merge in nyc-release history after reset to master
diff --git a/install.cpp b/install.cpp
index 7d88ed7..c0d0077 100644
--- a/install.cpp
+++ b/install.cpp
@@ -23,6 +23,8 @@
#include <sys/wait.h>
#include <unistd.h>
+#include <vector>
+
#include "common.h"
#include "install.h"
#include "mincrypt/rsa.h"
@@ -221,19 +223,16 @@
return INSTALL_CORRUPT;
}
- int numKeys;
- Certificate* loadedKeys = load_keys(PUBLIC_KEYS_FILE, &numKeys);
- if (loadedKeys == NULL) {
+ std::vector<Certificate> loadedKeys;
+ if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) {
LOGE("Failed to load keys\n");
return INSTALL_CORRUPT;
}
- LOGI("%d key(s) loaded from %s\n", numKeys, PUBLIC_KEYS_FILE);
+ LOGI("%zu key(s) loaded from %s\n", loadedKeys.size(), PUBLIC_KEYS_FILE);
ui->Print("Verifying update package...\n");
- int err;
- err = verify_file(map.addr, map.length, loadedKeys, numKeys);
- free(loadedKeys);
+ int err = verify_file(map.addr, map.length, loadedKeys);
LOGI("verify_file returned %d\n", err);
if (err != VERIFY_SUCCESS) {
LOGE("signature verification failed\n");
diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp
index 098a7a9..705744e 100644
--- a/uncrypt/uncrypt.cpp
+++ b/uncrypt/uncrypt.cpp
@@ -58,6 +58,7 @@
#include <vector>
#include <android-base/file.h>
+#include <android-base/logging.h>
#include <android-base/stringprintf.h>
#include <android-base/strings.h>
#include <cutils/android_reboot.h>
@@ -67,23 +68,25 @@
#define LOG_TAG "uncrypt"
#include <log/log.h>
+#include "bootloader.h"
#include "unique_fd.h"
#define WINDOW_SIZE 5
-static const std::string cache_block_map = "/cache/recovery/block.map";
-static const std::string status_file = "/cache/recovery/uncrypt_status";
-static const std::string uncrypt_file = "/cache/recovery/uncrypt_file";
+static const std::string CACHE_BLOCK_MAP = "/cache/recovery/block.map";
+static const std::string COMMAND_FILE = "/cache/recovery/command";
+static const std::string STATUS_FILE = "/cache/recovery/uncrypt_status";
+static const std::string UNCRYPT_PATH_FILE = "/cache/recovery/uncrypt_file";
static struct fstab* fstab = NULL;
static int write_at_offset(unsigned char* buffer, size_t size, int wfd, off64_t offset) {
if (TEMP_FAILURE_RETRY(lseek64(wfd, offset, SEEK_SET)) == -1) {
- ALOGE("error seeking to offset %" PRId64 ": %s\n", offset, strerror(errno));
+ ALOGE("error seeking to offset %" PRId64 ": %s", offset, strerror(errno));
return -1;
}
if (!android::base::WriteFully(wfd, buffer, size)) {
- ALOGE("error writing offset %" PRId64 ": %s\n", offset, strerror(errno));
+ ALOGE("error writing offset %" PRId64 ": %s", offset, strerror(errno));
return -1;
}
return 0;
@@ -107,13 +110,13 @@
// The fstab path is always "/fstab.${ro.hardware}".
char fstab_path[PATH_MAX+1] = "/fstab.";
if (!property_get("ro.hardware", fstab_path+strlen(fstab_path), "")) {
- ALOGE("failed to get ro.hardware\n");
+ ALOGE("failed to get ro.hardware");
return NULL;
}
fstab = fs_mgr_read_fstab(fstab_path);
if (!fstab) {
- ALOGE("failed to read %s\n", fstab_path);
+ ALOGE("failed to read %s", fstab_path);
return NULL;
}
@@ -150,16 +153,16 @@
}
// Parse uncrypt_file to find the update package name.
-static bool find_uncrypt_package(std::string& package_name)
-{
- if (!android::base::ReadFileToString(uncrypt_file, &package_name)) {
- ALOGE("failed to open \"%s\": %s\n", uncrypt_file.c_str(), strerror(errno));
+static bool find_uncrypt_package(const std::string& uncrypt_path_file, std::string* package_name) {
+ CHECK(package_name != nullptr);
+ std::string uncrypt_path;
+ if (!android::base::ReadFileToString(uncrypt_path_file, &uncrypt_path)) {
+ ALOGE("failed to open \"%s\": %s", uncrypt_path_file.c_str(), strerror(errno));
return false;
}
// Remove the trailing '\n' if present.
- package_name = android::base::Trim(package_name);
-
+ *package_name = android::base::Trim(uncrypt_path);
return true;
}
@@ -167,7 +170,7 @@
bool encrypted, int status_fd) {
std::string err;
if (!android::base::RemoveFileIfExists(map_file, &err)) {
- ALOGE("failed to remove the existing map file %s: %s\n", map_file, err.c_str());
+ ALOGE("failed to remove the existing map file %s: %s", map_file, err.c_str());
return -1;
}
std::string tmp_map_file = std::string(map_file) + ".tmp";
@@ -179,27 +182,27 @@
// Make sure we can write to the status_file.
if (!android::base::WriteStringToFd("0\n", status_fd)) {
- ALOGE("failed to update \"%s\"\n", status_file.c_str());
+ ALOGE("failed to update \"%s\"\n", STATUS_FILE.c_str());
return -1;
}
struct stat sb;
if (stat(path, &sb) != 0) {
- ALOGE("failed to stat %s\n", path);
+ ALOGE("failed to stat %s", path);
return -1;
}
- ALOGI(" block size: %ld bytes\n", static_cast<long>(sb.st_blksize));
+ ALOGI(" block size: %ld bytes", static_cast<long>(sb.st_blksize));
int blocks = ((sb.st_size-1) / sb.st_blksize) + 1;
- ALOGI(" file size: %" PRId64 " bytes, %d blocks\n", sb.st_size, blocks);
+ ALOGI(" file size: %" PRId64 " bytes, %d blocks", sb.st_size, blocks);
std::vector<int> ranges;
std::string s = android::base::StringPrintf("%s\n%" PRId64 " %ld\n",
blk_dev, sb.st_size, static_cast<long>(sb.st_blksize));
if (!android::base::WriteStringToFd(s, mapfd.get())) {
- ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno));
+ ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno));
return -1;
}
@@ -212,7 +215,7 @@
unique_fd fd(open(path, O_RDONLY));
if (!fd) {
- ALOGE("failed to open %s for reading: %s\n", path, strerror(errno));
+ ALOGE("failed to open %s for reading: %s", path, strerror(errno));
return -1;
}
@@ -220,7 +223,7 @@
if (encrypted) {
wfd = open(blk_dev, O_WRONLY);
if (!wfd) {
- ALOGE("failed to open fd for writing: %s\n", strerror(errno));
+ ALOGE("failed to open fd for writing: %s", strerror(errno));
return -1;
}
}
@@ -239,7 +242,7 @@
// write out head buffer
int block = head_block;
if (ioctl(fd.get(), FIBMAP, &block) != 0) {
- ALOGE("failed to find block %d\n", head_block);
+ ALOGE("failed to find block %d", head_block);
return -1;
}
add_block_to_ranges(ranges, block);
@@ -258,7 +261,7 @@
size_t to_read = static_cast<size_t>(
std::min(static_cast<off64_t>(sb.st_blksize), sb.st_size - pos));
if (!android::base::ReadFully(fd.get(), buffers[tail].data(), to_read)) {
- ALOGE("failed to read: %s\n", strerror(errno));
+ ALOGE("failed to read: %s", strerror(errno));
return -1;
}
pos += to_read;
@@ -275,7 +278,7 @@
// write out head buffer
int block = head_block;
if (ioctl(fd.get(), FIBMAP, &block) != 0) {
- ALOGE("failed to find block %d\n", head_block);
+ ALOGE("failed to find block %d", head_block);
return -1;
}
add_block_to_ranges(ranges, block);
@@ -291,41 +294,41 @@
if (!android::base::WriteStringToFd(
android::base::StringPrintf("%zu\n", ranges.size() / 2), mapfd.get())) {
- ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno));
+ ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno));
return -1;
}
for (size_t i = 0; i < ranges.size(); i += 2) {
if (!android::base::WriteStringToFd(
android::base::StringPrintf("%d %d\n", ranges[i], ranges[i+1]), mapfd.get())) {
- ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno));
+ ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno));
return -1;
}
}
if (fsync(mapfd.get()) == -1) {
- ALOGE("failed to fsync \"%s\": %s\n", tmp_map_file.c_str(), strerror(errno));
+ ALOGE("failed to fsync \"%s\": %s", tmp_map_file.c_str(), strerror(errno));
return -1;
}
if (close(mapfd.get() == -1)) {
- ALOGE("failed to close %s: %s\n", tmp_map_file.c_str(), strerror(errno));
+ ALOGE("failed to close %s: %s", tmp_map_file.c_str(), strerror(errno));
return -1;
}
mapfd = -1;
if (encrypted) {
if (fsync(wfd.get()) == -1) {
- ALOGE("failed to fsync \"%s\": %s\n", blk_dev, strerror(errno));
+ ALOGE("failed to fsync \"%s\": %s", blk_dev, strerror(errno));
return -1;
}
if (close(wfd.get()) == -1) {
- ALOGE("failed to close %s: %s\n", blk_dev, strerror(errno));
+ ALOGE("failed to close %s: %s", blk_dev, strerror(errno));
return -1;
}
wfd = -1;
}
if (rename(tmp_map_file.c_str(), map_file) == -1) {
- ALOGE("failed to rename %s to %s: %s\n", tmp_map_file.c_str(), map_file, strerror(errno));
+ ALOGE("failed to rename %s to %s: %s", tmp_map_file.c_str(), map_file, strerror(errno));
return -1;
}
// Sync dir to make rename() result written to disk.
@@ -333,50 +336,74 @@
std::string dir_name = dirname(&file_name[0]);
unique_fd dfd(open(dir_name.c_str(), O_RDONLY | O_DIRECTORY));
if (!dfd) {
- ALOGE("failed to open dir %s: %s\n", dir_name.c_str(), strerror(errno));
+ ALOGE("failed to open dir %s: %s", dir_name.c_str(), strerror(errno));
return -1;
}
if (fsync(dfd.get()) == -1) {
- ALOGE("failed to fsync %s: %s\n", dir_name.c_str(), strerror(errno));
+ ALOGE("failed to fsync %s: %s", dir_name.c_str(), strerror(errno));
return -1;
}
if (close(dfd.get() == -1)) {
- ALOGE("failed to close %s: %s\n", dir_name.c_str(), strerror(errno));
+ ALOGE("failed to close %s: %s", dir_name.c_str(), strerror(errno));
return -1;
}
dfd = -1;
return 0;
}
-static void wipe_misc() {
- ALOGI("removing old commands from misc");
+static std::string get_misc_blk_device() {
+ struct fstab* fstab = read_fstab();
+ if (fstab == nullptr) {
+ return "";
+ }
for (int i = 0; i < fstab->num_entries; ++i) {
- struct fstab_rec* v = &fstab->recs[i];
- if (!v->mount_point) continue;
- if (strcmp(v->mount_point, "/misc") == 0) {
- int fd = open(v->blk_device, O_WRONLY | O_SYNC);
- unique_fd fd_holder(fd);
-
- uint8_t zeroes[1088]; // sizeof(bootloader_message) from recovery
- memset(zeroes, 0, sizeof(zeroes));
-
- size_t written = 0;
- size_t size = sizeof(zeroes);
- while (written < size) {
- ssize_t w = TEMP_FAILURE_RETRY(write(fd, zeroes, size-written));
- if (w == -1) {
- ALOGE("zero write failed: %s\n", strerror(errno));
- return;
- } else {
- written += w;
- }
- }
- if (fsync(fd) == -1) {
- ALOGE("failed to fsync \"%s\": %s\n", v->blk_device, strerror(errno));
- return;
- }
+ fstab_rec* v = &fstab->recs[i];
+ if (v->mount_point != nullptr && strcmp(v->mount_point, "/misc") == 0) {
+ return v->blk_device;
}
}
+ return "";
+}
+
+static int read_bootloader_message(bootloader_message* out) {
+ std::string misc_blk_device = get_misc_blk_device();
+ if (misc_blk_device.empty()) {
+ ALOGE("failed to find /misc partition.");
+ return -1;
+ }
+ unique_fd fd(open(misc_blk_device.c_str(), O_RDONLY));
+ if (!fd) {
+ ALOGE("failed to open %s: %s", misc_blk_device.c_str(), strerror(errno));
+ return -1;
+ }
+ if (!android::base::ReadFully(fd.get(), out, sizeof(*out))) {
+ ALOGE("failed to read %s: %s", misc_blk_device.c_str(), strerror(errno));
+ return -1;
+ }
+ return 0;
+}
+
+static int write_bootloader_message(const bootloader_message* in) {
+ std::string misc_blk_device = get_misc_blk_device();
+ if (misc_blk_device.empty()) {
+ ALOGE("failed to find /misc partition.");
+ return -1;
+ }
+ unique_fd fd(open(misc_blk_device.c_str(), O_WRONLY | O_SYNC));
+ if (!fd) {
+ ALOGE("failed to open %s: %s", misc_blk_device.c_str(), strerror(errno));
+ return -1;
+ }
+ if (!android::base::WriteFully(fd.get(), in, sizeof(*in))) {
+ ALOGE("failed to write %s: %s", misc_blk_device.c_str(), strerror(errno));
+ return -1;
+ }
+ // TODO: O_SYNC and fsync() duplicates each other?
+ if (fsync(fd.get()) == -1) {
+ ALOGE("failed to fsync %s: %s", misc_blk_device.c_str(), strerror(errno));
+ return -1;
+ }
+ return 0;
}
static void reboot_to_recovery() {
@@ -388,7 +415,7 @@
ALOGE("reboot didn't succeed?");
}
-int uncrypt(const char* input_path, const char* map_file, int status_fd) {
+static int uncrypt(const char* input_path, const char* map_file, int status_fd) {
ALOGI("update package is \"%s\"", input_path);
@@ -415,8 +442,8 @@
// If the filesystem it's on isn't encrypted, we only produce the
// block map, we don't rewrite the file contents (it would be
// pointless to do so).
- ALOGI("encryptable: %s\n", encryptable ? "yes" : "no");
- ALOGI(" encrypted: %s\n", encrypted ? "yes" : "no");
+ ALOGI("encryptable: %s", encryptable ? "yes" : "no");
+ ALOGI(" encrypted: %s", encrypted ? "yes" : "no");
// Recovery supports installing packages from 3 paths: /cache,
// /data, and /sdcard. (On a particular device, other locations
@@ -435,56 +462,113 @@
return 0;
}
-int main(int argc, char** argv) {
-
- if (argc != 3 && argc != 1 && (argc == 2 && strcmp(argv[1], "--reboot") != 0)) {
- fprintf(stderr, "usage: %s [--reboot] [<transform_path> <map_file>]\n", argv[0]);
- return 2;
+static int uncrypt_wrapper(const char* input_path, const char* map_file,
+ const std::string& status_file) {
+ // The pipe has been created by the system server.
+ unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR));
+ if (!status_fd) {
+ ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno));
+ return 1;
}
- // When uncrypt is started with "--reboot", it wipes misc and reboots.
- // Otherwise it uncrypts the package and writes the block map.
+ std::string package;
+ if (input_path == nullptr) {
+ if (!find_uncrypt_package(UNCRYPT_PATH_FILE, &package)) {
+ android::base::WriteStringToFd("-1\n", status_fd.get());
+ return 1;
+ }
+ input_path = package.c_str();
+ }
+ CHECK(map_file != nullptr);
+ int status = uncrypt(input_path, map_file, status_fd.get());
+ if (status != 0) {
+ android::base::WriteStringToFd("-1\n", status_fd.get());
+ return 1;
+ }
+ android::base::WriteStringToFd("100\n", status_fd.get());
+ return 0;
+}
+
+static int clear_bcb(const std::string& status_file) {
+ unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR));
+ if (!status_fd) {
+ ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno));
+ return 1;
+ }
+ bootloader_message boot = {};
+ if (write_bootloader_message(&boot) != 0) {
+ android::base::WriteStringToFd("-1\n", status_fd.get());
+ return 1;
+ }
+ android::base::WriteStringToFd("100\n", status_fd.get());
+ return 0;
+}
+
+static int setup_bcb(const std::string& command_file, const std::string& status_file) {
+ unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR));
+ if (!status_fd) {
+ ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno));
+ return 1;
+ }
+ std::string content;
+ if (!android::base::ReadFileToString(command_file, &content)) {
+ ALOGE("failed to read \"%s\": %s", command_file.c_str(), strerror(errno));
+ android::base::WriteStringToFd("-1\n", status_fd.get());
+ return 1;
+ }
+ bootloader_message boot = {};
+ strlcpy(boot.command, "boot-recovery", sizeof(boot.command));
+ strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery));
+ strlcat(boot.recovery, content.c_str(), sizeof(boot.recovery));
+ if (write_bootloader_message(&boot) != 0) {
+ ALOGE("failed to set bootloader message");
+ android::base::WriteStringToFd("-1\n", status_fd.get());
+ return 1;
+ }
+ android::base::WriteStringToFd("100\n", status_fd.get());
+ return 0;
+}
+
+static int read_bcb() {
+ bootloader_message boot;
+ if (read_bootloader_message(&boot) != 0) {
+ ALOGE("failed to get bootloader message");
+ return 1;
+ }
+ printf("bcb command: %s\n", boot.command);
+ printf("bcb recovery:\n%s\n", boot.recovery);
+ return 0;
+}
+
+static void usage(const char* exename) {
+ fprintf(stderr, "Usage of %s:\n", exename);
+ fprintf(stderr, "%s [<package_path> <map_file>] Uncrypt ota package.\n", exename);
+ fprintf(stderr, "%s --reboot Clear BCB data and reboot to recovery.\n", exename);
+ fprintf(stderr, "%s --clear-bcb Clear BCB data in misc partition.\n", exename);
+ fprintf(stderr, "%s --setup-bcb Setup BCB data by command file.\n", exename);
+ fprintf(stderr, "%s --read-bcb Read BCB data from misc partition.\n", exename);
+}
+
+int main(int argc, char** argv) {
if (argc == 2) {
- if (read_fstab() == NULL) {
- return 1;
+ if (strcmp(argv[1], "--reboot") == 0) {
+ reboot_to_recovery();
+ } else if (strcmp(argv[1], "--clear-bcb") == 0) {
+ return clear_bcb(STATUS_FILE);
+ } else if (strcmp(argv[1], "--setup-bcb") == 0) {
+ return setup_bcb(COMMAND_FILE, STATUS_FILE);
+ } else if (strcmp(argv[1], "--read-bcb") == 0) {
+ return read_bcb();
}
- wipe_misc();
- reboot_to_recovery();
- } else {
- // The pipe has been created by the system server.
- int status_fd = open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR);
- if (status_fd == -1) {
- ALOGE("failed to open pipe \"%s\": %s\n", status_file.c_str(), strerror(errno));
- return 1;
- }
- unique_fd status_fd_holder(status_fd);
-
- std::string package;
- const char* input_path;
- const char* map_file;
-
+ } else if (argc == 1 || argc == 3) {
+ const char* input_path = nullptr;
+ const char* map_file = CACHE_BLOCK_MAP.c_str();
if (argc == 3) {
- // when command-line args are given this binary is being used
- // for debugging.
input_path = argv[1];
map_file = argv[2];
- } else {
- if (!find_uncrypt_package(package)) {
- android::base::WriteStringToFd("-1\n", status_fd);
- return 1;
- }
- input_path = package.c_str();
- map_file = cache_block_map.c_str();
}
-
- int status = uncrypt(input_path, map_file, status_fd);
- if (status != 0) {
- android::base::WriteStringToFd("-1\n", status_fd);
- return 1;
- }
-
- android::base::WriteStringToFd("100\n", status_fd);
+ return uncrypt_wrapper(input_path, map_file, STATUS_FILE);
}
-
- return 0;
+ usage(argv[0]);
+ return 2;
}
diff --git a/uncrypt/uncrypt.rc b/uncrypt/uncrypt.rc
index 5f4c479..b07c1da 100644
--- a/uncrypt/uncrypt.rc
+++ b/uncrypt/uncrypt.rc
@@ -7,3 +7,13 @@
class main
disabled
oneshot
+
+service setup-bcb /system/bin/uncrypt --setup-bcb
+ class main
+ disabled
+ oneshot
+
+service clear-bcb /system/bin/uncrypt --clear-bcb
+ class main
+ disabled
+ oneshot
\ No newline at end of file
diff --git a/verifier.cpp b/verifier.cpp
index 61e5adf..9a2d60c 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -113,7 +113,7 @@
// or no key matches the signature).
int verify_file(unsigned char* addr, size_t length,
- const Certificate* pKeys, unsigned int numKeys) {
+ const std::vector<Certificate>& keys) {
ui->SetProgress(0.0);
// An archive with a whole-file signature will end in six bytes:
@@ -176,8 +176,7 @@
return VERIFY_FAILURE;
}
- size_t i;
- for (i = 4; i < eocd_size-3; ++i) {
+ for (size_t i = 4; i < eocd_size-3; ++i) {
if (eocd[i ] == 0x50 && eocd[i+1] == 0x4b &&
eocd[i+2] == 0x05 && eocd[i+3] == 0x06) {
// if the sequence $50 $4b $05 $06 appears anywhere after
@@ -193,8 +192,8 @@
bool need_sha1 = false;
bool need_sha256 = false;
- for (i = 0; i < numKeys; ++i) {
- switch (pKeys[i].hash_len) {
+ for (const auto& key : keys) {
+ switch (key.hash_len) {
case SHA_DIGEST_SIZE: need_sha1 = true; break;
case SHA256_DIGEST_SIZE: need_sha256 = true; break;
}
@@ -225,7 +224,7 @@
const uint8_t* sha1 = SHA_final(&sha1_ctx);
const uint8_t* sha256 = SHA256_final(&sha256_ctx);
- uint8_t* sig_der = NULL;
+ uint8_t* sig_der = nullptr;
size_t sig_der_length = 0;
size_t signature_size = signature_start - FOOTER_SIZE;
@@ -240,9 +239,10 @@
* any key can match, we need to try each before determining a verification
* failure has happened.
*/
- for (i = 0; i < numKeys; ++i) {
+ size_t i = 0;
+ for (const auto& key : keys) {
const uint8_t* hash;
- switch (pKeys[i].hash_len) {
+ switch (key.hash_len) {
case SHA_DIGEST_SIZE: hash = sha1; break;
case SHA256_DIGEST_SIZE: hash = sha256; break;
default: continue;
@@ -250,15 +250,15 @@
// The 6 bytes is the "(signature_start) $ff $ff (comment_size)" that
// the signing tool appends after the signature itself.
- if (pKeys[i].key_type == Certificate::RSA) {
+ if (key.key_type == Certificate::RSA) {
if (sig_der_length < RSANUMBYTES) {
// "signature" block isn't big enough to contain an RSA block.
LOGI("signature is too short for RSA key %zu\n", i);
continue;
}
- if (!RSA_verify(pKeys[i].rsa, sig_der, RSANUMBYTES,
- hash, pKeys[i].hash_len)) {
+ if (!RSA_verify(key.rsa.get(), sig_der, RSANUMBYTES,
+ hash, key.hash_len)) {
LOGI("failed to verify against RSA key %zu\n", i);
continue;
}
@@ -266,8 +266,8 @@
LOGI("whole-file signature verified against RSA key %zu\n", i);
free(sig_der);
return VERIFY_SUCCESS;
- } else if (pKeys[i].key_type == Certificate::EC
- && pKeys[i].hash_len == SHA256_DIGEST_SIZE) {
+ } else if (key.key_type == Certificate::EC
+ && key.hash_len == SHA256_DIGEST_SIZE) {
p256_int r, s;
if (!dsa_sig_unpack(sig_der, sig_der_length, &r, &s)) {
LOGI("Not a DSA signature block for EC key %zu\n", i);
@@ -276,7 +276,7 @@
p256_int p256_hash;
p256_from_bin(hash, &p256_hash);
- if (!p256_ecdsa_verify(&(pKeys[i].ec->x), &(pKeys[i].ec->y),
+ if (!p256_ecdsa_verify(&(key.ec->x), &(key.ec->y),
&p256_hash, &r, &s)) {
LOGI("failed to verify against EC key %zu\n", i);
continue;
@@ -286,8 +286,9 @@
free(sig_der);
return VERIFY_SUCCESS;
} else {
- LOGI("Unknown key type %d\n", pKeys[i].key_type);
+ LOGI("Unknown key type %d\n", key.key_type);
}
+ i++;
}
free(sig_der);
LOGE("failed to verify whole-file signature\n");
@@ -323,140 +324,122 @@
// 4: 2048-bit RSA key with e=65537 and SHA-256 hash
// 5: 256-bit EC key using the NIST P-256 curve parameters and SHA-256 hash
//
-// Returns NULL if the file failed to parse, or if it contain zero keys.
-Certificate*
-load_keys(const char* filename, int* numKeys) {
- Certificate* out = NULL;
- *numKeys = 0;
-
- FILE* f = fopen(filename, "r");
- if (f == NULL) {
+// Returns true on success, and appends the found keys (at least one) to certs.
+// Otherwise returns false if the file failed to parse, or if it contains zero
+// keys. The contents in certs would be unspecified on failure.
+bool load_keys(const char* filename, std::vector<Certificate>& certs) {
+ std::unique_ptr<FILE, decltype(&fclose)> f(fopen(filename, "r"), fclose);
+ if (!f) {
LOGE("opening %s: %s\n", filename, strerror(errno));
- goto exit;
+ return false;
}
- {
- int i;
- bool done = false;
- while (!done) {
- ++*numKeys;
- out = (Certificate*)realloc(out, *numKeys * sizeof(Certificate));
- Certificate* cert = out + (*numKeys - 1);
- memset(cert, '\0', sizeof(Certificate));
+ while (true) {
+ certs.emplace_back(0, Certificate::RSA, nullptr, nullptr);
+ Certificate& cert = certs.back();
- char start_char;
- if (fscanf(f, " %c", &start_char) != 1) goto exit;
- if (start_char == '{') {
- // a version 1 key has no version specifier.
- cert->key_type = Certificate::RSA;
- cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
- cert->rsa->exponent = 3;
- cert->hash_len = SHA_DIGEST_SIZE;
- } else if (start_char == 'v') {
- int version;
- if (fscanf(f, "%d {", &version) != 1) goto exit;
- switch (version) {
- case 2:
- cert->key_type = Certificate::RSA;
- cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
- cert->rsa->exponent = 65537;
- cert->hash_len = SHA_DIGEST_SIZE;
- break;
- case 3:
- cert->key_type = Certificate::RSA;
- cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
- cert->rsa->exponent = 3;
- cert->hash_len = SHA256_DIGEST_SIZE;
- break;
- case 4:
- cert->key_type = Certificate::RSA;
- cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
- cert->rsa->exponent = 65537;
- cert->hash_len = SHA256_DIGEST_SIZE;
- break;
- case 5:
- cert->key_type = Certificate::EC;
- cert->ec = (ECPublicKey*)calloc(1, sizeof(ECPublicKey));
- cert->hash_len = SHA256_DIGEST_SIZE;
- break;
- default:
- goto exit;
- }
+ char start_char;
+ if (fscanf(f.get(), " %c", &start_char) != 1) return false;
+ if (start_char == '{') {
+ // a version 1 key has no version specifier.
+ cert.key_type = Certificate::RSA;
+ cert.rsa = std::unique_ptr<RSAPublicKey>(new RSAPublicKey);
+ cert.rsa->exponent = 3;
+ cert.hash_len = SHA_DIGEST_SIZE;
+ } else if (start_char == 'v') {
+ int version;
+ if (fscanf(f.get(), "%d {", &version) != 1) return false;
+ switch (version) {
+ case 2:
+ cert.key_type = Certificate::RSA;
+ cert.rsa = std::unique_ptr<RSAPublicKey>(new RSAPublicKey);
+ cert.rsa->exponent = 65537;
+ cert.hash_len = SHA_DIGEST_SIZE;
+ break;
+ case 3:
+ cert.key_type = Certificate::RSA;
+ cert.rsa = std::unique_ptr<RSAPublicKey>(new RSAPublicKey);
+ cert.rsa->exponent = 3;
+ cert.hash_len = SHA256_DIGEST_SIZE;
+ break;
+ case 4:
+ cert.key_type = Certificate::RSA;
+ cert.rsa = std::unique_ptr<RSAPublicKey>(new RSAPublicKey);
+ cert.rsa->exponent = 65537;
+ cert.hash_len = SHA256_DIGEST_SIZE;
+ break;
+ case 5:
+ cert.key_type = Certificate::EC;
+ cert.ec = std::unique_ptr<ECPublicKey>(new ECPublicKey);
+ cert.hash_len = SHA256_DIGEST_SIZE;
+ break;
+ default:
+ return false;
}
+ }
- if (cert->key_type == Certificate::RSA) {
- RSAPublicKey* key = cert->rsa;
- if (fscanf(f, " %i , 0x%x , { %u",
- &(key->len), &(key->n0inv), &(key->n[0])) != 3) {
- goto exit;
- }
- if (key->len != RSANUMWORDS) {
- LOGE("key length (%d) does not match expected size\n", key->len);
- goto exit;
- }
- for (i = 1; i < key->len; ++i) {
- if (fscanf(f, " , %u", &(key->n[i])) != 1) goto exit;
- }
- if (fscanf(f, " } , { %u", &(key->rr[0])) != 1) goto exit;
- for (i = 1; i < key->len; ++i) {
- if (fscanf(f, " , %u", &(key->rr[i])) != 1) goto exit;
- }
- fscanf(f, " } } ");
-
- LOGI("read key e=%d hash=%d\n", key->exponent, cert->hash_len);
- } else if (cert->key_type == Certificate::EC) {
- ECPublicKey* key = cert->ec;
- int key_len;
- unsigned int byte;
- uint8_t x_bytes[P256_NBYTES];
- uint8_t y_bytes[P256_NBYTES];
- if (fscanf(f, " %i , { %u", &key_len, &byte) != 2) goto exit;
- if (key_len != P256_NBYTES) {
- LOGE("Key length (%d) does not match expected size %d\n", key_len, P256_NBYTES);
- goto exit;
- }
- x_bytes[P256_NBYTES - 1] = byte;
- for (i = P256_NBYTES - 2; i >= 0; --i) {
- if (fscanf(f, " , %u", &byte) != 1) goto exit;
- x_bytes[i] = byte;
- }
- if (fscanf(f, " } , { %u", &byte) != 1) goto exit;
- y_bytes[P256_NBYTES - 1] = byte;
- for (i = P256_NBYTES - 2; i >= 0; --i) {
- if (fscanf(f, " , %u", &byte) != 1) goto exit;
- y_bytes[i] = byte;
- }
- fscanf(f, " } } ");
- p256_from_bin(x_bytes, &key->x);
- p256_from_bin(y_bytes, &key->y);
- } else {
- LOGE("Unknown key type %d\n", cert->key_type);
- goto exit;
+ if (cert.key_type == Certificate::RSA) {
+ RSAPublicKey* key = cert.rsa.get();
+ if (fscanf(f.get(), " %i , 0x%x , { %u", &(key->len), &(key->n0inv),
+ &(key->n[0])) != 3) {
+ return false;
}
-
- // if the line ends in a comma, this file has more keys.
- switch (fgetc(f)) {
- case ',':
- // more keys to come.
- break;
-
- case EOF:
- done = true;
- break;
-
- default:
- LOGE("unexpected character between keys\n");
- goto exit;
+ if (key->len != RSANUMWORDS) {
+ LOGE("key length (%d) does not match expected size\n", key->len);
+ return false;
}
+ for (int i = 1; i < key->len; ++i) {
+ if (fscanf(f.get(), " , %u", &(key->n[i])) != 1) return false;
+ }
+ if (fscanf(f.get(), " } , { %u", &(key->rr[0])) != 1) return false;
+ for (int i = 1; i < key->len; ++i) {
+ if (fscanf(f.get(), " , %u", &(key->rr[i])) != 1) return false;
+ }
+ fscanf(f.get(), " } } ");
+
+ LOGI("read key e=%d hash=%d\n", key->exponent, cert.hash_len);
+ } else if (cert.key_type == Certificate::EC) {
+ ECPublicKey* key = cert.ec.get();
+ int key_len;
+ unsigned int byte;
+ uint8_t x_bytes[P256_NBYTES];
+ uint8_t y_bytes[P256_NBYTES];
+ if (fscanf(f.get(), " %i , { %u", &key_len, &byte) != 2) return false;
+ if (key_len != P256_NBYTES) {
+ LOGE("Key length (%d) does not match expected size %d\n", key_len, P256_NBYTES);
+ return false;
+ }
+ x_bytes[P256_NBYTES - 1] = byte;
+ for (int i = P256_NBYTES - 2; i >= 0; --i) {
+ if (fscanf(f.get(), " , %u", &byte) != 1) return false;
+ x_bytes[i] = byte;
+ }
+ if (fscanf(f.get(), " } , { %u", &byte) != 1) return false;
+ y_bytes[P256_NBYTES - 1] = byte;
+ for (int i = P256_NBYTES - 2; i >= 0; --i) {
+ if (fscanf(f.get(), " , %u", &byte) != 1) return false;
+ y_bytes[i] = byte;
+ }
+ fscanf(f.get(), " } } ");
+ p256_from_bin(x_bytes, &key->x);
+ p256_from_bin(y_bytes, &key->y);
+ } else {
+ LOGE("Unknown key type %d\n", cert.key_type);
+ return false;
+ }
+
+ // if the line ends in a comma, this file has more keys.
+ int ch = fgetc(f.get());
+ if (ch == ',') {
+ // more keys to come.
+ continue;
+ } else if (ch == EOF) {
+ break;
+ } else {
+ LOGE("unexpected character between keys\n");
+ return false;
}
}
- fclose(f);
- return out;
-
-exit:
- if (f) fclose(f);
- free(out);
- *numKeys = 0;
- return NULL;
+ return true;
}
diff --git a/verifier.h b/verifier.h
index 15f8d98..4eafc75 100644
--- a/verifier.h
+++ b/verifier.h
@@ -17,6 +17,9 @@
#ifndef _RECOVERY_VERIFIER_H
#define _RECOVERY_VERIFIER_H
+#include <memory>
+#include <vector>
+
#include "mincrypt/p256.h"
#include "mincrypt/rsa.h"
@@ -25,17 +28,25 @@
p256_int y;
} ECPublicKey;
-typedef struct {
+struct Certificate {
typedef enum {
RSA,
EC,
} KeyType;
+ Certificate(int hash_len_, KeyType key_type_,
+ std::unique_ptr<RSAPublicKey>&& rsa_,
+ std::unique_ptr<ECPublicKey>&& ec_) :
+ hash_len(hash_len_),
+ key_type(key_type_),
+ rsa(std::move(rsa_)),
+ ec(std::move(ec_)) { }
+
int hash_len; // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256)
KeyType key_type;
- RSAPublicKey* rsa;
- ECPublicKey* ec;
-} Certificate;
+ std::unique_ptr<RSAPublicKey> rsa;
+ std::unique_ptr<ECPublicKey> ec;
+};
/* addr and length define a an update package file that has been
* loaded (or mmap'ed, or whatever) into memory. Verify that the file
@@ -43,9 +54,9 @@
* one of the constants below.
*/
int verify_file(unsigned char* addr, size_t length,
- const Certificate *pKeys, unsigned int numKeys);
+ const std::vector<Certificate>& keys);
-Certificate* load_keys(const char* filename, int* numKeys);
+bool load_keys(const char* filename, std::vector<Certificate>& certs);
#define VERIFY_SUCCESS 0
#define VERIFY_FAILURE 1
diff --git a/verifier_test.cpp b/verifier_test.cpp
index 21633dc..2367e00 100644
--- a/verifier_test.cpp
+++ b/verifier_test.cpp
@@ -23,6 +23,9 @@
#include <sys/types.h>
#include <sys/stat.h>
+#include <memory>
+#include <vector>
+
#include "common.h"
#include "verifier.h"
#include "ui.h"
@@ -163,56 +166,43 @@
va_end(ap);
}
-static Certificate* add_certificate(Certificate** certsp, int* num_keys,
- Certificate::KeyType key_type) {
- int i = *num_keys;
- *num_keys = *num_keys + 1;
- *certsp = (Certificate*) realloc(*certsp, *num_keys * sizeof(Certificate));
- Certificate* certs = *certsp;
- certs[i].rsa = NULL;
- certs[i].ec = NULL;
- certs[i].key_type = key_type;
- certs[i].hash_len = SHA_DIGEST_SIZE;
- return &certs[i];
-}
-
-int main(int argc, char **argv) {
+int main(int argc, char** argv) {
if (argc < 2) {
fprintf(stderr, "Usage: %s [-sha256] [-ec | -f4 | -file <keys>] <package>\n", argv[0]);
return 2;
}
- Certificate* certs = NULL;
- int num_keys = 0;
+ std::vector<Certificate> certs;
int argn = 1;
while (argn < argc) {
if (strcmp(argv[argn], "-sha256") == 0) {
- if (num_keys == 0) {
+ if (certs.empty()) {
fprintf(stderr, "May only specify -sha256 after key type\n");
return 2;
}
++argn;
- Certificate* cert = &certs[num_keys - 1];
- cert->hash_len = SHA256_DIGEST_SIZE;
+ certs.back().hash_len = SHA256_DIGEST_SIZE;
} else if (strcmp(argv[argn], "-ec") == 0) {
++argn;
- Certificate* cert = add_certificate(&certs, &num_keys, Certificate::EC);
- cert->ec = &test_ec_key;
+ certs.emplace_back(SHA_DIGEST_SIZE, Certificate::EC,
+ nullptr, std::unique_ptr<ECPublicKey>(new ECPublicKey(test_ec_key)));
} else if (strcmp(argv[argn], "-e3") == 0) {
++argn;
- Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA);
- cert->rsa = &test_key;
+ certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
+ std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_key)), nullptr);
} else if (strcmp(argv[argn], "-f4") == 0) {
++argn;
- Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA);
- cert->rsa = &test_f4_key;
+ certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
+ std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_f4_key)), nullptr);
} else if (strcmp(argv[argn], "-file") == 0) {
- if (certs != NULL) {
+ if (!certs.empty()) {
fprintf(stderr, "Cannot specify -file with other certs specified\n");
return 2;
}
++argn;
- certs = load_keys(argv[argn], &num_keys);
+ if (!load_keys(argv[argn], certs)) {
+ fprintf(stderr, "Cannot load keys from %s\n", argv[argn]);
+ }
++argn;
} else if (argv[argn][0] == '-') {
fprintf(stderr, "Unknown argument %s\n", argv[argn]);
@@ -227,17 +217,9 @@
return 2;
}
- if (num_keys == 0) {
- certs = (Certificate*) calloc(1, sizeof(Certificate));
- if (certs == NULL) {
- fprintf(stderr, "Failure allocating memory for default certificate\n");
- return 1;
- }
- certs->key_type = Certificate::RSA;
- certs->rsa = &test_key;
- certs->ec = NULL;
- certs->hash_len = SHA_DIGEST_SIZE;
- num_keys = 1;
+ if (certs.empty()) {
+ certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA,
+ std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_key)), nullptr);
}
ui = new FakeUI();
@@ -248,7 +230,7 @@
return 4;
}
- int result = verify_file(map.addr, map.length, certs, num_keys);
+ int result = verify_file(map.addr, map.length, certs);
if (result == VERIFY_SUCCESS) {
printf("VERIFIED\n");
return 0;