Merge "recovery: Dump the signature in the zip package." into nyc-dev
am: 34ca089

* commit '34ca0892f4ae440becbe8097e7b68cd5a6d494d3':
  recovery: Dump the signature in the zip package.

Change-Id: I674e1a43aafe0140371b123bb7e14fc928c43988
diff --git a/print_sha1.h b/print_sha1.h
index fa3d7e0..c7c1f36 100644
--- a/print_sha1.h
+++ b/print_sha1.h
@@ -22,7 +22,7 @@
 
 #include "openssl/sha.h"
 
-static std::string print_sha1(const uint8_t sha1[SHA_DIGEST_LENGTH], size_t len) {
+static std::string print_sha1(const uint8_t* sha1, size_t len) {
     const char* hex = "0123456789abcdef";
     std::string result = "";
     for (size_t i = 0; i < len; ++i) {
@@ -40,4 +40,8 @@
     return print_sha1(sha1, 4);
 }
 
+static std::string print_hex(const uint8_t* bytes, size_t len) {
+  return print_sha1(bytes, len);
+}
+
 #endif  // RECOVERY_PRINT_SHA1_H
diff --git a/verifier.cpp b/verifier.cpp
index f5299b4..16cc7cf 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -27,6 +27,7 @@
 
 #include "asn1_decoder.h"
 #include "common.h"
+#include "print_sha1.h"
 #include "ui.h"
 #include "verifier.h"
 
@@ -230,9 +231,14 @@
     uint8_t* sig_der = nullptr;
     size_t sig_der_length = 0;
 
+    uint8_t* signature = eocd + eocd_size - signature_start;
     size_t signature_size = signature_start - FOOTER_SIZE;
-    if (!read_pkcs7(eocd + eocd_size - signature_start, signature_size, &sig_der,
-            &sig_der_length)) {
+
+    LOGI("signature (offset: 0x%zx, length: %zu): %s\n",
+            length - signature_start, signature_size,
+            print_hex(signature, signature_size).c_str());
+
+    if (!read_pkcs7(signature, signature_size, &sig_der, &sig_der_length)) {
         LOGE("Could not find signature DER block\n");
         return VERIFY_FAILURE;
     }
@@ -287,6 +293,13 @@
         }
         i++;
     }
+
+    if (need_sha1) {
+        LOGI("SHA-1 digest: %s\n", print_hex(sha1, SHA_DIGEST_LENGTH).c_str());
+    }
+    if (need_sha256) {
+        LOGI("SHA-256 digest: %s\n", print_hex(sha256, SHA256_DIGEST_LENGTH).c_str());
+    }
     free(sig_der);
     LOGE("failed to verify whole-file signature\n");
     return VERIFY_FAILURE;