diff options
-rw-r--r-- | Android.mk | 11 | ||||
-rw-r--r-- | asn1_decoder.cpp | 190 | ||||
-rw-r--r-- | asn1_decoder.h | 36 | ||||
-rw-r--r-- | etc/init.rc | 23 | ||||
-rw-r--r-- | minadbd/adb.h | 4 | ||||
-rw-r--r-- | minadbd/transport.c | 21 | ||||
-rw-r--r-- | minui/font_10x18.h | 2 | ||||
-rw-r--r-- | minui/resources.c | 24 | ||||
-rw-r--r-- | minzip/DirUtil.c | 58 | ||||
-rw-r--r-- | minzip/DirUtil.h | 8 | ||||
-rw-r--r-- | recovery.cpp | 14 | ||||
-rw-r--r-- | testdata/otasigned_ecdsa_sha256.zip | bin | 0 -> 3085 bytes | |||
-rw-r--r-- | testdata/testkey_ecdsa.pk8 | bin | 0 -> 138 bytes | |||
-rw-r--r-- | testdata/testkey_ecdsa.x509.pem | 10 | ||||
-rw-r--r-- | tests/Android.mk | 26 | ||||
-rw-r--r-- | tests/asn1_decoder_test.cpp | 238 | ||||
-rw-r--r-- | updater/install.c | 87 | ||||
-rw-r--r-- | verifier.cpp | 230 | ||||
-rw-r--r-- | verifier.h | 17 | ||||
-rw-r--r-- | verifier_test.cpp | 102 | ||||
-rwxr-xr-x | verifier_test.sh | 22 |
21 files changed, 865 insertions, 258 deletions
diff --git a/Android.mk b/Android.mk index 2beb66208..cbc9a8e28 100644 --- a/Android.mk +++ b/Android.mk @@ -24,6 +24,7 @@ LOCAL_SRC_FILES := \ roots.cpp \ ui.cpp \ screen_ui.cpp \ + asn1_decoder.cpp \ verifier.cpp \ adb_install.cpp @@ -77,7 +78,13 @@ LOCAL_C_INCLUDES += system/extras/ext4_utils include $(BUILD_EXECUTABLE) - +# All the APIs for testing +include $(CLEAR_VARS) +LOCAL_MODULE := libverifier +LOCAL_MODULE_TAGS := tests +LOCAL_SRC_FILES := \ + asn1_decoder.cpp +include $(BUILD_STATIC_LIBRARY) include $(CLEAR_VARS) LOCAL_MODULE := verifier_test @@ -85,6 +92,7 @@ LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_MODULE_TAGS := tests LOCAL_SRC_FILES := \ verifier_test.cpp \ + asn1_decoder.cpp \ verifier.cpp \ ui.cpp LOCAL_STATIC_LIBRARIES := \ @@ -101,6 +109,7 @@ include $(LOCAL_PATH)/minui/Android.mk \ $(LOCAL_PATH)/minzip/Android.mk \ $(LOCAL_PATH)/minadbd/Android.mk \ $(LOCAL_PATH)/mtdutils/Android.mk \ + $(LOCAL_PATH)/tests/Android.mk \ $(LOCAL_PATH)/tools/Android.mk \ $(LOCAL_PATH)/edify/Android.mk \ $(LOCAL_PATH)/updater/Android.mk \ diff --git a/asn1_decoder.cpp b/asn1_decoder.cpp new file mode 100644 index 000000000..7280f7480 --- /dev/null +++ b/asn1_decoder.cpp @@ -0,0 +1,190 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <stdint.h> +#include <string.h> + +#include "asn1_decoder.h" + + +typedef struct asn1_context { + size_t length; + uint8_t* p; + int app_type; +} asn1_context_t; + + +static const int kMaskConstructed = 0xE0; +static const int kMaskTag = 0x7F; +static const int kMaskAppType = 0x1F; + +static const int kTagOctetString = 0x04; +static const int kTagOid = 0x06; +static const int kTagSequence = 0x30; +static const int kTagSet = 0x31; +static const int kTagConstructed = 0xA0; + +asn1_context_t* asn1_context_new(uint8_t* buffer, size_t length) { + asn1_context_t* ctx = (asn1_context_t*) calloc(1, sizeof(asn1_context_t)); + if (ctx == NULL) { + return NULL; + } + ctx->p = buffer; + ctx->length = length; + return ctx; +} + +void asn1_context_free(asn1_context_t* ctx) { + free(ctx); +} + +static inline int peek_byte(asn1_context_t* ctx) { + if (ctx->length <= 0) { + return -1; + } + return *ctx->p; +} + +static inline int get_byte(asn1_context_t* ctx) { + if (ctx->length <= 0) { + return -1; + } + int byte = *ctx->p; + ctx->p++; + ctx->length--; + return byte; +} + +static inline bool skip_bytes(asn1_context_t* ctx, size_t num_skip) { + if (ctx->length < num_skip) { + return false; + } + ctx->p += num_skip; + ctx->length -= num_skip; + return true; +} + +static bool decode_length(asn1_context_t* ctx, size_t* out_len) { + int num_octets = get_byte(ctx); + if (num_octets == -1) { + return false; + } + if ((num_octets & 0x80) == 0x00) { + *out_len = num_octets; + return 1; + } + num_octets &= kMaskTag; + if ((size_t)num_octets >= sizeof(size_t)) { + return false; + } + size_t length = 0; + for (int i = 0; i < num_octets; ++i) { + int byte = get_byte(ctx); + if (byte == -1) { + return false; + } + length <<= 8; + length += byte; + } + *out_len = length; + return true; +} + +/** + * Returns the constructed type and advances the pointer. E.g. A0 -> 0 + */ +asn1_context_t* asn1_constructed_get(asn1_context_t* ctx) { + int type = get_byte(ctx); + if (type == -1 || (type & kMaskConstructed) != kTagConstructed) { + return NULL; + } + size_t length; + if (!decode_length(ctx, &length) || length > ctx->length) { + return NULL; + } + asn1_context_t* app_ctx = asn1_context_new(ctx->p, length); + app_ctx->app_type = type & kMaskAppType; + return app_ctx; +} + +bool asn1_constructed_skip_all(asn1_context_t* ctx) { + int byte = peek_byte(ctx); + while (byte != -1 && (byte & kMaskConstructed) == kTagConstructed) { + skip_bytes(ctx, 1); + size_t length; + if (!decode_length(ctx, &length) || !skip_bytes(ctx, length)) { + return false; + } + byte = peek_byte(ctx); + } + return byte != -1; +} + +int asn1_constructed_type(asn1_context_t* ctx) { + return ctx->app_type; +} + +asn1_context_t* asn1_sequence_get(asn1_context_t* ctx) { + if ((get_byte(ctx) & kMaskTag) != kTagSequence) { + return NULL; + } + size_t length; + if (!decode_length(ctx, &length) || length > ctx->length) { + return NULL; + } + return asn1_context_new(ctx->p, length); +} + +asn1_context_t* asn1_set_get(asn1_context_t* ctx) { + if ((get_byte(ctx) & kMaskTag) != kTagSet) { + return NULL; + } + size_t length; + if (!decode_length(ctx, &length) || length > ctx->length) { + return NULL; + } + return asn1_context_new(ctx->p, length); +} + +bool asn1_sequence_next(asn1_context_t* ctx) { + size_t length; + if (get_byte(ctx) == -1 || !decode_length(ctx, &length) || !skip_bytes(ctx, length)) { + return false; + } + return true; +} + +bool asn1_oid_get(asn1_context_t* ctx, uint8_t** oid, size_t* length) { + if (get_byte(ctx) != kTagOid) { + return false; + } + if (!decode_length(ctx, length) || *length == 0 || *length > ctx->length) { + return false; + } + *oid = ctx->p; + return true; +} + +bool asn1_octet_string_get(asn1_context_t* ctx, uint8_t** octet_string, size_t* length) { + if (get_byte(ctx) != kTagOctetString) { + return false; + } + if (!decode_length(ctx, length) || *length == 0 || *length > ctx->length) { + return false; + } + *octet_string = ctx->p; + return true; +} diff --git a/asn1_decoder.h b/asn1_decoder.h new file mode 100644 index 000000000..b17141c44 --- /dev/null +++ b/asn1_decoder.h @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +#ifndef ASN1_DECODER_H_ +#define ASN1_DECODER_H_ + +#include <stdint.h> + +typedef struct asn1_context asn1_context_t; + +asn1_context_t* asn1_context_new(uint8_t* buffer, size_t length); +void asn1_context_free(asn1_context_t* ctx); +asn1_context_t* asn1_constructed_get(asn1_context_t* ctx); +bool asn1_constructed_skip_all(asn1_context_t* ctx); +int asn1_constructed_type(asn1_context_t* ctx); +asn1_context_t* asn1_sequence_get(asn1_context_t* ctx); +asn1_context_t* asn1_set_get(asn1_context_t* ctx); +bool asn1_sequence_next(asn1_context_t* seq); +bool asn1_oid_get(asn1_context_t* ctx, uint8_t** oid, size_t* length); +bool asn1_octet_string_get(asn1_context_t* ctx, uint8_t** octet_string, size_t* length); + +#endif /* ASN1_DECODER_H_ */ diff --git a/etc/init.rc b/etc/init.rc index 175489066..6e0595b44 100644 --- a/etc/init.rc +++ b/etc/init.rc @@ -1,11 +1,18 @@ import /init.recovery.${ro.hardware}.rc on early-init + # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls. + write /sys/fs/selinux/checkreqprot 0 + + # Set the security context for the init process. + # This should occur before anything else (e.g. ueventd) is started. + setcon u:r:init:s0 + start ueventd start healthd on init - export PATH /sbin + export PATH /sbin:/system/bin export ANDROID_ROOT /system export ANDROID_DATA /data export EXTERNAL_STORAGE /sdcard @@ -16,14 +23,20 @@ on init mkdir /system mkdir /data mkdir /cache - mount /tmp /tmp tmpfs + mount tmpfs tmpfs /tmp chown root shell /tmp chmod 0775 /tmp +on fs + mkdir /dev/usb-ffs 0770 shell shell + mkdir /dev/usb-ffs/adb 0770 shell shell + mount functionfs adb /dev/usb-ffs/adb uid=2000,gid=2000 + write /sys/class/android_usb/android0/enable 0 write /sys/class/android_usb/android0/idVendor 18D1 write /sys/class/android_usb/android0/idProduct D001 + write /sys/class/android_usb/android0/f_ffs/aliases adb write /sys/class/android_usb/android0/functions adb write /sys/class/android_usb/android0/iManufacturer ${ro.product.manufacturer} write /sys/class/android_usb/android0/iProduct ${ro.product.model} @@ -43,15 +56,19 @@ on property:sys.powerctl=* service ueventd /sbin/ueventd critical + seclabel u:r:ueventd:s0 service healthd /sbin/healthd -n critical + seclabel u:r:healthd:s0 service recovery /sbin/recovery + seclabel u:r:recovery:s0 -service adbd /sbin/adbd recovery +service adbd /sbin/adbd --root_seclabel=u:r:su:s0 --device_banner=recovery disabled socket adbd stream 660 system system + seclabel u:r:adbd:s0 # Always start adbd on userdebug and eng builds on property:ro.debuggable=1 diff --git a/minadbd/adb.h b/minadbd/adb.h index 98fa5972e..688a6f273 100644 --- a/minadbd/adb.h +++ b/minadbd/adb.h @@ -244,15 +244,11 @@ void kick_transport( atransport* t ); #if ADB_HOST int get_available_local_transport_index(); #endif -int init_socket_transport(atransport *t, int s, int port, int local); void init_usb_transport(atransport *t, usb_handle *usb, int state); /* for MacOS X cleanup */ void close_usb_devices(); -/* cause new transports to be init'd and added to the list */ -void register_socket_transport(int s, const char *serial, int port, int local); - /* these should only be used for the "adb disconnect" command */ void unregister_transport(atransport *t); void unregister_all_tcp_transports(); diff --git a/minadbd/transport.c b/minadbd/transport.c index ff2004932..4c0c97f75 100644 --- a/minadbd/transport.c +++ b/minadbd/transport.c @@ -678,27 +678,6 @@ retry: return result; } -void register_socket_transport(int s, const char *serial, int port, int local) -{ - atransport *t = calloc(1, sizeof(atransport)); - char buff[32]; - - if (!serial) { - snprintf(buff, sizeof buff, "T-%p", t); - serial = buff; - } - D("transport: %s init'ing for socket %d, on port %d\n", serial, s, port); - if ( init_socket_transport(t, s, port, local) < 0 ) { - adb_close(s); - free(t); - return; - } - if(serial) { - t->serial = strdup(serial); - } - register_transport(t); -} - void register_usb_transport(usb_handle *usb, const char *serial, unsigned writeable) { atransport *t = calloc(1, sizeof(atransport)); diff --git a/minui/font_10x18.h b/minui/font_10x18.h index 7f96465cc..29d705344 100644 --- a/minui/font_10x18.h +++ b/minui/font_10x18.h @@ -3,7 +3,7 @@ struct { unsigned height; unsigned cwidth; unsigned cheight; - unsigned char rundata[]; + unsigned char rundata[2973]; } font = { .width = 960, .height = 18, diff --git a/minui/resources.c b/minui/resources.c index 72f39fbaa..c0a9ccacb 100644 --- a/minui/resources.c +++ b/minui/resources.c @@ -93,9 +93,13 @@ int res_create_surface(const char* name, gr_surface* pSurface) { png_set_sig_bytes(png_ptr, sizeof(header)); png_read_info(png_ptr, info_ptr); - int color_type = info_ptr->color_type; - int bit_depth = info_ptr->bit_depth; - int channels = info_ptr->channels; + int color_type, bit_depth; + size_t width, height; + png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, + &color_type, NULL, NULL, NULL); + + int channels = png_get_channels(png_ptr, info_ptr); + if (!(bit_depth == 8 && ((channels == 3 && color_type == PNG_COLOR_TYPE_RGB) || (channels == 4 && color_type == PNG_COLOR_TYPE_RGBA) || @@ -105,8 +109,6 @@ int res_create_surface(const char* name, gr_surface* pSurface) { goto exit; } - size_t width = info_ptr->width; - size_t height = info_ptr->height; size_t stride = (color_type == PNG_COLOR_TYPE_GRAY ? 1 : 4) * width; size_t pixelSize = stride * height; @@ -246,13 +248,11 @@ int res_create_localized_surface(const char* name, gr_surface* pSurface) { png_set_sig_bytes(png_ptr, sizeof(header)); png_read_info(png_ptr, info_ptr); - size_t width = info_ptr->width; - size_t height = info_ptr->height; - size_t stride = 4 * width; - - int color_type = info_ptr->color_type; - int bit_depth = info_ptr->bit_depth; - int channels = info_ptr->channels; + int color_type, bit_depth; + size_t width, height; + png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth, + &color_type, NULL, NULL, NULL); + int channels = png_get_channels(png_ptr, info_ptr); if (!(bit_depth == 8 && (channels == 1 && color_type == PNG_COLOR_TYPE_GRAY))) { diff --git a/minzip/DirUtil.c b/minzip/DirUtil.c index 8dd5da1da..fe2c880ac 100644 --- a/minzip/DirUtil.c +++ b/minzip/DirUtil.c @@ -234,61 +234,3 @@ dirUnlinkHierarchy(const char *path) /* delete target directory */ return rmdir(path); } - -int -dirSetHierarchyPermissions(const char *path, - int uid, int gid, int dirMode, int fileMode) -{ - struct stat st; - if (lstat(path, &st)) { - return -1; - } - - /* ignore symlinks */ - if (S_ISLNK(st.st_mode)) { - return 0; - } - - /* directories and files get different permissions */ - if (chown(path, uid, gid) || - chmod(path, S_ISDIR(st.st_mode) ? dirMode : fileMode)) { - return -1; - } - - /* recurse over directory components */ - if (S_ISDIR(st.st_mode)) { - DIR *dir = opendir(path); - if (dir == NULL) { - return -1; - } - - errno = 0; - const struct dirent *de; - while (errno == 0 && (de = readdir(dir)) != NULL) { - if (!strcmp(de->d_name, "..") || !strcmp(de->d_name, ".")) { - continue; - } - - char dn[PATH_MAX]; - snprintf(dn, sizeof(dn), "%s/%s", path, de->d_name); - if (!dirSetHierarchyPermissions(dn, uid, gid, dirMode, fileMode)) { - errno = 0; - } else if (errno == 0) { - errno = -1; - } - } - - if (errno != 0) { - int save = errno; - closedir(dir); - errno = save; - return -1; - } - - if (closedir(dir)) { - return -1; - } - } - - return 0; -} diff --git a/minzip/DirUtil.h b/minzip/DirUtil.h index a5cfa761b..85a00128b 100644 --- a/minzip/DirUtil.h +++ b/minzip/DirUtil.h @@ -48,14 +48,6 @@ int dirCreateHierarchy(const char *path, int mode, */ int dirUnlinkHierarchy(const char *path); -/* chown -R <uid>:<gid> <path> - * chmod -R <mode> <path> - * - * Sets directories to <dirMode> and files to <fileMode>. Skips symlinks. - */ -int dirSetHierarchyPermissions(const char *path, - int uid, int gid, int dirMode, int fileMode); - #ifdef __cplusplus } #endif diff --git a/recovery.cpp b/recovery.cpp index 43cd9dafe..fdb9095be 100644 --- a/recovery.cpp +++ b/recovery.cpp @@ -57,6 +57,7 @@ static const struct option OPTIONS[] = { { "just_exit", no_argument, NULL, 'x' }, { "locale", required_argument, NULL, 'l' }, { "stages", required_argument, NULL, 'g' }, + { "shutdown_after", no_argument, NULL, 'p' }, { NULL, 0, NULL, 0 }, }; @@ -945,16 +946,15 @@ main(int argc, char **argv) { rotate_last_logs(10); get_args(&argc, &argv); - int previous_runs = 0; const char *send_intent = NULL; const char *update_package = NULL; int wipe_data = 0, wipe_cache = 0, show_text = 0; bool just_exit = false; + bool shutdown_after = false; int arg; while ((arg = getopt_long(argc, argv, "", OPTIONS, NULL)) != -1) { switch (arg) { - case 'p': previous_runs = atoi(optarg); break; case 's': send_intent = optarg; break; case 'u': update_package = optarg; break; case 'w': wipe_data = wipe_cache = 1; break; @@ -970,6 +970,7 @@ main(int argc, char **argv) { } break; } + case 'p': shutdown_after = true; break; case '?': LOGE("Invalid command argument\n"); continue; @@ -1079,7 +1080,12 @@ main(int argc, char **argv) { // Otherwise, get ready to boot the main system... finish_recovery(send_intent); - ui->Print("Rebooting...\n"); - property_set(ANDROID_RB_PROPERTY, "reboot,"); + if (shutdown_after) { + ui->Print("Shutting down...\n"); + property_set(ANDROID_RB_PROPERTY, "shutdown,"); + } else { + ui->Print("Rebooting...\n"); + property_set(ANDROID_RB_PROPERTY, "reboot,"); + } return EXIT_SUCCESS; } diff --git a/testdata/otasigned_ecdsa_sha256.zip b/testdata/otasigned_ecdsa_sha256.zip Binary files differnew file mode 100644 index 000000000..999fcdd0f --- /dev/null +++ b/testdata/otasigned_ecdsa_sha256.zip diff --git a/testdata/testkey_ecdsa.pk8 b/testdata/testkey_ecdsa.pk8 Binary files differnew file mode 100644 index 000000000..9a521c8cf --- /dev/null +++ b/testdata/testkey_ecdsa.pk8 diff --git a/testdata/testkey_ecdsa.x509.pem b/testdata/testkey_ecdsa.x509.pem new file mode 100644 index 000000000..b12283645 --- /dev/null +++ b/testdata/testkey_ecdsa.x509.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBezCCASACCQC4g5wurPSmtzAKBggqhkjOPQQDAjBFMQswCQYDVQQGEwJBVTET +MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ +dHkgTHRkMB4XDTEzMTAwODIxMTAxM1oXDTE0MTAwODIxMTAxM1owRTELMAkGA1UE +BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp +ZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGcO1QDowF2E +RboWVmAYI2oXTr5MHAJ4xpMUFsrWVvoktYSN2RhNuOl5jZGvSBsQII9p/4qfjLmS +TBaCfQ0Xmt4wCgYIKoZIzj0EAwIDSQAwRgIhAIJjWmZAwngc2VcHUhYp2oSLoCQ+ +P+7AtbAn5242AqfOAiEAghO0t6jTKs0LUhLJrQwbOkHyZMVdZaG2vcwV9y9H5Qc= +-----END CERTIFICATE----- diff --git a/tests/Android.mk b/tests/Android.mk new file mode 100644 index 000000000..4d99d5249 --- /dev/null +++ b/tests/Android.mk @@ -0,0 +1,26 @@ +# Build the unit tests. +LOCAL_PATH := $(call my-dir) +include $(CLEAR_VARS) + +# Build the unit tests. +test_src_files := \ + asn1_decoder_test.cpp + +shared_libraries := \ + liblog \ + libcutils + +static_libraries := \ + libgtest \ + libgtest_main \ + libverifier + +$(foreach file,$(test_src_files), \ + $(eval include $(CLEAR_VARS)) \ + $(eval LOCAL_SHARED_LIBRARIES := $(shared_libraries)) \ + $(eval LOCAL_STATIC_LIBRARIES := $(static_libraries)) \ + $(eval LOCAL_SRC_FILES := $(file)) \ + $(eval LOCAL_MODULE := $(notdir $(file:%.cpp=%))) \ + $(eval LOCAL_C_INCLUDES := $(LOCAL_PATH)/..) \ + $(eval include $(BUILD_NATIVE_TEST)) \ +)
\ No newline at end of file diff --git a/tests/asn1_decoder_test.cpp b/tests/asn1_decoder_test.cpp new file mode 100644 index 000000000..af96d87d2 --- /dev/null +++ b/tests/asn1_decoder_test.cpp @@ -0,0 +1,238 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define LOG_TAG "asn1_decoder_test" + +#include <cutils/log.h> +#include <gtest/gtest.h> +#include <stdint.h> +#include <unistd.h> + +#include "asn1_decoder.h" + +namespace android { + +class Asn1DecoderTest : public testing::Test { +}; + +TEST_F(Asn1DecoderTest, Empty_Failure) { + uint8_t empty[] = { }; + asn1_context_t* ctx = asn1_context_new(empty, sizeof(empty)); + + EXPECT_EQ(NULL, asn1_constructed_get(ctx)); + EXPECT_FALSE(asn1_constructed_skip_all(ctx)); + EXPECT_EQ(0, asn1_constructed_type(ctx)); + EXPECT_EQ(NULL, asn1_sequence_get(ctx)); + EXPECT_EQ(NULL, asn1_set_get(ctx)); + EXPECT_FALSE(asn1_sequence_next(ctx)); + + uint8_t* junk; + size_t length; + EXPECT_FALSE(asn1_oid_get(ctx, &junk, &length)); + EXPECT_FALSE(asn1_octet_string_get(ctx, &junk, &length)); + + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, ConstructedGet_TruncatedLength_Failure) { + uint8_t truncated[] = { 0xA0, 0x82, }; + asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); + EXPECT_EQ(NULL, asn1_constructed_get(ctx)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, ConstructedGet_LengthTooBig_Failure) { + uint8_t truncated[] = { 0xA0, 0x8a, 0xA5, 0x5A, 0xA5, 0x5A, + 0xA5, 0x5A, 0xA5, 0x5A, 0xA5, 0x5A, }; + asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); + EXPECT_EQ(NULL, asn1_constructed_get(ctx)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, ConstructedGet_TooSmallForChild_Failure) { + uint8_t data[] = { 0xA5, 0x02, 0x06, 0x01, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + asn1_context_t* ptr = asn1_constructed_get(ctx); + ASSERT_NE((asn1_context_t*)NULL, ptr); + EXPECT_EQ(5, asn1_constructed_type(ptr)); + uint8_t* oid; + size_t length; + EXPECT_FALSE(asn1_oid_get(ptr, &oid, &length)); + asn1_context_free(ptr); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, ConstructedGet_Success) { + uint8_t data[] = { 0xA5, 0x03, 0x06, 0x01, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + asn1_context_t* ptr = asn1_constructed_get(ctx); + ASSERT_NE((asn1_context_t*)NULL, ptr); + EXPECT_EQ(5, asn1_constructed_type(ptr)); + uint8_t* oid; + size_t length; + ASSERT_TRUE(asn1_oid_get(ptr, &oid, &length)); + EXPECT_EQ(1U, length); + EXPECT_EQ(0x01U, *oid); + asn1_context_free(ptr); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, ConstructedSkipAll_TruncatedLength_Failure) { + uint8_t truncated[] = { 0xA2, 0x82, }; + asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); + EXPECT_FALSE(asn1_constructed_skip_all(ctx)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, ConstructedSkipAll_Success) { + uint8_t data[] = { 0xA0, 0x03, 0x02, 0x01, 0x01, + 0xA1, 0x03, 0x02, 0x01, 0x01, + 0x06, 0x01, 0xA5, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + ASSERT_TRUE(asn1_constructed_skip_all(ctx)); + uint8_t* oid; + size_t length; + ASSERT_TRUE(asn1_oid_get(ctx, &oid, &length)); + EXPECT_EQ(1U, length); + EXPECT_EQ(0xA5U, *oid); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, SequenceGet_TruncatedLength_Failure) { + uint8_t truncated[] = { 0x30, 0x82, }; + asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); + EXPECT_EQ(NULL, asn1_sequence_get(ctx)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, SequenceGet_TooSmallForChild_Failure) { + uint8_t data[] = { 0x30, 0x02, 0x06, 0x01, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + asn1_context_t* ptr = asn1_sequence_get(ctx); + ASSERT_NE((asn1_context_t*)NULL, ptr); + uint8_t* oid; + size_t length; + EXPECT_FALSE(asn1_oid_get(ptr, &oid, &length)); + asn1_context_free(ptr); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, SequenceGet_Success) { + uint8_t data[] = { 0x30, 0x03, 0x06, 0x01, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + asn1_context_t* ptr = asn1_sequence_get(ctx); + ASSERT_NE((asn1_context_t*)NULL, ptr); + uint8_t* oid; + size_t length; + ASSERT_TRUE(asn1_oid_get(ptr, &oid, &length)); + EXPECT_EQ(1U, length); + EXPECT_EQ(0x01U, *oid); + asn1_context_free(ptr); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, SetGet_TruncatedLength_Failure) { + uint8_t truncated[] = { 0x31, 0x82, }; + asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated)); + EXPECT_EQ(NULL, asn1_set_get(ctx)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, SetGet_TooSmallForChild_Failure) { + uint8_t data[] = { 0x31, 0x02, 0x06, 0x01, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + asn1_context_t* ptr = asn1_set_get(ctx); + ASSERT_NE((asn1_context_t*)NULL, ptr); + uint8_t* oid; + size_t length; + EXPECT_FALSE(asn1_oid_get(ptr, &oid, &length)); + asn1_context_free(ptr); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, SetGet_Success) { + uint8_t data[] = { 0x31, 0x03, 0x06, 0x01, 0xBA, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + asn1_context_t* ptr = asn1_set_get(ctx); + ASSERT_NE((asn1_context_t*)NULL, ptr); + uint8_t* oid; + size_t length; + ASSERT_TRUE(asn1_oid_get(ptr, &oid, &length)); + EXPECT_EQ(1U, length); + EXPECT_EQ(0xBAU, *oid); + asn1_context_free(ptr); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, OidGet_LengthZero_Failure) { + uint8_t data[] = { 0x06, 0x00, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + uint8_t* oid; + size_t length; + EXPECT_FALSE(asn1_oid_get(ctx, &oid, &length)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, OidGet_TooSmall_Failure) { + uint8_t data[] = { 0x06, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + uint8_t* oid; + size_t length; + EXPECT_FALSE(asn1_oid_get(ctx, &oid, &length)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, OidGet_Success) { + uint8_t data[] = { 0x06, 0x01, 0x99, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + uint8_t* oid; + size_t length; + ASSERT_TRUE(asn1_oid_get(ctx, &oid, &length)); + EXPECT_EQ(1U, length); + EXPECT_EQ(0x99U, *oid); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, OctetStringGet_LengthZero_Failure) { + uint8_t data[] = { 0x04, 0x00, 0x55, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + uint8_t* string; + size_t length; + ASSERT_FALSE(asn1_octet_string_get(ctx, &string, &length)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, OctetStringGet_TooSmall_Failure) { + uint8_t data[] = { 0x04, 0x01, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + uint8_t* string; + size_t length; + ASSERT_FALSE(asn1_octet_string_get(ctx, &string, &length)); + asn1_context_free(ctx); +} + +TEST_F(Asn1DecoderTest, OctetStringGet_Success) { + uint8_t data[] = { 0x04, 0x01, 0xAA, }; + asn1_context_t* ctx = asn1_context_new(data, sizeof(data)); + uint8_t* string; + size_t length; + ASSERT_TRUE(asn1_octet_string_get(ctx, &string, &length)); + EXPECT_EQ(1U, length); + EXPECT_EQ(0xAAU, *string); + asn1_context_free(ctx); +} + +} // namespace android diff --git a/updater/install.c b/updater/install.c index b6852b0c7..aebd4f34b 100644 --- a/updater/install.c +++ b/updater/install.c @@ -560,88 +560,6 @@ Value* SymlinkFn(const char* name, State* state, int argc, Expr* argv[]) { return StringValue(strdup("")); } - -Value* SetPermFn(const char* name, State* state, int argc, Expr* argv[]) { - char* result = NULL; - bool recursive = (strcmp(name, "set_perm_recursive") == 0); - - int min_args = 4 + (recursive ? 1 : 0); - if (argc < min_args) { - return ErrorAbort(state, "%s() expects %d+ args, got %d", - name, min_args, argc); - } - - char** args = ReadVarArgs(state, argc, argv); - if (args == NULL) return NULL; - - char* end; - int i; - int bad = 0; - - int uid = strtoul(args[0], &end, 0); - if (*end != '\0' || args[0][0] == 0) { - ErrorAbort(state, "%s: \"%s\" not a valid uid", name, args[0]); - goto done; - } - - int gid = strtoul(args[1], &end, 0); - if (*end != '\0' || args[1][0] == 0) { - ErrorAbort(state, "%s: \"%s\" not a valid gid", name, args[1]); - goto done; - } - - if (recursive) { - int dir_mode = strtoul(args[2], &end, 0); - if (*end != '\0' || args[2][0] == 0) { - ErrorAbort(state, "%s: \"%s\" not a valid dirmode", name, args[2]); - goto done; - } - - int file_mode = strtoul(args[3], &end, 0); - if (*end != '\0' || args[3][0] == 0) { - ErrorAbort(state, "%s: \"%s\" not a valid filemode", - name, args[3]); - goto done; - } - - for (i = 4; i < argc; ++i) { - dirSetHierarchyPermissions(args[i], uid, gid, dir_mode, file_mode); - } - } else { - int mode = strtoul(args[2], &end, 0); - if (*end != '\0' || args[2][0] == 0) { - ErrorAbort(state, "%s: \"%s\" not a valid mode", name, args[2]); - goto done; - } - - for (i = 3; i < argc; ++i) { - if (chown(args[i], uid, gid) < 0) { - printf("%s: chown of %s to %d %d failed: %s\n", - name, args[i], uid, gid, strerror(errno)); - ++bad; - } - if (chmod(args[i], mode) < 0) { - printf("%s: chmod of %s to %o failed: %s\n", - name, args[i], mode, strerror(errno)); - ++bad; - } - } - } - result = strdup(""); - -done: - for (i = 0; i < argc; ++i) { - free(args[i]); - } - free(args); - - if (bad) { - free(result); - return ErrorAbort(state, "%s: some changes failed", name); - } - return StringValue(result); -} - struct perm_parsed_args { bool has_uid; uid_t uid; @@ -1531,11 +1449,6 @@ void RegisterInstallFunctions() { RegisterFunction("package_extract_file", PackageExtractFileFn); RegisterFunction("symlink", SymlinkFn); - // Maybe, at some future point, we can delete these functions? They have been - // replaced by perm_set and perm_set_recursive. - RegisterFunction("set_perm", SetPermFn); - RegisterFunction("set_perm_recursive", SetPermFn); - // Usage: // set_metadata("filename", "key1", "value1", "key2", "value2", ...) // Example: diff --git a/verifier.cpp b/verifier.cpp index 782a83863..0930fbd15 100644 --- a/verifier.cpp +++ b/verifier.cpp @@ -14,10 +14,14 @@ * limitations under the License. */ +#include "asn1_decoder.h" #include "common.h" -#include "verifier.h" #include "ui.h" +#include "verifier.h" +#include "mincrypt/dsa_sig.h" +#include "mincrypt/p256.h" +#include "mincrypt/p256_ecdsa.h" #include "mincrypt/rsa.h" #include "mincrypt/sha.h" #include "mincrypt/sha256.h" @@ -28,6 +32,78 @@ extern RecoveryUI* ui; +/* + * Simple version of PKCS#7 SignedData extraction. This extracts the + * signature OCTET STRING to be used for signature verification. + * + * For full details, see http://www.ietf.org/rfc/rfc3852.txt + * + * The PKCS#7 structure looks like: + * + * SEQUENCE (ContentInfo) + * OID (ContentType) + * [0] (content) + * SEQUENCE (SignedData) + * INTEGER (version CMSVersion) + * SET (DigestAlgorithmIdentifiers) + * SEQUENCE (EncapsulatedContentInfo) + * [0] (CertificateSet OPTIONAL) + * [1] (RevocationInfoChoices OPTIONAL) + * SET (SignerInfos) + * SEQUENCE (SignerInfo) + * INTEGER (CMSVersion) + * SEQUENCE (SignerIdentifier) + * SEQUENCE (DigestAlgorithmIdentifier) + * SEQUENCE (SignatureAlgorithmIdentifier) + * OCTET STRING (SignatureValue) + */ +static bool read_pkcs7(uint8_t* pkcs7_der, size_t pkcs7_der_len, uint8_t** sig_der, + size_t* sig_der_length) { + asn1_context_t* ctx = asn1_context_new(pkcs7_der, pkcs7_der_len); + if (ctx == NULL) { + return false; + } + + asn1_context_t* pkcs7_seq = asn1_sequence_get(ctx); + if (pkcs7_seq != NULL && asn1_sequence_next(pkcs7_seq)) { + asn1_context_t *signed_data_app = asn1_constructed_get(pkcs7_seq); + if (signed_data_app != NULL) { + asn1_context_t* signed_data_seq = asn1_sequence_get(signed_data_app); + if (signed_data_seq != NULL + && asn1_sequence_next(signed_data_seq) + && asn1_sequence_next(signed_data_seq) + && asn1_sequence_next(signed_data_seq) + && asn1_constructed_skip_all(signed_data_seq)) { + asn1_context_t *sig_set = asn1_set_get(signed_data_seq); + if (sig_set != NULL) { + asn1_context_t* sig_seq = asn1_sequence_get(sig_set); + if (sig_seq != NULL + && asn1_sequence_next(sig_seq) + && asn1_sequence_next(sig_seq) + && asn1_sequence_next(sig_seq) + && asn1_sequence_next(sig_seq)) { + uint8_t* sig_der_ptr; + if (asn1_octet_string_get(sig_seq, &sig_der_ptr, sig_der_length)) { + *sig_der = (uint8_t*) malloc(*sig_der_length); + if (*sig_der != NULL) { + memcpy(*sig_der, sig_der_ptr, *sig_der_length); + } + } + asn1_context_free(sig_seq); + } + asn1_context_free(sig_set); + } + asn1_context_free(signed_data_seq); + } + asn1_context_free(signed_data_app); + } + asn1_context_free(pkcs7_seq); + } + asn1_context_free(ctx); + + return *sig_der != NULL; +} + // Look for an RSA signature embedded in the .ZIP file comment given // the path to the zip. Verify it matches one of the given public // keys. @@ -79,9 +155,8 @@ int verify_file(const char* path, const Certificate* pKeys, unsigned int numKeys LOGI("comment is %d bytes; signature %d bytes from end\n", comment_size, signature_start); - if (signature_start - FOOTER_SIZE < RSANUMBYTES) { - // "signature" block isn't big enough to contain an RSA block. - LOGE("signature is too short\n"); + if (signature_start <= FOOTER_SIZE) { + LOGE("Signature start is in the footer"); fclose(f); return VERIFY_FAILURE; } @@ -187,6 +262,23 @@ int verify_file(const char* path, const Certificate* pKeys, unsigned int numKeys const uint8_t* sha1 = SHA_final(&sha1_ctx); const uint8_t* sha256 = SHA256_final(&sha256_ctx); + uint8_t* sig_der = NULL; + size_t sig_der_length = 0; + + size_t signature_size = signature_start - FOOTER_SIZE; + if (!read_pkcs7(eocd + eocd_size - signature_start, signature_size, &sig_der, + &sig_der_length)) { + LOGE("Could not find signature DER block\n"); + free(eocd); + return VERIFY_FAILURE; + } + free(eocd); + + /* + * Check to make sure at least one of the keys matches the signature. Since + * any key can match, we need to try each before determining a verification + * failure has happened. + */ for (i = 0; i < numKeys; ++i) { const uint8_t* hash; switch (pKeys[i].hash_len) { @@ -197,16 +289,46 @@ int verify_file(const char* path, const Certificate* pKeys, unsigned int numKeys // The 6 bytes is the "(signature_start) $ff $ff (comment_size)" that // the signing tool appends after the signature itself. - if (RSA_verify(pKeys[i].public_key, eocd + eocd_size - 6 - RSANUMBYTES, - RSANUMBYTES, hash, pKeys[i].hash_len)) { - LOGI("whole-file signature verified against key %d\n", i); - free(eocd); + if (pKeys[i].key_type == Certificate::RSA) { + if (sig_der_length < RSANUMBYTES) { + // "signature" block isn't big enough to contain an RSA block. + LOGI("signature is too short for RSA key %d\n", i); + continue; + } + + if (!RSA_verify(pKeys[i].rsa, sig_der, RSANUMBYTES, + hash, pKeys[i].hash_len)) { + LOGI("failed to verify against RSA key %d\n", i); + continue; + } + + LOGI("whole-file signature verified against RSA key %d\n", i); + free(sig_der); + return VERIFY_SUCCESS; + } else if (pKeys[i].key_type == Certificate::EC + && pKeys[i].hash_len == SHA256_DIGEST_SIZE) { + p256_int r, s; + if (!dsa_sig_unpack(sig_der, sig_der_length, &r, &s)) { + LOGI("Not a DSA signature block for EC key %d\n", i); + continue; + } + + p256_int p256_hash; + p256_from_bin(hash, &p256_hash); + if (!p256_ecdsa_verify(&(pKeys[i].ec->x), &(pKeys[i].ec->y), + &p256_hash, &r, &s)) { + LOGI("failed to verify against EC key %d\n", i); + continue; + } + + LOGI("whole-file signature verified against EC key %d\n", i); + free(sig_der); return VERIFY_SUCCESS; } else { - LOGI("failed to verify against key %d\n", i); + LOGI("Unknown key type %d\n", pKeys[i].key_type); } } - free(eocd); + free(sig_der); LOGE("failed to verify whole-file signature\n"); return VERIFY_FAILURE; } @@ -238,6 +360,7 @@ int verify_file(const char* path, const Certificate* pKeys, unsigned int numKeys // 2: 2048-bit RSA key with e=65537 and SHA-1 hash // 3: 2048-bit RSA key with e=3 and SHA-256 hash // 4: 2048-bit RSA key with e=65537 and SHA-256 hash +// 5: 256-bit EC key using the NIST P-256 curve parameters and SHA-256 hash // // Returns NULL if the file failed to parse, or if it contain zero keys. Certificate* @@ -258,28 +381,41 @@ load_keys(const char* filename, int* numKeys) { ++*numKeys; out = (Certificate*)realloc(out, *numKeys * sizeof(Certificate)); Certificate* cert = out + (*numKeys - 1); - cert->public_key = (RSAPublicKey*)malloc(sizeof(RSAPublicKey)); + memset(cert, '\0', sizeof(Certificate)); char start_char; if (fscanf(f, " %c", &start_char) != 1) goto exit; if (start_char == '{') { // a version 1 key has no version specifier. - cert->public_key->exponent = 3; + cert->key_type = Certificate::RSA; + cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey)); + cert->rsa->exponent = 3; cert->hash_len = SHA_DIGEST_SIZE; } else if (start_char == 'v') { int version; if (fscanf(f, "%d {", &version) != 1) goto exit; switch (version) { case 2: - cert->public_key->exponent = 65537; + cert->key_type = Certificate::RSA; + cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey)); + cert->rsa->exponent = 65537; cert->hash_len = SHA_DIGEST_SIZE; break; case 3: - cert->public_key->exponent = 3; + cert->key_type = Certificate::RSA; + cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey)); + cert->rsa->exponent = 3; cert->hash_len = SHA256_DIGEST_SIZE; break; case 4: - cert->public_key->exponent = 65537; + cert->key_type = Certificate::RSA; + cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey)); + cert->rsa->exponent = 65537; + cert->hash_len = SHA256_DIGEST_SIZE; + break; + case 5: + cert->key_type = Certificate::EC; + cert->ec = (ECPublicKey*)calloc(1, sizeof(ECPublicKey)); cert->hash_len = SHA256_DIGEST_SIZE; break; default: @@ -287,23 +423,55 @@ load_keys(const char* filename, int* numKeys) { } } - RSAPublicKey* key = cert->public_key; - if (fscanf(f, " %i , 0x%x , { %u", - &(key->len), &(key->n0inv), &(key->n[0])) != 3) { - goto exit; - } - if (key->len != RSANUMWORDS) { - LOGE("key length (%d) does not match expected size\n", key->len); + if (cert->key_type == Certificate::RSA) { + RSAPublicKey* key = cert->rsa; + if (fscanf(f, " %i , 0x%x , { %u", + &(key->len), &(key->n0inv), &(key->n[0])) != 3) { + goto exit; + } + if (key->len != RSANUMWORDS) { + LOGE("key length (%d) does not match expected size\n", key->len); + goto exit; + } + for (i = 1; i < key->len; ++i) { + if (fscanf(f, " , %u", &(key->n[i])) != 1) goto exit; + } + if (fscanf(f, " } , { %u", &(key->rr[0])) != 1) goto exit; + for (i = 1; i < key->len; ++i) { + if (fscanf(f, " , %u", &(key->rr[i])) != 1) goto exit; + } + fscanf(f, " } } "); + + LOGI("read key e=%d hash=%d\n", key->exponent, cert->hash_len); + } else if (cert->key_type == Certificate::EC) { + ECPublicKey* key = cert->ec; + int key_len; + unsigned int byte; + uint8_t x_bytes[P256_NBYTES]; + uint8_t y_bytes[P256_NBYTES]; + if (fscanf(f, " %i , { %u", &key_len, &byte) != 2) goto exit; + if (key_len != P256_NBYTES) { + LOGE("Key length (%d) does not match expected size %d\n", key_len, P256_NBYTES); + goto exit; + } + x_bytes[P256_NBYTES - 1] = byte; + for (i = P256_NBYTES - 2; i >= 0; --i) { + if (fscanf(f, " , %u", &byte) != 1) goto exit; + x_bytes[i] = byte; + } + if (fscanf(f, " } , { %u", &byte) != 1) goto exit; + y_bytes[P256_NBYTES - 1] = byte; + for (i = P256_NBYTES - 2; i >= 0; --i) { + if (fscanf(f, " , %u", &byte) != 1) goto exit; + y_bytes[i] = byte; + } + fscanf(f, " } } "); + p256_from_bin(x_bytes, &key->x); + p256_from_bin(y_bytes, &key->y); + } else { + LOGE("Unknown key type %d\n", cert->key_type); goto exit; } - for (i = 1; i < key->len; ++i) { - if (fscanf(f, " , %u", &(key->n[i])) != 1) goto exit; - } - if (fscanf(f, " } , { %u", &(key->rr[0])) != 1) goto exit; - for (i = 1; i < key->len; ++i) { - if (fscanf(f, " , %u", &(key->rr[i])) != 1) goto exit; - } - fscanf(f, " } } "); // if the line ends in a comma, this file has more keys. switch (fgetc(f)) { @@ -319,8 +487,6 @@ load_keys(const char* filename, int* numKeys) { LOGE("unexpected character between keys\n"); goto exit; } - - LOGI("read key e=%d hash=%d\n", key->exponent, cert->hash_len); } } diff --git a/verifier.h b/verifier.h index 6ce1b44d1..023d3bf89 100644 --- a/verifier.h +++ b/verifier.h @@ -17,11 +17,24 @@ #ifndef _RECOVERY_VERIFIER_H #define _RECOVERY_VERIFIER_H +#include "mincrypt/p256.h" #include "mincrypt/rsa.h" -typedef struct Certificate { +typedef struct { + p256_int x; + p256_int y; +} ECPublicKey; + +typedef struct { + typedef enum { + RSA, + EC, + } KeyType; + int hash_len; // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256) - RSAPublicKey* public_key; + KeyType key_type; + RSAPublicKey* rsa; + ECPublicKey* ec; } Certificate; /* Look in the file for a signature footer, and verify that it diff --git a/verifier_test.cpp b/verifier_test.cpp index 1063cbae5..88fcad4ea 100644 --- a/verifier_test.cpp +++ b/verifier_test.cpp @@ -100,6 +100,18 @@ RSAPublicKey test_f4_key = 65537 }; +ECPublicKey test_ec_key = + { + { + {0xd656fa24u, 0x931416cau, 0x1c0278c6u, 0x174ebe4cu, + 0x6018236au, 0x45ba1656u, 0xe8c05d84u, 0x670ed500u} + }, + { + {0x0d179adeu, 0x4c16827du, 0x9f8cb992u, 0x8f69ff8au, + 0x481b1020u, 0x798d91afu, 0x184db8e9u, 0xb5848dd9u} + } + }; + RecoveryUI* ui = NULL; // verifier expects to find a UI object; we provide one that does @@ -136,34 +148,86 @@ ui_print(const char* format, ...) { va_end(ap); } +static Certificate* add_certificate(Certificate** certsp, int* num_keys, + Certificate::KeyType key_type) { + int i = *num_keys; + *num_keys = *num_keys + 1; + *certsp = (Certificate*) realloc(*certsp, *num_keys * sizeof(Certificate)); + Certificate* certs = *certsp; + certs[i].rsa = NULL; + certs[i].ec = NULL; + certs[i].key_type = key_type; + certs[i].hash_len = SHA_DIGEST_SIZE; + return &certs[i]; +} + int main(int argc, char **argv) { - if (argc < 2 || argc > 4) { - fprintf(stderr, "Usage: %s [-sha256] [-f4 | -file <keys>] <package>\n", argv[0]); + if (argc < 2) { + fprintf(stderr, "Usage: %s [-sha256] [-ec | -f4 | -file <keys>] <package>\n", argv[0]); return 2; } + Certificate* certs = NULL; + int num_keys = 0; - Certificate default_cert; - Certificate* cert = &default_cert; - cert->public_key = &test_key; - cert->hash_len = SHA_DIGEST_SIZE; - int num_keys = 1; - ++argv; - if (strcmp(argv[0], "-sha256") == 0) { - ++argv; - cert->hash_len = SHA256_DIGEST_SIZE; + int argn = 1; + while (argn < argc) { + if (strcmp(argv[argn], "-sha256") == 0) { + if (num_keys == 0) { + fprintf(stderr, "May only specify -sha256 after key type\n"); + return 2; + } + ++argn; + Certificate* cert = &certs[num_keys - 1]; + cert->hash_len = SHA256_DIGEST_SIZE; + } else if (strcmp(argv[argn], "-ec") == 0) { + ++argn; + Certificate* cert = add_certificate(&certs, &num_keys, Certificate::EC); + cert->ec = &test_ec_key; + } else if (strcmp(argv[argn], "-e3") == 0) { + ++argn; + Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA); + cert->rsa = &test_key; + } else if (strcmp(argv[argn], "-f4") == 0) { + ++argn; + Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA); + cert->rsa = &test_f4_key; + } else if (strcmp(argv[argn], "-file") == 0) { + if (certs != NULL) { + fprintf(stderr, "Cannot specify -file with other certs specified\n"); + return 2; + } + ++argn; + certs = load_keys(argv[argn], &num_keys); + ++argn; + } else if (argv[argn][0] == '-') { + fprintf(stderr, "Unknown argument %s\n", argv[argn]); + return 2; + } else { + break; + } } - if (strcmp(argv[0], "-f4") == 0) { - ++argv; - cert->public_key = &test_f4_key; - } else if (strcmp(argv[0], "-file") == 0) { - ++argv; - cert = load_keys(argv[0], &num_keys); - ++argv; + + if (argn == argc) { + fprintf(stderr, "Must specify package to verify\n"); + return 2; + } + + if (num_keys == 0) { + certs = (Certificate*) calloc(1, sizeof(Certificate)); + if (certs == NULL) { + fprintf(stderr, "Failure allocating memory for default certificate\n"); + return 1; + } + certs->key_type = Certificate::RSA; + certs->rsa = &test_key; + certs->ec = NULL; + certs->hash_len = SHA_DIGEST_SIZE; + num_keys = 1; } ui = new FakeUI(); - int result = verify_file(*argv, cert, num_keys); + int result = verify_file(argv[argn], certs, num_keys); if (result == VERIFY_SUCCESS) { printf("VERIFIED\n"); return 0; diff --git a/verifier_test.sh b/verifier_test.sh index 65f77f401..4761cef4a 100755 --- a/verifier_test.sh +++ b/verifier_test.sh @@ -81,20 +81,30 @@ expect_fail unsigned.zip expect_fail jarsigned.zip # success cases -expect_succeed otasigned.zip +expect_succeed otasigned.zip -e3 expect_succeed otasigned_f4.zip -f4 -expect_succeed otasigned_sha256.zip -sha256 -expect_succeed otasigned_f4_sha256.zip -sha256 -f4 +expect_succeed otasigned_sha256.zip -e3 -sha256 +expect_succeed otasigned_f4_sha256.zip -f4 -sha256 +expect_succeed otasigned_ecdsa_sha256.zip -ec -sha256 + +# success with multiple keys +expect_succeed otasigned.zip -f4 -e3 +expect_succeed otasigned_f4.zip -ec -f4 +expect_succeed otasigned_sha256.zip -ec -e3 -e3 -sha256 +expect_succeed otasigned_f4_sha256.zip -ec -sha256 -e3 -f4 -sha256 +expect_succeed otasigned_ecdsa_sha256.zip -f4 -sha256 -e3 -ec -sha256 # verified against different key expect_fail otasigned.zip -f4 -expect_fail otasigned_f4.zip +expect_fail otasigned_f4.zip -e3 +expect_fail otasigned_ecdsa_sha256.zip -e3 -sha256 # verified against right key but wrong hash algorithm -expect_fail otasigned.zip -sha256 -expect_fail otasigned_f4.zip -sha256 -f4 +expect_fail otasigned.zip -e3 -sha256 +expect_fail otasigned_f4.zip -f4 -sha256 expect_fail otasigned_sha256.zip expect_fail otasigned_f4_sha256.zip -f4 +expect_fail otasigned_ecdsa_sha256.zip # various other cases expect_fail random.zip |