| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
Creates a new class handle the package in memory and package read from fd.
Define the new interface functions, and make approximate changes to the
verify and install functions.
Bug: 127071893
Test: unit tests pass, sideload a package
Change-Id: I66ab00654df92471184536fd147b237a86e9c5b5
|
|
|
|
|
|
| |
Test: compile
Bug: 119313545
Change-Id: I664fb32522d01909c603d7b903475c4e9aea9223
|
|
|
|
|
|
|
|
|
| |
This function is used to parse the result of dumpKeys. It's no longer
needed as we are now parsing the public keys from the zipfile.
Bug: 116655889
Test: unit tests pass
Change-Id: I817906e451664058c644f4329ff499bbe4587ebb
|
|
|
|
|
|
|
|
|
|
| |
For RSA keys, check if it has a 2048 bits modulus, and its public
exponent is 3 or 65537. For EC keys, check if the field size is 256
bits for its curve.
Bug: 116655889
Test: unit tests pass
Change-Id: I5c00f4d2b61c98c434f0b49db232155d5d0770ec
|
|
|
|
|
|
|
|
|
| |
Add a function to parse the zip archive and load the certificate from
all the zip entries with the suffix "x509.pem".
Bug: 116655889
Test: unittests pass
Change-Id: I93bf7aef7462c0623e89fc2d466d7af2d3a758bc
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We used to convert a pem certificate file to some intermediate plain
text format; and parse that format under recovery mode. This is
uncessary since the x509.pem can be directly parsed with openssl
functions.
Add the function to load the public key from one x509.pem file and
corresponding unit tests. And we will add more cls to extract the pem
files from otacert.zip later.
Bug: 116655889
Test: verify package with 5 supported certficate versions
Change-Id: Ibc6c696c534567f005db75143cc4ef8d4bdea6a0
|
|
|
|
|
| |
Test: mmma -j bootable/recovery
Change-Id: I32ab98549e91f993364306e4a88dc654221b3869
|
|\
| |
| |
| |
| |
| | |
am: 586377d1f3
Change-Id: I4d2cac061fbf6ac34e9e5125ebd5294dbc33e4ef
|
| |\
| | |
| | |
| | |
| | |
| | | |
am: b3eeb817ab
Change-Id: I1bcf86cbbc495bf5df92dc53e01be39e7c623255
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Test: recovery_component_test
Test: recovery_unit_test
Test: Apply an OTA on angler.
Change-Id: I7170f03e4ce1fe06184ca1d7bcce0a695f33ac4d
|
| | |
| | |
| | |
| | |
| | | |
Test: mmma bootable/recovery
Change-Id: I909164fed84fb17a7e1cb2427cb88208a69dc052
|
|\| |
| | |
| | |
| | |
| | |
| | | |
am: 8fdce9ab99
Change-Id: Ifcd2c3236d337216adabb5bb810befd33f05f44c
|
| |\|
| | |
| | |
| | |
| | | |
Test: I solemnly swear I tested this conflict resolution.
Change-Id: I59d27cec1ef2c6befe824848cdc9ef3b0a0dc586
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For the BadPackage tests from VerifierTest: one alters the footer, and
the other alters the metadata. Move the two tests to be based on
otasigned_v3.zip (they're based on otasigned_v1.zip previously). Also
construct the testdata files dynamically (to save the space and for
better readability).
Test: recovery_component_test
Change-Id: I7604d563f8b4fa0c55fec8730c063384158e3abc
|
|/ /
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For the BadPackage tests from VerifierTest: one alters the footer, and
the other alters the metadata. Move the two tests to be based on
otasigned_v3.zip (they're based on otasigned_v1.zip previously). Also
construct the testdata files dynamically (to save the space and for
better readability).
Test: recovery_component_test
Change-Id: I7604d563f8b4fa0c55fec8730c063384158e3abc
(cherry picked from commit 217d9f98595076f344746bffdafb4314191f3e1b)
|
| |
| |
| |
| |
| |
| | |
Test: Observe the same failure with recovery_component_test ("signature
start: 65535 is larger than comment size: 0").
Change-Id: I98c357b5df2fa4caa9d8eed63af2e945ed99f18a
|
|\|
| |
| |
| |
| |
| | |
am: 60ea643afb
Change-Id: I2246094d0db184726cae34d7b916c127512ad6d2
|
| |
| |
| |
| |
| | |
Test: recovery_component_test passes.
Change-Id: I6276b59981c87c50736d69d4af7647c8ed892965
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
verify_file() has a dependency on the global variable of 'ui' for
posting the verification progress, which requires the users of
libverifier to provide a UI instance.
This CL adds an optional argument to verify_file() so that it can
post the progress through the provided callback function. As a result,
we can drop the MockUI class in verifier_test.cpp.
Test: recovery_component_test passes.
Test: verify_file() posts progress update when installing an OTA.
Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
verify_file() has a dependency on the global variable of 'ui' for
posting the verification progress, which requires the users of
libverifier to provide a UI instance.
This CL adds an optional argument to verify_file() so that it can
post the progress through the provided callback function. As a result,
we can drop the MockUI class in verifier_test.cpp.
Test: recovery_component_test passes.
Test: verify_file() posts progress update when installing an OTA.
Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1
(cherry picked from commit 5e535014dd7961fbf812abeaa27f3339775031f1)
|
|\|
| |
| |
| |
| |
| | |
am: 74e0ecb25b
Change-Id: If03ce22edaee2cf9aa38f3ea90ee992cd06695c3
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
UI text is broken (doesn't show any text during FDR) due to commit
d530449e54bd327e9c26209ffa0490c6508afe6c, which reordered the calls to
RecoveryUI::SetLocale() and RecoveryUI::Init().
Because Init() uses the locale info to load the localized texts (from
images), the locale must be set prior to that via SetLocale(). This CL
refactors Init() to take the locale parameter, and removes the odd
SetLocale() API.
Bug: 34029338
Test: 'Run graphics test' under recovery.
Change-Id: I620394a3d4e3705e9af5a1f6299285d143ae1b01
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
The 'signature_start' variable marks the location of the signature
from the end of a zip archive. And a boundary check is missing where
'signature_start' should be within the EOCD comment field. This causes
problems when sideloading a malicious package. Also add a corresponding
test.
Bug: 31914369
Test: Verification fails correctly when sideloading recovery_test.zip on
angler.
Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1
|
|
|
|
|
|
|
|
|
|
|
| |
This allows recovery to work on devices without screen.
The stub recovery UI does nothing except print to stdout.
Test: write 'recovery\n--wipe_data\n--reason=wipe_data_from_ota\n'
to misc and boot to recovery on a device without screen.
Bug: 33175036
Change-Id: Icde698aa2e2e29f4b3d0532dfd3c6a939ac2bc63
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
continuous_native_tests expects the testdata under DATA/ in
continuous_native_tests.zip. This CL packs a copy of the testdata into
continuous_native_tests.zip as DATA/nativetest/recovery/testdata (via
LOCAL_PICKUP_FILES).
This CL also removes the extra copy for nativetest64. Testdata will
always stay at /data/nativetest/recovery/testdata, even for 64-bit
version. Otherwise we will unnecessarily get four copies (two for data/
and another two for DATA/).
Bug: 32123241
Test: mmma bootable/recovery && adb sync data. On bullhead,
/data/nativetest/recovery_component_test/recovery_component_test works;
/data/nativetest64/recovery_component_test/recovery_component_test works.
Test: m continuous_native_test; DATA/nativetest/recovery/testdata exists.
Change-Id: Ifefa0309de7af23c77654e8e450848ca2da218c2
|
|
|
|
|
|
|
|
|
|
|
| |
Clean up the duplicated codes that handle the zip files in
bootable/recovery; and rename the library of the remaining
utility functions to libotautil.
Test: Update package installed successfully on angler.
Bug: 19472796
Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
|
|\
| |
| |
| |
| |
| | |
am: e91aef0ee9
Change-Id: Ia130dc2a7f62ecf1ad40ec03d88a331a31800efa
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
A Certificate is a pair of an RSAPublicKey and a particular hash. So v1
and v3 differ in the hash algorithm (SHA-1 vs SHA-256), similarly for
v2 and v4.
In verifier testcases, we used to load v1/v2 keys with an explicit
argument of "sha256" to test the v3/v4 keys. This CL switches to loading
v3/v4 keys directly and lets load_keys() to handle that, which is the
actual flow we use in practice.
Also remove the "fallback to v1 key" in the testcases, which is not the
actual behavior.
Bug: 30415901
Test: Run the verifier_test component test on device.
Change-Id: I3a2baa64826f1b6c4c367a560090df384c4521bb
|
|\ \
| | |
| | |
| | | |
Change-Id: I4ec33904a6af38d81b422c7be6f40b828fbc7525
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a new command "--security" to boot commands. If this command is
observed as part of BCB, choose a different background text picture
for installing stage in recovery UI. As a result, users will see
"installing security update" instead of "installing system update"
when applying a security update package.
Bug: 27837319
Change-Id: I2e2253a124993ecc24804fa1ee0b918ac96837c5
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with
merge conflict resolution, extra logging in verifier.cpp, and
an increase in the hash chunk size from 4KiB to 1MiB.
Bug: http://b/28135231
Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
|
|\ \ \
| | |/
| |/|
| | | |
Change-Id: Iaf232fbe65879bad6e19c7a9600aa6303a491a67
|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
|
|\ \ \
| |/ /
|/| /
| |/
| |
| |
| | |
am: 761653a4ad
* commit '761653a4ad1c392fcd505e8909661fd64f02ce97':
Port applypatch.sh tests to recovery_component_tests
|
| |
| |
| |
| |
| | |
Bug: 27135282
Change-Id: If53682b591397ddfdb84860a3779b612904d4489
|
| |
| |
| |
| | |
Change-Id: I7ffba0be5a6befc875ce59b51a008c1892e7d34b
|
|\ \ |
|
| |/
| |
| |
| | |
Change-Id: I51fec30114c0a31efc9c2ac8472654baf8bb3e84
|
|/
|
|
|
|
| |
Test data needs to go outside the gtest module.
Change-Id: Ic444ca838cbafa651ec97ff8730129da84fafc09
|
|
Bug: 26962907
Change-Id: I5f80636af1740badeff7d08193f08e23f4e4fee1
|