aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Move rangeset.h and print_sha1.h into otautil.Tao Bao2017-10-101-1/+1
| | | | | | | | | Also drop the "bootable/recovery" path in LOCAL_C_INCLUDES from applypatch modules. Test: lunch aosp_{angler,bullhead,fugu,dragon,sailfish}-userdebug; mmma bootable/recovery Change-Id: Idd602a796894f971ee4f8fa3eafe36c42d9de986
* Fix the android-cloexec-* warnings in bootable/recoveryTianjie Xu2017-07-191-72/+71
| | | | | | | | Add the O_CLOEXEC or 'e' accordingly. Bug: 63510015 Test: recovery tests pass Change-Id: I7094bcc6af22c9687eb535116b2ca6a59178b303
* Merge "Const modifiers"Tao Bao2017-03-241-1/+1
|\ | | | | | | | | | | am: 4efd353d8f Change-Id: I8ae993749d5f2c58cc5ef23f90845cf5a0bf756d
| * Const modifiersMikhail Lappo2017-03-231-1/+1
| | | | | | | | | | | | | | | | This functions do not change class variables Would be good to mark them as const, so class variables are not changed by coincidence Change-Id: Iea34f6d26dbd1bde813035160e07ff2a681989e6
* | Merge "Refactor asn1_decoder functions into a class."Tao Bao2017-03-221-37/+39
|\| | | | | | | | | | | am: ea3d0b923d Change-Id: I581e85f453fe1dc8b3a7cb6a7b660539f99ec55e
| * Refactor asn1_decoder functions into a class.Tao Bao2017-03-211-37/+39
| | | | | | | | | | | | | | Test: mmma bootable/recovery Test: recovery_unit_test passes. Test: recovery_component_test passes. Change-Id: If0bf25993158eaebeedff55ba4f4dd0f6e5f937d
* | Merge "verify_file: Add constness to a few addresses."Tao Bao2017-03-211-54/+53
|\| | | | | | | | | | | am: 5b2bf90e13 Change-Id: I6e04bf2bc3dc8c978edafafcbb41401189865233
| * verify_file: Add constness to a few addresses.Tao Bao2017-03-211-54/+53
| | | | | | | | | | | | | | | | | | | | We should not touch any data while verifying packages (or parsing the in-memory ASN.1 structures). Test: mmma bootable/recovery Test: recovery_component_test passes. Test: recovery_unit_test passes. Change-Id: Ie990662c6451ec066a1807b3081c9296afbdb0bf
* | Merge "Remove the dead #include's in verifier.cpp."Tao Bao2017-03-201-3/+1
|\| | | | | | | | | | | am: 64d25024b9 Change-Id: I36aed07781b1b9bff0ffe6cabeb5d1f3b8546072
| * Remove the dead #include's in verifier.cpp.Tao Bao2017-03-181-3/+1
| | | | | | | | | | | | | | | | | | | | A follow-up to commit 5e535014dd7961fbf812abeaa27f3339775031f1. Also clean up Android.mk, since libverifier no longer needs anything from libminui. Test: mmma bootable/recovery Test: recovery_component_test passes. Change-Id: I1c11e4bbeef67ca34a2054debf1f5b280d509217
* | resolve merge conflicts of 90d3f20c to stage-aosp-masterTao Bao2017-03-181-173/+166
|\| | | | | | | | | Test: I solemnly swear I tested this conflict resolution. Change-Id: I9c1806eceb56712c4b3d1c67d54f4b21bd3fe50a
| * Drop the dependency on 'ui' in verify_file().Tao Bao2017-03-171-168/+161
| | | | | | | | | | | | | | | | | | | | | | | | | | | | verify_file() has a dependency on the global variable of 'ui' for posting the verification progress, which requires the users of libverifier to provide a UI instance. This CL adds an optional argument to verify_file() so that it can post the progress through the provided callback function. As a result, we can drop the MockUI class in verifier_test.cpp. Test: recovery_component_test passes. Test: verify_file() posts progress update when installing an OTA. Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1
* | resolve build error when merging 0f7f7e21Tianjie Xu2017-01-181-2/+2
| | | | | | | | | | Test: mma Change-Id: Ibdcf7b47e54d3739fb922f66996365763d2acfef
* | Add a checker for signature boundary in verifier am: 54ea136fde am: ↵Tianjie Xu2017-01-181-0/+6
|\ \ | |/ |/| | | | | | | | | | | 0a34b17c8b am: fb80b4f72d am: d3d5e54a45 am: 6ea9888d51 am: a055eb93c3 am: 15ca2a4763 am: ca50d7b66a am: 64f0de7a13 am: e4ec60e045 am: e0d3b0ceab Change-Id: I4fe8bdd81f8250b862b0018f0a52a76d37ee9d88
| * Add a checker for signature boundary in verifier am: 54ea136fde am: ↵Tianjie Xu2017-01-181-0/+6
| |\ | | | | | | | | | | | | | | | | | | | | | 0a34b17c8b am: fb80b4f72d am: d3d5e54a45 am: 6ea9888d51 am: a055eb93c3 am: 15ca2a4763 Change-Id: I5481d39f0d2fdb92c95e964d2a55512f4df3acb3
| | * Add a checker for signature boundary in verifier am: 54ea136fde am: 0a34b17c8bTianjie Xu2017-01-181-0/+6
| | |\ | | | | | | | | | | | | | | | | | | | | am: fb80b4f72d Change-Id: Iba2da78981e4bd7a2b263b2f6b18ab6c176e5fc8
| | | * Add a checker for signature boundary in verifierTianjie Xu2016-12-161-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The 'signature_start' variable marks the location of the signature from the end of a zip archive. And a boundary check is missing where 'signature_start' should be within the EOCD comment field. This causes problems when sideloading a malicious package. Also add a corresponding test. Bug: 31914369 Test: Verification fails correctly when sideloading recovery_test.zip on angler. Change-Id: I6ea96bf04dac5d8d4d6719e678d504f957b4d5c1 (cherry-picked from f69e6a9475983b2ad46729e44ab58d2b22cd74d0)
* | | | Revert "Revert "Some cleanups to recovery.""Tao Bao2016-11-031-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 8584fcf677dd45b30121bd0490b06297e6be1871. This CL re-lands commit c0319b60f56d445c2d1c74f551e01f069b028fe6. The "stage" and "reason" variables are now declared as global by dropping the static qualifier, because they may be used by vendor recovery libraries. Test: lunch aosp_angler-userdebug; mmma bootable/recovery Test: lunch aosp_dragon-userdebug; mmma bootable/recovery Change-Id: I252c346f450079478cff22bbff01590b8ab2e2b3
* | | | Revert "Some cleanups to recovery."Dan Albert2016-10-261-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit c0319b60f56d445c2d1c74f551e01f069b028fe6. Reason for revert: Broke builds. Change-Id: I82aa880b83de5ae6c36fd7567cb001920559a972
* | | | Some cleanups to recovery.Tao Bao2016-10-261-4/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Remove the duplicate gCurrentUI variable in recovery.cpp; - Refactor the load/save of locale functions; - Clean up ui_print() to get rid of 256-byte buffer limit; - Declare ui in common.h; - Move the typedef of Volume into roots.h. Test: Build and boot into recovery image. Change-Id: Ia28c116858ca754133127a5ff9c722af67ad55b7
* | | | Replace minzip with libziparchiveTianjie Xu2016-10-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clean up the duplicated codes that handle the zip files in bootable/recovery; and rename the library of the remaining utility functions to libotautil. Test: Update package installed successfully on angler. Bug: 19472796 Change-Id: Iea8962fcf3004473cb0322b6bb3a9ea3ca7f679e
* | | | Switch recovery to libbase loggingTianjie Xu2016-09-011-25/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clean up the recovery image and switch to libbase logging. Bug: 28191554 Change-Id: Icd999c3cc832f0639f204b5c36cea8afe303ad35 Merged-In: Icd999c3cc832f0639f204b5c36cea8afe303ad35
* | | | Merge "recovery: Dump the signature in the zip package." into nyc-devTao Bao2016-04-221-2/+15
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: 34ca089 * commit '34ca0892f4ae440becbe8097e7b68cd5a6d494d3': recovery: Dump the signature in the zip package. Change-Id: I22eb6256f3204f2eac80e729cd0cd5b862b45863
| * | | recovery: Dump the signature in the zip package.Tao Bao2016-04-201-2/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We have been occasionally seeing "signature verification failed" error message when applying an update. Make more verbose output to help debugging. Bug: 28246534 Change-Id: Id83633adc9b86b3fd36abbb504e430f0816f12e4
* | | | Decrease OTA package verification times further.Elliott Hughes2016-04-201-4/+4
|\| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | am: dd895d0 * commit 'dd895d0adaa691a078f18a95a7f5ac0eaf776cae': Decrease OTA package verification times further. Change-Id: If3bee4cbe66e576193556472776a232c9460af9a
| * | | Decrease OTA package verification times further.Elliott Hughes2016-04-191-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Timing from Nexus 5X: 89 MiB OTA update package: 1.4 s -> 0.6 s (decreased by 57%) 1196 MiB OTA update package: 8.0 s -> 7.5 s (decreased by 6%) Bug: http://b/28135231 Change-Id: Id91f2ad15df2bffb9f8a4b4ec5a57657a02847ec
* | | | Merge "Fix IWYU errors." am: 51dcd0dTreehugger Robot2016-04-151-0/+1
|\ \ \ \ | |/ / / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | am: 405db92 * commit '405db92b6e6384f0f22ba6be338c08e8f1aad345': Fix IWYU errors. Change-Id: Iedb6480e232c560ff9095f5593f13ad412616e4d
| * | | Fix IWYU errors.David Benjamin2016-04-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes build errors with BoringSSL master. (The cpp file uses functions from bn.h and neither it nor the header includes it.) Change-Id: If7f38aa0b931aa7940079bc006c7283b31f3b774
| * | | Convert recovery to use BoringSSL instead of mincrypt.Mattias Nissler2016-04-061-107/+203
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
* | | | Use BoringSSL instead of mincrypt to speed up package verification.Elliott Hughes2016-04-131-111/+209
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with merge conflict resolution, extra logging in verifier.cpp, and an increase in the hash chunk size from 4KiB to 1MiB. Bug: http://b/28135231 Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
* / / recovery: Refactor verifier and verifier_test.Tao Bao2016-02-021-141/+124
|/ / | | | | | | | | | | | | | | Move to using std::vector and std::unique_ptr to manage key certificates to stop memory leaks. Bug: 26908001 Change-Id: Ia5f799bc8dcc036a0ffae5eaa8d9f6e09abd031c
* / Add missing includes.Elliott Hughes2015-01-281-2/+3
|/ | | | Change-Id: I0737456e0221ebe9cc854d65c95a7d37d0869d56
* am 4b6de1ba: am 026ebe02: Merge "Recovery 64-bit compile issues"Mark Salyzyn2014-03-141-7/+7
|\ | | | | | | | | * commit '4b6de1ba1ce0fff95c18a8abb7ba6e5762006d49': Recovery 64-bit compile issues
| * Recovery 64-bit compile issuesMark Salyzyn2014-03-141-7/+7
| | | | | | | | Change-Id: I92d5abd1a628feab3b0246924fab7f97ba3b9d34
* | do verification and extraction on memory, not filesDoug Zongker2014-01-161-55/+15
|/ | | | | | | | | | | | | | | | Changes minzip and recovery's file signature verification to work on memory regions, rather than files. For packages which are regular files, install.cpp now mmap()s them into memory and then passes the mapped memory to the verifier and to the minzip library. Support for files which are raw block maps (which will be used when we have packages written to encrypted data partitions) is present but largely untested so far. Bug: 12188746 Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
* Add support for ECDSA signaturesKenny Root2013-10-101-32/+198
| | | | | | | | This adds support for key version 5 which is an EC key using the NIST P-256 curve parameters. OTAs may be signed with these keys using the ECDSA signature algorithm with SHA-256. Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
* verifier: update to support certificates using SHA-256Doug Zongker2013-09-251-17/+63
| | | | | | (cherry picked from commit bac7fba02763ae5e78e8e4ba0bea727330ad953e) Change-Id: I01c38d7fea088622a8b0bbf2c833fa2d969417af
* move key loading to verifier codeDoug Zongker2012-11-021-0/+102
| | | | | | | Add an option to verifier_test to load keys from a file, the way the recovery does. Change-Id: Icba0e391164f2c1a9fefeab4b0bcb878e91d17b4
* refactor ui functions into a classDoug Zongker2011-10-311-2/+4
| | | | | | | | | | | Move all the functions in ui.c to be members of a ScreenRecoveryUI class, which is a subclass of an abstract RecoveryUI class. Recovery then creates a global singleton instance of this class and then invoke the methods to drive the UI. We use this to allow substitution of a different RecoveryUI implementation for devices with radically different form factors (eg, that don't have a screen). Change-Id: I76bdd34eca506149f4cc07685df6a4890473f3d9
* turn recovery into a C++ binaryDoug Zongker2011-10-311-0/+185
Change-Id: I423a23581048d451d53eef46e5f5eac485b77555