diff options
| -rw-r--r-- | install.cpp | 13 | ||||
| -rw-r--r-- | uncrypt/uncrypt.cpp | 292 | ||||
| -rw-r--r-- | uncrypt/uncrypt.rc | 10 | ||||
| -rw-r--r-- | verifier.cpp | 265 | ||||
| -rw-r--r-- | verifier.h | 23 | ||||
| -rw-r--r-- | verifier_test.cpp | 60 |
6 files changed, 366 insertions, 297 deletions
diff --git a/install.cpp b/install.cpp index 7d88ed72a..c0d007709 100644 --- a/install.cpp +++ b/install.cpp @@ -23,6 +23,8 @@ #include <sys/wait.h> #include <unistd.h> +#include <vector> + #include "common.h" #include "install.h" #include "mincrypt/rsa.h" @@ -221,19 +223,16 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount) return INSTALL_CORRUPT; } - int numKeys; - Certificate* loadedKeys = load_keys(PUBLIC_KEYS_FILE, &numKeys); - if (loadedKeys == NULL) { + std::vector<Certificate> loadedKeys; + if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) { LOGE("Failed to load keys\n"); return INSTALL_CORRUPT; } - LOGI("%d key(s) loaded from %s\n", numKeys, PUBLIC_KEYS_FILE); + LOGI("%zu key(s) loaded from %s\n", loadedKeys.size(), PUBLIC_KEYS_FILE); ui->Print("Verifying update package...\n"); - int err; - err = verify_file(map.addr, map.length, loadedKeys, numKeys); - free(loadedKeys); + int err = verify_file(map.addr, map.length, loadedKeys); LOGI("verify_file returned %d\n", err); if (err != VERIFY_SUCCESS) { LOGE("signature verification failed\n"); diff --git a/uncrypt/uncrypt.cpp b/uncrypt/uncrypt.cpp index 098a7a979..705744eb6 100644 --- a/uncrypt/uncrypt.cpp +++ b/uncrypt/uncrypt.cpp @@ -58,6 +58,7 @@ #include <vector> #include <android-base/file.h> +#include <android-base/logging.h> #include <android-base/stringprintf.h> #include <android-base/strings.h> #include <cutils/android_reboot.h> @@ -67,23 +68,25 @@ #define LOG_TAG "uncrypt" #include <log/log.h> +#include "bootloader.h" #include "unique_fd.h" #define WINDOW_SIZE 5 -static const std::string cache_block_map = "/cache/recovery/block.map"; -static const std::string status_file = "/cache/recovery/uncrypt_status"; -static const std::string uncrypt_file = "/cache/recovery/uncrypt_file"; +static const std::string CACHE_BLOCK_MAP = "/cache/recovery/block.map"; +static const std::string COMMAND_FILE = "/cache/recovery/command"; +static const std::string STATUS_FILE = "/cache/recovery/uncrypt_status"; +static const std::string UNCRYPT_PATH_FILE = "/cache/recovery/uncrypt_file"; static struct fstab* fstab = NULL; static int write_at_offset(unsigned char* buffer, size_t size, int wfd, off64_t offset) { if (TEMP_FAILURE_RETRY(lseek64(wfd, offset, SEEK_SET)) == -1) { - ALOGE("error seeking to offset %" PRId64 ": %s\n", offset, strerror(errno)); + ALOGE("error seeking to offset %" PRId64 ": %s", offset, strerror(errno)); return -1; } if (!android::base::WriteFully(wfd, buffer, size)) { - ALOGE("error writing offset %" PRId64 ": %s\n", offset, strerror(errno)); + ALOGE("error writing offset %" PRId64 ": %s", offset, strerror(errno)); return -1; } return 0; @@ -107,13 +110,13 @@ static struct fstab* read_fstab() { // The fstab path is always "/fstab.${ro.hardware}". char fstab_path[PATH_MAX+1] = "/fstab."; if (!property_get("ro.hardware", fstab_path+strlen(fstab_path), "")) { - ALOGE("failed to get ro.hardware\n"); + ALOGE("failed to get ro.hardware"); return NULL; } fstab = fs_mgr_read_fstab(fstab_path); if (!fstab) { - ALOGE("failed to read %s\n", fstab_path); + ALOGE("failed to read %s", fstab_path); return NULL; } @@ -150,16 +153,16 @@ static const char* find_block_device(const char* path, bool* encryptable, bool* } // Parse uncrypt_file to find the update package name. -static bool find_uncrypt_package(std::string& package_name) -{ - if (!android::base::ReadFileToString(uncrypt_file, &package_name)) { - ALOGE("failed to open \"%s\": %s\n", uncrypt_file.c_str(), strerror(errno)); +static bool find_uncrypt_package(const std::string& uncrypt_path_file, std::string* package_name) { + CHECK(package_name != nullptr); + std::string uncrypt_path; + if (!android::base::ReadFileToString(uncrypt_path_file, &uncrypt_path)) { + ALOGE("failed to open \"%s\": %s", uncrypt_path_file.c_str(), strerror(errno)); return false; } // Remove the trailing '\n' if present. - package_name = android::base::Trim(package_name); - + *package_name = android::base::Trim(uncrypt_path); return true; } @@ -167,7 +170,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* bool encrypted, int status_fd) { std::string err; if (!android::base::RemoveFileIfExists(map_file, &err)) { - ALOGE("failed to remove the existing map file %s: %s\n", map_file, err.c_str()); + ALOGE("failed to remove the existing map file %s: %s", map_file, err.c_str()); return -1; } std::string tmp_map_file = std::string(map_file) + ".tmp"; @@ -179,27 +182,27 @@ static int produce_block_map(const char* path, const char* map_file, const char* // Make sure we can write to the status_file. if (!android::base::WriteStringToFd("0\n", status_fd)) { - ALOGE("failed to update \"%s\"\n", status_file.c_str()); + ALOGE("failed to update \"%s\"\n", STATUS_FILE.c_str()); return -1; } struct stat sb; if (stat(path, &sb) != 0) { - ALOGE("failed to stat %s\n", path); + ALOGE("failed to stat %s", path); return -1; } - ALOGI(" block size: %ld bytes\n", static_cast<long>(sb.st_blksize)); + ALOGI(" block size: %ld bytes", static_cast<long>(sb.st_blksize)); int blocks = ((sb.st_size-1) / sb.st_blksize) + 1; - ALOGI(" file size: %" PRId64 " bytes, %d blocks\n", sb.st_size, blocks); + ALOGI(" file size: %" PRId64 " bytes, %d blocks", sb.st_size, blocks); std::vector<int> ranges; std::string s = android::base::StringPrintf("%s\n%" PRId64 " %ld\n", blk_dev, sb.st_size, static_cast<long>(sb.st_blksize)); if (!android::base::WriteStringToFd(s, mapfd.get())) { - ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno)); + ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno)); return -1; } @@ -212,7 +215,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* unique_fd fd(open(path, O_RDONLY)); if (!fd) { - ALOGE("failed to open %s for reading: %s\n", path, strerror(errno)); + ALOGE("failed to open %s for reading: %s", path, strerror(errno)); return -1; } @@ -220,7 +223,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* if (encrypted) { wfd = open(blk_dev, O_WRONLY); if (!wfd) { - ALOGE("failed to open fd for writing: %s\n", strerror(errno)); + ALOGE("failed to open fd for writing: %s", strerror(errno)); return -1; } } @@ -239,7 +242,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* // write out head buffer int block = head_block; if (ioctl(fd.get(), FIBMAP, &block) != 0) { - ALOGE("failed to find block %d\n", head_block); + ALOGE("failed to find block %d", head_block); return -1; } add_block_to_ranges(ranges, block); @@ -258,7 +261,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* size_t to_read = static_cast<size_t>( std::min(static_cast<off64_t>(sb.st_blksize), sb.st_size - pos)); if (!android::base::ReadFully(fd.get(), buffers[tail].data(), to_read)) { - ALOGE("failed to read: %s\n", strerror(errno)); + ALOGE("failed to read: %s", strerror(errno)); return -1; } pos += to_read; @@ -275,7 +278,7 @@ static int produce_block_map(const char* path, const char* map_file, const char* // write out head buffer int block = head_block; if (ioctl(fd.get(), FIBMAP, &block) != 0) { - ALOGE("failed to find block %d\n", head_block); + ALOGE("failed to find block %d", head_block); return -1; } add_block_to_ranges(ranges, block); @@ -291,41 +294,41 @@ static int produce_block_map(const char* path, const char* map_file, const char* if (!android::base::WriteStringToFd( android::base::StringPrintf("%zu\n", ranges.size() / 2), mapfd.get())) { - ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno)); + ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno)); return -1; } for (size_t i = 0; i < ranges.size(); i += 2) { if (!android::base::WriteStringToFd( android::base::StringPrintf("%d %d\n", ranges[i], ranges[i+1]), mapfd.get())) { - ALOGE("failed to write %s: %s\n", tmp_map_file.c_str(), strerror(errno)); + ALOGE("failed to write %s: %s", tmp_map_file.c_str(), strerror(errno)); return -1; } } if (fsync(mapfd.get()) == -1) { - ALOGE("failed to fsync \"%s\": %s\n", tmp_map_file.c_str(), strerror(errno)); + ALOGE("failed to fsync \"%s\": %s", tmp_map_file.c_str(), strerror(errno)); return -1; } if (close(mapfd.get() == -1)) { - ALOGE("failed to close %s: %s\n", tmp_map_file.c_str(), strerror(errno)); + ALOGE("failed to close %s: %s", tmp_map_file.c_str(), strerror(errno)); return -1; } mapfd = -1; if (encrypted) { if (fsync(wfd.get()) == -1) { - ALOGE("failed to fsync \"%s\": %s\n", blk_dev, strerror(errno)); + ALOGE("failed to fsync \"%s\": %s", blk_dev, strerror(errno)); return -1; } if (close(wfd.get()) == -1) { - ALOGE("failed to close %s: %s\n", blk_dev, strerror(errno)); + ALOGE("failed to close %s: %s", blk_dev, strerror(errno)); return -1; } wfd = -1; } if (rename(tmp_map_file.c_str(), map_file) == -1) { - ALOGE("failed to rename %s to %s: %s\n", tmp_map_file.c_str(), map_file, strerror(errno)); + ALOGE("failed to rename %s to %s: %s", tmp_map_file.c_str(), map_file, strerror(errno)); return -1; } // Sync dir to make rename() result written to disk. @@ -333,50 +336,74 @@ static int produce_block_map(const char* path, const char* map_file, const char* std::string dir_name = dirname(&file_name[0]); unique_fd dfd(open(dir_name.c_str(), O_RDONLY | O_DIRECTORY)); if (!dfd) { - ALOGE("failed to open dir %s: %s\n", dir_name.c_str(), strerror(errno)); + ALOGE("failed to open dir %s: %s", dir_name.c_str(), strerror(errno)); return -1; } if (fsync(dfd.get()) == -1) { - ALOGE("failed to fsync %s: %s\n", dir_name.c_str(), strerror(errno)); + ALOGE("failed to fsync %s: %s", dir_name.c_str(), strerror(errno)); return -1; } if (close(dfd.get() == -1)) { - ALOGE("failed to close %s: %s\n", dir_name.c_str(), strerror(errno)); + ALOGE("failed to close %s: %s", dir_name.c_str(), strerror(errno)); return -1; } dfd = -1; return 0; } -static void wipe_misc() { - ALOGI("removing old commands from misc"); +static std::string get_misc_blk_device() { + struct fstab* fstab = read_fstab(); + if (fstab == nullptr) { + return ""; + } for (int i = 0; i < fstab->num_entries; ++i) { - struct fstab_rec* v = &fstab->recs[i]; - if (!v->mount_point) continue; - if (strcmp(v->mount_point, "/misc") == 0) { - int fd = open(v->blk_device, O_WRONLY | O_SYNC); - unique_fd fd_holder(fd); - - uint8_t zeroes[1088]; // sizeof(bootloader_message) from recovery - memset(zeroes, 0, sizeof(zeroes)); - - size_t written = 0; - size_t size = sizeof(zeroes); - while (written < size) { - ssize_t w = TEMP_FAILURE_RETRY(write(fd, zeroes, size-written)); - if (w == -1) { - ALOGE("zero write failed: %s\n", strerror(errno)); - return; - } else { - written += w; - } - } - if (fsync(fd) == -1) { - ALOGE("failed to fsync \"%s\": %s\n", v->blk_device, strerror(errno)); - return; - } + fstab_rec* v = &fstab->recs[i]; + if (v->mount_point != nullptr && strcmp(v->mount_point, "/misc") == 0) { + return v->blk_device; } } + return ""; +} + +static int read_bootloader_message(bootloader_message* out) { + std::string misc_blk_device = get_misc_blk_device(); + if (misc_blk_device.empty()) { + ALOGE("failed to find /misc partition."); + return -1; + } + unique_fd fd(open(misc_blk_device.c_str(), O_RDONLY)); + if (!fd) { + ALOGE("failed to open %s: %s", misc_blk_device.c_str(), strerror(errno)); + return -1; + } + if (!android::base::ReadFully(fd.get(), out, sizeof(*out))) { + ALOGE("failed to read %s: %s", misc_blk_device.c_str(), strerror(errno)); + return -1; + } + return 0; +} + +static int write_bootloader_message(const bootloader_message* in) { + std::string misc_blk_device = get_misc_blk_device(); + if (misc_blk_device.empty()) { + ALOGE("failed to find /misc partition."); + return -1; + } + unique_fd fd(open(misc_blk_device.c_str(), O_WRONLY | O_SYNC)); + if (!fd) { + ALOGE("failed to open %s: %s", misc_blk_device.c_str(), strerror(errno)); + return -1; + } + if (!android::base::WriteFully(fd.get(), in, sizeof(*in))) { + ALOGE("failed to write %s: %s", misc_blk_device.c_str(), strerror(errno)); + return -1; + } + // TODO: O_SYNC and fsync() duplicates each other? + if (fsync(fd.get()) == -1) { + ALOGE("failed to fsync %s: %s", misc_blk_device.c_str(), strerror(errno)); + return -1; + } + return 0; } static void reboot_to_recovery() { @@ -388,7 +415,7 @@ static void reboot_to_recovery() { ALOGE("reboot didn't succeed?"); } -int uncrypt(const char* input_path, const char* map_file, int status_fd) { +static int uncrypt(const char* input_path, const char* map_file, int status_fd) { ALOGI("update package is \"%s\"", input_path); @@ -415,8 +442,8 @@ int uncrypt(const char* input_path, const char* map_file, int status_fd) { // If the filesystem it's on isn't encrypted, we only produce the // block map, we don't rewrite the file contents (it would be // pointless to do so). - ALOGI("encryptable: %s\n", encryptable ? "yes" : "no"); - ALOGI(" encrypted: %s\n", encrypted ? "yes" : "no"); + ALOGI("encryptable: %s", encryptable ? "yes" : "no"); + ALOGI(" encrypted: %s", encrypted ? "yes" : "no"); // Recovery supports installing packages from 3 paths: /cache, // /data, and /sdcard. (On a particular device, other locations @@ -435,56 +462,113 @@ int uncrypt(const char* input_path, const char* map_file, int status_fd) { return 0; } -int main(int argc, char** argv) { - - if (argc != 3 && argc != 1 && (argc == 2 && strcmp(argv[1], "--reboot") != 0)) { - fprintf(stderr, "usage: %s [--reboot] [<transform_path> <map_file>]\n", argv[0]); - return 2; +static int uncrypt_wrapper(const char* input_path, const char* map_file, + const std::string& status_file) { + // The pipe has been created by the system server. + unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR)); + if (!status_fd) { + ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno)); + return 1; } - // When uncrypt is started with "--reboot", it wipes misc and reboots. - // Otherwise it uncrypts the package and writes the block map. - if (argc == 2) { - if (read_fstab() == NULL) { + std::string package; + if (input_path == nullptr) { + if (!find_uncrypt_package(UNCRYPT_PATH_FILE, &package)) { + android::base::WriteStringToFd("-1\n", status_fd.get()); return 1; } - wipe_misc(); - reboot_to_recovery(); - } else { - // The pipe has been created by the system server. - int status_fd = open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR); - if (status_fd == -1) { - ALOGE("failed to open pipe \"%s\": %s\n", status_file.c_str(), strerror(errno)); - return 1; - } - unique_fd status_fd_holder(status_fd); + input_path = package.c_str(); + } + CHECK(map_file != nullptr); + int status = uncrypt(input_path, map_file, status_fd.get()); + if (status != 0) { + android::base::WriteStringToFd("-1\n", status_fd.get()); + return 1; + } + android::base::WriteStringToFd("100\n", status_fd.get()); + return 0; +} - std::string package; - const char* input_path; - const char* map_file; +static int clear_bcb(const std::string& status_file) { + unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR)); + if (!status_fd) { + ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno)); + return 1; + } + bootloader_message boot = {}; + if (write_bootloader_message(&boot) != 0) { + android::base::WriteStringToFd("-1\n", status_fd.get()); + return 1; + } + android::base::WriteStringToFd("100\n", status_fd.get()); + return 0; +} + +static int setup_bcb(const std::string& command_file, const std::string& status_file) { + unique_fd status_fd(open(status_file.c_str(), O_WRONLY | O_CREAT | O_SYNC, S_IRUSR | S_IWUSR)); + if (!status_fd) { + ALOGE("failed to open pipe \"%s\": %s", status_file.c_str(), strerror(errno)); + return 1; + } + std::string content; + if (!android::base::ReadFileToString(command_file, &content)) { + ALOGE("failed to read \"%s\": %s", command_file.c_str(), strerror(errno)); + android::base::WriteStringToFd("-1\n", status_fd.get()); + return 1; + } + bootloader_message boot = {}; + strlcpy(boot.command, "boot-recovery", sizeof(boot.command)); + strlcpy(boot.recovery, "recovery\n", sizeof(boot.recovery)); + strlcat(boot.recovery, content.c_str(), sizeof(boot.recovery)); + if (write_bootloader_message(&boot) != 0) { + ALOGE("failed to set bootloader message"); + android::base::WriteStringToFd("-1\n", status_fd.get()); + return 1; + } + android::base::WriteStringToFd("100\n", status_fd.get()); + return 0; +} +static int read_bcb() { + bootloader_message boot; + if (read_bootloader_message(&boot) != 0) { + ALOGE("failed to get bootloader message"); + return 1; + } + printf("bcb command: %s\n", boot.command); + printf("bcb recovery:\n%s\n", boot.recovery); + return 0; +} + +static void usage(const char* exename) { + fprintf(stderr, "Usage of %s:\n", exename); + fprintf(stderr, "%s [<package_path> <map_file>] Uncrypt ota package.\n", exename); + fprintf(stderr, "%s --reboot Clear BCB data and reboot to recovery.\n", exename); + fprintf(stderr, "%s --clear-bcb Clear BCB data in misc partition.\n", exename); + fprintf(stderr, "%s --setup-bcb Setup BCB data by command file.\n", exename); + fprintf(stderr, "%s --read-bcb Read BCB data from misc partition.\n", exename); +} + +int main(int argc, char** argv) { + if (argc == 2) { + if (strcmp(argv[1], "--reboot") == 0) { + reboot_to_recovery(); + } else if (strcmp(argv[1], "--clear-bcb") == 0) { + return clear_bcb(STATUS_FILE); + } else if (strcmp(argv[1], "--setup-bcb") == 0) { + return setup_bcb(COMMAND_FILE, STATUS_FILE); + } else if (strcmp(argv[1], "--read-bcb") == 0) { + return read_bcb(); + } + } else if (argc == 1 || argc == 3) { + const char* input_path = nullptr; + const char* map_file = CACHE_BLOCK_MAP.c_str(); if (argc == 3) { - // when command-line args are given this binary is being used - // for debugging. input_path = argv[1]; map_file = argv[2]; - } else { - if (!find_uncrypt_package(package)) { - android::base::WriteStringToFd("-1\n", status_fd); - return 1; - } - input_path = package.c_str(); - map_file = cache_block_map.c_str(); } - - int status = uncrypt(input_path, map_file, status_fd); - if (status != 0) { - android::base::WriteStringToFd("-1\n", status_fd); - return 1; - } - - android::base::WriteStringToFd("100\n", status_fd); + return uncrypt_wrapper(input_path, map_file, STATUS_FILE); } - - return 0; + usage(argv[0]); + return 2; } diff --git a/uncrypt/uncrypt.rc b/uncrypt/uncrypt.rc index 5f4c47936..b07c1dada 100644 --- a/uncrypt/uncrypt.rc +++ b/uncrypt/uncrypt.rc @@ -7,3 +7,13 @@ service pre-recovery /system/bin/uncrypt --reboot class main disabled oneshot + +service setup-bcb /system/bin/uncrypt --setup-bcb + class main + disabled + oneshot + +service clear-bcb /system/bin/uncrypt --clear-bcb + class main + disabled + oneshot
\ No newline at end of file diff --git a/verifier.cpp b/verifier.cpp index 61e5adf0b..9a2d60c66 100644 --- a/verifier.cpp +++ b/verifier.cpp @@ -113,7 +113,7 @@ static bool read_pkcs7(uint8_t* pkcs7_der, size_t pkcs7_der_len, uint8_t** sig_d // or no key matches the signature). int verify_file(unsigned char* addr, size_t length, - const Certificate* pKeys, unsigned int numKeys) { + const std::vector<Certificate>& keys) { ui->SetProgress(0.0); // An archive with a whole-file signature will end in six bytes: @@ -176,8 +176,7 @@ int verify_file(unsigned char* addr, size_t length, return VERIFY_FAILURE; } - size_t i; - for (i = 4; i < eocd_size-3; ++i) { + for (size_t i = 4; i < eocd_size-3; ++i) { if (eocd[i ] == 0x50 && eocd[i+1] == 0x4b && eocd[i+2] == 0x05 && eocd[i+3] == 0x06) { // if the sequence $50 $4b $05 $06 appears anywhere after @@ -193,8 +192,8 @@ int verify_file(unsigned char* addr, size_t length, bool need_sha1 = false; bool need_sha256 = false; - for (i = 0; i < numKeys; ++i) { - switch (pKeys[i].hash_len) { + for (const auto& key : keys) { + switch (key.hash_len) { case SHA_DIGEST_SIZE: need_sha1 = true; break; case SHA256_DIGEST_SIZE: need_sha256 = true; break; } @@ -225,7 +224,7 @@ int verify_file(unsigned char* addr, size_t length, const uint8_t* sha1 = SHA_final(&sha1_ctx); const uint8_t* sha256 = SHA256_final(&sha256_ctx); - uint8_t* sig_der = NULL; + uint8_t* sig_der = nullptr; size_t sig_der_length = 0; size_t signature_size = signature_start - FOOTER_SIZE; @@ -240,9 +239,10 @@ int verify_file(unsigned char* addr, size_t length, * any key can match, we need to try each before determining a verification * failure has happened. */ - for (i = 0; i < numKeys; ++i) { + size_t i = 0; + for (const auto& key : keys) { const uint8_t* hash; - switch (pKeys[i].hash_len) { + switch (key.hash_len) { case SHA_DIGEST_SIZE: hash = sha1; break; case SHA256_DIGEST_SIZE: hash = sha256; break; default: continue; @@ -250,15 +250,15 @@ int verify_file(unsigned char* addr, size_t length, // The 6 bytes is the "(signature_start) $ff $ff (comment_size)" that // the signing tool appends after the signature itself. - if (pKeys[i].key_type == Certificate::RSA) { + if (key.key_type == Certificate::RSA) { if (sig_der_length < RSANUMBYTES) { // "signature" block isn't big enough to contain an RSA block. LOGI("signature is too short for RSA key %zu\n", i); continue; } - if (!RSA_verify(pKeys[i].rsa, sig_der, RSANUMBYTES, - hash, pKeys[i].hash_len)) { + if (!RSA_verify(key.rsa.get(), sig_der, RSANUMBYTES, + hash, key.hash_len)) { LOGI("failed to verify against RSA key %zu\n", i); continue; } @@ -266,8 +266,8 @@ int verify_file(unsigned char* addr, size_t length, LOGI("whole-file signature verified against RSA key %zu\n", i); free(sig_der); return VERIFY_SUCCESS; - } else if (pKeys[i].key_type == Certificate::EC - && pKeys[i].hash_len == SHA256_DIGEST_SIZE) { + } else if (key.key_type == Certificate::EC + && key.hash_len == SHA256_DIGEST_SIZE) { p256_int r, s; if (!dsa_sig_unpack(sig_der, sig_der_length, &r, &s)) { LOGI("Not a DSA signature block for EC key %zu\n", i); @@ -276,7 +276,7 @@ int verify_file(unsigned char* addr, size_t length, p256_int p256_hash; p256_from_bin(hash, &p256_hash); - if (!p256_ecdsa_verify(&(pKeys[i].ec->x), &(pKeys[i].ec->y), + if (!p256_ecdsa_verify(&(key.ec->x), &(key.ec->y), &p256_hash, &r, &s)) { LOGI("failed to verify against EC key %zu\n", i); continue; @@ -286,8 +286,9 @@ int verify_file(unsigned char* addr, size_t length, free(sig_der); return VERIFY_SUCCESS; } else { - LOGI("Unknown key type %d\n", pKeys[i].key_type); + LOGI("Unknown key type %d\n", key.key_type); } + i++; } free(sig_der); LOGE("failed to verify whole-file signature\n"); @@ -323,140 +324,122 @@ int verify_file(unsigned char* addr, size_t length, // 4: 2048-bit RSA key with e=65537 and SHA-256 hash // 5: 256-bit EC key using the NIST P-256 curve parameters and SHA-256 hash // -// Returns NULL if the file failed to parse, or if it contain zero keys. -Certificate* -load_keys(const char* filename, int* numKeys) { - Certificate* out = NULL; - *numKeys = 0; - - FILE* f = fopen(filename, "r"); - if (f == NULL) { +// Returns true on success, and appends the found keys (at least one) to certs. +// Otherwise returns false if the file failed to parse, or if it contains zero +// keys. The contents in certs would be unspecified on failure. +bool load_keys(const char* filename, std::vector<Certificate>& certs) { + std::unique_ptr<FILE, decltype(&fclose)> f(fopen(filename, "r"), fclose); + if (!f) { LOGE("opening %s: %s\n", filename, strerror(errno)); - goto exit; + return false; } - { - int i; - bool done = false; - while (!done) { - ++*numKeys; - out = (Certificate*)realloc(out, *numKeys * sizeof(Certificate)); - Certificate* cert = out + (*numKeys - 1); - memset(cert, '\0', sizeof(Certificate)); - - char start_char; - if (fscanf(f, " %c", &start_char) != 1) goto exit; - if (start_char == '{') { - // a version 1 key has no version specifier. - cert->key_type = Certificate::RSA; - cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey)); - cert->rsa->exponent = 3; - cert->hash_len = SHA_DIGEST_SIZE; - } else if (start_char == 'v') { - int version; - if (fscanf(f, "%d {", &version) != 1) goto exit; - switch (version) { - case 2: - cert->key_type = Certificate::RSA; - cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey)); - cert->rsa->exponent = 65537; - cert->hash_len = SHA_DIGEST_SIZE; - break; - case 3: - cert->key_type = Certificate::RSA; - cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey)); - cert->rsa->exponent = 3; - cert->hash_len = SHA256_DIGEST_SIZE; - break; - case 4: - cert->key_type = Certificate::RSA; - cert->rsa = (RSAPublicKey*)malloc(sizeof(RSAPublicKey)); - cert->rsa->exponent = 65537; - cert->hash_len = SHA256_DIGEST_SIZE; - break; - case 5: - cert->key_type = Certificate::EC; - cert->ec = (ECPublicKey*)calloc(1, sizeof(ECPublicKey)); - cert->hash_len = SHA256_DIGEST_SIZE; - break; - default: - goto exit; - } + while (true) { + certs.emplace_back(0, Certificate::RSA, nullptr, nullptr); + Certificate& cert = certs.back(); + + char start_char; + if (fscanf(f.get(), " %c", &start_char) != 1) return false; + if (start_char == '{') { + // a version 1 key has no version specifier. + cert.key_type = Certificate::RSA; + cert.rsa = std::unique_ptr<RSAPublicKey>(new RSAPublicKey); + cert.rsa->exponent = 3; + cert.hash_len = SHA_DIGEST_SIZE; + } else if (start_char == 'v') { + int version; + if (fscanf(f.get(), "%d {", &version) != 1) return false; + switch (version) { + case 2: + cert.key_type = Certificate::RSA; + cert.rsa = std::unique_ptr<RSAPublicKey>(new RSAPublicKey); + cert.rsa->exponent = 65537; + cert.hash_len = SHA_DIGEST_SIZE; + break; + case 3: + cert.key_type = Certificate::RSA; + cert.rsa = std::unique_ptr<RSAPublicKey>(new RSAPublicKey); + cert.rsa->exponent = 3; + cert.hash_len = SHA256_DIGEST_SIZE; + break; + case 4: + cert.key_type = Certificate::RSA; + cert.rsa = std::unique_ptr<RSAPublicKey>(new RSAPublicKey); + cert.rsa->exponent = 65537; + cert.hash_len = SHA256_DIGEST_SIZE; + break; + case 5: + cert.key_type = Certificate::EC; + cert.ec = std::unique_ptr<ECPublicKey>(new ECPublicKey); + cert.hash_len = SHA256_DIGEST_SIZE; + break; + default: + return false; } + } - if (cert->key_type == Certificate::RSA) { - RSAPublicKey* key = cert->rsa; - if (fscanf(f, " %i , 0x%x , { %u", - &(key->len), &(key->n0inv), &(key->n[0])) != 3) { - goto exit; - } - if (key->len != RSANUMWORDS) { - LOGE("key length (%d) does not match expected size\n", key->len); - goto exit; - } - for (i = 1; i < key->len; ++i) { - if (fscanf(f, " , %u", &(key->n[i])) != 1) goto exit; - } - if (fscanf(f, " } , { %u", &(key->rr[0])) != 1) goto exit; - for (i = 1; i < key->len; ++i) { - if (fscanf(f, " , %u", &(key->rr[i])) != 1) goto exit; - } - fscanf(f, " } } "); - - LOGI("read key e=%d hash=%d\n", key->exponent, cert->hash_len); - } else if (cert->key_type == Certificate::EC) { - ECPublicKey* key = cert->ec; - int key_len; - unsigned int byte; - uint8_t x_bytes[P256_NBYTES]; - uint8_t y_bytes[P256_NBYTES]; - if (fscanf(f, " %i , { %u", &key_len, &byte) != 2) goto exit; - if (key_len != P256_NBYTES) { - LOGE("Key length (%d) does not match expected size %d\n", key_len, P256_NBYTES); - goto exit; - } - x_bytes[P256_NBYTES - 1] = byte; - for (i = P256_NBYTES - 2; i >= 0; --i) { - if (fscanf(f, " , %u", &byte) != 1) goto exit; - x_bytes[i] = byte; - } - if (fscanf(f, " } , { %u", &byte) != 1) goto exit; - y_bytes[P256_NBYTES - 1] = byte; - for (i = P256_NBYTES - 2; i >= 0; --i) { - if (fscanf(f, " , %u", &byte) != 1) goto exit; - y_bytes[i] = byte; - } - fscanf(f, " } } "); - p256_from_bin(x_bytes, &key->x); - p256_from_bin(y_bytes, &key->y); - } else { - LOGE("Unknown key type %d\n", cert->key_type); - goto exit; + if (cert.key_type == Certificate::RSA) { + RSAPublicKey* key = cert.rsa.get(); + if (fscanf(f.get(), " %i , 0x%x , { %u", &(key->len), &(key->n0inv), + &(key->n[0])) != 3) { + return false; } - - // if the line ends in a comma, this file has more keys. - switch (fgetc(f)) { - case ',': - // more keys to come. - break; - - case EOF: - done = true; - break; - - default: - LOGE("unexpected character between keys\n"); - goto exit; + if (key->len != RSANUMWORDS) { + LOGE("key length (%d) does not match expected size\n", key->len); + return false; + } + for (int i = 1; i < key->len; ++i) { + if (fscanf(f.get(), " , %u", &(key->n[i])) != 1) return false; + } + if (fscanf(f.get(), " } , { %u", &(key->rr[0])) != 1) return false; + for (int i = 1; i < key->len; ++i) { + if (fscanf(f.get(), " , %u", &(key->rr[i])) != 1) return false; + } + fscanf(f.get(), " } } "); + + LOGI("read key e=%d hash=%d\n", key->exponent, cert.hash_len); + } else if (cert.key_type == Certificate::EC) { + ECPublicKey* key = cert.ec.get(); + int key_len; + unsigned int byte; + uint8_t x_bytes[P256_NBYTES]; + uint8_t y_bytes[P256_NBYTES]; + if (fscanf(f.get(), " %i , { %u", &key_len, &byte) != 2) return false; + if (key_len != P256_NBYTES) { + LOGE("Key length (%d) does not match expected size %d\n", key_len, P256_NBYTES); + return false; + } + x_bytes[P256_NBYTES - 1] = byte; + for (int i = P256_NBYTES - 2; i >= 0; --i) { + if (fscanf(f.get(), " , %u", &byte) != 1) return false; + x_bytes[i] = byte; + } + if (fscanf(f.get(), " } , { %u", &byte) != 1) return false; + y_bytes[P256_NBYTES - 1] = byte; + for (int i = P256_NBYTES - 2; i >= 0; --i) { + if (fscanf(f.get(), " , %u", &byte) != 1) return false; + y_bytes[i] = byte; } + fscanf(f.get(), " } } "); + p256_from_bin(x_bytes, &key->x); + p256_from_bin(y_bytes, &key->y); + } else { + LOGE("Unknown key type %d\n", cert.key_type); + return false; } - } - fclose(f); - return out; + // if the line ends in a comma, this file has more keys. + int ch = fgetc(f.get()); + if (ch == ',') { + // more keys to come. + continue; + } else if (ch == EOF) { + break; + } else { + LOGE("unexpected character between keys\n"); + return false; + } + } -exit: - if (f) fclose(f); - free(out); - *numKeys = 0; - return NULL; + return true; } diff --git a/verifier.h b/verifier.h index 15f8d98e4..4eafc7565 100644 --- a/verifier.h +++ b/verifier.h @@ -17,6 +17,9 @@ #ifndef _RECOVERY_VERIFIER_H #define _RECOVERY_VERIFIER_H +#include <memory> +#include <vector> + #include "mincrypt/p256.h" #include "mincrypt/rsa.h" @@ -25,17 +28,25 @@ typedef struct { p256_int y; } ECPublicKey; -typedef struct { +struct Certificate { typedef enum { RSA, EC, } KeyType; + Certificate(int hash_len_, KeyType key_type_, + std::unique_ptr<RSAPublicKey>&& rsa_, + std::unique_ptr<ECPublicKey>&& ec_) : + hash_len(hash_len_), + key_type(key_type_), + rsa(std::move(rsa_)), + ec(std::move(ec_)) { } + int hash_len; // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256) KeyType key_type; - RSAPublicKey* rsa; - ECPublicKey* ec; -} Certificate; + std::unique_ptr<RSAPublicKey> rsa; + std::unique_ptr<ECPublicKey> ec; +}; /* addr and length define a an update package file that has been * loaded (or mmap'ed, or whatever) into memory. Verify that the file @@ -43,9 +54,9 @@ typedef struct { * one of the constants below. */ int verify_file(unsigned char* addr, size_t length, - const Certificate *pKeys, unsigned int numKeys); + const std::vector<Certificate>& keys); -Certificate* load_keys(const char* filename, int* numKeys); +bool load_keys(const char* filename, std::vector<Certificate>& certs); #define VERIFY_SUCCESS 0 #define VERIFY_FAILURE 1 diff --git a/verifier_test.cpp b/verifier_test.cpp index 21633dc20..2367e0052 100644 --- a/verifier_test.cpp +++ b/verifier_test.cpp @@ -23,6 +23,9 @@ #include <sys/types.h> #include <sys/stat.h> +#include <memory> +#include <vector> + #include "common.h" #include "verifier.h" #include "ui.h" @@ -163,56 +166,43 @@ ui_print(const char* format, ...) { va_end(ap); } -static Certificate* add_certificate(Certificate** certsp, int* num_keys, - Certificate::KeyType key_type) { - int i = *num_keys; - *num_keys = *num_keys + 1; - *certsp = (Certificate*) realloc(*certsp, *num_keys * sizeof(Certificate)); - Certificate* certs = *certsp; - certs[i].rsa = NULL; - certs[i].ec = NULL; - certs[i].key_type = key_type; - certs[i].hash_len = SHA_DIGEST_SIZE; - return &certs[i]; -} - -int main(int argc, char **argv) { +int main(int argc, char** argv) { if (argc < 2) { fprintf(stderr, "Usage: %s [-sha256] [-ec | -f4 | -file <keys>] <package>\n", argv[0]); return 2; } - Certificate* certs = NULL; - int num_keys = 0; + std::vector<Certificate> certs; int argn = 1; while (argn < argc) { if (strcmp(argv[argn], "-sha256") == 0) { - if (num_keys == 0) { + if (certs.empty()) { fprintf(stderr, "May only specify -sha256 after key type\n"); return 2; } ++argn; - Certificate* cert = &certs[num_keys - 1]; - cert->hash_len = SHA256_DIGEST_SIZE; + certs.back().hash_len = SHA256_DIGEST_SIZE; } else if (strcmp(argv[argn], "-ec") == 0) { ++argn; - Certificate* cert = add_certificate(&certs, &num_keys, Certificate::EC); - cert->ec = &test_ec_key; + certs.emplace_back(SHA_DIGEST_SIZE, Certificate::EC, + nullptr, std::unique_ptr<ECPublicKey>(new ECPublicKey(test_ec_key))); } else if (strcmp(argv[argn], "-e3") == 0) { ++argn; - Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA); - cert->rsa = &test_key; + certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA, + std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_key)), nullptr); } else if (strcmp(argv[argn], "-f4") == 0) { ++argn; - Certificate* cert = add_certificate(&certs, &num_keys, Certificate::RSA); - cert->rsa = &test_f4_key; + certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA, + std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_f4_key)), nullptr); } else if (strcmp(argv[argn], "-file") == 0) { - if (certs != NULL) { + if (!certs.empty()) { fprintf(stderr, "Cannot specify -file with other certs specified\n"); return 2; } ++argn; - certs = load_keys(argv[argn], &num_keys); + if (!load_keys(argv[argn], certs)) { + fprintf(stderr, "Cannot load keys from %s\n", argv[argn]); + } ++argn; } else if (argv[argn][0] == '-') { fprintf(stderr, "Unknown argument %s\n", argv[argn]); @@ -227,17 +217,9 @@ int main(int argc, char **argv) { return 2; } - if (num_keys == 0) { - certs = (Certificate*) calloc(1, sizeof(Certificate)); - if (certs == NULL) { - fprintf(stderr, "Failure allocating memory for default certificate\n"); - return 1; - } - certs->key_type = Certificate::RSA; - certs->rsa = &test_key; - certs->ec = NULL; - certs->hash_len = SHA_DIGEST_SIZE; - num_keys = 1; + if (certs.empty()) { + certs.emplace_back(SHA_DIGEST_SIZE, Certificate::RSA, + std::unique_ptr<RSAPublicKey>(new RSAPublicKey(test_key)), nullptr); } ui = new FakeUI(); @@ -248,7 +230,7 @@ int main(int argc, char **argv) { return 4; } - int result = verify_file(map.addr, map.length, certs, num_keys); + int result = verify_file(map.addr, map.length, certs); if (result == VERIFY_SUCCESS) { printf("VERIFIED\n"); return 0; |