diff options
author | Szymon Starzycki <sstar@google.com> | 2013-10-02 17:21:41 -0700 |
---|---|---|
committer | Colin Cross <ccross@android.com> | 2013-12-04 15:00:52 -0800 |
commit | 4662a114a416e636de805fbd875f8b90fc5965b9 (patch) | |
tree | cd62973e812f8f2972893ba2ef4dc405192258c6 /fastbootd/commands/flash.c | |
parent | 27ea99fb99153e3b2d45efd6fce9785538469e49 (diff) | |
download | system_core-4662a114a416e636de805fbd875f8b90fc5965b9.zip system_core-4662a114a416e636de805fbd875f8b90fc5965b9.tar.gz system_core-4662a114a416e636de805fbd875f8b90fc5965b9.tar.bz2 |
Revert "Revert "Fastbootd: flashing certification""
CMS functionality is now available
This reverts commit 068b71dd9cd6cb03dfcdc0c9deced361780bc0d3.
Conflicts:
fastbootd/Android.mk
fastbootd/fastbootd.c
fastbootd/utils.c
fastbootd/utils.h
Change-Id: I1a27459b41d9297603deb124c65f237ff971e5b6
Diffstat (limited to 'fastbootd/commands/flash.c')
-rw-r--r-- | fastbootd/commands/flash.c | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/fastbootd/commands/flash.c b/fastbootd/commands/flash.c index 5f8b931..0954217 100644 --- a/fastbootd/commands/flash.c +++ b/fastbootd/commands/flash.c @@ -39,6 +39,9 @@ #include "utils.h" #include "commands/partitions.h" +#ifdef FLASH_CERT +#include "secure.h" +#endif #define ALLOWED_CHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-." #define BUFFER_SIZE 1024 * 1024 @@ -112,3 +115,47 @@ int flash_write(int partition_fd, int data_fd, ssize_t size, ssize_t skip) return 0; } + +#ifdef FLASH_CERT + +int flash_validate_certificate(int signed_fd, int *data_fd) { + int ret = 0; + const char *cert_path; + X509_STORE *store = NULL; + CMS_ContentInfo *content_info; + BIO *content; + + cert_path = fastboot_getvar("certificate-path"); + if (!strcmp(cert_path, "")) { + D(ERR, "could not find cert-key value in config file"); + goto finish; + } + + store = cert_store_from_path(cert_path); + if (store == NULL) { + D(ERR, "unable to create certification store"); + goto finish; + } + + if (cert_read(signed_fd, &content_info, &content)) { + D(ERR, "reading data failed"); + goto finish; + } + + ret = cert_verify(content, content_info, store, data_fd); + cert_release(content, content_info); + + return ret; + +finish: + if (store != NULL) + cert_release_store(store); + + return ret; +} + +#else +int flash_validate_certificate(int signed_fd, int *data_fd) { + return 1; +} +#endif |