Revert "Revert "Fastbootd: flashing certification""

CMS functionality is now available

This reverts commit 068b71dd9cd6cb03dfcdc0c9deced361780bc0d3.

Conflicts:
	fastbootd/Android.mk
	fastbootd/fastbootd.c
	fastbootd/utils.c
	fastbootd/utils.h

Change-Id: I1a27459b41d9297603deb124c65f237ff971e5b6

1 files changed, 47 insertions, 0 deletions

diff --git a/fastbootd/commands/flash.c b/fastbootd/commands/flash.c
index 5f8b931..0954217 100644
--- a/fastbootd/commands/flash.c
+++ b/fastbootd/commands/flash.c
@@ -39,6 +39,9 @@
 #include "utils.h"
 #include "commands/partitions.h"
 
+#ifdef FLASH_CERT
+#include "secure.h"
+#endif
 
 #define ALLOWED_CHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-."
 #define BUFFER_SIZE 1024 * 1024
@@ -112,3 +115,47 @@ int flash_write(int partition_fd, int data_fd, ssize_t size, ssize_t skip)
 
     return 0;
 }
+
+#ifdef FLASH_CERT
+
+int flash_validate_certificate(int signed_fd, int *data_fd) {
+    int ret = 0;
+    const char *cert_path;
+    X509_STORE *store = NULL;
+    CMS_ContentInfo *content_info;
+    BIO *content;
+
+    cert_path = fastboot_getvar("certificate-path");
+    if (!strcmp(cert_path, "")) {
+        D(ERR, "could not find cert-key value in config file");
+        goto finish;
+    }
+
+    store = cert_store_from_path(cert_path);
+    if (store == NULL) {
+        D(ERR, "unable to create certification store");
+        goto finish;
+    }
+
+    if (cert_read(signed_fd, &content_info, &content)) {
+        D(ERR, "reading data failed");
+        goto finish;
+    }
+
+    ret = cert_verify(content, content_info, store, data_fd);
+    cert_release(content, content_info);
+
+    return ret;
+
+finish:
+    if (store != NULL)
+        cert_release_store(store);
+
+    return ret;
+}
+
+#else
+int flash_validate_certificate(int signed_fd, int *data_fd) {
+    return 1;
+}
+#endif