resolve merge conflicts of 8febafa to nyc-dev-plus-aosp

Change-Id: I423937b4b20a2079714aa38ab7f8b199782df689

install.cpp

@@ -23,6 +23,7 @@
 #include <sys/wait.h>
 #include <unistd.h>
 
+#include <chrono>
 #include <vector>
 
 #include "common.h"
@@ -228,6 +229,7 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount)
         return INSTALL_CORRUPT;
     }
 
+    // Load keys.
     std::vector<Certificate> loadedKeys;
     if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) {
         LOGE("Failed to load keys\n");
@@ -235,18 +237,19 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount)
     }
     LOGI("%zu key(s) loaded from %s\n", loadedKeys.size(), PUBLIC_KEYS_FILE);
 
+    // Verify package.
     ui->Print("Verifying update package...\n");
-
+    auto t0 = std::chrono::system_clock::now();
     int err = verify_file(map.addr, map.length, loadedKeys);
-    LOGI("verify_file returned %d\n", err);
+    std::chrono::duration<double> duration = std::chrono::system_clock::now() - t0;
+    ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err);
     if (err != VERIFY_SUCCESS) {
         LOGE("signature verification failed\n");
         sysReleaseMap(&map);
         return INSTALL_CORRUPT;
     }
 
-    /* Try to open the package.
-     */
+    // Try to open the package.
     ZipArchive zip;
     err = mzOpenZipArchive(map.addr, map.length, &zip);
     if (err != 0) {
@@ -255,8 +258,7 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount)
         return INSTALL_CORRUPT;
     }
 
-    /* Verify and install the contents of the package.
-     */
+    // Verify and install the contents of the package.
     ui->Print("Installing update...\n");
     ui->SetEnableReboot(false);
     int result = try_update_binary(path, &zip, wipe_cache);

verifier.cpp

@@ -32,6 +32,8 @@
 
 extern RecoveryUI* ui;
 
+static constexpr size_t MiB = 1024 * 1024;
+
 /*
  * Simple version of PKCS#7 SignedData extraction. This extracts the
  * signature OCTET STRING to be used for signature verification.
@@ -187,8 +189,6 @@ int verify_file(unsigned char* addr, size_t length,
         }
     }
 
-#define BUFFER_SIZE 4096
-
     bool need_sha1 = false;
     bool need_sha256 = false;
     for (const auto& key : keys) {
@@ -206,8 +206,10 @@ int verify_file(unsigned char* addr, size_t length,
     double frac = -1.0;
     size_t so_far = 0;
     while (so_far < signed_len) {
-        size_t size = signed_len - so_far;
-        if (size > BUFFER_SIZE) size = BUFFER_SIZE;
+        // On a Nexus 9, experiment didn't show any performance improvement with
+        // larger sizes past 1MiB, and they reduce the granularity of the progress
+        // bar. http://b/28135231.
+        size_t size = std::min(signed_len - so_far, 1 * MiB);
 
         if (need_sha1) SHA1_Update(&sha1_ctx, addr + so_far, size);
         if (need_sha256) SHA256_Update(&sha256_ctx, addr + so_far, size);