aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTao Bao2016-04-20 00:31:01 -0500
committerTao Bao2016-04-20 16:44:29 -0500
commite179276f7dd94e9ef738f00c6953d251c76f22f7 (patch)
treebf70a56aeb2e4ed2a29f995db2f59f3ef74a6de1 /verifier.cpp
parent4eec72d2cf8c1be0068feffc804035dab756c78d (diff)
downloadplatform-bootable-recovery-e179276f7dd94e9ef738f00c6953d251c76f22f7.tar.gz
platform-bootable-recovery-e179276f7dd94e9ef738f00c6953d251c76f22f7.tar.xz
platform-bootable-recovery-e179276f7dd94e9ef738f00c6953d251c76f22f7.zip
recovery: Dump the signature in the zip package.
We have been occasionally seeing "signature verification failed" error message when applying an update. Make more verbose output to help debugging. Bug: 28246534 Change-Id: Id83633adc9b86b3fd36abbb504e430f0816f12e4
Diffstat (limited to 'verifier.cpp')
-rw-r--r--verifier.cpp17
1 files changed, 15 insertions, 2 deletions
diff --git a/verifier.cpp b/verifier.cpp
index f5299b4a..16cc7cf0 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -27,6 +27,7 @@
27 27
28#include "asn1_decoder.h" 28#include "asn1_decoder.h"
29#include "common.h" 29#include "common.h"
30#include "print_sha1.h"
30#include "ui.h" 31#include "ui.h"
31#include "verifier.h" 32#include "verifier.h"
32 33
@@ -230,9 +231,14 @@ int verify_file(unsigned char* addr, size_t length,
230 uint8_t* sig_der = nullptr; 231 uint8_t* sig_der = nullptr;
231 size_t sig_der_length = 0; 232 size_t sig_der_length = 0;
232 233
234 uint8_t* signature = eocd + eocd_size - signature_start;
233 size_t signature_size = signature_start - FOOTER_SIZE; 235 size_t signature_size = signature_start - FOOTER_SIZE;
234 if (!read_pkcs7(eocd + eocd_size - signature_start, signature_size, &sig_der, 236
235 &sig_der_length)) { 237 LOGI("signature (offset: 0x%zx, length: %zu): %s\n",
238 length - signature_start, signature_size,
239 print_hex(signature, signature_size).c_str());
240
241 if (!read_pkcs7(signature, signature_size, &sig_der, &sig_der_length)) {
236 LOGE("Could not find signature DER block\n"); 242 LOGE("Could not find signature DER block\n");
237 return VERIFY_FAILURE; 243 return VERIFY_FAILURE;
238 } 244 }
@@ -287,6 +293,13 @@ int verify_file(unsigned char* addr, size_t length,
287 } 293 }
288 i++; 294 i++;
289 } 295 }
296
297 if (need_sha1) {
298 LOGI("SHA-1 digest: %s\n", print_hex(sha1, SHA_DIGEST_LENGTH).c_str());
299 }
300 if (need_sha256) {
301 LOGI("SHA-256 digest: %s\n", print_hex(sha256, SHA256_DIGEST_LENGTH).c_str());
302 }
290 free(sig_der); 303 free(sig_der);
291 LOGE("failed to verify whole-file signature\n"); 304 LOGE("failed to verify whole-file signature\n");
292 return VERIFY_FAILURE; 305 return VERIFY_FAILURE;