| Commit message (Collapse) | Author | Files | Lines |
|
The 'signature_start' variable marks the location of the signature
from the end of a zip archive. And a boundary check is missing where
'signature_start' should be within the EOCD comment field. This causes
problems when sideloading a malicious package. Also add a corresponding
test.
Bug: 31914369
Test: Verification fails correctly when sideloading recovery_test.zip on
angler.
Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1
(cherry-picked from f69e6a9475983b2ad46729e44ab58d2b22cd74d0)
|
|
We have been occasionally seeing "signature verification failed" error
message when applying an update. Make more verbose output to help
debugging.
Bug: 28246534
Change-Id: Id83633adc9b86b3fd36abbb504e430f0816f12e4
|
|
Timing from Nexus 5X:
89 MiB OTA update package: 1.4 s -> 0.6 s (decreased by 57%)
1196 MiB OTA update package: 8.0 s -> 7.5 s (decreased by 6%)
Bug: http://b/28135231
Change-Id: Id91f2ad15df2bffb9f8a4b4ec5a57657a02847ec
|
|
This changes the verification code in bootable/recovery to use
BoringSSL instead of mincrypt.
Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with
merge conflict resolution, extra logging in verifier.cpp, and
an increase in the hash chunk size from 4KiB to 1MiB.
Bug: http://b/28135231
Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
|
|
Move to using std::vector and std::unique_ptr to manage key
certificates to stop memory leaks.
Bug: 26908001
Change-Id: Ia5f799bc8dcc036a0ffae5eaa8d9f6e09abd031c
|
|
Change-Id: I0737456e0221ebe9cc854d65c95a7d37d0869d56
|
|
Change-Id: I5a6d0c3c5f9a3a474464c0f06d6b09045459eebb
|
|
Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
|
|
Changes minzip and recovery's file signature verification to work on
memory regions, rather than files.
For packages which are regular files, install.cpp now mmap()s them
into memory and then passes the mapped memory to the verifier and to
the minzip library.
Support for files which are raw block maps (which will be used when we
have packages written to encrypted data partitions) is present but
largely untested so far.
Bug: 12188746
Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
|
|
This adds support for key version 5 which is an EC key using the NIST
P-256 curve parameters. OTAs may be signed with these keys using the
ECDSA signature algorithm with SHA-256.
Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
|
|
(cherry picked from commit bac7fba02763ae5e78e8e4ba0bea727330ad953e)
Change-Id: I01c38d7fea088622a8b0bbf2c833fa2d969417af
|
|
Change-Id: Ifd5a29d459acf101311fa1c220f728c3d0ac2e4e
|
|
Improves license compatibility between GPL and Apache
Change-Id: I2b165aa575bb6213af6b07936f99610c113443f0
|
|
Add an option to verifier_test to load keys from a file, the way the
recovery does.
Change-Id: Icba0e391164f2c1a9fefeab4b0bcb878e91d17b4
|
|
Move all the functions in ui.c to be members of a ScreenRecoveryUI
class, which is a subclass of an abstract RecoveryUI class. Recovery
then creates a global singleton instance of this class and then invoke
the methods to drive the UI. We use this to allow substitution of a
different RecoveryUI implementation for devices with radically
different form factors (eg, that don't have a screen).
Change-Id: I76bdd34eca506149f4cc07685df6a4890473f3d9
|
|
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555
|
|
Change-Id: I68a67a4c8edec9a74463b3d4766005ce27b51316
|
|
Change-Id: I0d91b715d1eb9e45e2fce54bb93ba0abef92727e
|
|
|
|
|
|
This issue results in the ability to modify the contents of a signed
OTA recovery image.
|
|
Oops.
|
|
|
|
|
|
In recovery, verify a signature that covers the entire zip file,
instead of using the jarsigner format to verify individual files.
Bug: 1328985
|
|
|
|
|
|
|