diff options
30 files changed, 525 insertions, 50 deletions
diff --git a/Android.mk b/Android.mk index deec80ae4..e89b2258c 100644 --- a/Android.mk +++ b/Android.mk @@ -7,13 +7,14 @@ include $(CLEAR_VARS) commands_recovery_local_path := $(LOCAL_PATH) LOCAL_SRC_FILES := \ - recovery.c \ - bootloader.c \ - firmware.c \ - install.c \ - roots.c \ - ui.c \ - verifier.c + recovery.c \ + bootloader.c \ + firmware.c \ + install.c \ + roots.c \ + ui.c \ + verifier.c \ + efs_migration.c LOCAL_SRC_FILES += test_roots.c @@ -43,6 +44,22 @@ LOCAL_STATIC_LIBRARIES += libstdc++ libc include $(BUILD_EXECUTABLE) + +include $(CLEAR_VARS) + +LOCAL_SRC_FILES := verifier_test.c verifier.c + +LOCAL_MODULE := verifier_test + +LOCAL_FORCE_STATIC_EXECUTABLE := true + +LOCAL_MODULE_TAGS := tests + +LOCAL_STATIC_LIBRARIES := libmincrypt libcutils libstdc++ libc + +include $(BUILD_EXECUTABLE) + + include $(commands_recovery_local_path)/minui/Android.mk include $(commands_recovery_local_path)/minzip/Android.mk include $(commands_recovery_local_path)/mtdutils/Android.mk @@ -52,5 +69,5 @@ include $(commands_recovery_local_path)/updater/Android.mk commands_recovery_local_path := endif # TARGET_ARCH == arm -endif # !TARGET_SIMULATOR +endif # !TARGET_SIMULATOR diff --git a/efs_migration.c b/efs_migration.c new file mode 100644 index 000000000..aeadd1865 --- /dev/null +++ b/efs_migration.c @@ -0,0 +1,183 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <sys/mount.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <unistd.h> + +#include "efs_migration.h" +#include "cutils/misc.h" +#include "cutils/properties.h" +#include "common.h" +#include "mtdutils/mtdutils.h" +#include "mtdutils/mounts.h" +#include "roots.h" + +const char* efs_enabled_property = "persist.security.efs.enabled"; +const char* efs_transition_property = "persist.security.efs.trans"; +const char* efs_property_dir = "/data/property/"; + +void get_property_file_name(char *buffer, const char *property_name) { + sprintf(buffer, "%s%s", efs_property_dir, property_name); +} + +int get_text_file_contents(char *buffer, int buf_size, char *file_name) { + FILE *in_file; + char *read_data; + + in_file = fopen(file_name, "r"); + if (in_file == NULL) { + LOGE("Encrypted FS: error accessing properties."); + return EFS_ERROR; + } + + read_data = fgets(buffer, buf_size, in_file); + if (read_data == NULL) { + // Error or unexpected data + fclose(in_file); + LOGE("Encrypted FS: error accessing properties."); + return EFS_ERROR; + } + + fclose(in_file); + return EFS_OK; +} + +int set_text_file_contents(char *buffer, char *file_name) { + FILE *out_file; + int result; + + out_file = fopen(file_name, "w"); + if (out_file == NULL) { + LOGE("Encrypted FS: error setting up properties."); + return EFS_ERROR; + } + + result = fputs(buffer, out_file); + if (result != 0) { + // Error or unexpected data + fclose(out_file); + LOGE("Encrypted FS: error setting up properties."); + return EFS_ERROR; + } + + fflush(out_file); + fclose(out_file); + return EFS_OK; +} + + +int read_efs_boolean_property(const char *prop_name, int *value) { + char prop_file_name[PROPERTY_KEY_MAX + 32]; + char prop_value[PROPERTY_VALUE_MAX]; + int result; + + get_property_file_name(prop_file_name, prop_name); + result = get_text_file_contents(prop_value, PROPERTY_VALUE_MAX, prop_file_name); + + if (result < 0) { + return result; + } + + if (strncmp(prop_value, "1", 1) == 0) { + *value = 1; + } else if (strncmp(prop_value, "0", 1) == 0) { + *value = 0; + } else { + LOGE("Encrypted FS: error accessing properties."); + return EFS_ERROR; + } + + return EFS_OK; +} + +int write_efs_boolean_property(const char *prop_name, int value) { + char prop_file_name[PROPERTY_KEY_MAX + 32]; + char prop_value[PROPERTY_VALUE_MAX]; + int result; + + get_property_file_name(prop_file_name, prop_name); + + // Create the directory if needed + mkdir(efs_property_dir, 0755); + if (value == 1) { + result = set_text_file_contents("1", prop_file_name); + } else if (value == 0) { + result = set_text_file_contents("0", prop_file_name); + } else { + return EFS_ERROR; + } + if (result < 0) { + return result; + } + + return EFS_OK; +} + +int read_encrypted_fs_info(encrypted_fs_info *efs_data) { + int result; + int value; + result = ensure_root_path_mounted("DATA:"); + if (result != 0) { + LOGE("Encrypted FS: error mounting userdata partition."); + return EFS_ERROR; + } + + // STOPSHIP: Read the EFS key from a file (TBD later) + // Future code goes here... + + result = ensure_root_path_unmounted("DATA:"); + if (result != 0) { + LOGE("Encrypted FS: error unmounting data partition."); + return EFS_ERROR; + } + + return EFS_OK; +} + +int restore_encrypted_fs_info(encrypted_fs_info *efs_data) { + int result; + result = ensure_root_path_mounted("DATA:"); + if (result != 0) { + LOGE("Encrypted FS: error mounting userdata partition."); + return EFS_ERROR; + } + + // Set the EFS properties to their respective values + result = write_efs_boolean_property(efs_enabled_property, efs_data->encrypted_fs_mode); + if (result != 0) { + return result; + } + + // Signal "transition" of Encrypted File System settings + result = write_efs_boolean_property(efs_transition_property, 1); + if (result != 0) { + return result; + } + + result = ensure_root_path_unmounted("DATA:"); + if (result != 0) { + LOGE("Encrypted FS: error unmounting data partition."); + return EFS_ERROR; + } + + return EFS_OK; +} + diff --git a/efs_migration.h b/efs_migration.h new file mode 100644 index 000000000..7857f94fe --- /dev/null +++ b/efs_migration.h @@ -0,0 +1,40 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <stdio.h> + +#ifndef __EFS_MIGRATION_H__ +#define __EFS_MIGRATION_H__ + +#define MODE_ENCRYPTEDFS_DISABLED 0 +#define MODE_ENCRYPTEDFS_ENABLED 1 + +#define EFS_OK 0 +#define EFS_ERROR (-1) + +struct encrypted_fs_info { + int encrypted_fs_mode; + char *encrypted_fs_key; +}; + +typedef struct encrypted_fs_info encrypted_fs_info; + +int read_encrypted_fs_info(encrypted_fs_info *efs_data); + +int restore_encrypted_fs_info(encrypted_fs_info *efs_data); + +#endif /* __EFS_MIGRATION_H__ */ + diff --git a/minui/resources.c b/minui/resources.c index 7ecfeefce..3d2c727fb 100644 --- a/minui/resources.c +++ b/minui/resources.c @@ -97,9 +97,10 @@ int res_create_surface(const char* name, gr_surface* pSurface) { int color_type = info_ptr->color_type; int bit_depth = info_ptr->bit_depth; int channels = info_ptr->channels; - if (bit_depth != 8 || (channels != 3 && channels != 4) || - (color_type != PNG_COLOR_TYPE_RGB && - color_type != PNG_COLOR_TYPE_RGBA)) { + if (!(bit_depth == 8 && + ((channels == 3 && color_type == PNG_COLOR_TYPE_RGB) || + (channels == 4 && color_type == PNG_COLOR_TYPE_RGBA) || + (channels == 1 && color_type == PNG_COLOR_TYPE_PALETTE)))) { return -7; goto exit; } @@ -118,6 +119,10 @@ int res_create_surface(const char* name, gr_surface* pSurface) { surface->format = (channels == 3) ? GGL_PIXEL_FORMAT_RGBX_8888 : GGL_PIXEL_FORMAT_RGBA_8888; + if (color_type == PNG_COLOR_TYPE_PALETTE) { + png_set_palette_to_rgb(png_ptr); + } + int y; if (channels == 3) { for (y = 0; y < height; ++y) { diff --git a/recovery.c b/recovery.c index 438530710..58c84ef2f 100644 --- a/recovery.c +++ b/recovery.c @@ -37,12 +37,15 @@ #include "minzip/DirUtil.h" #include "roots.h" #include "recovery_ui.h" +#include "efs_migration.h" static const struct option OPTIONS[] = { { "send_intent", required_argument, NULL, 's' }, { "update_package", required_argument, NULL, 'u' }, { "wipe_data", no_argument, NULL, 'w' }, { "wipe_cache", no_argument, NULL, 'c' }, + // TODO{oam}: implement improved command line passing key, egnot to review. + { "set_encrypted_filesystem", required_argument, NULL, 'e' }, { NULL, 0, NULL, 0 }, }; @@ -63,6 +66,7 @@ static const char *TEMPORARY_LOG_FILE = "/tmp/recovery.log"; * --update_package=root:path - verify install an OTA package file * --wipe_data - erase user data (and cache), then reboot * --wipe_cache - wipe cache (but not user data), then reboot + * --set_encrypted_filesystem=on|off - enables / diasables encrypted fs * * After completing, we remove /cache/recovery/command and reboot. * Arguments may also be supplied in the bootloader control block (BCB). @@ -107,6 +111,26 @@ static const char *TEMPORARY_LOG_FILE = "/tmp/recovery.log"; * 8g. finish_recovery() erases BCB * -- after this, rebooting will (try to) restart the main system -- * 9. main() calls reboot() to boot main system + * + * ENCRYPTED FILE SYSTEMS ENABLE/DISABLE + * 1. user selects "enable encrypted file systems" + * 2. main system writes "--set_encrypted_filesystem=on|off" to + * /cache/recovery/command + * 3. main system reboots into recovery + * 4. get_args() writes BCB with "boot-recovery" and + * "--set_encrypted_filesystems=on|off" + * -- after this, rebooting will restart the transition -- + * 5. read_encrypted_fs_info() retrieves encrypted file systems settings from /data + * Settings include: property to specify the Encrypted FS istatus and + * FS encryption key if enabled (not yet implemented) + * 6. erase_root() reformats /data + * 7. erase_root() reformats /cache + * 8. restore_encrypted_fs_info() writes required encrypted file systems settings to /data + * Settings include: property to specify the Encrypted FS status and + * FS encryption key if enabled (not yet implemented) + * 9. finish_recovery() erases BCB + * -- after this, rebooting will restart the main system -- + * 10. main() calls reboot() to boot main system */ static const int MAX_ARG_LENGTH = 4096; @@ -209,8 +233,7 @@ get_args(int *argc, char ***argv) { } static void -set_sdcard_update_bootloader_message() -{ +set_sdcard_update_bootloader_message() { struct bootloader_message boot; memset(&boot, 0, sizeof(boot)); strlcpy(boot.command, "boot-recovery", sizeof(boot.command)); @@ -223,8 +246,7 @@ set_sdcard_update_bootloader_message() // record any intent we were asked to communicate back to the system. // this function is idempotent: call it as many times as you like. static void -finish_recovery(const char *send_intent) -{ +finish_recovery(const char *send_intent) { // By this point, we're ready to return to the main system... if (send_intent != NULL) { FILE *fp = fopen_root_path(INTENT_FILE, "w"); @@ -255,7 +277,7 @@ finish_recovery(const char *send_intent) check_and_fclose(log, LOG_FILE); } - // Reset the bootloader message to revert to a normal main system boot. + // Reset to mormal system boot so recovery won't cycle indefinitely. struct bootloader_message boot; memset(&boot, 0, sizeof(boot)); set_bootloader_message(&boot); @@ -272,8 +294,7 @@ finish_recovery(const char *send_intent) } static int -erase_root(const char *root) -{ +erase_root(const char *root) { ui_set_background(BACKGROUND_ICON_INSTALLING); ui_show_indeterminate_progress(); ui_print("Formatting %s...\n", root); @@ -384,8 +405,7 @@ wipe_data(int confirm) { } static void -prompt_and_wait() -{ +prompt_and_wait() { char** headers = prepend_title(MENU_HEADERS); for (;;) { @@ -438,14 +458,12 @@ prompt_and_wait() } static void -print_property(const char *key, const char *name, void *cookie) -{ +print_property(const char *key, const char *name, void *cookie) { fprintf(stderr, "%s=%s\n", key, name); } int -main(int argc, char **argv) -{ +main(int argc, char **argv) { time_t start = time(NULL); // If these fail, there's not really anywhere to complain... @@ -459,7 +477,10 @@ main(int argc, char **argv) int previous_runs = 0; const char *send_intent = NULL; const char *update_package = NULL; + const char *efs_mode = NULL; int wipe_data = 0, wipe_cache = 0; + int toggle_efs = 0; + encrypted_fs_info efs_data; int arg; while ((arg = getopt_long(argc, argv, "", OPTIONS, NULL)) != -1) { @@ -469,6 +490,7 @@ main(int argc, char **argv) case 'u': update_package = optarg; break; case 'w': wipe_data = wipe_cache = 1; break; case 'c': wipe_cache = 1; break; + case 'e': efs_mode = optarg; toggle_efs = 1; break; case '?': LOGE("Invalid command argument\n"); continue; @@ -486,7 +508,42 @@ main(int argc, char **argv) int status = INSTALL_SUCCESS; - if (update_package != NULL) { + if (toggle_efs) { + if (strcmp(efs_mode,"on") == 0) { + efs_data.encrypted_fs_mode = MODE_ENCRYPTEDFS_ENABLED; + ui_print("Enabling Encrypted FS.\n"); + } else if (strcmp(efs_mode,"off") == 0) { + efs_data.encrypted_fs_mode = MODE_ENCRYPTEDFS_DISABLED; + ui_print("Disabling Encrypted FS.\n"); + } else { + ui_print("Error: invalid Encrypted FS setting.\n"); + status = INSTALL_ERROR; + } + + // Recovery strategy: if the data partition is damaged, disable encrypted file systems. + // This preventsthe device recycling endlessly in recovery mode. + // TODO{oam}: implement improved recovery strategy later. egnor to review. + if (read_encrypted_fs_info(&efs_data)) { + ui_print("Encrypted FS change aborted, resetting to disabled state.\n"); + efs_data.encrypted_fs_mode = MODE_ENCRYPTEDFS_DISABLED; + } + + if (status != INSTALL_ERROR) { + if (erase_root("DATA:")) { + ui_print("Data wipe failed.\n"); + status = INSTALL_ERROR; + } else if (erase_root("CACHE:")) { + ui_print("Cache wipe failed.\n"); + status = INSTALL_ERROR; + } else if (restore_encrypted_fs_info(&efs_data)) { + ui_print("Encrypted FS change aborted.\n"); + status = INSTALL_ERROR; + } else { + ui_print("Successfully updated Encrypted FS.\n"); + status = INSTALL_SUCCESS; + } + } + } else if (update_package != NULL) { status = install_package(update_package); if (status != INSTALL_SUCCESS) ui_print("Installation aborted.\n"); } else if (wipe_data) { diff --git a/res/images/indeterminate1.png b/res/images/indeterminate1.png Binary files differindex 264bf27e5..90cb9fba9 100644 --- a/res/images/indeterminate1.png +++ b/res/images/indeterminate1.png diff --git a/res/images/indeterminate2.png b/res/images/indeterminate2.png Binary files differindex c30c049ab..f7fb28989 100644 --- a/res/images/indeterminate2.png +++ b/res/images/indeterminate2.png diff --git a/res/images/indeterminate3.png b/res/images/indeterminate3.png Binary files differindex 891a00095..ba10dfa53 100644 --- a/res/images/indeterminate3.png +++ b/res/images/indeterminate3.png diff --git a/res/images/indeterminate4.png b/res/images/indeterminate4.png Binary files differindex 7a6415149..ad5d9a542 100644 --- a/res/images/indeterminate4.png +++ b/res/images/indeterminate4.png diff --git a/res/images/indeterminate5.png b/res/images/indeterminate5.png Binary files differindex cd6ab20a7..8c19c8d57 100644 --- a/res/images/indeterminate5.png +++ b/res/images/indeterminate5.png diff --git a/res/images/indeterminate6.png b/res/images/indeterminate6.png Binary files differindex ddd9e7384..c0c66386a 100644 --- a/res/images/indeterminate6.png +++ b/res/images/indeterminate6.png diff --git a/res/images/progress_bar_empty.png b/res/images/progress_bar_empty.png Binary files differdeleted file mode 100644 index 9013f04ac..000000000 --- a/res/images/progress_bar_empty.png +++ /dev/null diff --git a/res/images/progress_bar_empty_left_round.png b/res/images/progress_bar_empty_left_round.png Binary files differdeleted file mode 100644 index dae7d5d13..000000000 --- a/res/images/progress_bar_empty_left_round.png +++ /dev/null diff --git a/res/images/progress_bar_empty_right_round.png b/res/images/progress_bar_empty_right_round.png Binary files differdeleted file mode 100644 index 542708823..000000000 --- a/res/images/progress_bar_empty_right_round.png +++ /dev/null diff --git a/res/images/progress_bar_fill.png b/res/images/progress_bar_fill.png Binary files differdeleted file mode 100644 index 37c04b4f4..000000000 --- a/res/images/progress_bar_fill.png +++ /dev/null diff --git a/res/images/progress_bar_left_round.png b/res/images/progress_bar_left_round.png Binary files differdeleted file mode 100644 index e72af47d4..000000000 --- a/res/images/progress_bar_left_round.png +++ /dev/null diff --git a/res/images/progress_bar_right_round.png b/res/images/progress_bar_right_round.png Binary files differdeleted file mode 100644 index d04c980b9..000000000 --- a/res/images/progress_bar_right_round.png +++ /dev/null diff --git a/res/images/progress_empty.png b/res/images/progress_empty.png Binary files differnew file mode 100644 index 000000000..4cb4998dd --- /dev/null +++ b/res/images/progress_empty.png diff --git a/res/images/progress_fill.png b/res/images/progress_fill.png Binary files differnew file mode 100644 index 000000000..eb71754db --- /dev/null +++ b/res/images/progress_fill.png diff --git a/testdata/alter-footer.zip b/testdata/alter-footer.zip Binary files differnew file mode 100644 index 000000000..f497ec000 --- /dev/null +++ b/testdata/alter-footer.zip diff --git a/testdata/alter-metadata.zip b/testdata/alter-metadata.zip Binary files differnew file mode 100644 index 000000000..1c71fbc49 --- /dev/null +++ b/testdata/alter-metadata.zip diff --git a/testdata/fake-eocd.zip b/testdata/fake-eocd.zip Binary files differnew file mode 100644 index 000000000..15dc0a946 --- /dev/null +++ b/testdata/fake-eocd.zip diff --git a/testdata/jarsigned.zip b/testdata/jarsigned.zip Binary files differnew file mode 100644 index 000000000..8b1ef8bdd --- /dev/null +++ b/testdata/jarsigned.zip diff --git a/testdata/otasigned.zip b/testdata/otasigned.zip Binary files differnew file mode 100644 index 000000000..a6bc53e41 --- /dev/null +++ b/testdata/otasigned.zip diff --git a/testdata/random.zip b/testdata/random.zip Binary files differnew file mode 100644 index 000000000..18c0b3b9f --- /dev/null +++ b/testdata/random.zip diff --git a/testdata/unsigned.zip b/testdata/unsigned.zip Binary files differnew file mode 100644 index 000000000..24e3eadac --- /dev/null +++ b/testdata/unsigned.zip @@ -38,13 +38,11 @@ #define PROGRESSBAR_INDETERMINATE_STATES 6 #define PROGRESSBAR_INDETERMINATE_FPS 15 -enum { LEFT_SIDE, CENTER_TILE, RIGHT_SIDE, NUM_SIDES }; - static pthread_mutex_t gUpdateMutex = PTHREAD_MUTEX_INITIALIZER; static gr_surface gBackgroundIcon[NUM_BACKGROUND_ICONS]; static gr_surface gProgressBarIndeterminate[PROGRESSBAR_INDETERMINATE_STATES]; -static gr_surface gProgressBarEmpty[NUM_SIDES]; -static gr_surface gProgressBarFill[NUM_SIDES]; +static gr_surface gProgressBarEmpty; +static gr_surface gProgressBarFill; static const struct { gr_surface* surface; const char *name; } BITMAPS[] = { { &gBackgroundIcon[BACKGROUND_ICON_INSTALLING], "icon_installing" }, @@ -59,12 +57,8 @@ static const struct { gr_surface* surface; const char *name; } BITMAPS[] = { { &gProgressBarIndeterminate[3], "indeterminate4" }, { &gProgressBarIndeterminate[4], "indeterminate5" }, { &gProgressBarIndeterminate[5], "indeterminate6" }, - { &gProgressBarEmpty[LEFT_SIDE], "progress_bar_empty_left_round" }, - { &gProgressBarEmpty[CENTER_TILE], "progress_bar_empty" }, - { &gProgressBarEmpty[RIGHT_SIDE], "progress_bar_empty_right_round" }, - { &gProgressBarFill[LEFT_SIDE], "progress_bar_left_round" }, - { &gProgressBarFill[CENTER_TILE], "progress_bar_fill" }, - { &gProgressBarFill[RIGHT_SIDE], "progress_bar_right_round" }, + { &gProgressBarEmpty, "progress_empty" }, + { &gProgressBarFill, "progress_fill" }, { NULL, NULL }, }; @@ -123,8 +117,8 @@ static void draw_progress_locked() if (gProgressBarType == PROGRESSBAR_TYPE_NONE) return; int iconHeight = gr_get_height(gBackgroundIcon[BACKGROUND_ICON_INSTALLING]); - int width = gr_get_width(gProgressBarIndeterminate[0]); - int height = gr_get_height(gProgressBarIndeterminate[0]); + int width = gr_get_width(gProgressBarEmpty); + int height = gr_get_height(gProgressBarEmpty); int dx = (gr_fb_width() - width)/2; int dy = (3*gr_fb_height() + iconHeight - 2*height)/4; @@ -137,18 +131,12 @@ static void draw_progress_locked() float progress = gProgressScopeStart + gProgress * gProgressScopeSize; int pos = (int) (progress * width); - gr_surface s = (pos ? gProgressBarFill : gProgressBarEmpty)[LEFT_SIDE]; - gr_blit(s, 0, 0, gr_get_width(s), gr_get_height(s), dx, dy); - - int x = gr_get_width(s); - while (x + (int) gr_get_width(gProgressBarEmpty[RIGHT_SIDE]) < width) { - s = (pos > x ? gProgressBarFill : gProgressBarEmpty)[CENTER_TILE]; - gr_blit(s, 0, 0, gr_get_width(s), gr_get_height(s), dx + x, dy); - x += gr_get_width(s); + if (pos > 0) { + gr_blit(gProgressBarFill, 0, 0, pos, height, dx, dy); + } + if (pos < width-1) { + gr_blit(gProgressBarEmpty, pos, 0, width-pos, height, dx+pos, dy); } - - s = (pos > x ? gProgressBarFill : gProgressBarEmpty)[RIGHT_SIDE]; - gr_blit(s, 0, 0, gr_get_width(s), gr_get_height(s), dx + x, dy); } if (gProgressBarType == PROGRESSBAR_TYPE_INDETERMINATE) { diff --git a/verifier.c b/verifier.c index 164fb4a01..9d39fd139 100644 --- a/verifier.c +++ b/verifier.c @@ -42,7 +42,7 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey // An archive with a whole-file signature will end in six bytes: // - // $ff $ff (2-byte comment size) (2-byte signature start) + // (2-byte signature start) $ff $ff (2-byte comment size) // // (As far as the ZIP format is concerned, these are part of the // archive comment.) We start by reading this footer, this tells @@ -169,7 +169,7 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey const uint8_t* sha1 = SHA_final(&ctx); for (i = 0; i < numKeys; ++i) { - // The 6 bytes is the "$ff $ff (signature_start) (comment_size)" that + // The 6 bytes is the "(signature_start) $ff $ff (comment_size)" that // the signing tool appends after the signature itself. if (RSA_verify(pKeys+i, eocd + eocd_size - 6 - RSANUMBYTES, RSANUMBYTES, sha1)) { diff --git a/verifier_test.c b/verifier_test.c new file mode 100644 index 000000000..5b6c1f451 --- /dev/null +++ b/verifier_test.c @@ -0,0 +1,91 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <stdarg.h> + +#include "verifier.h" + +// This is build/target/product/security/testkey.x509.pem after being +// dumped out by dumpkey.jar. +RSAPublicKey test_key = + { 64, 0xc926ad21, + { 1795090719, 2141396315, 950055447, -1713398866, + -26044131, 1920809988, 546586521, -795969498, + 1776797858, -554906482, 1805317999, 1429410244, + 129622599, 1422441418, 1783893377, 1222374759, + -1731647369, 323993566, 28517732, 609753416, + 1826472888, 215237850, -33324596, -245884705, + -1066504894, 774857746, 154822455, -1797768399, + -1536767878, -1275951968, -1500189652, 87251430, + -1760039318, 120774784, 571297800, -599067824, + -1815042109, -483341846, -893134306, -1900097649, + -1027721089, 950095497, 555058928, 414729973, + 1136544882, -1250377212, 465547824, -236820568, + -1563171242, 1689838846, -404210357, 1048029507, + 895090649, 247140249, 178744550, -747082073, + -1129788053, 109881576, -350362881, 1044303212, + -522594267, -1309816990, -557446364, -695002876}, + { -857949815, -510492167, -1494742324, -1208744608, + 251333580, 2131931323, 512774938, 325948880, + -1637480859, 2102694287, -474399070, 792812816, + 1026422502, 2053275343, -1494078096, -1181380486, + 165549746, -21447327, -229719404, 1902789247, + 772932719, -353118870, -642223187, 216871947, + -1130566647, 1942378755, -298201445, 1055777370, + 964047799, 629391717, -2062222979, -384408304, + 191868569, -1536083459, -612150544, -1297252564, + -1592438046, -724266841, -518093464, -370899750, + -739277751, -1536141862, 1323144535, 61311905, + 1997411085, 376844204, 213777604, -217643712, + 9135381, 1625809335, -1490225159, -1342673351, + 1117190829, -57654514, 1825108855, -1281819325, + 1111251351, -1726129724, 1684324211, -1773988491, + 367251975, 810756730, -1941182952, 1175080310 } + }; + +void ui_print(const char* fmt, ...) { + char buf[256]; + va_list ap; + va_start(ap, fmt); + vsnprintf(buf, 256, fmt, ap); + va_end(ap); + + fputs(buf, stderr); +} + +void ui_set_progress(float fraction) { +} + +int main(int argc, char **argv) { + if (argc != 2) { + fprintf(stderr, "Usage: %s <package>\n", argv[0]); + return 2; + } + + int result = verify_file(argv[1], &test_key, 1); + if (result == VERIFY_SUCCESS) { + printf("SUCCESS\n"); + return 0; + } else if (result == VERIFY_FAILURE) { + printf("FAILURE\n"); + return 1; + } else { + printf("bad return value\n"); + return 3; + } +} diff --git a/verifier_test.sh b/verifier_test.sh new file mode 100755 index 000000000..6350e80d3 --- /dev/null +++ b/verifier_test.sh @@ -0,0 +1,94 @@ +#!/bin/bash +# +# A test suite for applypatch. Run in a client where you have done +# envsetup, choosecombo, etc. +# +# DO NOT RUN THIS ON A DEVICE YOU CARE ABOUT. It will mess up your +# system partition. +# +# +# TODO: find some way to get this run regularly along with the rest of +# the tests. + +EMULATOR_PORT=5580 +DATA_DIR=$ANDROID_BUILD_TOP/bootable/recovery/testdata + +WORK_DIR=/data/local/tmp + +# set to 0 to use a device instead +USE_EMULATOR=0 + +# ------------------------ + +if [ "$USE_EMULATOR" == 1 ]; then + emulator -wipe-data -noaudio -no-window -port $EMULATOR_PORT & + pid_emulator=$! + ADB="adb -s emulator-$EMULATOR_PORT " +else + ADB="adb -d " +fi + +echo "waiting to connect to device" +$ADB wait-for-device + +# run a command on the device; exit with the exit status of the device +# command. +run_command() { + $ADB shell "$@" \; echo \$? | awk '{if (b) {print a}; a=$0; b=1} END {exit a}' +} + +testname() { + echo + echo "::: testing $1 :::" + testname="$1" +} + +fail() { + echo + echo FAIL: $testname + echo + [ "$open_pid" == "" ] || kill $open_pid + [ "$pid_emulator" == "" ] || kill $pid_emulator + exit 1 +} + + +cleanup() { + # not necessary if we're about to kill the emulator, but nice for + # running on real devices or already-running emulators. + run_command rm $WORK_DIR/verifier_test + run_command rm $WORK_DIR/package.zip + + [ "$pid_emulator" == "" ] || kill $pid_emulator +} + +$ADB push $ANDROID_PRODUCT_OUT/system/bin/verifier_test \ + $WORK_DIR/verifier_test + +expect_succeed() { + testname "$1 (should succeed)" + $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip + run_command $WORK_DIR/verifier_test $WORK_DIR/package.zip || fail +} + +expect_fail() { + testname "$1 (should fail)" + $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip + run_command $WORK_DIR/verifier_test $WORK_DIR/package.zip && fail +} + +expect_fail unsigned.zip +expect_fail jarsigned.zip +expect_succeed otasigned.zip +expect_fail random.zip +expect_fail fake-eocd.zip +expect_fail alter-metadata.zip +expect_fail alter-footer.zip + +# --------------- cleanup ---------------------- + +cleanup + +echo +echo PASS +echo |
