosp_angler-userdebug; mmma bootable/recovery
Test: lunch aosp_dragon-userdebug; mmma bootable/recovery
Change-Id: I252c346f450079478cff22bbff01590b8ab2e2b3
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This reverts commit c0319b60f56d445c2d1c74f551e01f069b028fe6.
Reason for revert: Broke builds.
Change-Id: I82aa880b83de5ae6c36fd7567cb001920559a972
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Remove the duplicate gCurrentUI variable in recovery.cpp;
- Refactor the load/save of locale functions;
- Clean up ui_print() to get rid of 256-byte buffer limit;
- Declare ui in common.h;
- Move the typedef of Volume into roots.h.
Test: Build and boot into recovery image.
Change-Id: Ia28c116858ca754133127a5ff9c722af67ad55b7
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Clean up the duplicated codes that handle the zip files in
bootable/recovery; and rename the library of the remaining
utility functions to libotautil.
Test: Update package installed successfully on angler.
Bug: 19472796
Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Clean up the recovery image and switch to libbase logging.
Bug: 28191554
Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35
Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
|
|\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 34ca089
* commit '34ca0892f4ae440becbe8097e7b68cd5a6d494d3':
recovery: Dump the signature in the zip package.
Change-Id: I22eb6256f3204f2eac80e729cd0cd5b862b45863
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
We have been occasionally seeing "signature verification failed" error
message when applying an update. Make more verbose output to help
debugging.
Bug: 28246534
Change-Id: Id83633adc9b86b3fd36abbb504e430f0816f12e4
|
|\| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
am: dd895d0
* commit 'dd895d0adaa691a078f18a95a7f5ac0eaf776cae':
Decrease OTA package verification times further.
Change-Id: If3bee4cbe66e576193556472776a232c9460af9a
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Timing from Nexus 5X:
89 MiB OTA update package: 1.4 s -> 0.6 s (decreased by 57%)
1196 MiB OTA update package: 8.0 s -> 7.5 s (decreased by 6%)
Bug: http://b/28135231
Change-Id: Id91f2ad15df2bffb9f8a4b4ec5a57657a02847ec
|
|\ \ \ \
| |/ / /
|/| | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
am: 405db92
* commit '405db92b6e6384f0f22ba6be338c08e8f1aad345':
Fix IWYU errors.
Change-Id: Iedb6480e232c560ff9095f5593f13ad412616e4d
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This fixes build errors with BoringSSL master. (The cpp file uses functions
from bn.h and neither it nor the header includes it.)
Change-Id: If7f38aa0b931aa7940079bc006c7283b31f3b774
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
|
|/ / /
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with
merge conflict resolution, extra logging in verifier.cpp, and
an increase in the hash chunk size from 4KiB to 1MiB.
Bug: http://b/28135231
Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
|
|/ /
| |
| |
| |
| |
| |
| |
| | |
Move to using std::vector and std::unique_ptr to manage key
certificates to stop memory leaks.
Bug: 26908001
Change-Id: Ia5f799bc8dcc036a0ffae5eaa8d9f6e09abd031c
|
|/
|
|
| |
Change-Id: I0737456e0221ebe9cc854d65c95a7d37d0869d56
|
|\
| |
| |
| |
| | |
* commit '4b6de1ba1ce0fff95c18a8abb7ba6e5762006d49':
Recovery 64-bit compile issues
|
| |
| |
| |
| | |
Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes minzip and recovery's file signature verification to work on
memory regions, rather than files.
For packages which are regular files, install.cpp now mmap()s them
into memory and then passes the mapped memory to the verifier and to
the minzip library.
Support for files which are raw block maps (which will be used when we
have packages written to encrypted data partitions) is present but
largely untested so far.
Bug: 12188746
Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
|
|
|
|
|
|
|
|
| |
This adds support for key version 5 which is an EC key using the NIST
P-256 curve parameters. OTAs may be signed with these keys using the
ECDSA signature algorithm with SHA-256.
Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
|
|
|
|
|
|
| |
(cherry picked from commit bac7fba02763ae5e78e8e4ba0bea727330ad953e)
Change-Id: I01c38d7fea088622a8b0bbf2c833fa2d969417af
|
|
|
|
|
|
|
| |
Add an option to verifier_test to load keys from a file, the way the
recovery does.
Change-Id: Icba0e391164f2c1a9fefeab4b0bcb878e91d17b4
|
|
|
|
|
|
|
|
|
|
|
| |
Move all the functions in ui.c to be members of a ScreenRecoveryUI
class, which is a subclass of an abstract RecoveryUI class. Recovery
then creates a global singleton instance of this class and then invoke
the methods to drive the UI. We use this to allow substitution of a
different RecoveryUI implementation for devices with radically
different form factors (eg, that don't have a screen).
Change-Id: I76bdd34eca506149f4cc07685df6a4890473f3d9
|
|
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555
|