summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorElliott Hughes <enh@google.com>2016-04-14 18:39:47 +0200
committerElliott Hughes <enh@google.com>2016-04-14 18:39:47 +0200
commit6e08bff22b6b9019c72422e1902201d7cb4397b5 (patch)
tree9f199235700526b71cc8ebdaf4f984edbbdddb1c
parentresolve merge conflicts of 2bf95ac to nyc-dev-plus-aosp (diff)
parentUse BoringSSL instead of mincrypt to speed up package verification. (diff)
downloadandroid_bootable_recovery-6e08bff22b6b9019c72422e1902201d7cb4397b5.tar
android_bootable_recovery-6e08bff22b6b9019c72422e1902201d7cb4397b5.tar.gz
android_bootable_recovery-6e08bff22b6b9019c72422e1902201d7cb4397b5.tar.bz2
android_bootable_recovery-6e08bff22b6b9019c72422e1902201d7cb4397b5.tar.lz
android_bootable_recovery-6e08bff22b6b9019c72422e1902201d7cb4397b5.tar.xz
android_bootable_recovery-6e08bff22b6b9019c72422e1902201d7cb4397b5.tar.zst
android_bootable_recovery-6e08bff22b6b9019c72422e1902201d7cb4397b5.zip
-rw-r--r--install.cpp14
-rw-r--r--verifier.cpp10
2 files changed, 14 insertions, 10 deletions
diff --git a/install.cpp b/install.cpp
index a7b59c3e7..7113fa286 100644
--- a/install.cpp
+++ b/install.cpp
@@ -23,6 +23,7 @@
#include <sys/wait.h>
#include <unistd.h>
+#include <chrono>
#include <vector>
#include "common.h"
@@ -228,6 +229,7 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount)
return INSTALL_CORRUPT;
}
+ // Load keys.
std::vector<Certificate> loadedKeys;
if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) {
LOGE("Failed to load keys\n");
@@ -235,18 +237,19 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount)
}
LOGI("%zu key(s) loaded from %s\n", loadedKeys.size(), PUBLIC_KEYS_FILE);
+ // Verify package.
ui->Print("Verifying update package...\n");
-
+ auto t0 = std::chrono::system_clock::now();
int err = verify_file(map.addr, map.length, loadedKeys);
- LOGI("verify_file returned %d\n", err);
+ std::chrono::duration<double> duration = std::chrono::system_clock::now() - t0;
+ ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err);
if (err != VERIFY_SUCCESS) {
LOGE("signature verification failed\n");
sysReleaseMap(&map);
return INSTALL_CORRUPT;
}
- /* Try to open the package.
- */
+ // Try to open the package.
ZipArchive zip;
err = mzOpenZipArchive(map.addr, map.length, &zip);
if (err != 0) {
@@ -255,8 +258,7 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount)
return INSTALL_CORRUPT;
}
- /* Verify and install the contents of the package.
- */
+ // Verify and install the contents of the package.
ui->Print("Installing update...\n");
ui->SetEnableReboot(false);
int result = try_update_binary(path, &zip, wipe_cache);
diff --git a/verifier.cpp b/verifier.cpp
index 6e1581272..4004b0228 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -32,6 +32,8 @@
extern RecoveryUI* ui;
+static constexpr size_t MiB = 1024 * 1024;
+
/*
* Simple version of PKCS#7 SignedData extraction. This extracts the
* signature OCTET STRING to be used for signature verification.
@@ -187,8 +189,6 @@ int verify_file(unsigned char* addr, size_t length,
}
}
-#define BUFFER_SIZE 4096
-
bool need_sha1 = false;
bool need_sha256 = false;
for (const auto& key : keys) {
@@ -206,8 +206,10 @@ int verify_file(unsigned char* addr, size_t length,
double frac = -1.0;
size_t so_far = 0;
while (so_far < signed_len) {
- size_t size = signed_len - so_far;
- if (size > BUFFER_SIZE) size = BUFFER_SIZE;
+ // On a Nexus 9, experiment didn't show any performance improvement with
+ // larger sizes past 1MiB, and they reduce the granularity of the progress
+ // bar. http://b/28135231.
+ size_t size = std::min(signed_len - so_far, 1 * MiB);
if (need_sha1) SHA1_Update(&sha1_ctx, addr + so_far, size);
if (need_sha256) SHA256_Update(&sha256_ctx, addr + so_far, size);