aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTianjie Xu2016-08-05 20:00:04 -0500
committerTianjie Xu2016-09-01 13:33:25 -0500
commit7b0ad9c638176dc364dabb65b363536055a0ea9c (patch)
tree73848b33067169c72788f517063c3d9659e783c0 /verifier.cpp
parent818394869d36b9db1bf4984585a062d4bb91310f (diff)
downloadplatform-bootable-recovery-7b0ad9c638176dc364dabb65b363536055a0ea9c.tar.gz
platform-bootable-recovery-7b0ad9c638176dc364dabb65b363536055a0ea9c.tar.xz
platform-bootable-recovery-7b0ad9c638176dc364dabb65b363536055a0ea9c.zip
Switch recovery to libbase logging
Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
Diffstat (limited to 'verifier.cpp')
-rw-r--r--verifier.cpp50
1 files changed, 25 insertions, 25 deletions
diff --git a/verifier.cpp b/verifier.cpp
index 996a1fdf..401bd7e3 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -22,6 +22,7 @@
22#include <algorithm> 22#include <algorithm>
23#include <memory> 23#include <memory>
24 24
25#include <android-base/logging.h>
25#include <openssl/bn.h> 26#include <openssl/bn.h>
26#include <openssl/ecdsa.h> 27#include <openssl/ecdsa.h>
27#include <openssl/obj_mac.h> 28#include <openssl/obj_mac.h>
@@ -131,24 +132,24 @@ int verify_file(unsigned char* addr, size_t length,
131#define FOOTER_SIZE 6 132#define FOOTER_SIZE 6
132 133
133 if (length < FOOTER_SIZE) { 134 if (length < FOOTER_SIZE) {
134 LOGE("not big enough to contain footer\n"); 135 LOG(ERROR) << "not big enough to contain footer";
135 return VERIFY_FAILURE; 136 return VERIFY_FAILURE;
136 } 137 }
137 138
138 unsigned char* footer = addr + length - FOOTER_SIZE; 139 unsigned char* footer = addr + length - FOOTER_SIZE;
139 140
140 if (footer[2] != 0xff || footer[3] != 0xff) { 141 if (footer[2] != 0xff || footer[3] != 0xff) {
141 LOGE("footer is wrong\n"); 142 LOG(ERROR) << "footer is wrong";
142 return VERIFY_FAILURE; 143 return VERIFY_FAILURE;
143 } 144 }
144 145
145 size_t comment_size = footer[4] + (footer[5] << 8); 146 size_t comment_size = footer[4] + (footer[5] << 8);
146 size_t signature_start = footer[0] + (footer[1] << 8); 147 size_t signature_start = footer[0] + (footer[1] << 8);
147 LOGI("comment is %zu bytes; signature %zu bytes from end\n", 148 LOG(INFO) << "comment is " << comment_size << " bytes; signature is " << signature_start
148 comment_size, signature_start); 149 << " bytes from end";
149 150
150 if (signature_start <= FOOTER_SIZE) { 151 if (signature_start <= FOOTER_SIZE) {
151 LOGE("Signature start is in the footer"); 152 LOG(ERROR) << "Signature start is in the footer";
152 return VERIFY_FAILURE; 153 return VERIFY_FAILURE;
153 } 154 }
154 155
@@ -159,7 +160,7 @@ int verify_file(unsigned char* addr, size_t length,
159 size_t eocd_size = comment_size + EOCD_HEADER_SIZE; 160 size_t eocd_size = comment_size + EOCD_HEADER_SIZE;
160 161
161 if (length < eocd_size) { 162 if (length < eocd_size) {
162 LOGE("not big enough to contain EOCD\n"); 163 LOG(ERROR) << "not big enough to contain EOCD";
163 return VERIFY_FAILURE; 164 return VERIFY_FAILURE;
164 } 165 }
165 166
@@ -175,7 +176,7 @@ int verify_file(unsigned char* addr, size_t length,
175 // magic number $50 $4b $05 $06. 176 // magic number $50 $4b $05 $06.
176 if (eocd[0] != 0x50 || eocd[1] != 0x4b || 177 if (eocd[0] != 0x50 || eocd[1] != 0x4b ||
177 eocd[2] != 0x05 || eocd[3] != 0x06) { 178 eocd[2] != 0x05 || eocd[3] != 0x06) {
178 LOGE("signature length doesn't match EOCD marker\n"); 179 LOG(ERROR) << "signature length doesn't match EOCD marker";
179 return VERIFY_FAILURE; 180 return VERIFY_FAILURE;
180 } 181 }
181 182
@@ -186,7 +187,7 @@ int verify_file(unsigned char* addr, size_t length,
186 // the real one, minzip will find the later (wrong) one, 187 // the real one, minzip will find the later (wrong) one,
187 // which could be exploitable. Fail verification if 188 // which could be exploitable. Fail verification if
188 // this sequence occurs anywhere after the real one. 189 // this sequence occurs anywhere after the real one.
189 LOGE("EOCD marker occurs after start of EOCD\n"); 190 LOG(ERROR) << "EOCD marker occurs after start of EOCD";
190 return VERIFY_FAILURE; 191 return VERIFY_FAILURE;
191 } 192 }
192 } 193 }
@@ -235,12 +236,11 @@ int verify_file(unsigned char* addr, size_t length,
235 uint8_t* signature = eocd + eocd_size - signature_start; 236 uint8_t* signature = eocd + eocd_size - signature_start;
236 size_t signature_size = signature_start - FOOTER_SIZE; 237 size_t signature_size = signature_start - FOOTER_SIZE;
237 238
238 LOGI("signature (offset: 0x%zx, length: %zu): %s\n", 239 LOG(INFO) << "signature (offset: " << std::hex << (length - signature_start) << ", length: "
239 length - signature_start, signature_size, 240 << signature_size << "): " << print_hex(signature, signature_size);
240 print_hex(signature, signature_size).c_str());
241 241
242 if (!read_pkcs7(signature, signature_size, &sig_der, &sig_der_length)) { 242 if (!read_pkcs7(signature, signature_size, &sig_der, &sig_der_length)) {
243 LOGE("Could not find signature DER block\n"); 243 LOG(ERROR) << "Could not find signature DER block";
244 return VERIFY_FAILURE; 244 return VERIFY_FAILURE;
245 } 245 }
246 246
@@ -271,38 +271,38 @@ int verify_file(unsigned char* addr, size_t length,
271 if (key.key_type == Certificate::KEY_TYPE_RSA) { 271 if (key.key_type == Certificate::KEY_TYPE_RSA) {
272 if (!RSA_verify(hash_nid, hash, key.hash_len, sig_der, 272 if (!RSA_verify(hash_nid, hash, key.hash_len, sig_der,
273 sig_der_length, key.rsa.get())) { 273 sig_der_length, key.rsa.get())) {
274 LOGI("failed to verify against RSA key %zu\n", i); 274 LOG(INFO) << "failed to verify against RSA key " << i;
275 continue; 275 continue;
276 } 276 }
277 277
278 LOGI("whole-file signature verified against RSA key %zu\n", i); 278 LOG(INFO) << "whole-file signature verified against RSA key " << i;
279 free(sig_der); 279 free(sig_der);
280 return VERIFY_SUCCESS; 280 return VERIFY_SUCCESS;
281 } else if (key.key_type == Certificate::KEY_TYPE_EC 281 } else if (key.key_type == Certificate::KEY_TYPE_EC
282 && key.hash_len == SHA256_DIGEST_LENGTH) { 282 && key.hash_len == SHA256_DIGEST_LENGTH) {
283 if (!ECDSA_verify(0, hash, key.hash_len, sig_der, 283 if (!ECDSA_verify(0, hash, key.hash_len, sig_der,
284 sig_der_length, key.ec.get())) { 284 sig_der_length, key.ec.get())) {
285 LOGI("failed to verify against EC key %zu\n", i); 285 LOG(INFO) << "failed to verify against EC key " << i;
286 continue; 286 continue;
287 } 287 }
288 288
289 LOGI("whole-file signature verified against EC key %zu\n", i); 289 LOG(INFO) << "whole-file signature verified against EC key " << i;
290 free(sig_der); 290 free(sig_der);
291 return VERIFY_SUCCESS; 291 return VERIFY_SUCCESS;
292 } else { 292 } else {
293 LOGI("Unknown key type %d\n", key.key_type); 293 LOG(INFO) << "Unknown key type " << key.key_type;
294 } 294 }
295 i++; 295 i++;
296 } 296 }
297 297
298 if (need_sha1) { 298 if (need_sha1) {
299 LOGI("SHA-1 digest: %s\n", print_hex(sha1, SHA_DIGEST_LENGTH).c_str()); 299 LOG(INFO) << "SHA-1 digest: " << print_hex(sha1, SHA_DIGEST_LENGTH);
300 } 300 }
301 if (need_sha256) { 301 if (need_sha256) {
302 LOGI("SHA-256 digest: %s\n", print_hex(sha256, SHA256_DIGEST_LENGTH).c_str()); 302 LOG(INFO) << "SHA-256 digest: " << print_hex(sha256, SHA256_DIGEST_LENGTH);
303 } 303 }
304 free(sig_der); 304 free(sig_der);
305 LOGE("failed to verify whole-file signature\n"); 305 LOG(ERROR) << "failed to verify whole-file signature";
306 return VERIFY_FAILURE; 306 return VERIFY_FAILURE;
307} 307}
308 308
@@ -323,7 +323,7 @@ std::unique_ptr<RSA, RSADeleter> parse_rsa_key(FILE* file, uint32_t exponent) {
323 } 323 }
324 324
325 if (key_len_words > 8192 / 32) { 325 if (key_len_words > 8192 / 32) {
326 LOGE("key length (%d) too large\n", key_len_words); 326 LOG(ERROR) << "key length (" << key_len_words << ") too large";
327 return nullptr; 327 return nullptr;
328 } 328 }
329 329
@@ -479,7 +479,7 @@ std::unique_ptr<EC_KEY, ECKEYDeleter> parse_ec_key(FILE* file) {
479bool load_keys(const char* filename, std::vector<Certificate>& certs) { 479bool load_keys(const char* filename, std::vector<Certificate>& certs) {
480 std::unique_ptr<FILE, decltype(&fclose)> f(fopen(filename, "r"), fclose); 480 std::unique_ptr<FILE, decltype(&fclose)> f(fopen(filename, "r"), fclose);
481 if (!f) { 481 if (!f) {
482 LOGE("opening %s: %s\n", filename, strerror(errno)); 482 PLOG(ERROR) << "error opening " << filename;
483 return false; 483 return false;
484 } 484 }
485 485
@@ -529,14 +529,14 @@ bool load_keys(const char* filename, std::vector<Certificate>& certs) {
529 return false; 529 return false;
530 } 530 }
531 531
532 LOGI("read key e=%d hash=%d\n", exponent, cert.hash_len); 532 LOG(INFO) << "read key e=" << exponent << " hash=" << cert.hash_len;
533 } else if (cert.key_type == Certificate::KEY_TYPE_EC) { 533 } else if (cert.key_type == Certificate::KEY_TYPE_EC) {
534 cert.ec = parse_ec_key(f.get()); 534 cert.ec = parse_ec_key(f.get());
535 if (!cert.ec) { 535 if (!cert.ec) {
536 return false; 536 return false;
537 } 537 }
538 } else { 538 } else {
539 LOGE("Unknown key type %d\n", cert.key_type); 539 LOG(ERROR) << "Unknown key type " << cert.key_type;
540 return false; 540 return false;
541 } 541 }
542 542
@@ -548,7 +548,7 @@ bool load_keys(const char* filename, std::vector<Certificate>& certs) {
548 } else if (ch == EOF) { 548 } else if (ch == EOF) {
549 break; 549 break;
550 } else { 550 } else {
551 LOGE("unexpected character between keys\n"); 551 LOG(ERROR) << "unexpected character between keys";
552 return false; 552 return false;
553 } 553 }
554 } 554 }