Use BoringSSL instead of mincrypt to speed up package verification.
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with
merge conflict resolution, extra logging in verifier.cpp, and
an increase in the hash chunk size from 4KiB to 1MiB.
Bug: http://b/28135231
Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
diff --git a/install.cpp b/install.cpp
index 8a82d7b..d009513 100644
--- a/install.cpp
+++ b/install.cpp
@@ -23,19 +23,19 @@
#include <sys/wait.h>
#include <unistd.h>
+#include <chrono>
#include <vector>
#include "common.h"
#include "install.h"
-#include "mincrypt/rsa.h"
#include "minui/minui.h"
#include "minzip/SysUtil.h"
#include "minzip/Zip.h"
#include "mtdutils/mounts.h"
#include "mtdutils/mtdutils.h"
#include "roots.h"
-#include "verifier.h"
#include "ui.h"
+#include "verifier.h"
extern RecoveryUI* ui;
@@ -229,6 +229,7 @@
return INSTALL_CORRUPT;
}
+ // Load keys.
std::vector<Certificate> loadedKeys;
if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) {
LOGE("Failed to load keys\n");
@@ -236,18 +237,19 @@
}
LOGI("%zu key(s) loaded from %s\n", loadedKeys.size(), PUBLIC_KEYS_FILE);
+ // Verify package.
ui->Print("Verifying update package...\n");
-
+ auto t0 = std::chrono::system_clock::now();
int err = verify_file(map.addr, map.length, loadedKeys);
- LOGI("verify_file returned %d\n", err);
+ std::chrono::duration<double> duration = std::chrono::system_clock::now() - t0;
+ ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err);
if (err != VERIFY_SUCCESS) {
LOGE("signature verification failed\n");
sysReleaseMap(&map);
return INSTALL_CORRUPT;
}
- /* Try to open the package.
- */
+ // Try to open the package.
ZipArchive zip;
err = mzOpenZipArchive(map.addr, map.length, &zip);
if (err != 0) {
@@ -256,8 +258,7 @@
return INSTALL_CORRUPT;
}
- /* Verify and install the contents of the package.
- */
+ // Verify and install the contents of the package.
ui->Print("Installing update...\n");
ui->SetEnableReboot(false);
int result = try_update_binary(path, &zip, wipe_cache);