Merge "minui: Fix the wrong move of the callback."
diff --git a/Android.bp b/Android.bp
index afa0337..10f6c79 100644
--- a/Android.bp
+++ b/Android.bp
@@ -175,6 +175,7 @@
"fsck_unshare_blocks.cpp",
"fuse_sdcard_provider.cpp",
"install.cpp",
+ "package.cpp",
"recovery.cpp",
"roots.cpp",
],
diff --git a/install.cpp b/install.cpp
index a7868fa..05f9af7 100644
--- a/install.cpp
+++ b/install.cpp
@@ -51,6 +51,7 @@
#include "otautil/paths.h"
#include "otautil/sysutil.h"
#include "otautil/thermalutil.h"
+#include "package.h"
#include "private/install.h"
#include "roots.h"
#include "ui.h"
@@ -585,34 +586,29 @@
}
}
- MemMapping map;
- if (!map.MapFile(path)) {
- LOG(ERROR) << "failed to map file";
+ auto package = Package::CreateMemoryPackage(
+ path, std::bind(&RecoveryUI::SetProgress, ui, std::placeholders::_1));
+ if (!package) {
log_buffer->push_back(android::base::StringPrintf("error: %d", kMapFileFailure));
return INSTALL_CORRUPT;
}
// Verify package.
- if (!verify_package(map.addr, map.length)) {
+ if (!verify_package(package.get())) {
log_buffer->push_back(android::base::StringPrintf("error: %d", kZipVerificationFailure));
return INSTALL_CORRUPT;
}
// Try to open the package.
- ZipArchiveHandle zip;
- int err = OpenArchiveFromMemory(map.addr, map.length, path.c_str(), &zip);
- if (err != 0) {
- LOG(ERROR) << "Can't open " << path << " : " << ErrorCodeString(err);
+ ZipArchiveHandle zip = package->GetZipArchiveHandle();
+ if (!zip) {
log_buffer->push_back(android::base::StringPrintf("error: %d", kZipOpenFailure));
-
- CloseArchive(zip);
return INSTALL_CORRUPT;
}
// Additionally verify the compatibility of the package.
if (!verify_package_compatibility(zip)) {
log_buffer->push_back(android::base::StringPrintf("error: %d", kPackageCompatibilityFailure));
- CloseArchive(zip);
return INSTALL_CORRUPT;
}
@@ -626,7 +622,6 @@
ui->SetEnableReboot(true);
ui->Print("\n");
- CloseArchive(zip);
return result;
}
@@ -705,7 +700,7 @@
return result;
}
-bool verify_package(const unsigned char* package_data, size_t package_size) {
+bool verify_package(Package* package) {
static constexpr const char* CERTIFICATE_ZIP_FILE = "/system/etc/security/otacerts.zip";
std::vector<Certificate> loaded_keys = LoadKeysFromZipfile(CERTIFICATE_ZIP_FILE);
if (loaded_keys.empty()) {
@@ -717,8 +712,7 @@
// Verify package.
ui->Print("Verifying update package...\n");
auto t0 = std::chrono::system_clock::now();
- int err = verify_file(package_data, package_size, loaded_keys,
- std::bind(&RecoveryUI::SetProgress, ui, std::placeholders::_1));
+ int err = verify_file(package, loaded_keys);
std::chrono::duration<double> duration = std::chrono::system_clock::now() - t0;
ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err);
if (err != VERIFY_SUCCESS) {
diff --git a/install.h b/install.h
index c6db1d1..7b6267b 100644
--- a/install.h
+++ b/install.h
@@ -21,9 +21,12 @@
#include <map>
#include <string>
+#include <vector>
#include <ziparchive/zip_archive.h>
+#include "package.h"
+
enum InstallResult {
INSTALL_SUCCESS,
INSTALL_ERROR,
@@ -45,14 +48,17 @@
int install_package(const std::string& package, bool* wipe_cache, bool needs_mount,
int retry_count);
-// Verify the package by ota keys. Return true if the package is verified successfully,
-// otherwise return false.
-bool verify_package(const unsigned char* package_data, size_t package_size);
+// Verifies the package by ota keys. Returns true if the package is verified successfully,
+// otherwise returns false.
+bool verify_package(Package* package);
// Reads meta data file of the package; parses each line in the format "key=value"; and writes the
// result to |metadata|. Return true if succeed, otherwise return false.
bool ReadMetadataFromPackage(ZipArchiveHandle zip, std::map<std::string, std::string>* metadata);
+// Reads the "recovery.wipe" entry in the zip archive returns a list of partitions to wipe.
+std::vector<std::string> GetWipePartitionList(const std::string& wipe_package);
+
// Verifies the compatibility info in a Treble-compatible package. Returns true directly if the
// entry doesn't exist.
bool verify_package_compatibility(ZipArchiveHandle package_zip);
diff --git a/package.cpp b/package.cpp
new file mode 100644
index 0000000..d404278
--- /dev/null
+++ b/package.cpp
@@ -0,0 +1,154 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "package.h"
+
+#include <string.h>
+
+#include <android-base/logging.h>
+#include <android-base/stringprintf.h>
+#include <openssl/sha.h>
+
+#include "otautil/error_code.h"
+#include "otautil/sysutil.h"
+
+// This class wraps the package in memory, i.e. a memory mapped package, or a package loaded
+// to a string/vector.
+class MemoryPackage : public Package {
+ public:
+ // Constructs the class from a file. We will memory maps the file later.
+ MemoryPackage(const std::string& path, std::unique_ptr<MemMapping> map,
+ const std::function<void(float)>& set_progress);
+
+ // Constructs the class from the package bytes in |content|.
+ MemoryPackage(std::vector<uint8_t> content, const std::function<void(float)>& set_progress);
+
+ ~MemoryPackage() override;
+
+ // Memory maps the package file if necessary. Initializes the start address and size of the
+ // package.
+ uint64_t GetPackageSize() const override {
+ return package_size_;
+ }
+
+ bool ReadFullyAtOffset(uint8_t* buffer, uint64_t byte_count, uint64_t offset) override;
+
+ ZipArchiveHandle GetZipArchiveHandle() override;
+
+ bool UpdateHashAtOffset(const std::vector<HasherUpdateCallback>& hashers, uint64_t start,
+ uint64_t length) override;
+
+ private:
+ const uint8_t* addr_; // Start address of the package in memory.
+ uint64_t package_size_; // Package size in bytes.
+
+ // The memory mapped package.
+ std::unique_ptr<MemMapping> map_;
+ // A copy of the package content, valid only if we create the class with the exact bytes of
+ // the package.
+ std::vector<uint8_t> package_content_;
+ // The physical path to the package, empty if we create the class with the package content.
+ std::string path_;
+
+ // The ZipArchiveHandle of the package.
+ ZipArchiveHandle zip_handle_;
+};
+
+// TODO(xunchang) Implement the PackageFromFd.
+
+void Package::SetProgress(float progress) {
+ if (set_progress_) {
+ set_progress_(progress);
+ }
+}
+
+std::unique_ptr<Package> Package::CreateMemoryPackage(
+ const std::string& path, const std::function<void(float)>& set_progress) {
+ std::unique_ptr<MemMapping> mmap = std::make_unique<MemMapping>();
+ if (!mmap->MapFile(path)) {
+ LOG(ERROR) << "failed to map file";
+ return nullptr;
+ }
+
+ return std::make_unique<MemoryPackage>(path, std::move(mmap), set_progress);
+}
+
+std::unique_ptr<Package> Package::CreateMemoryPackage(
+ std::vector<uint8_t> content, const std::function<void(float)>& set_progress) {
+ return std::make_unique<MemoryPackage>(std::move(content), set_progress);
+}
+
+MemoryPackage::MemoryPackage(const std::string& path, std::unique_ptr<MemMapping> map,
+ const std::function<void(float)>& set_progress)
+ : map_(std::move(map)), path_(path), zip_handle_(nullptr) {
+ addr_ = map_->addr;
+ package_size_ = map_->length;
+ set_progress_ = set_progress;
+}
+
+MemoryPackage::MemoryPackage(std::vector<uint8_t> content,
+ const std::function<void(float)>& set_progress)
+ : package_content_(std::move(content)), zip_handle_(nullptr) {
+ CHECK(!package_content_.empty());
+ addr_ = package_content_.data();
+ package_size_ = package_content_.size();
+ set_progress_ = set_progress;
+}
+
+MemoryPackage::~MemoryPackage() {
+ if (zip_handle_) {
+ CloseArchive(zip_handle_);
+ }
+}
+
+bool MemoryPackage::ReadFullyAtOffset(uint8_t* buffer, uint64_t byte_count, uint64_t offset) {
+ if (byte_count > package_size_ || offset > package_size_ - byte_count) {
+ LOG(ERROR) << "Out of bound read, offset: " << offset << ", size: " << byte_count
+ << ", total package_size: " << package_size_;
+ return false;
+ }
+ memcpy(buffer, addr_ + offset, byte_count);
+ return true;
+}
+
+bool MemoryPackage::UpdateHashAtOffset(const std::vector<HasherUpdateCallback>& hashers,
+ uint64_t start, uint64_t length) {
+ if (length > package_size_ || start > package_size_ - length) {
+ LOG(ERROR) << "Out of bound read, offset: " << start << ", size: " << length
+ << ", total package_size: " << package_size_;
+ return false;
+ }
+
+ for (const auto& hasher : hashers) {
+ hasher(addr_ + start, length);
+ }
+ return true;
+}
+
+ZipArchiveHandle MemoryPackage::GetZipArchiveHandle() {
+ if (zip_handle_) {
+ return zip_handle_;
+ }
+
+ if (auto err = OpenArchiveFromMemory(const_cast<uint8_t*>(addr_), package_size_, path_.c_str(),
+ &zip_handle_);
+ err != 0) {
+ LOG(ERROR) << "Can't open package" << path_ << " : " << ErrorCodeString(err);
+ return nullptr;
+ }
+
+ return zip_handle_;
+}
diff --git a/package.h b/package.h
new file mode 100644
index 0000000..5eef9c9
--- /dev/null
+++ b/package.h
@@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <stdint.h>
+
+#include <functional>
+#include <map>
+#include <memory>
+#include <string>
+#include <vector>
+
+#include <ziparchive/zip_archive.h>
+
+#include "verifier.h"
+
+// This class serves as a wrapper for an OTA update package. It aims to provide the common
+// interface for both packages loaded in memory and packages read from fd.
+class Package : public VerifierInterface {
+ public:
+ virtual ~Package() = default;
+
+ // Opens the package as a zip file and returns the ZipArchiveHandle.
+ virtual ZipArchiveHandle GetZipArchiveHandle() = 0;
+
+ // Updates the progress in fraction during package verification.
+ void SetProgress(float progress) override;
+
+ static std::unique_ptr<Package> CreateMemoryPackage(
+ const std::string& path, const std::function<void(float)>& set_progress);
+
+ static std::unique_ptr<Package> CreateMemoryPackage(
+ std::vector<uint8_t> content, const std::function<void(float)>& set_progress);
+
+ protected:
+ // An optional function to update the progress.
+ std::function<void(float)> set_progress_;
+};
diff --git a/recovery.cpp b/recovery.cpp
index 703923e..2c9f9de 100644
--- a/recovery.cpp
+++ b/recovery.cpp
@@ -64,6 +64,7 @@
#include "otautil/error_code.h"
#include "otautil/paths.h"
#include "otautil/sysutil.h"
+#include "package.h"
#include "roots.h"
#include "screen_ui.h"
#include "ui.h"
@@ -497,45 +498,107 @@
return true;
}
-// Check if the wipe package matches expectation:
+static std::string ReadWipePackage(size_t wipe_package_size) {
+ if (wipe_package_size == 0) {
+ LOG(ERROR) << "wipe_package_size is zero";
+ return "";
+ }
+
+ std::string wipe_package;
+ std::string err_str;
+ if (!read_wipe_package(&wipe_package, wipe_package_size, &err_str)) {
+ PLOG(ERROR) << "Failed to read wipe package" << err_str;
+ return "";
+ }
+ return wipe_package;
+}
+
+// Checks if the wipe package matches expectation. If the check passes, reads the list of
+// partitions to wipe from the package. Checks include
// 1. verify the package.
// 2. check metadata (ota-type, pre-device and serial number if having one).
-static bool check_wipe_package(size_t wipe_package_size) {
- if (wipe_package_size == 0) {
- LOG(ERROR) << "wipe_package_size is zero";
- return false;
- }
- std::string wipe_package;
- std::string err_str;
- if (!read_wipe_package(&wipe_package, wipe_package_size, &err_str)) {
- PLOG(ERROR) << "Failed to read wipe package";
- return false;
- }
- if (!verify_package(reinterpret_cast<const unsigned char*>(wipe_package.data()),
- wipe_package.size())) {
- LOG(ERROR) << "Failed to verify package";
- return false;
- }
+static bool CheckWipePackage(const std::string& wipe_package) {
+ auto package = Package::CreateMemoryPackage(
+ std::vector<uint8_t>(wipe_package.begin(), wipe_package.end()), nullptr);
- // Extract metadata
- ZipArchiveHandle zip;
- int err = OpenArchiveFromMemory(static_cast<void*>(&wipe_package[0]), wipe_package.size(),
- "wipe_package", &zip);
- if (err != 0) {
- LOG(ERROR) << "Can't open wipe package : " << ErrorCodeString(err);
- return false;
+ if (!package || !verify_package(package.get())) {
+ LOG(ERROR) << "Failed to verify package";
+ return false;
+ }
+
+ // TODO(xunchang) get zip archive from package.
+ ZipArchiveHandle zip;
+ if (auto err =
+ OpenArchiveFromMemory(const_cast<void*>(static_cast<const void*>(&wipe_package[0])),
+ wipe_package.size(), "wipe_package", &zip);
+ err != 0) {
+ LOG(ERROR) << "Can't open wipe package : " << ErrorCodeString(err);
+ return false;
+ }
+
+ std::map<std::string, std::string> metadata;
+ if (!ReadMetadataFromPackage(zip, &metadata)) {
+ LOG(ERROR) << "Failed to parse metadata in the zip file";
+ return false;
+ }
+
+ int result = CheckPackageMetadata(metadata, OtaType::BRICK);
+ CloseArchive(zip);
+
+ return result == 0;
+}
+
+std::vector<std::string> GetWipePartitionList(const std::string& wipe_package) {
+ ZipArchiveHandle zip;
+ if (auto err =
+ OpenArchiveFromMemory(const_cast<void*>(static_cast<const void*>(&wipe_package[0])),
+ wipe_package.size(), "wipe_package", &zip);
+ err != 0) {
+ LOG(ERROR) << "Can't open wipe package : " << ErrorCodeString(err);
+ return {};
+ }
+
+ static constexpr const char* RECOVERY_WIPE_ENTRY_NAME = "recovery.wipe";
+
+ std::string partition_list_content;
+ ZipString path(RECOVERY_WIPE_ENTRY_NAME);
+ ZipEntry entry;
+ if (FindEntry(zip, path, &entry) == 0) {
+ uint32_t length = entry.uncompressed_length;
+ partition_list_content = std::string(length, '\0');
+ if (auto err = ExtractToMemory(
+ zip, &entry, reinterpret_cast<uint8_t*>(partition_list_content.data()), length);
+ err != 0) {
+ LOG(ERROR) << "Failed to extract " << RECOVERY_WIPE_ENTRY_NAME << ": "
+ << ErrorCodeString(err);
+ CloseArchive(zip);
+ return {};
}
+ } else {
+ LOG(INFO) << "Failed to find " << RECOVERY_WIPE_ENTRY_NAME
+ << ", falling back to use the partition list on device.";
- std::map<std::string, std::string> metadata;
- if (!ReadMetadataFromPackage(zip, &metadata)) {
- LOG(ERROR) << "Failed to parse metadata in the zip file";
- return false;
+ static constexpr const char* RECOVERY_WIPE_ON_DEVICE = "/etc/recovery.wipe";
+ if (!android::base::ReadFileToString(RECOVERY_WIPE_ON_DEVICE, &partition_list_content)) {
+ PLOG(ERROR) << "failed to read \"" << RECOVERY_WIPE_ON_DEVICE << "\"";
+ CloseArchive(zip);
+ return {};
}
+ }
- int result = CheckPackageMetadata(metadata, OtaType::BRICK);
- CloseArchive(zip);
+ std::vector<std::string> result;
+ std::vector<std::string> lines = android::base::Split(partition_list_content, "\n");
+ for (const std::string& line : lines) {
+ std::string partition = android::base::Trim(line);
+ // Ignore '#' comment or empty lines.
+ if (android::base::StartsWith(partition, "#") || partition.empty()) {
+ continue;
+ }
+ result.push_back(line);
+ }
- return result == 0;
+ CloseArchive(zip);
+ return result;
}
// Wipes the current A/B device, with a secure wipe of all the partitions in RECOVERY_WIPE.
@@ -543,25 +606,23 @@
ui->SetBackground(RecoveryUI::ERASING);
ui->SetProgressType(RecoveryUI::INDETERMINATE);
- if (!check_wipe_package(wipe_package_size)) {
+ std::string wipe_package = ReadWipePackage(wipe_package_size);
+ if (wipe_package.empty()) {
+ return false;
+ }
+
+ if (!CheckWipePackage(wipe_package)) {
LOG(ERROR) << "Failed to verify wipe package";
return false;
}
- static constexpr const char* RECOVERY_WIPE = "/etc/recovery.wipe";
- std::string partition_list;
- if (!android::base::ReadFileToString(RECOVERY_WIPE, &partition_list)) {
- LOG(ERROR) << "failed to read \"" << RECOVERY_WIPE << "\"";
+
+ std::vector<std::string> partition_list = GetWipePartitionList(wipe_package);
+ if (partition_list.empty()) {
+ LOG(ERROR) << "Empty wipe ab partition list";
return false;
}
- std::vector<std::string> lines = android::base::Split(partition_list, "\n");
- for (const std::string& line : lines) {
- std::string partition = android::base::Trim(line);
- // Ignore '#' comment or empty lines.
- if (android::base::StartsWith(partition, "#") || partition.empty()) {
- continue;
- }
-
+ for (const auto& partition : partition_list) {
// Proceed anyway even if it fails to wipe some partition.
secure_wipe_partition(partition);
}
diff --git a/tests/component/install_test.cpp b/tests/component/install_test.cpp
index 47a5471..1178136 100644
--- a/tests/component/install_test.cpp
+++ b/tests/component/install_test.cpp
@@ -107,6 +107,29 @@
CloseArchive(zip);
}
+TEST(InstallTest, read_wipe_ab_partition_list) {
+ std::vector<std::string> partition_list = {
+ "/dev/block/bootdevice/by-name/system_a", "/dev/block/bootdevice/by-name/system_b",
+ "/dev/block/bootdevice/by-name/vendor_a", "/dev/block/bootdevice/by-name/vendor_b",
+ "/dev/block/bootdevice/by-name/userdata", "# Wipe the boot partitions last",
+ "/dev/block/bootdevice/by-name/boot_a", "/dev/block/bootdevice/by-name/boot_b",
+ };
+ TemporaryFile temp_file;
+ BuildZipArchive({ { "recovery.wipe", android::base::Join(partition_list, '\n') } },
+ temp_file.release(), kCompressDeflated);
+ std::string wipe_package;
+ ASSERT_TRUE(android::base::ReadFileToString(temp_file.path, &wipe_package));
+
+ std::vector<std::string> read_partition_list = GetWipePartitionList(wipe_package);
+ std::vector<std::string> expected = {
+ "/dev/block/bootdevice/by-name/system_a", "/dev/block/bootdevice/by-name/system_b",
+ "/dev/block/bootdevice/by-name/vendor_a", "/dev/block/bootdevice/by-name/vendor_b",
+ "/dev/block/bootdevice/by-name/userdata", "/dev/block/bootdevice/by-name/boot_a",
+ "/dev/block/bootdevice/by-name/boot_b",
+ };
+ ASSERT_EQ(expected, read_partition_list);
+}
+
TEST(InstallTest, verify_package_compatibility_with_libvintf_malformed_xml) {
TemporaryFile compatibility_zip_file;
std::string malformed_xml = "malformed";
diff --git a/tests/component/verifier_test.cpp b/tests/component/verifier_test.cpp
index 9fcaa0b..c26d76d 100644
--- a/tests/component/verifier_test.cpp
+++ b/tests/component/verifier_test.cpp
@@ -36,6 +36,7 @@
#include "common/test_constants.h"
#include "otautil/sysutil.h"
+#include "package.h"
#include "verifier.h"
using namespace std::string_literals;
@@ -47,15 +48,22 @@
std::vector<uint8_t>(testkey_string.begin(), testkey_string.end()), cert));
}
+static void VerifyFile(const std::string& content, const std::vector<Certificate>& keys,
+ int expected) {
+ auto package =
+ Package::CreateMemoryPackage(std::vector<uint8_t>(content.begin(), content.end()), nullptr);
+ ASSERT_NE(nullptr, package);
+
+ ASSERT_EQ(expected, verify_file(package.get(), keys));
+}
+
static void VerifyPackageWithCertificates(const std::string& name,
const std::vector<Certificate>& certs) {
- std::string package = from_testdata_base(name);
- MemMapping memmap;
- if (!memmap.MapFile(package)) {
- FAIL() << "Failed to mmap " << package << ": " << strerror(errno) << "\n";
- }
+ std::string path = from_testdata_base(name);
+ auto package = Package::CreateMemoryPackage(path, nullptr);
+ ASSERT_NE(nullptr, package);
- ASSERT_EQ(VERIFY_SUCCESS, verify_file(memmap.addr, memmap.length, certs));
+ ASSERT_EQ(VERIFY_SUCCESS, verify_file(package.get(), certs));
}
static void VerifyPackageWithSingleCertificate(const std::string& name, Certificate&& cert) {
@@ -231,20 +239,19 @@
protected:
void SetUp() override {
std::vector<std::string> args = GetParam();
- std::string package = from_testdata_base(args[0]);
- if (!memmap.MapFile(package)) {
- FAIL() << "Failed to mmap " << package << ": " << strerror(errno) << "\n";
- }
+ std::string path = from_testdata_base(args[0]);
+ package_ = Package::CreateMemoryPackage(path, nullptr);
+ ASSERT_NE(nullptr, package_);
for (auto it = ++args.cbegin(); it != args.cend(); ++it) {
std::string public_key_file = from_testdata_base("testkey_" + *it + ".x509.pem");
- certs.emplace_back(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
- LoadKeyFromFile(public_key_file, &certs.back());
+ certs_.emplace_back(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
+ LoadKeyFromFile(public_key_file, &certs_.back());
}
}
- MemMapping memmap;
- std::vector<Certificate> certs;
+ std::unique_ptr<Package> package_;
+ std::vector<Certificate> certs_;
};
class VerifierSuccessTest : public VerifierTest {
@@ -264,9 +271,7 @@
// Alter the footer.
package[package.size() - 5] = '\x05';
- ASSERT_EQ(VERIFY_FAILURE,
- verify_file(reinterpret_cast<const unsigned char*>(package.data()), package.size(),
- certs));
+ VerifyFile(package, certs, VERIFY_FAILURE);
}
TEST(VerifierTest, BadPackage_AlteredContent) {
@@ -281,15 +286,11 @@
// Alter the content.
std::string altered1(package);
altered1[50] += 1;
- ASSERT_EQ(VERIFY_FAILURE,
- verify_file(reinterpret_cast<const unsigned char*>(altered1.data()), altered1.size(),
- certs));
+ VerifyFile(altered1, certs, VERIFY_FAILURE);
std::string altered2(package);
altered2[10] += 1;
- ASSERT_EQ(VERIFY_FAILURE,
- verify_file(reinterpret_cast<const unsigned char*>(altered2.data()), altered2.size(),
- certs));
+ VerifyFile(altered2, certs, VERIFY_FAILURE);
}
TEST(VerifierTest, BadPackage_SignatureStartOutOfBounds) {
@@ -299,16 +300,15 @@
// Signature start is 65535 (0xffff) while comment size is 0 (Bug: 31914369).
std::string package = "\x50\x4b\x05\x06"s + std::string(12, '\0') + "\xff\xff\xff\xff\x00\x00"s;
- ASSERT_EQ(VERIFY_FAILURE, verify_file(reinterpret_cast<const unsigned char*>(package.data()),
- package.size(), certs));
+ VerifyFile(package, certs, VERIFY_FAILURE);
}
TEST_P(VerifierSuccessTest, VerifySucceed) {
- ASSERT_EQ(verify_file(memmap.addr, memmap.length, certs, nullptr), VERIFY_SUCCESS);
+ ASSERT_EQ(VERIFY_SUCCESS, verify_file(package_.get(), certs_));
}
TEST_P(VerifierFailureTest, VerifyFailure) {
- ASSERT_EQ(verify_file(memmap.addr, memmap.length, certs, nullptr), VERIFY_FAILURE);
+ ASSERT_EQ(VERIFY_FAILURE, verify_file(package_.get(), certs_));
}
INSTANTIATE_TEST_CASE_P(SingleKeySuccess, VerifierSuccessTest,
diff --git a/verifier.cpp b/verifier.cpp
index 44bd4e1..b6c3895 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -117,19 +117,9 @@
return true;
}
-/*
- * Looks for an RSA signature embedded in the .ZIP file comment given the path to the zip. Verifies
- * that it matches one of the given public keys. A callback function can be optionally provided for
- * posting the progress.
- *
- * Returns VERIFY_SUCCESS or VERIFY_FAILURE (if any error is encountered or no key matches the
- * signature).
- */
-int verify_file(const unsigned char* addr, size_t length, const std::vector<Certificate>& keys,
- const std::function<void(float)>& set_progress) {
- if (set_progress) {
- set_progress(0.0);
- }
+int verify_file(VerifierInterface* package, const std::vector<Certificate>& keys) {
+ CHECK(package);
+ package->SetProgress(0.0);
// An archive with a whole-file signature will end in six bytes:
//
@@ -140,13 +130,18 @@
// the whole comment.
#define FOOTER_SIZE 6
+ uint64_t length = package->GetPackageSize();
if (length < FOOTER_SIZE) {
LOG(ERROR) << "not big enough to contain footer";
return VERIFY_FAILURE;
}
- const unsigned char* footer = addr + length - FOOTER_SIZE;
+ uint8_t footer[FOOTER_SIZE];
+ if (!package->ReadFullyAtOffset(footer, FOOTER_SIZE, length - FOOTER_SIZE)) {
+ LOG(ERROR) << "Failed to read footer";
+ return VERIFY_FAILURE;
+ }
if (footer[2] != 0xff || footer[3] != 0xff) {
LOG(ERROR) << "footer is wrong";
@@ -182,9 +177,13 @@
// Determine how much of the file is covered by the signature. This is everything except the
// signature data and length, which includes all of the EOCD except for the comment length field
// (2 bytes) and the comment data.
- size_t signed_len = length - eocd_size + EOCD_HEADER_SIZE - 2;
+ uint64_t signed_len = length - eocd_size + EOCD_HEADER_SIZE - 2;
- const unsigned char* eocd = addr + length - eocd_size;
+ uint8_t eocd[eocd_size];
+ if (!package->ReadFullyAtOffset(eocd, eocd_size, length - eocd_size)) {
+ LOG(ERROR) << "Failed to read EOCD of " << eocd_size << " bytes";
+ return VERIFY_FAILURE;
+ }
// If this is really is the EOCD record, it will begin with the magic number $50 $4b $05 $06.
if (eocd[0] != 0x50 || eocd[1] != 0x4b || eocd[2] != 0x05 || eocd[3] != 0x06) {
@@ -216,24 +215,29 @@
SHA1_Init(&sha1_ctx);
SHA256_Init(&sha256_ctx);
+ std::vector<HasherUpdateCallback> hashers;
+ if (need_sha1) {
+ hashers.emplace_back(
+ std::bind(&SHA1_Update, &sha1_ctx, std::placeholders::_1, std::placeholders::_2));
+ }
+ if (need_sha256) {
+ hashers.emplace_back(
+ std::bind(&SHA256_Update, &sha256_ctx, std::placeholders::_1, std::placeholders::_2));
+ }
+
double frac = -1.0;
- size_t so_far = 0;
+ uint64_t so_far = 0;
while (so_far < signed_len) {
- // On a Nexus 5X, experiment showed 16MiB beat 1MiB by 6% faster for a
- // 1196MiB full OTA and 60% for an 89MiB incremental OTA.
- // http://b/28135231.
- size_t size = std::min(signed_len - so_far, 16 * MiB);
+ // On a Nexus 5X, experiment showed 16MiB beat 1MiB by 6% faster for a 1196MiB full OTA and
+ // 60% for an 89MiB incremental OTA. http://b/28135231.
+ uint64_t read_size = std::min<uint64_t>(signed_len - so_far, 16 * MiB);
+ package->UpdateHashAtOffset(hashers, so_far, read_size);
+ so_far += read_size;
- if (need_sha1) SHA1_Update(&sha1_ctx, addr + so_far, size);
- if (need_sha256) SHA256_Update(&sha256_ctx, addr + so_far, size);
- so_far += size;
-
- if (set_progress) {
- double f = so_far / (double)signed_len;
- if (f > frac + 0.02 || size == so_far) {
- set_progress(f);
- frac = f;
- }
+ double f = so_far / static_cast<double>(signed_len);
+ if (f > frac + 0.02 || read_size == so_far) {
+ package->SetProgress(f);
+ frac = f;
}
}
diff --git a/verifier.h b/verifier.h
index df9a4b6..b80096d 100644
--- a/verifier.h
+++ b/verifier.h
@@ -27,6 +27,8 @@
#include <openssl/rsa.h>
#include <openssl/sha.h>
+using HasherUpdateCallback = std::function<void(const uint8_t* addr, uint64_t size)>;
+
struct RSADeleter {
void operator()(RSA* rsa) const {
RSA_free(rsa);
@@ -61,14 +63,28 @@
std::unique_ptr<EC_KEY, ECKEYDeleter> ec;
};
-/*
- * 'addr' and 'length' define an update package file that has been loaded (or mmap'ed, or
- * whatever) into memory. Verifies that the file is signed and the signature matches one of the
- * given keys. It optionally accepts a callback function for posting the progress to. Returns one
- * of the constants of VERIFY_SUCCESS and VERIFY_FAILURE.
- */
-int verify_file(const unsigned char* addr, size_t length, const std::vector<Certificate>& keys,
- const std::function<void(float)>& set_progress = nullptr);
+class VerifierInterface {
+ public:
+ virtual ~VerifierInterface() = default;
+
+ // Returns the package size in bytes.
+ virtual uint64_t GetPackageSize() const = 0;
+
+ // Reads |byte_count| data starting from |offset|, and puts the result in |buffer|.
+ virtual bool ReadFullyAtOffset(uint8_t* buffer, uint64_t byte_count, uint64_t offset) = 0;
+
+ // Updates the hash contexts for |length| bytes data starting from |start|.
+ virtual bool UpdateHashAtOffset(const std::vector<HasherUpdateCallback>& hashers, uint64_t start,
+ uint64_t length) = 0;
+
+ // Updates the progress in fraction during package verification.
+ virtual void SetProgress(float progress) = 0;
+};
+
+// Looks for an RSA signature embedded in the .ZIP file comment given the path to the zip.
+// Verifies that it matches one of the given public keys. Returns VERIFY_SUCCESS or
+// VERIFY_FAILURE (if any error is encountered or no key matches the signature).
+int verify_file(VerifierInterface* package, const std::vector<Certificate>& keys);
// Checks that the RSA key has a modulus of 2048 bits long, and public exponent is 3 or 65537.
bool CheckRSAKey(const std::unique_ptr<RSA, RSADeleter>& rsa);