diff options
author | Doug Zongker <dougz@android.com> | 2012-07-25 13:10:58 -0700 |
---|---|---|
committer | Chirayu Desai <cdesai@cyanogenmod.org> | 2013-05-25 19:56:13 +0530 |
commit | cc5591a83af14c5274065c219af54a995557ce5c (patch) | |
tree | bcdde214c061b32416253a18312605d02004de02 | |
parent | 7efb8bde978b62d1f96b08c26bdffab86502ae63 (diff) | |
download | bootable_recovery-cc5591a83af14c5274065c219af54a995557ce5c.zip bootable_recovery-cc5591a83af14c5274065c219af54a995557ce5c.tar.gz bootable_recovery-cc5591a83af14c5274065c219af54a995557ce5c.tar.bz2 |
support version 2 (2048-bit e=65537) keys in recovery
Signed-off-by: Chirayu Desai <cdesai@cyanogenmod.org>
Change-Id: I9849c69777d513bb12926c8c622d1c12d2da568a
-rw-r--r-- | install.c | 6 | ||||
-rw-r--r-- | verifier_test.c | 53 | ||||
-rwxr-xr-x | verifier_test.sh | 23 |
3 files changed, 72 insertions, 10 deletions
@@ -266,6 +266,12 @@ try_update_binary(const char *path, ZipArchive *zip) { // // "{64,0xc926ad21,{1795090719,...,-695002876},{-857949815,...,1175080310}}" // +// For key versions newer than the original 2048-bit e=3 keys +// supported by Android, the string is preceded by a version +// identifier, eg: +// +// "v2 {64,0xc926ad21,{1795090719,...,-695002876},{-857949815,...,1175080310}}" +// // (Note that the braces and commas in this example are actual // characters the parser expects to find in the file; the ellipses // indicate more numbers omitted from this example.) diff --git a/verifier_test.c b/verifier_test.c index 5b6c1f4..b303ede 100644 --- a/verifier_test.c +++ b/verifier_test.c @@ -55,7 +55,45 @@ RSAPublicKey test_key = 9135381, 1625809335, -1490225159, -1342673351, 1117190829, -57654514, 1825108855, -1281819325, 1111251351, -1726129724, 1684324211, -1773988491, - 367251975, 810756730, -1941182952, 1175080310 } + 367251975, 810756730, -1941182952, 1175080310 }, + 3 + }; + +RSAPublicKey test_f4_key = + { 64, 0xc9bd1f21, + { 293133087u, 3210546773u, 865313125u, 250921607u, + 3158780490u, 943703457u, 1242806226u, 2986289859u, + 2942743769u, 2457906415u, 2719374299u, 1783459420u, + 149579627u, 3081531591u, 3440738617u, 2788543742u, + 2758457512u, 1146764939u, 3699497403u, 2446203424u, + 1744968926u, 1159130537u, 2370028300u, 3978231572u, + 3392699980u, 1487782451u, 1180150567u, 2841334302u, + 3753960204u, 961373345u, 3333628321u, 748825784u, + 2978557276u, 1566596926u, 1613056060u, 2600292737u, + 1847226629u, 50398611u, 1890374404u, 2878700735u, + 2286201787u, 1401186359u, 619285059u, 731930817u, + 2340993166u, 1156490245u, 2992241729u, 151498140u, + 318782170u, 3480838990u, 2100383433u, 4223552555u, + 3628927011u, 4247846280u, 1759029513u, 4215632601u, + 2719154626u, 3490334597u, 1751299340u, 3487864726u, + 3668753795u, 4217506054u, 3748782284u, 3150295088u }, + { 1772626313u, 445326068u, 3477676155u, 1758201194u, + 2986784722u, 491035581u, 3922936562u, 702212696u, + 2979856666u, 3324974564u, 2488428922u, 3056318590u, + 1626954946u, 664714029u, 398585816u, 3964097931u, + 3356701905u, 2298377729u, 2040082097u, 3025491477u, + 539143308u, 3348777868u, 2995302452u, 3602465520u, + 212480763u, 2691021393u, 1307177300u, 704008044u, + 2031136606u, 1054106474u, 3838318865u, 2441343869u, + 1477566916u, 700949900u, 2534790355u, 3353533667u, + 336163563u, 4106790558u, 2701448228u, 1571536379u, + 1103842411u, 3623110423u, 1635278839u, 1577828979u, + 910322800u, 715583630u, 138128831u, 1017877531u, + 2289162787u, 447994798u, 1897243165u, 4121561445u, + 4150719842u, 2131821093u, 2262395396u, 3305771534u, + 980753571u, 3256525190u, 3128121808u, 1072869975u, + 3507939515u, 4229109952u, 118381341u, 2209831334u }, + 65537 }; void ui_print(const char* fmt, ...) { @@ -72,12 +110,19 @@ void ui_set_progress(float fraction) { } int main(int argc, char **argv) { - if (argc != 2) { - fprintf(stderr, "Usage: %s <package>\n", argv[0]); + if (argc != 2 && argc != 3) { + fprintf(stderr, "Usage: %s [-f4] <package>\n", argv[0]); return 2; } - int result = verify_file(argv[1], &test_key, 1); + RSAPublicKey* key = &test_key; + ++argv; + if (strcmp(argv[0], "-f4") == 0) { + ++argv; + key = &test_f4_key; + } + + int result = verify_file(*argv, key, 1); if (result == VERIFY_SUCCESS) { printf("SUCCESS\n"); return 0; diff --git a/verifier_test.sh b/verifier_test.sh index 6350e80..378b0e5 100755 --- a/verifier_test.sh +++ b/verifier_test.sh @@ -1,11 +1,7 @@ #!/bin/bash # -# A test suite for applypatch. Run in a client where you have done -# envsetup, choosecombo, etc. -# -# DO NOT RUN THIS ON A DEVICE YOU CARE ABOUT. It will mess up your -# system partition. -# +# A test suite for recovery's package signature verifier. Run in a +# client where you have done envsetup, lunch, etc. # # TODO: find some way to get this run regularly along with the rest of # the tests. @@ -77,9 +73,24 @@ expect_fail() { run_command $WORK_DIR/verifier_test $WORK_DIR/package.zip && fail } +expect_succeed_f4() { + testname "$1 (should succeed)" + $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip + run_command $WORK_DIR/verifier_test -f4 $WORK_DIR/package.zip || fail +} + +expect_fail_f4() { + testname "$1 (should fail)" + $ADB push $DATA_DIR/$1 $WORK_DIR/package.zip + run_command $WORK_DIR/verifier_test -f4 $WORK_DIR/package.zip && fail +} + expect_fail unsigned.zip expect_fail jarsigned.zip expect_succeed otasigned.zip +expect_fail_f4 otasigned.zip +expect_succeed_f4 otasigned_f4.zip +expect_fail otasigned_f4.zip expect_fail random.zip expect_fail fake-eocd.zip expect_fail alter-metadata.zip |