Merge "verifier: update to support certificates using SHA-256"

This commit is contained in:
Kenny Root
2013-09-25 17:14:59 +00:00
committed by Gerrit Code Review
13 changed files with 254 additions and 109 deletions
+1 -1
View File
@@ -101,7 +101,7 @@ int LoadFileContents(const char* filename, FileContents* file,
} }
} }
SHA(file->data, file->size, file->sha1); SHA_hash(file->data, file->size, file->sha1);
return 0; return 0;
} }
+1 -1
View File
@@ -190,7 +190,7 @@ really_install_package(const char *path, int* wipe_cache)
ui->Print("Opening update package...\n"); ui->Print("Opening update package...\n");
int numKeys; int numKeys;
RSAPublicKey* loadedKeys = load_keys(PUBLIC_KEYS_FILE, &numKeys); Certificate* loadedKeys = load_keys(PUBLIC_KEYS_FILE, &numKeys);
if (loadedKeys == NULL) { if (loadedKeys == NULL) {
LOGE("Failed to load keys\n"); LOGE("Failed to load keys\n");
return INSTALL_CORRUPT; return INSTALL_CORRUPT;
Binary file not shown.
BIN
View File
Binary file not shown.
+25
View File
@@ -0,0 +1,25 @@
-----BEGIN CERTIFICATE-----
MIIENjCCAx6gAwIBAgIJAKhkCO1dDYMaMA0GCSqGSIb3DQEBCwUAMG8xCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1Nb3VudGFpbiBW
aWV3MQ8wDQYDVQQKEwZHb29nbGUxEDAOBgNVBAsTB0FuZHJvaWQxEDAOBgNVBAMT
B1Rlc3QxMjMwHhcNMTMwNDEwMTcyMzUyWhcNMTMwNTEwMTcyMzUyWjBvMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g
VmlldzEPMA0GA1UEChMGR29vZ2xlMRAwDgYDVQQLEwdBbmRyb2lkMRAwDgYDVQQD
EwdUZXN0MTIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8WwMN9x
4Mz7YgkG2qy9g8/kl5ZoYrUM0ApHhaITAcL7RXLZaNipCf0w/YjYTQgj+75MK30x
TsnPeWNOEwA62gkHrZyyWfxBRO6kBYuIuI4roGDBJOmKQ1OEaDeIRKu7q5V8v3Cs
0wQDAQWTbhpxBZr9UYFgJUg8XWBfPrGJLVwsoiy4xrMhoTlNZKHfwOMMqVtSHkZX
qydYrcIzyjh+TO0e/xSNQ8MMRRbtqWgCHN6Rzhog3IHZu0RaPoukariopjXM/s0V
gTm3rHDHCOpna2pNblyiFlvbkoCs769mtNmx/yrDShO30jg/xaG8RypKDvTChzOT
oWW/XQ5VEXjbHwIDAQABo4HUMIHRMB0GA1UdDgQWBBRlT2dEZJY1tmUM8mZ0xnhS
GdD9TTCBoQYDVR0jBIGZMIGWgBRlT2dEZJY1tmUM8mZ0xnhSGdD9TaFzpHEwbzEL
MAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50
YWluIFZpZXcxDzANBgNVBAoTBkdvb2dsZTEQMA4GA1UECxMHQW5kcm9pZDEQMA4G
A1UEAxMHVGVzdDEyM4IJAKhkCO1dDYMaMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcN
AQELBQADggEBAKWWQ9S0V9wWjrMJe8exj1gklwD1Ysi0vi+h2tfixahelrpsNkWi
EFjoUSHEkW9ThLmtui646uAlwSiWtSn1XkGGmIJ3s+gmAFUcMc0CaK0dgoq/M9zn
fQ0Vkzc1tK4MLsf+CbPDywPycb6+T3dBkerbWn9GUpjGl1ANWlciXZZ3657m61sL
HhwUOBxbZZ6sYP4ed2SVCf45GgMyJ0VoUg5yI2JzPAgOkGfeEIPVXE1M94edJY4G
8eHYvXovJZwXvKFI+ZyS0KBPx8cpfw89RB9qmkxqNBIm8qWb3qBiuBEIPj+NF/7w
sC/Fv8NNXkVquy0xa0qdyJBABzWE18zGcXs=
-----END CERTIFICATE-----
BIN
View File
Binary file not shown.
+27
View File
@@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEqDCCA5CgAwIBAgIJAJNurL4H8gHfMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g
VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE
AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
Fw0wODAyMjkwMTMzNDZaFw0zNTA3MTcwMTMzNDZaMIGUMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G
A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p
ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI
hvcNAQEBBQADggENADCCAQgCggEBANaTGQTexgskse3HYuDZ2CU+Ps1s6x3i/waM
qOi8qM1r03hupwqnbOYOuw+ZNVn/2T53qUPn6D1LZLjk/qLT5lbx4meoG7+yMLV4
wgRDvkxyGLhG9SEVhvA4oU6Jwr44f46+z4/Kw9oe4zDJ6pPQp8PcSvNQIg1QCAcy
4ICXF+5qBTNZ5qaU7Cyz8oSgpGbIepTYOzEJOmc3Li9kEsBubULxWBjf/gOBzAzU
RNps3cO4JFgZSAGzJWQTT7/emMkod0jb9WdqVA2BVMi7yge54kdVMxHEa5r3b97s
zI5p58ii0I54JiCUP5lyfTwE/nKZHZnfm644oLIXf6MdW2r+6R8CAQOjgfwwgfkw
HQYDVR0OBBYEFEhZAFY9JyxGrhGGBaR0GawJyowRMIHJBgNVHSMEgcEwgb6AFEhZ
AFY9JyxGrhGGBaR0GawJyowRoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH
QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG
CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJAJNurL4H8gHfMAwGA1Ud
EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHqvlozrUMRBBVEY0NqrrwFbinZa
J6cVosK0TyIUFf/azgMJWr+kLfcHCHJsIGnlw27drgQAvilFLAhLwn62oX6snb4Y
LCBOsVMR9FXYJLZW2+TcIkCRLXWG/oiVHQGo/rWuWkJgU134NDEFJCJGjDbiLCpe
+ZTWHdcwauTJ9pUbo8EvHRkU3cYfGmLaLfgn9gP+pWA7LFQNvXwBnDa6sppCccEX
31I828XzgXpJ4O+mDL1/dBd+ek8ZPUP0IgdyZm5MTYPhvVqGCHzzTy3sIeJFymwr
sBbmg2OAUNLEMO6nwmocSdN2ClirfxqCzJOLSDE4QyS9BAH6EhY6UFcOaE0=
-----END CERTIFICATE-----
+27
View File
@@ -0,0 +1,27 @@
-----BEGIN CERTIFICATE-----
MIIEqDCCA5CgAwIBAgIJAJNurL4H8gHfMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g
VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE
AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
Fw0xMzA0MTAxODA1MzZaFw0xMzA1MTAxODA1MzZaMIGUMQswCQYDVQQGEwJVUzET
MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G
A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p
ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI
hvcNAQEBBQADggENADCCAQgCggEBANaTGQTexgskse3HYuDZ2CU+Ps1s6x3i/waM
qOi8qM1r03hupwqnbOYOuw+ZNVn/2T53qUPn6D1LZLjk/qLT5lbx4meoG7+yMLV4
wgRDvkxyGLhG9SEVhvA4oU6Jwr44f46+z4/Kw9oe4zDJ6pPQp8PcSvNQIg1QCAcy
4ICXF+5qBTNZ5qaU7Cyz8oSgpGbIepTYOzEJOmc3Li9kEsBubULxWBjf/gOBzAzU
RNps3cO4JFgZSAGzJWQTT7/emMkod0jb9WdqVA2BVMi7yge54kdVMxHEa5r3b97s
zI5p58ii0I54JiCUP5lyfTwE/nKZHZnfm644oLIXf6MdW2r+6R8CAQOjgfwwgfkw
HQYDVR0OBBYEFEhZAFY9JyxGrhGGBaR0GawJyowRMIHJBgNVHSMEgcEwgb6AFEhZ
AFY9JyxGrhGGBaR0GawJyowRoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE
CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH
QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG
CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJAJNurL4H8gHfMAwGA1Ud
EwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAKRVj9hOaozH1W8Wb4CNj7sCWixh
UMMZJXkxUtvUVHZGefp6MdtYiD/ZM7YRwZphm9aNhkykbHJdZ3lPzeL2csCa+sDQ
8sIzGu0/aD6p4zgIKQZmz0mZHqPGbHoLWOmA9EexRCFZ7vO/kO56ZbyhfFz2DI3S
Yez65CabErOFhNX6WukSPbV3zfsHRDD5JUStb/ko6t99HXsvIO0Ax9poj60PpCC1
SiFzHZUY9mOnUfJFs+3NWCwKtP9nho3mZ3pJ1i+SeF6JiqbE3KHl4CDBeVGcu3CK
fiUZ8e8iXVN471Cgc5GD6Ud1pS7ifNZJsKhbETQ63KmvHCLRPi4NmP67uDE=
-----END CERTIFICATE-----
+1 -1
View File
@@ -1057,7 +1057,7 @@ Value* Sha1CheckFn(const char* name, State* state, int argc, Expr* argv[]) {
return StringValue(strdup("")); return StringValue(strdup(""));
} }
uint8_t digest[SHA_DIGEST_SIZE]; uint8_t digest[SHA_DIGEST_SIZE];
SHA(args[0]->data, args[0]->size, digest); SHA_hash(args[0]->data, args[0]->size, digest);
FreeValue(args[0]); FreeValue(args[0]);
if (argc == 1) { if (argc == 1) {
+63 -17
View File
@@ -20,6 +20,7 @@
#include "mincrypt/rsa.h" #include "mincrypt/rsa.h"
#include "mincrypt/sha.h" #include "mincrypt/sha.h"
#include "mincrypt/sha256.h"
#include <string.h> #include <string.h>
#include <stdio.h> #include <stdio.h>
@@ -34,7 +35,7 @@ extern RecoveryUI* ui;
// Return VERIFY_SUCCESS, VERIFY_FAILURE (if any error is encountered // Return VERIFY_SUCCESS, VERIFY_FAILURE (if any error is encountered
// or no key matches the signature). // or no key matches the signature).
int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKeys) { int verify_file(const char* path, const Certificate* pKeys, unsigned int numKeys) {
ui->SetProgress(0.0); ui->SetProgress(0.0);
FILE* f = fopen(path, "rb"); FILE* f = fopen(path, "rb");
@@ -68,6 +69,7 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey
} }
if (footer[2] != 0xff || footer[3] != 0xff) { if (footer[2] != 0xff || footer[3] != 0xff) {
LOGE("footer is wrong\n");
fclose(f); fclose(f);
return VERIFY_FAILURE; return VERIFY_FAILURE;
} }
@@ -139,8 +141,19 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey
#define BUFFER_SIZE 4096 #define BUFFER_SIZE 4096
SHA_CTX ctx; bool need_sha1 = false;
SHA_init(&ctx); bool need_sha256 = false;
for (i = 0; i < numKeys; ++i) {
switch (pKeys[i].hash_len) {
case SHA_DIGEST_SIZE: need_sha1 = true; break;
case SHA256_DIGEST_SIZE: need_sha256 = true; break;
}
}
SHA_CTX sha1_ctx;
SHA256_CTX sha256_ctx;
SHA_init(&sha1_ctx);
SHA256_init(&sha256_ctx);
unsigned char* buffer = (unsigned char*)malloc(BUFFER_SIZE); unsigned char* buffer = (unsigned char*)malloc(BUFFER_SIZE);
if (buffer == NULL) { if (buffer == NULL) {
LOGE("failed to alloc memory for sha1 buffer\n"); LOGE("failed to alloc memory for sha1 buffer\n");
@@ -159,7 +172,8 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey
fclose(f); fclose(f);
return VERIFY_FAILURE; return VERIFY_FAILURE;
} }
SHA_update(&ctx, buffer, size); if (need_sha1) SHA_update(&sha1_ctx, buffer, size);
if (need_sha256) SHA256_update(&sha256_ctx, buffer, size);
so_far += size; so_far += size;
double f = so_far / (double)signed_len; double f = so_far / (double)signed_len;
if (f > frac + 0.02 || size == so_far) { if (f > frac + 0.02 || size == so_far) {
@@ -170,12 +184,21 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey
fclose(f); fclose(f);
free(buffer); free(buffer);
const uint8_t* sha1 = SHA_final(&ctx); const uint8_t* sha1 = SHA_final(&sha1_ctx);
const uint8_t* sha256 = SHA256_final(&sha256_ctx);
for (i = 0; i < numKeys; ++i) { for (i = 0; i < numKeys; ++i) {
const uint8_t* hash;
switch (pKeys[i].hash_len) {
case SHA_DIGEST_SIZE: hash = sha1; break;
case SHA256_DIGEST_SIZE: hash = sha256; break;
default: continue;
}
// The 6 bytes is the "(signature_start) $ff $ff (comment_size)" that // The 6 bytes is the "(signature_start) $ff $ff (comment_size)" that
// the signing tool appends after the signature itself. // the signing tool appends after the signature itself.
if (RSA_verify(pKeys+i, eocd + eocd_size - 6 - RSANUMBYTES, if (RSA_verify(pKeys[i].public_key, eocd + eocd_size - 6 - RSANUMBYTES,
RSANUMBYTES, sha1)) { RSANUMBYTES, hash, pKeys[i].hash_len)) {
LOGI("whole-file signature verified against key %d\n", i); LOGI("whole-file signature verified against key %d\n", i);
free(eocd); free(eocd);
return VERIFY_SUCCESS; return VERIFY_SUCCESS;
@@ -207,10 +230,19 @@ int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKey
// The file may contain multiple keys in this format, separated by // The file may contain multiple keys in this format, separated by
// commas. The last key must not be followed by a comma. // commas. The last key must not be followed by a comma.
// //
// A Certificate is a pair of an RSAPublicKey and a particular hash
// (we support SHA-1 and SHA-256; we store the hash length to signify
// which is being used). The hash used is implied by the version number.
//
// 1: 2048-bit RSA key with e=3 and SHA-1 hash
// 2: 2048-bit RSA key with e=65537 and SHA-1 hash
// 3: 2048-bit RSA key with e=3 and SHA-256 hash
// 4: 2048-bit RSA key with e=65537 and SHA-256 hash
//
// Returns NULL if the file failed to parse, or if it contain zero keys. // Returns NULL if the file failed to parse, or if it contain zero keys.
RSAPublicKey* Certificate*
load_keys(const char* filename, int* numKeys) { load_keys(const char* filename, int* numKeys) {
RSAPublicKey* out = NULL; Certificate* out = NULL;
*numKeys = 0; *numKeys = 0;
FILE* f = fopen(filename, "r"); FILE* f = fopen(filename, "r");
@@ -224,24 +256,38 @@ load_keys(const char* filename, int* numKeys) {
bool done = false; bool done = false;
while (!done) { while (!done) {
++*numKeys; ++*numKeys;
out = (RSAPublicKey*)realloc(out, *numKeys * sizeof(RSAPublicKey)); out = (Certificate*)realloc(out, *numKeys * sizeof(Certificate));
RSAPublicKey* key = out + (*numKeys - 1); Certificate* cert = out + (*numKeys - 1);
cert->public_key = (RSAPublicKey*)malloc(sizeof(RSAPublicKey));
char start_char; char start_char;
if (fscanf(f, " %c", &start_char) != 1) goto exit; if (fscanf(f, " %c", &start_char) != 1) goto exit;
if (start_char == '{') { if (start_char == '{') {
// a version 1 key has no version specifier. // a version 1 key has no version specifier.
key->exponent = 3; cert->public_key->exponent = 3;
cert->hash_len = SHA_DIGEST_SIZE;
} else if (start_char == 'v') { } else if (start_char == 'v') {
int version; int version;
if (fscanf(f, "%d {", &version) != 1) goto exit; if (fscanf(f, "%d {", &version) != 1) goto exit;
if (version == 2) { switch (version) {
key->exponent = 65537; case 2:
} else { cert->public_key->exponent = 65537;
goto exit; cert->hash_len = SHA_DIGEST_SIZE;
break;
case 3:
cert->public_key->exponent = 3;
cert->hash_len = SHA256_DIGEST_SIZE;
break;
case 4:
cert->public_key->exponent = 65537;
cert->hash_len = SHA256_DIGEST_SIZE;
break;
default:
goto exit;
} }
} }
RSAPublicKey* key = cert->public_key;
if (fscanf(f, " %i , 0x%x , { %u", if (fscanf(f, " %i , 0x%x , { %u",
&(key->len), &(key->n0inv), &(key->n[0])) != 3) { &(key->len), &(key->n0inv), &(key->n[0])) != 3) {
goto exit; goto exit;
@@ -274,7 +320,7 @@ load_keys(const char* filename, int* numKeys) {
goto exit; goto exit;
} }
LOGI("read key e=%d\n", key->exponent); LOGI("read key e=%d hash=%d\n", key->exponent, cert->hash_len);
} }
} }
+7 -2
View File
@@ -19,12 +19,17 @@
#include "mincrypt/rsa.h" #include "mincrypt/rsa.h"
typedef struct Certificate {
int hash_len; // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256)
RSAPublicKey* public_key;
} Certificate;
/* Look in the file for a signature footer, and verify that it /* Look in the file for a signature footer, and verify that it
* matches one of the given keys. Return one of the constants below. * matches one of the given keys. Return one of the constants below.
*/ */
int verify_file(const char* path, const RSAPublicKey *pKeys, unsigned int numKeys); int verify_file(const char* path, const Certificate *pKeys, unsigned int numKeys);
RSAPublicKey* load_keys(const char* filename, int* numKeys); Certificate* load_keys(const char* filename, int* numKeys);
#define VERIFY_SUCCESS 0 #define VERIFY_SUCCESS 0
#define VERIFY_FAILURE 1 #define VERIFY_FAILURE 1
+80 -71
View File
@@ -21,80 +21,82 @@
#include "common.h" #include "common.h"
#include "verifier.h" #include "verifier.h"
#include "ui.h" #include "ui.h"
#include "mincrypt/sha.h"
#include "mincrypt/sha256.h"
// This is build/target/product/security/testkey.x509.pem after being // This is build/target/product/security/testkey.x509.pem after being
// dumped out by dumpkey.jar. // dumped out by dumpkey.jar.
RSAPublicKey test_key = RSAPublicKey test_key =
{ 64, 0xc926ad21, { 64, 0xc926ad21,
{ 1795090719, 2141396315, 950055447, -1713398866, { 0x6afee91fu, 0x7fa31d5bu, 0x38a0b217u, 0x99df9baeu,
-26044131, 1920809988, 546586521, -795969498, 0xfe72991du, 0x727d3c04u, 0x20943f99u, 0xd08e7826u,
1776797858, -554906482, 1805317999, 1429410244, 0x69e7c8a2u, 0xdeeccc8eu, 0x6b9af76fu, 0x553311c4u,
129622599, 1422441418, 1783893377, 1222374759, 0x07b9e247u, 0x54c8bbcau, 0x6a540d81u, 0x48dbf567u,
-1731647369, 323993566, 28517732, 609753416, 0x98c92877u, 0x134fbfdeu, 0x01b32564u, 0x24581948u,
1826472888, 215237850, -33324596, -245884705, 0x6cddc3b8u, 0x0cd444dau, 0xfe0381ccu, 0xf15818dfu,
-1066504894, 774857746, 154822455, -1797768399, 0xc06e6d42u, 0x2e2f6412u, 0x093a6737u, 0x94d83b31u,
-1536767878, -1275951968, -1500189652, 87251430, 0xa466c87au, 0xb3f284a0u, 0xa694ec2cu, 0x053359e6u,
-1760039318, 120774784, 571297800, -599067824, 0x9717ee6au, 0x0732e080u, 0x220d5008u, 0xdc4af350u,
-1815042109, -483341846, -893134306, -1900097649, 0x93d0a7c3u, 0xe330c9eau, 0xcac3da1eu, 0x8ebecf8fu,
-1027721089, 950095497, 555058928, 414729973, 0xc2be387fu, 0x38a14e89u, 0x211586f0u, 0x18b846f5u,
1136544882, -1250377212, 465547824, -236820568, 0x43be4c72u, 0xb578c204u, 0x1bbfb230u, 0xf1e267a8u,
-1563171242, 1689838846, -404210357, 1048029507, 0xa2d3e656u, 0x64b8e4feu, 0xe7e83d4bu, 0x3e77a943u,
895090649, 247140249, 178744550, -747082073, 0x3559ffd9u, 0x0ebb0f99u, 0x0aa76ce6u, 0xd3786ea7u,
-1129788053, 109881576, -350362881, 1044303212, 0xbca8cd6bu, 0x068ca8e8u, 0xeb1de2ffu, 0x3e3ecd6cu,
-522594267, -1309816990, -557446364, -695002876}, 0xe0d9d825u, 0xb1edc762u, 0xdec60b24u, 0xd6931904u},
{ -857949815, -510492167, -1494742324, -1208744608, { 0xccdcb989u, 0xe19281f9u, 0xa6e80accu, 0xb7f40560u,
251333580, 2131931323, 512774938, 325948880, 0x0efb0bccu, 0x7f12b0bbu, 0x1e90531au, 0x136d95d0u,
-1637480859, 2102694287, -474399070, 792812816, 0x9e660665u, 0x7d54918fu, 0xe3b93ea2u, 0x2f415d10u,
1026422502, 2053275343, -1494078096, -1181380486, 0x3d2df6e6u, 0x7a627ecfu, 0xa6f22d70u, 0xb995907au,
165549746, -21447327, -229719404, 1902789247, 0x09de16b2u, 0xfeb8bd61u, 0xf24ec294u, 0x716a427fu,
772932719, -353118870, -642223187, 216871947, 0x2e12046fu, 0xeaf3d56au, 0xd9b873adu, 0x0ced340bu,
-1130566647, 1942378755, -298201445, 1055777370, 0xbc9cec09u, 0x73c65903u, 0xee39ce9bu, 0x3eede25au,
964047799, 629391717, -2062222979, -384408304, 0x397633b7u, 0x2583c165u, 0x8514f97du, 0xe9166510u,
191868569, -1536083459, -612150544, -1297252564, 0x0b6fae99u, 0xa47139fdu, 0xdb8352f0u, 0xb2ad7f2cu,
-1592438046, -724266841, -518093464, -370899750, 0xa11552e2u, 0xd4d490a7u, 0xe11e8568u, 0xe9e484dau,
-739277751, -1536141862, 1323144535, 61311905, 0xd3ef8449u, 0xa47055dau, 0x4edd9557u, 0x03a78ba1u,
1997411085, 376844204, 213777604, -217643712, 0x770e130du, 0x16762facu, 0x0cbdfcc4u, 0xf3070540u,
9135381, 1625809335, -1490225159, -1342673351, 0x008b6515u, 0x60e7e1b7u, 0xa72cf7f9u, 0xaff86e39u,
1117190829, -57654514, 1825108855, -1281819325, 0x4296faadu, 0xfc90430eu, 0x6cc8f377u, 0xb398fd43u,
1111251351, -1726129724, 1684324211, -1773988491, 0x423c5997u, 0x991d59c4u, 0x6464bf73u, 0x96431575u,
367251975, 810756730, -1941182952, 1175080310 }, 0x15e3d207u, 0x30532a7au, 0x8c4be618u, 0x460a4d76u },
3 3
}; };
RSAPublicKey test_f4_key = RSAPublicKey test_f4_key =
{ 64, 0xc9bd1f21, { 64, 0xc9bd1f21,
{ 293133087u, 3210546773u, 865313125u, 250921607u, { 0x1178db1fu, 0xbf5d0e55u, 0x3393a165u, 0x0ef4c287u,
3158780490u, 943703457u, 1242806226u, 2986289859u, 0xbc472a4au, 0x383fc5a1u, 0x4a13b7d2u, 0xb1ff2ac3u,
2942743769u, 2457906415u, 2719374299u, 1783459420u, 0xaf66b4d9u, 0x9280acefu, 0xa2165bdbu, 0x6a4d6e5cu,
149579627u, 3081531591u, 3440738617u, 2788543742u, 0x08ea676bu, 0xb7ac70c7u, 0xcd158139u, 0xa635ccfeu,
2758457512u, 1146764939u, 3699497403u, 2446203424u, 0xa46ab8a8u, 0x445a3e8bu, 0xdc81d9bbu, 0x91ce1a20u,
1744968926u, 1159130537u, 2370028300u, 3978231572u, 0x68021cdeu, 0x4516eda9u, 0x8d43c30cu, 0xed1eff14u,
3392699980u, 1487782451u, 1180150567u, 2841334302u, 0xca387e4cu, 0x58adc233u, 0x4657ab27u, 0xa95b521eu,
3753960204u, 961373345u, 3333628321u, 748825784u, 0xdfc0e30cu, 0x394d64a1u, 0xc6b321a1u, 0x2ca22cb8u,
2978557276u, 1566596926u, 1613056060u, 2600292737u, 0xb1892d5cu, 0x5d605f3eu, 0x6025483cu, 0x9afd5181u,
1847226629u, 50398611u, 1890374404u, 2878700735u, 0x6e1a7105u, 0x03010593u, 0x70acd304u, 0xab957cbfu,
2286201787u, 1401186359u, 619285059u, 731930817u, 0x8844abbbu, 0x53846837u, 0x24e98a43u, 0x2ba060c1u,
2340993166u, 1156490245u, 2992241729u, 151498140u, 0x8b88b88eu, 0x44eea405u, 0xb259fc41u, 0x0907ad9cu,
318782170u, 3480838990u, 2100383433u, 4223552555u, 0x13003adau, 0xcf79634eu, 0x7d314ec9u, 0xfbbe4c2bu,
3628927011u, 4247846280u, 1759029513u, 4215632601u, 0xd84d0823u, 0xfd30fd88u, 0x68d8a909u, 0xfb4572d9u,
2719154626u, 3490334597u, 1751299340u, 3487864726u, 0xa21301c2u, 0xd00a4785u, 0x6862b50cu, 0xcfe49796u,
3668753795u, 4217506054u, 3748782284u, 3150295088u }, 0xdaacbd83u, 0xfb620906u, 0xdf71e0ccu, 0xbbc5b030u },
{ 1772626313u, 445326068u, 3477676155u, 1758201194u, { 0x69a82189u, 0x1a8b22f4u, 0xcf49207bu, 0x68cc056au,
2986784722u, 491035581u, 3922936562u, 702212696u, 0xb206b7d2u, 0x1d449bbdu, 0xe9d342f2u, 0x29daea58u,
2979856666u, 3324974564u, 2488428922u, 3056318590u, 0xb19d011au, 0xc62f15e4u, 0x9452697au, 0xb62bb87eu,
1626954946u, 664714029u, 398585816u, 3964097931u, 0x60f95cc2u, 0x279ebb2du, 0x17c1efd8u, 0xec47558bu,
3356701905u, 2298377729u, 2040082097u, 3025491477u, 0xc81334d1u, 0x88fe7601u, 0x79992eb1u, 0xb4555615u,
539143308u, 3348777868u, 2995302452u, 3602465520u, 0x2022ac8cu, 0xc79a4b8cu, 0xb288b034u, 0xd6b942f0u,
212480763u, 2691021393u, 1307177300u, 704008044u, 0x0caa32fbu, 0xa065ba51u, 0x4de9f154u, 0x29f64f6cu,
2031136606u, 1054106474u, 3838318865u, 2441343869u, 0x7910af5eu, 0x3ed4636au, 0xe4c81911u, 0x9183f37du,
1477566916u, 700949900u, 2534790355u, 3353533667u, 0x5811e1c4u, 0x29c7a58cu, 0x9715d4d3u, 0xc7e2dce3u,
336163563u, 4106790558u, 2701448228u, 1571536379u, 0x140972ebu, 0xf4c8a69eu, 0xa104d424u, 0x5dabbdfbu,
1103842411u, 3623110423u, 1635278839u, 1577828979u, 0x41cb4c6bu, 0xd7f44717u, 0x61785ff7u, 0x5e0bc273u,
910322800u, 715583630u, 138128831u, 1017877531u, 0x36426c70u, 0x2aa6f08eu, 0x083badbfu, 0x3cab941bu,
2289162787u, 447994798u, 1897243165u, 4121561445u, 0x8871da23u, 0x1ab3dbaeu, 0x7115a21du, 0xf5aa0965u,
4150719842u, 2131821093u, 2262395396u, 3305771534u, 0xf766f562u, 0x7f110225u, 0x86d96a04u, 0xc50a120eu,
980753571u, 3256525190u, 3128121808u, 1072869975u, 0x3a751ca3u, 0xc21aa186u, 0xba7359d0u, 0x3ff2b257u,
3507939515u, 4229109952u, 118381341u, 2209831334u }, 0xd116e8bbu, 0xfc1318c0u, 0x070e5b1du, 0x83b759a6u },
65537 65537
}; };
@@ -136,30 +138,37 @@ ui_print(const char* format, ...) {
int main(int argc, char **argv) { int main(int argc, char **argv) {
if (argc < 2 || argc > 4) { if (argc < 2 || argc > 4) {
fprintf(stderr, "Usage: %s [-f4 | -file <keys>] <package>\n", argv[0]); fprintf(stderr, "Usage: %s [-sha256] [-f4 | -file <keys>] <package>\n", argv[0]);
return 2; return 2;
} }
RSAPublicKey* key = &test_key; Certificate default_cert;
Certificate* cert = &default_cert;
cert->public_key = &test_key;
cert->hash_len = SHA_DIGEST_SIZE;
int num_keys = 1; int num_keys = 1;
++argv; ++argv;
if (strcmp(argv[0], "-sha256") == 0) {
++argv;
cert->hash_len = SHA256_DIGEST_SIZE;
}
if (strcmp(argv[0], "-f4") == 0) { if (strcmp(argv[0], "-f4") == 0) {
++argv; ++argv;
key = &test_f4_key; cert->public_key = &test_f4_key;
} else if (strcmp(argv[0], "-file") == 0) { } else if (strcmp(argv[0], "-file") == 0) {
++argv; ++argv;
key = load_keys(argv[0], &num_keys); cert = load_keys(argv[0], &num_keys);
++argv; ++argv;
} }
ui = new FakeUI(); ui = new FakeUI();
int result = verify_file(*argv, key, num_keys); int result = verify_file(*argv, cert, num_keys);
if (result == VERIFY_SUCCESS) { if (result == VERIFY_SUCCESS) {
printf("SUCCESS\n"); printf("VERIFIED\n");
return 0; return 0;
} else if (result == VERIFY_FAILURE) { } else if (result == VERIFY_FAILURE) {
printf("FAILURE\n"); printf("NOT VERIFIED\n");
return 1; return 1;
} else { } else {
printf("bad return value\n"); printf("bad return value\n");
+22 -16
View File
@@ -64,33 +64,39 @@ $ADB push $ANDROID_PRODUCT_OUT/system/bin/verifier_test \
expect_succeed() { expect_succeed() {
testname "$1 (should succeed)" testname "$1 (should succeed)"
$ADB push $DATA_DIR/$1 $WORK_DIR/package.zip $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
run_command $WORK_DIR/verifier_test $WORK_DIR/package.zip || fail shift
run_command $WORK_DIR/verifier_test "$@" $WORK_DIR/package.zip || fail
} }
expect_fail() { expect_fail() {
testname "$1 (should fail)" testname "$1 (should fail)"
$ADB push $DATA_DIR/$1 $WORK_DIR/package.zip $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
run_command $WORK_DIR/verifier_test $WORK_DIR/package.zip && fail shift
} run_command $WORK_DIR/verifier_test "$@" $WORK_DIR/package.zip && fail
expect_succeed_f4() {
testname "$1 (should succeed)"
$ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
run_command $WORK_DIR/verifier_test -f4 $WORK_DIR/package.zip || fail
}
expect_fail_f4() {
testname "$1 (should fail)"
$ADB push $DATA_DIR/$1 $WORK_DIR/package.zip
run_command $WORK_DIR/verifier_test -f4 $WORK_DIR/package.zip && fail
} }
# not signed at all
expect_fail unsigned.zip expect_fail unsigned.zip
# signed in the pre-donut way
expect_fail jarsigned.zip expect_fail jarsigned.zip
# success cases
expect_succeed otasigned.zip expect_succeed otasigned.zip
expect_fail_f4 otasigned.zip expect_succeed otasigned_f4.zip -f4
expect_succeed_f4 otasigned_f4.zip expect_succeed otasigned_sha256.zip -sha256
expect_succeed otasigned_f4_sha256.zip -sha256 -f4
# verified against different key
expect_fail otasigned.zip -f4
expect_fail otasigned_f4.zip expect_fail otasigned_f4.zip
# verified against right key but wrong hash algorithm
expect_fail otasigned.zip -sha256
expect_fail otasigned_f4.zip -sha256 -f4
expect_fail otasigned_sha256.zip
expect_fail otasigned_f4_sha256.zip -f4
# various other cases
expect_fail random.zip expect_fail random.zip
expect_fail fake-eocd.zip expect_fail fake-eocd.zip
expect_fail alter-metadata.zip expect_fail alter-metadata.zip