summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Android.mk11
-rw-r--r--asn1_decoder.cpp190
-rw-r--r--asn1_decoder.h36
-rw-r--r--etc/init.rc23
-rw-r--r--minadbd/adb.h4
-rw-r--r--minadbd/transport.c21
-rw-r--r--minui/font_10x18.h2
-rw-r--r--minui/resources.c20
-rw-r--r--minzip/DirUtil.c58
-rw-r--r--minzip/DirUtil.h8
-rw-r--r--recovery.cpp14
-rw-r--r--testdata/otasigned_ecdsa_sha256.zipbin0 -> 3085 bytes
-rw-r--r--testdata/testkey_ecdsa.pk8bin0 -> 138 bytes
-rw-r--r--testdata/testkey_ecdsa.x509.pem10
-rw-r--r--tests/Android.mk26
-rw-r--r--tests/asn1_decoder_test.cpp238
-rw-r--r--updater/install.c87
-rw-r--r--verifier.cpp237
-rw-r--r--verifier.h17
-rw-r--r--verifier_test.cpp102
-rwxr-xr-xverifier_test.sh22
21 files changed, 863 insertions, 263 deletions
diff --git a/Android.mk b/Android.mk
index 2beb66208..cbc9a8e28 100644
--- a/Android.mk
+++ b/Android.mk
@@ -24,6 +24,7 @@ LOCAL_SRC_FILES := \
roots.cpp \
ui.cpp \
screen_ui.cpp \
+ asn1_decoder.cpp \
verifier.cpp \
adb_install.cpp
@@ -77,7 +78,13 @@ LOCAL_C_INCLUDES += system/extras/ext4_utils
include $(BUILD_EXECUTABLE)
-
+# All the APIs for testing
+include $(CLEAR_VARS)
+LOCAL_MODULE := libverifier
+LOCAL_MODULE_TAGS := tests
+LOCAL_SRC_FILES := \
+ asn1_decoder.cpp
+include $(BUILD_STATIC_LIBRARY)
include $(CLEAR_VARS)
LOCAL_MODULE := verifier_test
@@ -85,6 +92,7 @@ LOCAL_FORCE_STATIC_EXECUTABLE := true
LOCAL_MODULE_TAGS := tests
LOCAL_SRC_FILES := \
verifier_test.cpp \
+ asn1_decoder.cpp \
verifier.cpp \
ui.cpp
LOCAL_STATIC_LIBRARIES := \
@@ -101,6 +109,7 @@ include $(LOCAL_PATH)/minui/Android.mk \
$(LOCAL_PATH)/minzip/Android.mk \
$(LOCAL_PATH)/minadbd/Android.mk \
$(LOCAL_PATH)/mtdutils/Android.mk \
+ $(LOCAL_PATH)/tests/Android.mk \
$(LOCAL_PATH)/tools/Android.mk \
$(LOCAL_PATH)/edify/Android.mk \
$(LOCAL_PATH)/updater/Android.mk \
diff --git a/asn1_decoder.cpp b/asn1_decoder.cpp
new file mode 100644
index 000000000..7280f7480
--- /dev/null
+++ b/asn1_decoder.cpp
@@ -0,0 +1,190 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdint.h>
+#include <string.h>
+
+#include "asn1_decoder.h"
+
+
+typedef struct asn1_context {
+ size_t length;
+ uint8_t* p;
+ int app_type;
+} asn1_context_t;
+
+
+static const int kMaskConstructed = 0xE0;
+static const int kMaskTag = 0x7F;
+static const int kMaskAppType = 0x1F;
+
+static const int kTagOctetString = 0x04;
+static const int kTagOid = 0x06;
+static const int kTagSequence = 0x30;
+static const int kTagSet = 0x31;
+static const int kTagConstructed = 0xA0;
+
+asn1_context_t* asn1_context_new(uint8_t* buffer, size_t length) {
+ asn1_context_t* ctx = (asn1_context_t*) calloc(1, sizeof(asn1_context_t));
+ if (ctx == NULL) {
+ return NULL;
+ }
+ ctx->p = buffer;
+ ctx->length = length;
+ return ctx;
+}
+
+void asn1_context_free(asn1_context_t* ctx) {
+ free(ctx);
+}
+
+static inline int peek_byte(asn1_context_t* ctx) {
+ if (ctx->length <= 0) {
+ return -1;
+ }
+ return *ctx->p;
+}
+
+static inline int get_byte(asn1_context_t* ctx) {
+ if (ctx->length <= 0) {
+ return -1;
+ }
+ int byte = *ctx->p;
+ ctx->p++;
+ ctx->length--;
+ return byte;
+}
+
+static inline bool skip_bytes(asn1_context_t* ctx, size_t num_skip) {
+ if (ctx->length < num_skip) {
+ return false;
+ }
+ ctx->p += num_skip;
+ ctx->length -= num_skip;
+ return true;
+}
+
+static bool decode_length(asn1_context_t* ctx, size_t* out_len) {
+ int num_octets = get_byte(ctx);
+ if (num_octets == -1) {
+ return false;
+ }
+ if ((num_octets & 0x80) == 0x00) {
+ *out_len = num_octets;
+ return 1;
+ }
+ num_octets &= kMaskTag;
+ if ((size_t)num_octets >= sizeof(size_t)) {
+ return false;
+ }
+ size_t length = 0;
+ for (int i = 0; i < num_octets; ++i) {
+ int byte = get_byte(ctx);
+ if (byte == -1) {
+ return false;
+ }
+ length <<= 8;
+ length += byte;
+ }
+ *out_len = length;
+ return true;
+}
+
+/**
+ * Returns the constructed type and advances the pointer. E.g. A0 -> 0
+ */
+asn1_context_t* asn1_constructed_get(asn1_context_t* ctx) {
+ int type = get_byte(ctx);
+ if (type == -1 || (type & kMaskConstructed) != kTagConstructed) {
+ return NULL;
+ }
+ size_t length;
+ if (!decode_length(ctx, &length) || length > ctx->length) {
+ return NULL;
+ }
+ asn1_context_t* app_ctx = asn1_context_new(ctx->p, length);
+ app_ctx->app_type = type & kMaskAppType;
+ return app_ctx;
+}
+
+bool asn1_constructed_skip_all(asn1_context_t* ctx) {
+ int byte = peek_byte(ctx);
+ while (byte != -1 && (byte & kMaskConstructed) == kTagConstructed) {
+ skip_bytes(ctx, 1);
+ size_t length;
+ if (!decode_length(ctx, &length) || !skip_bytes(ctx, length)) {
+ return false;
+ }
+ byte = peek_byte(ctx);
+ }
+ return byte != -1;
+}
+
+int asn1_constructed_type(asn1_context_t* ctx) {
+ return ctx->app_type;
+}
+
+asn1_context_t* asn1_sequence_get(asn1_context_t* ctx) {
+ if ((get_byte(ctx) & kMaskTag) != kTagSequence) {
+ return NULL;
+ }
+ size_t length;
+ if (!decode_length(ctx, &length) || length > ctx->length) {
+ return NULL;
+ }
+ return asn1_context_new(ctx->p, length);
+}
+
+asn1_context_t* asn1_set_get(asn1_context_t* ctx) {
+ if ((get_byte(ctx) & kMaskTag) != kTagSet) {
+ return NULL;
+ }
+ size_t length;
+ if (!decode_length(ctx, &length) || length > ctx->length) {
+ return NULL;
+ }
+ return asn1_context_new(ctx->p, length);
+}
+
+bool asn1_sequence_next(asn1_context_t* ctx) {
+ size_t length;
+ if (get_byte(ctx) == -1 || !decode_length(ctx, &length) || !skip_bytes(ctx, length)) {
+ return false;
+ }
+ return true;
+}
+
+bool asn1_oid_get(asn1_context_t* ctx, uint8_t** oid, size_t* length) {
+ if (get_byte(ctx) != kTagOid) {
+ return false;
+ }
+ if (!decode_length(ctx, length) || *length == 0 || *length > ctx->length) {
+ return false;
+ }
+ *oid = ctx->p;
+ return true;
+}
+
+bool asn1_octet_string_get(asn1_context_t* ctx, uint8_t** octet_string, size_t* length) {
+ if (get_byte(ctx) != kTagOctetString) {
+ return false;
+ }
+ if (!decode_length(ctx, length) || *length == 0 || *length > ctx->length) {
+ return false;
+ }
+ *octet_string = ctx->p;
+ return true;
+}
diff --git a/asn1_decoder.h b/asn1_decoder.h
new file mode 100644
index 000000000..b17141c44
--- /dev/null
+++ b/asn1_decoder.h
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#ifndef ASN1_DECODER_H_
+#define ASN1_DECODER_H_
+
+#include <stdint.h>
+
+typedef struct asn1_context asn1_context_t;
+
+asn1_context_t* asn1_context_new(uint8_t* buffer, size_t length);
+void asn1_context_free(asn1_context_t* ctx);
+asn1_context_t* asn1_constructed_get(asn1_context_t* ctx);
+bool asn1_constructed_skip_all(asn1_context_t* ctx);
+int asn1_constructed_type(asn1_context_t* ctx);
+asn1_context_t* asn1_sequence_get(asn1_context_t* ctx);
+asn1_context_t* asn1_set_get(asn1_context_t* ctx);
+bool asn1_sequence_next(asn1_context_t* seq);
+bool asn1_oid_get(asn1_context_t* ctx, uint8_t** oid, size_t* length);
+bool asn1_octet_string_get(asn1_context_t* ctx, uint8_t** octet_string, size_t* length);
+
+#endif /* ASN1_DECODER_H_ */
diff --git a/etc/init.rc b/etc/init.rc
index 175489066..6e0595b44 100644
--- a/etc/init.rc
+++ b/etc/init.rc
@@ -1,11 +1,18 @@
import /init.recovery.${ro.hardware}.rc
on early-init
+ # Apply strict SELinux checking of PROT_EXEC on mmap/mprotect calls.
+ write /sys/fs/selinux/checkreqprot 0
+
+ # Set the security context for the init process.
+ # This should occur before anything else (e.g. ueventd) is started.
+ setcon u:r:init:s0
+
start ueventd
start healthd
on init
- export PATH /sbin
+ export PATH /sbin:/system/bin
export ANDROID_ROOT /system
export ANDROID_DATA /data
export EXTERNAL_STORAGE /sdcard
@@ -16,14 +23,20 @@ on init
mkdir /system
mkdir /data
mkdir /cache
- mount /tmp /tmp tmpfs
+ mount tmpfs tmpfs /tmp
chown root shell /tmp
chmod 0775 /tmp
+on fs
+ mkdir /dev/usb-ffs 0770 shell shell
+ mkdir /dev/usb-ffs/adb 0770 shell shell
+ mount functionfs adb /dev/usb-ffs/adb uid=2000,gid=2000
+
write /sys/class/android_usb/android0/enable 0
write /sys/class/android_usb/android0/idVendor 18D1
write /sys/class/android_usb/android0/idProduct D001
+ write /sys/class/android_usb/android0/f_ffs/aliases adb
write /sys/class/android_usb/android0/functions adb
write /sys/class/android_usb/android0/iManufacturer ${ro.product.manufacturer}
write /sys/class/android_usb/android0/iProduct ${ro.product.model}
@@ -43,15 +56,19 @@ on property:sys.powerctl=*
service ueventd /sbin/ueventd
critical
+ seclabel u:r:ueventd:s0
service healthd /sbin/healthd -n
critical
+ seclabel u:r:healthd:s0
service recovery /sbin/recovery
+ seclabel u:r:recovery:s0
-service adbd /sbin/adbd recovery
+service adbd /sbin/adbd --root_seclabel=u:r:su:s0 --device_banner=recovery
disabled
socket adbd stream 660 system system
+ seclabel u:r:adbd:s0
# Always start adbd on userdebug and eng builds
on property:ro.debuggable=1
diff --git a/minadbd/adb.h b/minadbd/adb.h
index 98fa5972e..688a6f273 100644
--- a/minadbd/adb.h
+++ b/minadbd/adb.h
@@ -244,15 +244,11 @@ void kick_transport( atransport* t );
#if ADB_HOST
int get_available_local_transport_index();
#endif
-int init_socket_transport(atransport *t, int s, int port, int local);
void init_usb_transport(atransport *t, usb_handle *usb, int state);
/* for MacOS X cleanup */
void close_usb_devices();
-/* cause new transports to be init'd and added to the list */
-void register_socket_transport(int s, const char *serial, int port, int local);
-
/* these should only be used for the "adb disconnect" command */
void unregister_transport(atransport *t);
void unregister_all_tcp_transports();
diff --git a/minadbd/transport.c b/minadbd/transport.c
index ff2004932..4c0c97f75 100644
--- a/minadbd/transport.c
+++ b/minadbd/transport.c
@@ -678,27 +678,6 @@ retry:
return result;
}
-void register_socket_transport(int s, const char *serial, int port, int local)
-{
- atransport *t = calloc(1, sizeof(atransport));
- char buff[32];
-
- if (!serial) {
- snprintf(buff, sizeof buff, "T-%p", t);
- serial = buff;
- }
- D("transport: %s init'ing for socket %d, on port %d\n", serial, s, port);
- if ( init_socket_transport(t, s, port, local) < 0 ) {
- adb_close(s);
- free(t);
- return;
- }
- if(serial) {
- t->serial = strdup(serial);
- }
- register_transport(t);
-}
-
void register_usb_transport(usb_handle *usb, const char *serial, unsigned writeable)
{
atransport *t = calloc(1, sizeof(atransport));
diff --git a/minui/font_10x18.h b/minui/font_10x18.h
index 7f96465cc..29d705344 100644
--- a/minui/font_10x18.h
+++ b/minui/font_10x18.h
@@ -3,7 +3,7 @@ struct {
unsigned height;
unsigned cwidth;
unsigned cheight;
- unsigned char rundata[];
+ unsigned char rundata[2973];
} font = {
.width = 960,
.height = 18,
diff --git a/minui/resources.c b/minui/resources.c
index a370b7108..c0a9ccacb 100644
--- a/minui/resources.c
+++ b/minui/resources.c
@@ -93,9 +93,13 @@ int res_create_surface(const char* name, gr_surface* pSurface) {
png_set_sig_bytes(png_ptr, sizeof(header));
png_read_info(png_ptr, info_ptr);
- int color_type = png_get_color_type(png_ptr, info_ptr);
- int bit_depth = png_get_bit_depth(png_ptr, info_ptr);
+ int color_type, bit_depth;
+ size_t width, height;
+ png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth,
+ &color_type, NULL, NULL, NULL);
+
int channels = png_get_channels(png_ptr, info_ptr);
+
if (!(bit_depth == 8 &&
((channels == 3 && color_type == PNG_COLOR_TYPE_RGB) ||
(channels == 4 && color_type == PNG_COLOR_TYPE_RGBA) ||
@@ -105,8 +109,6 @@ int res_create_surface(const char* name, gr_surface* pSurface) {
goto exit;
}
- size_t width = png_get_image_width(png_ptr, info_ptr);
- size_t height = png_get_image_height(png_ptr, info_ptr);
size_t stride = (color_type == PNG_COLOR_TYPE_GRAY ? 1 : 4) * width;
size_t pixelSize = stride * height;
@@ -246,12 +248,10 @@ int res_create_localized_surface(const char* name, gr_surface* pSurface) {
png_set_sig_bytes(png_ptr, sizeof(header));
png_read_info(png_ptr, info_ptr);
- size_t width = png_get_image_width(png_ptr, info_ptr);
- size_t height = png_get_image_height(png_ptr, info_ptr);
- size_t stride = 4 * width;
-
- int color_type = png_get_color_type(png_ptr, info_ptr);
- int bit_depth = png_get_bit_depth(png_ptr, info_ptr);
+ int color_type, bit_depth;
+ size_t width, height;
+ png_get_IHDR(png_ptr, info_ptr, &width, &height, &bit_depth,
+ &color_type, NULL, NULL, NULL);
int channels = png_get_channels(png_ptr, info_ptr);
if (!(bit_depth == 8 &&
diff --git a/minzip/DirUtil.c b/minzip/DirUtil.c
index 8dd5da1da..fe2c880ac 100644
--- a/minzip/DirUtil.c
+++ b/minzip/DirUtil.c
@@ -234,61 +234,3 @@ dirUnlinkHierarchy(const char *path)
/* delete target directory */
return rmdir(path);
}
-
-int
-dirSetHierarchyPermissions(const char *path,
- int uid, int gid, int dirMode, int fileMode)
-{
- struct stat st;
- if (lstat(path, &st)) {
- return -1;
- }
-
- /* ignore symlinks */
- if (S_ISLNK(st.st_mode)) {
- return 0;
- }
-
- /* directories and files get different permissions */
- if (chown(path, uid, gid) ||
- chmod(path, S_ISDIR(st.st_mode) ? dirMode : fileMode)) {
- return -1;
- }
-
- /* recurse over directory components */
- if (S_ISDIR(st.st_mode)) {
- DIR *dir = opendir(path);
- if (dir == NULL) {
- return -1;
- }
-
- errno = 0;
- const struct dirent *de;
- while (errno == 0 && (de = readdir(dir)) != NULL) {
- if (!strcmp(de->d_name, "..") || !strcmp(de->d_name, ".")) {
- continue;
- }
-
- char dn[PATH_MAX];
- snprintf(dn, sizeof(dn), "%s/%s", path, de->d_name);
- if (!dirSetHierarchyPermissions(dn, uid, gid, dirMode, fileMode)) {
- errno = 0;
- } else if (errno == 0) {
- errno = -1;
- }
- }
-
- if (errno != 0) {
- int save = errno;
- closedir(dir);
- errno = save;
- return -1;
- }
-
- if (closedir(dir)) {
- return -1;
- }
- }
-
- return 0;
-}
diff --git a/minzip/DirUtil.h b/minzip/DirUtil.h
index a5cfa761b..85a00128b 100644
--- a/minzip/DirUtil.h
+++ b/minzip/DirUtil.h
@@ -48,14 +48,6 @@ int dirCreateHierarchy(const char *path, int mode,
*/
int dirUnlinkHierarchy(const char *path);
-/* chown -R <uid>:<gid> <path>
- * chmod -R <mode> <path>
- *
- * Sets directories to <dirMode> and files to <fileMode>. Skips symlinks.
- */
-int dirSetHierarchyPermissions(const char *path,
- int uid, int gid, int dirMode, int fileMode);
-
#ifdef __cplusplus
}
#endif
diff --git a/recovery.cpp b/recovery.cpp
index 43cd9dafe..fdb9095be 100644
--- a/recovery.cpp
+++ b/recovery.cpp
@@ -57,6 +57,7 @@ static const struct option OPTIONS[] = {
{ "just_exit", no_argument, NULL, 'x' },
{ "locale", required_argument, NULL, 'l' },
{ "stages", required_argument, NULL, 'g' },
+ { "shutdown_after", no_argument, NULL, 'p' },
{ NULL, 0, NULL, 0 },
};
@@ -945,16 +946,15 @@ main(int argc, char **argv) {
rotate_last_logs(10);
get_args(&argc, &argv);
- int previous_runs = 0;
const char *send_intent = NULL;
const char *update_package = NULL;
int wipe_data = 0, wipe_cache = 0, show_text = 0;
bool just_exit = false;
+ bool shutdown_after = false;
int arg;
while ((arg = getopt_long(argc, argv, "", OPTIONS, NULL)) != -1) {
switch (arg) {
- case 'p': previous_runs = atoi(optarg); break;
case 's': send_intent = optarg; break;
case 'u': update_package = optarg; break;
case 'w': wipe_data = wipe_cache = 1; break;
@@ -970,6 +970,7 @@ main(int argc, char **argv) {
}
break;
}
+ case 'p': shutdown_after = true; break;
case '?':
LOGE("Invalid command argument\n");
continue;
@@ -1079,7 +1080,12 @@ main(int argc, char **argv) {
// Otherwise, get ready to boot the main system...
finish_recovery(send_intent);
- ui->Print("Rebooting...\n");
- property_set(ANDROID_RB_PROPERTY, "reboot,");
+ if (shutdown_after) {
+ ui->Print("Shutting down...\n");
+ property_set(ANDROID_RB_PROPERTY, "shutdown,");
+ } else {
+ ui->Print("Rebooting...\n");
+ property_set(ANDROID_RB_PROPERTY, "reboot,");
+ }
return EXIT_SUCCESS;
}
diff --git a/testdata/otasigned_ecdsa_sha256.zip b/testdata/otasigned_ecdsa_sha256.zip
new file mode 100644
index 000000000..999fcdd0f
--- /dev/null
+++ b/testdata/otasigned_ecdsa_sha256.zip
Binary files differ
diff --git a/testdata/testkey_ecdsa.pk8 b/testdata/testkey_ecdsa.pk8
new file mode 100644
index 000000000..9a521c8cf
--- /dev/null
+++ b/testdata/testkey_ecdsa.pk8
Binary files differ
diff --git a/testdata/testkey_ecdsa.x509.pem b/testdata/testkey_ecdsa.x509.pem
new file mode 100644
index 000000000..b12283645
--- /dev/null
+++ b/testdata/testkey_ecdsa.x509.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBezCCASACCQC4g5wurPSmtzAKBggqhkjOPQQDAjBFMQswCQYDVQQGEwJBVTET
+MBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lkZ2l0cyBQ
+dHkgTHRkMB4XDTEzMTAwODIxMTAxM1oXDTE0MTAwODIxMTAxM1owRTELMAkGA1UE
+BhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoMGEludGVybmV0IFdp
+ZGdpdHMgUHR5IEx0ZDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGcO1QDowF2E
+RboWVmAYI2oXTr5MHAJ4xpMUFsrWVvoktYSN2RhNuOl5jZGvSBsQII9p/4qfjLmS
+TBaCfQ0Xmt4wCgYIKoZIzj0EAwIDSQAwRgIhAIJjWmZAwngc2VcHUhYp2oSLoCQ+
+P+7AtbAn5242AqfOAiEAghO0t6jTKs0LUhLJrQwbOkHyZMVdZaG2vcwV9y9H5Qc=
+-----END CERTIFICATE-----
diff --git a/tests/Android.mk b/tests/Android.mk
new file mode 100644
index 000000000..4d99d5249
--- /dev/null
+++ b/tests/Android.mk
@@ -0,0 +1,26 @@
+# Build the unit tests.
+LOCAL_PATH := $(call my-dir)
+include $(CLEAR_VARS)
+
+# Build the unit tests.
+test_src_files := \
+ asn1_decoder_test.cpp
+
+shared_libraries := \
+ liblog \
+ libcutils
+
+static_libraries := \
+ libgtest \
+ libgtest_main \
+ libverifier
+
+$(foreach file,$(test_src_files), \
+ $(eval include $(CLEAR_VARS)) \
+ $(eval LOCAL_SHARED_LIBRARIES := $(shared_libraries)) \
+ $(eval LOCAL_STATIC_LIBRARIES := $(static_libraries)) \
+ $(eval LOCAL_SRC_FILES := $(file)) \
+ $(eval LOCAL_MODULE := $(notdir $(file:%.cpp=%))) \
+ $(eval LOCAL_C_INCLUDES := $(LOCAL_PATH)/..) \
+ $(eval include $(BUILD_NATIVE_TEST)) \
+) \ No newline at end of file
diff --git a/tests/asn1_decoder_test.cpp b/tests/asn1_decoder_test.cpp
new file mode 100644
index 000000000..af96d87d2
--- /dev/null
+++ b/tests/asn1_decoder_test.cpp
@@ -0,0 +1,238 @@
+/*
+ * Copyright (C) 2013 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "asn1_decoder_test"
+
+#include <cutils/log.h>
+#include <gtest/gtest.h>
+#include <stdint.h>
+#include <unistd.h>
+
+#include "asn1_decoder.h"
+
+namespace android {
+
+class Asn1DecoderTest : public testing::Test {
+};
+
+TEST_F(Asn1DecoderTest, Empty_Failure) {
+ uint8_t empty[] = { };
+ asn1_context_t* ctx = asn1_context_new(empty, sizeof(empty));
+
+ EXPECT_EQ(NULL, asn1_constructed_get(ctx));
+ EXPECT_FALSE(asn1_constructed_skip_all(ctx));
+ EXPECT_EQ(0, asn1_constructed_type(ctx));
+ EXPECT_EQ(NULL, asn1_sequence_get(ctx));
+ EXPECT_EQ(NULL, asn1_set_get(ctx));
+ EXPECT_FALSE(asn1_sequence_next(ctx));
+
+ uint8_t* junk;
+ size_t length;
+ EXPECT_FALSE(asn1_oid_get(ctx, &junk, &length));
+ EXPECT_FALSE(asn1_octet_string_get(ctx, &junk, &length));
+
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, ConstructedGet_TruncatedLength_Failure) {
+ uint8_t truncated[] = { 0xA0, 0x82, };
+ asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated));
+ EXPECT_EQ(NULL, asn1_constructed_get(ctx));
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, ConstructedGet_LengthTooBig_Failure) {
+ uint8_t truncated[] = { 0xA0, 0x8a, 0xA5, 0x5A, 0xA5, 0x5A,
+ 0xA5, 0x5A, 0xA5, 0x5A, 0xA5, 0x5A, };
+ asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated));
+ EXPECT_EQ(NULL, asn1_constructed_get(ctx));
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, ConstructedGet_TooSmallForChild_Failure) {
+ uint8_t data[] = { 0xA5, 0x02, 0x06, 0x01, 0x01, };
+ asn1_context_t* ctx = asn1_context_new(data, sizeof(data));
+ asn1_context_t* ptr = asn1_constructed_get(ctx);
+ ASSERT_NE((asn1_context_t*)NULL, ptr);
+ EXPECT_EQ(5, asn1_constructed_type(ptr));
+ uint8_t* oid;
+ size_t length;
+ EXPECT_FALSE(asn1_oid_get(ptr, &oid, &length));
+ asn1_context_free(ptr);
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, ConstructedGet_Success) {
+ uint8_t data[] = { 0xA5, 0x03, 0x06, 0x01, 0x01, };
+ asn1_context_t* ctx = asn1_context_new(data, sizeof(data));
+ asn1_context_t* ptr = asn1_constructed_get(ctx);
+ ASSERT_NE((asn1_context_t*)NULL, ptr);
+ EXPECT_EQ(5, asn1_constructed_type(ptr));
+ uint8_t* oid;
+ size_t length;
+ ASSERT_TRUE(asn1_oid_get(ptr, &oid, &length));
+ EXPECT_EQ(1U, length);
+ EXPECT_EQ(0x01U, *oid);
+ asn1_context_free(ptr);
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, ConstructedSkipAll_TruncatedLength_Failure) {
+ uint8_t truncated[] = { 0xA2, 0x82, };
+ asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated));
+ EXPECT_FALSE(asn1_constructed_skip_all(ctx));
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, ConstructedSkipAll_Success) {
+ uint8_t data[] = { 0xA0, 0x03, 0x02, 0x01, 0x01,
+ 0xA1, 0x03, 0x02, 0x01, 0x01,
+ 0x06, 0x01, 0xA5, };
+ asn1_context_t* ctx = asn1_context_new(data, sizeof(data));
+ ASSERT_TRUE(asn1_constructed_skip_all(ctx));
+ uint8_t* oid;
+ size_t length;
+ ASSERT_TRUE(asn1_oid_get(ctx, &oid, &length));
+ EXPECT_EQ(1U, length);
+ EXPECT_EQ(0xA5U, *oid);
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, SequenceGet_TruncatedLength_Failure) {
+ uint8_t truncated[] = { 0x30, 0x82, };
+ asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated));
+ EXPECT_EQ(NULL, asn1_sequence_get(ctx));
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, SequenceGet_TooSmallForChild_Failure) {
+ uint8_t data[] = { 0x30, 0x02, 0x06, 0x01, 0x01, };
+ asn1_context_t* ctx = asn1_context_new(data, sizeof(data));
+ asn1_context_t* ptr = asn1_sequence_get(ctx);
+ ASSERT_NE((asn1_context_t*)NULL, ptr);
+ uint8_t* oid;
+ size_t length;
+ EXPECT_FALSE(asn1_oid_get(ptr, &oid, &length));
+ asn1_context_free(ptr);
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, SequenceGet_Success) {
+ uint8_t data[] = { 0x30, 0x03, 0x06, 0x01, 0x01, };
+ asn1_context_t* ctx = asn1_context_new(data, sizeof(data));
+ asn1_context_t* ptr = asn1_sequence_get(ctx);
+ ASSERT_NE((asn1_context_t*)NULL, ptr);
+ uint8_t* oid;
+ size_t length;
+ ASSERT_TRUE(asn1_oid_get(ptr, &oid, &length));
+ EXPECT_EQ(1U, length);
+ EXPECT_EQ(0x01U, *oid);
+ asn1_context_free(ptr);
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, SetGet_TruncatedLength_Failure) {
+ uint8_t truncated[] = { 0x31, 0x82, };
+ asn1_context_t* ctx = asn1_context_new(truncated, sizeof(truncated));
+ EXPECT_EQ(NULL, asn1_set_get(ctx));
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, SetGet_TooSmallForChild_Failure) {
+ uint8_t data[] = { 0x31, 0x02, 0x06, 0x01, 0x01, };
+ asn1_context_t* ctx = asn1_context_new(data, sizeof(data));
+ asn1_context_t* ptr = asn1_set_get(ctx);
+ ASSERT_NE((asn1_context_t*)NULL, ptr);
+ uint8_t* oid;
+ size_t length;
+ EXPECT_FALSE(asn1_oid_get(ptr, &oid, &length));
+ asn1_context_free(ptr);
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, SetGet_Success) {
+ uint8_t data[] = { 0x31, 0x03, 0x06, 0x01, 0xBA, };
+ asn1_context_t* ctx = asn1_context_new(data, sizeof(data));
+ asn1_context_t* ptr = asn1_set_get(ctx);
+ ASSERT_NE((asn1_context_t*)NULL, ptr);
+ uint8_t* oid;
+ size_t length;
+ ASSERT_TRUE(asn1_oid_get(ptr, &oid, &length));
+ EXPECT_EQ(1U, length);
+ EXPECT_EQ(0xBAU, *oid);
+ asn1_context_free(ptr);
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, OidGet_LengthZero_Failure) {
+ uint8_t data[] = { 0x06, 0x00, 0x01, };
+ asn1_context_t* ctx = asn1_context_new(data, sizeof(data));
+ uint8_t* oid;
+ size_t length;
+ EXPECT_FALSE(asn1_oid_get(ctx, &oid, &length));
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, OidGet_TooSmall_Failure) {
+ uint8_t data[] = { 0x06, 0x01, };
+ asn1_context_t* ctx = asn1_context_new(data, sizeof(data));
+ uint8_t* oid;
+ size_t length;
+ EXPECT_FALSE(asn1_oid_get(ctx, &oid, &length));
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, OidGet_Success) {
+ uint8_t data[] = { 0x06, 0x01, 0x99, };
+ asn1_context_t* ctx = asn1_context_new(data, sizeof(data));
+ uint8_t* oid;
+ size_t length;
+ ASSERT_TRUE(asn1_oid_get(ctx, &oid, &length));
+ EXPECT_EQ(1U, length);
+ EXPECT_EQ(0x99U, *oid);
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, OctetStringGet_LengthZero_Failure) {
+ uint8_t data[] = { 0x04, 0x00, 0x55, };
+ asn1_context_t* ctx = asn1_context_new(data, sizeof(data));
+ uint8_t* string;
+ size_t length;
+ ASSERT_FALSE(asn1_octet_string_get(ctx, &string, &length));
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, OctetStringGet_TooSmall_Failure) {
+ uint8_t data[] = { 0x04, 0x01, };
+ asn1_context_t* ctx = asn1_context_new(data, sizeof(data));
+ uint8_t* string;
+ size_t length;
+ ASSERT_FALSE(asn1_octet_string_get(ctx, &string, &length));
+ asn1_context_free(ctx);
+}
+
+TEST_F(Asn1DecoderTest, OctetStringGet_Success) {
+ uint8_t data[] = { 0x04, 0x01, 0xAA, };
+ asn1_context_t* ctx = asn1_context_new(data, sizeof(data));
+ uint8_t* string;
+ size_t length;
+ ASSERT_TRUE(asn1_octet_string_get(ctx, &string, &length));
+ EXPECT_EQ(1U, length);
+ EXPECT_EQ(0xAAU, *string);
+ asn1_context_free(ctx);
+}
+
+} // namespace android
diff --git a/updater/install.c b/updater/install.c
index b6852b0c7..aebd4f34b 100644
--- a/updater/install.c
+++ b/updater/install.c
@@ -560,88 +560,6 @@ Value* SymlinkFn(const char* name, State* state, int argc, Expr* argv[]) {
return StringValue(strdup(""));
}
-
-Value* SetPermFn(const char* name, State* state, int argc, Expr* argv[]) {
- char* result = NULL;
- bool recursive = (strcmp(name, "set_perm_recursive") == 0);
-
- int min_args = 4 + (recursive ? 1 : 0);
- if (argc < min_args) {
- return ErrorAbort(state, "%s() expects %d+ args, got %d",
- name, min_args, argc);
- }
-
- char** args = ReadVarArgs(state, argc, argv);
- if (args == NULL) return NULL;
-
- char* end;
- int i;
- int bad = 0;
-
- int uid = strtoul(args[0], &end, 0);
- if (*end != '\0' || args[0][0] == 0) {
- ErrorAbort(state, "%s: \"%s\" not a valid uid", name, args[0]);
- goto done;
- }
-
- int gid = strtoul(args[1], &end, 0);
- if (*end != '\0' || args[1][0] == 0) {
- ErrorAbort(state, "%s: \"%s\" not a valid gid", name, args[1]);
- goto done;
- }
-
- if (recursive) {
- int dir_mode = strtoul(args[2], &end, 0);
- if (*end != '\0' || args[2][0] == 0) {
- ErrorAbort(state, "%s: \"%s\" not a valid dirmode", name, args[2]);
- goto done;
- }
-
- int file_mode = strtoul(args[3], &end, 0);
- if (*end != '\0' || args[3][0] == 0) {
- ErrorAbort(state, "%s: \"%s\" not a valid filemode",
- name, args[3]);
- goto done;
- }
-
- for (i = 4; i < argc; ++i) {
- dirSetHierarchyPermissions(args[i], uid, gid, dir_mode, file_mode);
- }
- } else {
- int mode = strtoul(args[2], &end, 0);
- if (*end != '\0' || args[2][0] == 0) {
- ErrorAbort(state, "%s: \"%s\" not a valid mode", name, args[2]);
- goto done;
- }
-
- for (i = 3; i < argc; ++i) {
- if (chown(args[i], uid, gid) < 0) {
- printf("%s: chown of %s to %d %d failed: %s\n",
- name, args[i], uid, gid, strerror(errno));
- ++bad;
- }
- if (chmod(args[i], mode) < 0) {
- printf("%s: chmod of %s to %o failed: %s\n",
- name, args[i], mode, strerror(errno));
- ++bad;
- }
- }
- }
- result = strdup("");
-
-done:
- for (i = 0; i < argc; ++i) {
- free(args[i]);
- }
- free(args);
-
- if (bad) {
- free(result);
- return ErrorAbort(state, "%s: some changes failed", name);
- }
- return StringValue(result);
-}
-
struct perm_parsed_args {
bool has_uid;
uid_t uid;
@@ -1531,11 +1449,6 @@ void RegisterInstallFunctions() {
RegisterFunction("package_extract_file", PackageExtractFileFn);
RegisterFunction("symlink", SymlinkFn);
- // Maybe, at some future point, we can delete these functions? They have been
- // replaced by perm_set and perm_set_recursive.
- RegisterFunction("set_perm", SetPermFn);
- RegisterFunction("set_perm_recursive", SetPermFn);
-
// Usage:
// set_metadata("filename", "key1", "value1", "key2", "value2", ...)
// Example:
diff --git a/verifier.cpp b/verifier.cpp
index 23fab07b2..0930fbd15 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -14,10 +14,14 @@
* limitations under the License.
*/
+#include "asn1_decoder.h"
#include "common.h"
-#include "verifier.h"
#include "ui.h"
+#include "verifier.h"
+#include "mincrypt/dsa_sig.h"
+#include "mincrypt/p256.h"
+#include "mincrypt/p256_ecdsa.h"
#include "mincrypt/rsa.h"
#include "mincrypt/sha.h"
#include "mincrypt/sha256.h"
@@ -28,6 +32,78 @@
extern RecoveryUI* ui;
+/*
+ * Simple version of PKCS#7 SignedData extraction. This extracts the
+ * signature OCTET STRING to be used for signature verification.
+ *
+ * For full details, see http://www.ietf.org/rfc/rfc3852.txt
+ *
+ * The PKCS#7 structure looks like:
+ *
+ * SEQUENCE (ContentInfo)
+ * OID (ContentType)
+ * [0] (content)
+ * SEQUENCE (SignedData)
+ * INTEGER (version CMSVersion)
+ * SET (DigestAlgorithmIdentifiers)
+ * SEQUENCE (EncapsulatedContentInfo)
+ * [0] (CertificateSet OPTIONAL)
+ * [1] (RevocationInfoChoices OPTIONAL)
+ * SET (SignerInfos)
+ * SEQUENCE (SignerInfo)
+ * INTEGER (CMSVersion)
+ * SEQUENCE (SignerIdentifier)
+ * SEQUENCE (DigestAlgorithmIdentifier)
+ * SEQUENCE (SignatureAlgorithmIdentifier)
+ * OCTET STRING (SignatureValue)
+ */
+static bool read_pkcs7(uint8_t* pkcs7_der, size_t pkcs7_der_len, uint8_t** sig_der,
+ size_t* sig_der_length) {
+ asn1_context_t* ctx = asn1_context_new(pkcs7_der, pkcs7_der_len);
+ if (ctx == NULL) {
+ return false;
+ }
+
+ asn1_context_t* pkcs7_seq = asn1_sequence_get(ctx);
+ if (pkcs7_seq != NULL && asn1_sequence_next(pkcs7_seq)) {
+ asn1_context_t *signed_data_app = asn1_constructed_get(pkcs7_seq);
+ if (signed_data_app != NULL) {
+ asn1_context_t* signed_data_seq = asn1_sequence_get(signed_data_app);
+ if (signed_data_seq != NULL
+ && asn1_sequence_next(signed_data_seq)
+ && asn1_sequence_next(signed_data_seq)
+ && asn1_sequence_next(signed_data_seq)
+ && asn1_constructed_skip_all(signed_data_seq)) {
+ asn1_context_t *sig_set = asn1_set_get(signed_data_seq);
+ if (sig_set != NULL) {
+ asn1_context_t* sig_seq = asn1_sequence_get(sig_set);
+ if (sig_seq != NULL
+ && asn1_sequence_next(sig_seq)
+ && asn1_sequence_next(sig_seq)
+ && asn1_sequence_next(sig_seq)
+ && asn1_sequence_next(sig_seq)) {
+ uint8_t* sig_der_ptr;
+ if (asn1_octet_string_get(sig_seq, &sig_der_ptr, sig_der_length)) {
+ *sig_der = (uint8_t*) malloc(*sig_der_length);
+ if (*sig_der != NULL) {
+ memcpy(*sig_der, sig_der_ptr, *sig_der_length);
+ }
+ }
+ asn1_context_free(sig_seq);
+ }
+ asn1_context_free(sig_set);
+ }
+ asn1_context_free(signed_data_seq);
+ }
+ asn1_context_free(signed_data_app);
+ }
+ asn1_context_free(pkcs7_seq);
+ }
+ asn1_context_free(ctx);
+
+ return *sig_der != NULL;
+}
+
// Look for an RSA signature embedded in the .ZIP file comment given
// the path to the zip. Verify it matches one of the given public
// keys.
@@ -79,16 +155,8 @@ int verify_file(const char* path, const Certificate* pKeys, unsigned int numKeys
LOGI("comment is %d bytes; signature %d bytes from end\n",
comment_size, signature_start);
- if (signature_start > comment_size) {
- LOGE("signature start: %zu is larger than comment size: %zu\n", signature_start,
- comment_size);
- fclose(f);
- return VERIFY_FAILURE;
- }
-
- if (signature_start - FOOTER_SIZE < RSANUMBYTES) {
- // "signature" block isn't big enough to contain an RSA block.
- LOGE("signature is too short\n");
+ if (signature_start <= FOOTER_SIZE) {
+ LOGE("Signature start is in the footer");
fclose(f);
return VERIFY_FAILURE;
}
@@ -194,6 +262,23 @@ int verify_file(const char* path, const Certificate* pKeys, unsigned int numKeys
const uint8_t* sha1 = SHA_final(&sha1_ctx);
const uint8_t* sha256 = SHA256_final(&sha256_ctx);
+ uint8_t* sig_der = NULL;
+ size_t sig_der_length = 0;
+
+ size_t signature_size = signature_start - FOOTER_SIZE;
+ if (!read_pkcs7(eocd + eocd_size - signature_start, signature_size, &sig_der,
+ &sig_der_length)) {
+ LOGE("Could not find signature DER block\n");
+ free(eocd);
+ return VERIFY_FAILURE;
+ }
+ free(eocd);
+
+ /*
+ * Check to make sure at least one of the keys matches the signature. Since
+ * any key can match, we need to try each before determining a verification
+ * failure has happened.
+ */
for (i = 0; i < numKeys; ++i) {
const uint8_t* hash;
switch (pKeys[i].hash_len) {
@@ -204,16 +289,46 @@ int verify_file(const char* path, const Certificate* pKeys, unsigned int numKeys
// The 6 bytes is the "(signature_start) $ff $ff (comment_size)" that
// the signing tool appends after the signature itself.
- if (RSA_verify(pKeys[i].public_key, eocd + eocd_size - 6 - RSANUMBYTES,
- RSANUMBYTES, hash, pKeys[i].hash_len)) {
- LOGI("whole-file signature verified against key %d\n", i);
- free(eocd);
+ if (pKeys[i].key_type == Certificate::RSA) {
+ if (sig_der_length < RSANUMBYTES) {
+ // "signature" block isn't big enough to contain an RSA block.
+ LOGI("signature is too short for RSA key %d\n", i);
+ continue;
+ }
+
+ if (!RSA_verify(pKeys[i].rsa, sig_der, RSANUMBYTES,
+ hash, pKeys[i].hash_len)) {
+ LOGI("failed to verify against RSA key %d\n", i);
+ continue;
+ }
+
+ LOGI("whole-file signature verified against RSA key %d\n", i);
+ free(sig_der);
+ return VERIFY_SUCCESS;
+ } else if (pKeys[i].key_type == Certificate::EC
+ && pKeys[i].hash_len == SHA256_DIGEST_SIZE) {
+ p256_int r, s;
+ if (!dsa_sig_unpack(sig_der, sig_der_length, &r, &s)) {
+ LOGI("Not a DSA signature block for EC key %d\n", i);
+ continue;
+ }
+
+ p256_int p256_hash;
+ p256_from_bin(hash, &p256_hash);
+ if (!p256_ecdsa_verify(&(pKeys[i].ec->x), &(pKeys[i].ec->y),
+ &p256_hash, &r, &s)) {
+ LOGI("failed to verify against EC key %d\n", i);
+ continue;
+ }
+
+ LOGI("whole-file signature verified against EC key %d\n", i);
+ free(sig_der);
return VERIFY_SUCCESS;
} else {
- LOGI("failed to verify against key %d\n", i);
+ LOGI("Unknown key type %d\n", pKeys[i].key_type);
}
}
- free(eocd);
+ free(sig_der);
LOGE("failed to verify whole-file signature\n");
return VERIFY_FAILURE;
}
@@ -245,6 +360,7 @@ int verify_file(const char* path, const Certificate* pKeys, unsigned int numKeys
// 2: 2048-bit RSA key with e=65537 and SHA-1 hash
// 3: 2048-bit RSA key with e=3 and SHA-256 hash
// 4: 2048-bit RSA key with e=65537 and SHA-256 hash
+// 5: 256-bit EC key using the NIST P-256 curve parameters and SHA-256 hash
//
// Returns NULL if the file failed to parse, or if it contain zero keys.
Certificate*
@@ -265,28 +381,41 @@ load_keys(const char* filename, int* numKeys) {
++*numKeys;
out = (Certificate*)realloc(out, *numKeys * sizeof(Certificate));
Certificate* cert = out + (*numKeys - 1);
- cert->public_key = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
+ memset(cert, '\0', sizeof(Certificate));
char start_char;
if (fscanf(f, " %c", &start_char) != 1) goto exit;
if (start_char == '{') {
// a version 1 key has no version specifier.
- cert->public_key->exponent = 3;
+ cert->key_type = Certificate::RSA;
+ cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
+ cert->rsa->exponent = 3;
cert->hash_len = SHA_DIGEST_SIZE;
} else if (start_char == 'v') {
int version;
if (fscanf(f, "%d {", &version) != 1) goto exit;
switch (version) {
case 2:
- cert->public_key->exponent = 65537;
+ cert->key_type = Certificate::RSA;
+ cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
+ cert->rsa->exponent = 65537;
cert->hash_len = SHA_DIGEST_SIZE;
break;
case 3:
- cert->public_key->exponent = 3;
+ cert->key_type = Certificate::RSA;
+ cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
+ cert->rsa->exponent = 3;
cert->hash_len = SHA256_DIGEST_SIZE;
break;
case 4:
- cert->public_key->exponent = 65537;
+ cert->key_type = Certificate::RSA;
+ cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
+ cert->rsa->exponent = 65537;
+ cert->hash_len = SHA256_DIGEST_SIZE;
+ break;
+ case 5:
+ cert->key_type = Certificate::EC;
+ cert->ec = (ECPublicKey*)calloc(1, sizeof(ECPublicKey));
cert->hash_len = SHA256_DIGEST_SIZE;
break;
default:
@@ -294,23 +423,55 @@ load_keys(const char* filename, int* numKeys) {
}
}
- RSAPublicKey* key = cert->public_key;
- if (fscanf(f, " %i , 0x%x , { %u",
- &(key->len), &(key->n0inv), &(key->n[0])) != 3) {
- goto exit;
- }
- if (key->len != RSANUMWORDS) {
- LOGE("key length (%d) does not match expected size\n", key->len);
+ if (cert->key_type == Certificate::RSA) {
+ RSAPublicKey* key = cert->rsa;
+ if (fscanf(f, " %i , 0x%x , { %u",
+ &(key->len), &(key->n0inv), &(key->n[0])) != 3) {
+ goto exit;
+ }
+ if (key->len != RSANUMWORDS) {
+ LOGE("key length (%d) does not match expected size\n", key->len);
+ goto exit;
+ }
+ for (i = 1; i < key->len; ++i) {
+ if (fscanf(f, " , %u", &(key->n[i])) != 1) goto exit;
+ }
+ if (fscanf(f, " } , { %u", &(key->rr[0])) != 1) goto exit;
+ for (i = 1; i < key->len; ++i) {
+ if (fscanf(f, " , %u", &(key->rr[i])) != 1) goto exit;
+ }
+ fscanf(f, " } } ");
+
+ LOGI("read key e=%d hash=%d\n", key->exponent, cert->hash_len);
+ } else if (cert->key_type == Certificate::EC) {
+ ECPublicKey* key = cert->ec;
+ int key_len;
+ unsigned int byte;
+ uint8_t x_bytes[P256_NBYTES];
+ uint8_t y_bytes[P256_NBYTES];
+ if (fscanf(f, " %i , { %u", &key_len, &byte) != 2) goto exit;
+ if (key_len != P256_NBYTES) {
+ LOGE("Key length (%d) does not match expected size %d\n", key_len, P256_NBYTES);
+ goto exit;
+ }
+ x_bytes[P256_NBYTES - 1] = byte;
+ for (i = P256_NBYTES - 2; i >= 0; --i) {
+ if (fscanf(f, " , %u", &byte) != 1) goto exit;
+ x_bytes[i] = byte;
+ }
+ if (fscanf(f, " } , { %u", &byte) != 1) goto exit;
+ y_bytes[P256_NBYTES - 1] = byte;
+ for (i = P256_NBYTES - 2; i >= 0; --i) {
+ if (fscanf(f, " , %u", &byte) != 1) goto exit;
+ y_bytes[i] = byte;
+ }
+ fscanf(f, " } } ");
+ p256_from_bin(x_bytes, &key->x);
+ p256_from_bin(y_bytes, &key->y);
+ } else {
+ LOGE("Unknown key type %d\n", cert->key_type);
goto exit;
}
- for (i = 1; i < key->len; ++i) {
- if (fscanf(f, " , %u", &(key->n[i])) != 1) goto exit;
- }
- if (fscanf(f, " } , { %u", &(key->rr[0])) != 1) goto exit;
- for (i = 1; i < key->len; ++i) {
- if (fscanf(f, " , %u", &(key->rr[i])) != 1) goto exit;
- }
- fscanf(f, " } } ");
// if the line ends in a comma, this file has more keys.
switch (fgetc(f)) {
@@ -326,8 +487,6 @@ load_keys(const char* filename, int* numKeys) {
LOGE("unexpected character between keys\n");
goto exit;
}
-
- LOGI("read key e=%d hash=%d\n", key->exponent, cert->hash_len);
}
}
diff --git a/verifier.h b/verifier.h
index 6ce1b44d1..023d3bf89 100644
--- a/verifier.h
+++ b/verifier.h
@@ -17,11 +17,24 @@
#ifndef _RECOVERY_VERIFIER_H
#define _RECOVERY_VERIFIER_H
+#include "mincrypt/p256.h"
#include "mincrypt/rsa.h"
-typedef struct Certificate {
+typedef struct {
+ p256_int x;
+ p256_int y;
+} ECPublicKey;
+
+typedef struct {
+ typedef enum {
+ RSA,
+ EC,
+ } KeyType;
+
int hash_len; // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256)
- RSAPublicKey* public_key;
+ KeyType key_type;
+ RSAPublicKey* rsa;
+ ECPublicKey* ec;
} Certificate;
/* Look in the file for a signature footer, and verify that it
diff --git a/verifier_test.cpp b/verifier_test.cpp
index 1063cbae5..88fcad4ea 100644
--- a/verifier_test.cpp
+++ b/verifier_test.cpp
@@ -100,6 +100,18 @@ RSAPublicKey test_f4_key =
65537
};
+ECPublicKey test_ec_key =
+ {
+ {
+ {0xd656fa24u, 0x931416cau, 0x1c0278c6u, 0x174ebe4cu,
+ 0x6018236au, 0x45ba1656u, 0xe8c05d84u, 0x670ed500u}
+ },
+ {
+ {0x0d179adeu, 0x4c16827du, 0x9f8cb992u, 0x8f69ff8au,
+ 0x481b1020u, 0x798d91afu, 0x184db8e9u, 0xb5848dd9u}
+ }
+ };
+
RecoveryUI* ui = NULL;
// verifier expects to find a UI object; we provide one that does
@@ -136,34 +148,86 @@ ui_print(const char* format, ...) {
va_end(ap);
}
+static Certificate* add_certificate(Certificate** certsp, int* num_keys,
+ Certificate::KeyType key_type) {
+ int i = *num_keys;
+ *num_keys = *num_keys + 1;
+ *certsp = (Certificate*) realloc(*certsp, *num_keys * sizeof(Certificate));
+ Certificate* certs = *certsp;
+ certs[i].rsa = NULL;
+ certs[i].ec = NULL;
+ certs[i].key_type = key_type;
+ certs[i].hash_len = SHA_DIGEST_SIZE;
+ return &certs[i];
+}
+
int main(int argc, char **argv) {
- if (argc < 2 || argc > 4) {
- fprintf(stderr, "Usage: %s [-sha256] [-f4 | -file <keys>] <package>\n", argv[0]);
+ if (argc < 2) {
+ fprintf(stderr, "Usage: %s [-sha256] [-ec | -f4 | -file <keys>] <package>\n", argv[0]);
return 2;
}
+ Certificate* certs = NULL;
+ int num_keys = 0;
- Certificate default_cert;
- Certificate* cert = &default_cert;
- cert->public_key = &test_key;
- cert->hash_len = SHA_DIGEST_SIZE;
- int num_keys = 1;
- ++argv;
- if (strcmp(argv[0], "-sha256") == 0) {
- ++argv;
- cert->hash_len = SHA256_DIGEST_SIZE;
+ int argn = 1;
+ while (argn < argc) {
+ if (strcmp(argv[argn], "-sha256") == 0) {
+ if (num_keys == 0) {
+ fprintf(stderr, "May only specify -sha256 after key type\n");
+ return 2;
+ }
+ ++argn;
+ Certificate* cert = &certs[num_keys - 1];
+ cert->hash_len = SHA256_DIGEST_SIZE;
+ } else if (strcmp(argv[argn], "-ec") == 0) {
+ ++argn;
+ Certificate* cert = add_certificate(&certs, &num_keys, Certificate::EC);
+ cert->ec = &test_ec_key;
+ } else if (strcmp(argv[argn], "-e3") == 0) {
+ ++argn;
+ Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA);
+ cert->rsa = &test_key;
+ } else if (strcmp(argv[argn], "-f4") == 0) {
+ ++argn;
+ Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA);
+ cert->rsa = &test_f4_key;
+ } else if (strcmp(argv[argn], "-file") == 0) {
+ if (certs != NULL) {
+ fprintf(stderr, "Cannot specify -file with other certs specified\n");
+ return 2;
+ }
+ ++argn;
+ certs = load_keys(argv[argn], &num_keys);
+ ++argn;
+ } else if (argv[argn][0] == '-') {
+ fprintf(stderr, "Unknown argument %s\n", argv[argn]);
+ return 2;
+ } else {
+ break;
+ }
}
- if (strcmp(argv[0], "-f4") == 0) {
- ++argv;
- cert->public_key = &test_f4_key;
- } else if (strcmp(argv[0], "-file") == 0) {
- ++argv;
- cert = load_keys(argv[0], &num_keys);
- ++argv;
+
+ if (argn == argc) {
+ fprintf(stderr, "Must specify package to verify\n");
+ return 2;
+ }
+
+ if (num_keys == 0) {
+ certs = (Certificate*) calloc(1, sizeof(Certificate));
+ if (certs == NULL) {
+ fprintf(stderr, "Failure allocating memory for default certificate\n");
+ return 1;
+ }
+ certs->key_type = Certificate::RSA;
+ certs->rsa = &test_key;
+ certs->ec = NULL;
+ certs->hash_len = SHA_DIGEST_SIZE;
+ num_keys = 1;
}
ui = new FakeUI();
- int result = verify_file(*argv, cert, num_keys);
+ int result = verify_file(argv[argn], certs, num_keys);
if (result == VERIFY_SUCCESS) {
printf("VERIFIED\n");
return 0;
diff --git a/verifier_test.sh b/verifier_test.sh
index 65f77f401..4761cef4a 100755
--- a/verifier_test.sh
+++ b/verifier_test.sh
@@ -81,20 +81,30 @@ expect_fail unsigned.zip
expect_fail jarsigned.zip
# success cases
-expect_succeed otasigned.zip
+expect_succeed otasigned.zip -e3
expect_succeed otasigned_f4.zip -f4
-expect_succeed otasigned_sha256.zip -sha256
-expect_succeed otasigned_f4_sha256.zip -sha256 -f4
+expect_succeed otasigned_sha256.zip -e3 -sha256
+expect_succeed otasigned_f4_sha256.zip -f4 -sha256
+expect_succeed otasigned_ecdsa_sha256.zip -ec -sha256
+
+# success with multiple keys
+expect_succeed otasigned.zip -f4 -e3
+expect_succeed otasigned_f4.zip -ec -f4
+expect_succeed otasigned_sha256.zip -ec -e3 -e3 -sha256
+expect_succeed otasigned_f4_sha256.zip -ec -sha256 -e3 -f4 -sha256
+expect_succeed otasigned_ecdsa_sha256.zip -f4 -sha256 -e3 -ec -sha256
# verified against different key
expect_fail otasigned.zip -f4
-expect_fail otasigned_f4.zip
+expect_fail otasigned_f4.zip -e3
+expect_fail otasigned_ecdsa_sha256.zip -e3 -sha256
# verified against right key but wrong hash algorithm
-expect_fail otasigned.zip -sha256
-expect_fail otasigned_f4.zip -sha256 -f4
+expect_fail otasigned.zip -e3 -sha256
+expect_fail otasigned_f4.zip -f4 -sha256
expect_fail otasigned_sha256.zip
expect_fail otasigned_f4_sha256.zip -f4
+expect_fail otasigned_ecdsa_sha256.zip
# various other cases
expect_fail random.zip