aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorYabin Cui2016-06-09 16:09:39 -0500
committerTao Bao2016-10-19 13:19:15 -0500
commitfd99a318fe630b49ba35f9a19a1866e8b1a42b7e (patch)
tree53388e66db91793598030067dea27790a7f2c0de /install.cpp
parent06603c76c5c2424a6e6fc11326856a75e28bb616 (diff)
downloadplatform-bootable-recovery-fd99a318fe630b49ba35f9a19a1866e8b1a42b7e.tar.gz
platform-bootable-recovery-fd99a318fe630b49ba35f9a19a1866e8b1a42b7e.tar.xz
platform-bootable-recovery-fd99a318fe630b49ba35f9a19a1866e8b1a42b7e.zip
Verify wipe package when wiping A/B device in recovery.
To increase the security of wiping A/B devices, let uncrypt write wipe package in misc partition. Then recovery verifies the wipe package before wiping the device. Based on the original cherrypick, this CL also has additional changes to address the LOG statements and libziparchive changes. Bug: 29159185 Test: Build and boot into recovery. Change-Id: I186691bab1928d3dc036bc5542abd64a81bc2168 (cherry picked from commit 6faf0265c9b58db2c15b53f6d29025629d52f882)
Diffstat (limited to 'install.cpp')
-rw-r--r--install.cpp66
1 files changed, 41 insertions, 25 deletions
diff --git a/install.cpp b/install.cpp
index c9871523..0f9088a7 100644
--- a/install.cpp
+++ b/install.cpp
@@ -71,22 +71,33 @@ static int parse_build_number(const std::string& str) {
71 return -1; 71 return -1;
72} 72}
73 73
74// Read the build.version.incremental of src/tgt from the metadata and log it to last_install. 74bool read_metadata_from_package(ZipArchiveHandle zip, std::string* meta_data) {
75static void read_source_target_build(ZipArchiveHandle zip, std::vector<std::string>& log_buffer) {
76 ZipString metadata_path(METADATA_PATH); 75 ZipString metadata_path(METADATA_PATH);
77 ZipEntry meta_entry; 76 ZipEntry meta_entry;
77 if (meta_data == nullptr) {
78 LOG(ERROR) << "string* meta_data can't be nullptr";
79 return false;
80 }
78 if (FindEntry(zip, metadata_path, &meta_entry) != 0) { 81 if (FindEntry(zip, metadata_path, &meta_entry) != 0) {
79 LOG(ERROR) << "Failed to find " << METADATA_PATH << " in update package"; 82 LOG(ERROR) << "Failed to find " << METADATA_PATH << " in update package";
80 return; 83 return false;
81 } 84 }
82 85
83 std::string meta_data(meta_entry.uncompressed_length, '\0'); 86 meta_data->resize(meta_entry.uncompressed_length, '\0');
84 if (ExtractToMemory(zip, &meta_entry, reinterpret_cast<uint8_t*>(&meta_data[0]), 87 if (ExtractToMemory(zip, &meta_entry, reinterpret_cast<uint8_t*>(&(*meta_data)[0]),
85 meta_entry.uncompressed_length) != 0) { 88 meta_entry.uncompressed_length) != 0) {
86 LOG(ERROR) << "Failed to read metadata in update package"; 89 LOG(ERROR) << "Failed to read metadata in update package";
87 return; 90 return false;
88 } 91 }
92 return true;
93}
89 94
95// Read the build.version.incremental of src/tgt from the metadata and log it to last_install.
96static void read_source_target_build(ZipArchiveHandle zip, std::vector<std::string>& log_buffer) {
97 std::string meta_data;
98 if (!read_metadata_from_package(zip, &meta_data)) {
99 return;
100 }
90 // Examples of the pre-build and post-build strings in metadata: 101 // Examples of the pre-build and post-build strings in metadata:
91 // pre-build-incremental=2943039 102 // pre-build-incremental=2943039
92 // post-build-incremental=2951741 103 // post-build-incremental=2951741
@@ -301,33 +312,16 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount,
301 return INSTALL_CORRUPT; 312 return INSTALL_CORRUPT;
302 } 313 }
303 314
304 // Load keys.
305 std::vector<Certificate> loadedKeys;
306 if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) {
307 LOG(ERROR) << "Failed to load keys";
308 sysReleaseMap(&map);
309 return INSTALL_CORRUPT;
310 }
311 LOG(INFO) << loadedKeys.size() << " key(s) loaded from " << PUBLIC_KEYS_FILE;
312
313 // Verify package. 315 // Verify package.
314 ui->Print("Verifying update package...\n"); 316 if (!verify_package(map.addr, map.length)) {
315
316 auto t0 = std::chrono::system_clock::now();
317 int err = verify_file(map.addr, map.length, loadedKeys);
318 std::chrono::duration<double> duration = std::chrono::system_clock::now() - t0;
319 ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err);
320 if (err != VERIFY_SUCCESS) {
321 LOG(ERROR) << "signature verification failed";
322 log_buffer.push_back(android::base::StringPrintf("error: %d", kZipVerificationFailure)); 317 log_buffer.push_back(android::base::StringPrintf("error: %d", kZipVerificationFailure));
323
324 sysReleaseMap(&map); 318 sysReleaseMap(&map);
325 return INSTALL_CORRUPT; 319 return INSTALL_CORRUPT;
326 } 320 }
327 321
328 // Try to open the package. 322 // Try to open the package.
329 ZipArchiveHandle zip; 323 ZipArchiveHandle zip;
330 err = OpenArchiveFromMemory(map.addr, map.length, path, &zip); 324 int err = OpenArchiveFromMemory(map.addr, map.length, path, &zip);
331 if (err != 0) { 325 if (err != 0) {
332 LOG(ERROR) << "Can't open " << path << " : " << ErrorCodeString(err); 326 LOG(ERROR) << "Can't open " << path << " : " << ErrorCodeString(err);
333 log_buffer.push_back(android::base::StringPrintf("error: %d", kZipOpenFailure)); 327 log_buffer.push_back(android::base::StringPrintf("error: %d", kZipOpenFailure));
@@ -403,3 +397,25 @@ install_package(const char* path, bool* wipe_cache, const char* install_file,
403 397
404 return result; 398 return result;
405} 399}
400
401bool verify_package(const unsigned char* package_data, size_t package_size) {
402 std::vector<Certificate> loadedKeys;
403 if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) {
404 LOG(ERROR) << "Failed to load keys";
405 return false;
406 }
407 LOG(INFO) << loadedKeys.size() << " key(s) loaded from " << PUBLIC_KEYS_FILE;
408
409 // Verify package.
410 ui->Print("Verifying update package...\n");
411 auto t0 = std::chrono::system_clock::now();
412 int err = verify_file(const_cast<unsigned char*>(package_data), package_size, loadedKeys);
413 std::chrono::duration<double> duration = std::chrono::system_clock::now() - t0;
414 ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err);
415 if (err != VERIFY_SUCCESS) {
416 LOG(ERROR) << "Signature verification failed";
417 LOG(ERROR) << "error: " << kZipVerificationFailure;
418 return false;
419 }
420 return true;
421}