diff options
| -rw-r--r-- | install.cpp | 14 | ||||
| -rw-r--r-- | verifier.cpp | 10 |
2 files changed, 14 insertions, 10 deletions
diff --git a/install.cpp b/install.cpp index a7b59c3e7..7113fa286 100644 --- a/install.cpp +++ b/install.cpp @@ -23,6 +23,7 @@ #include <sys/wait.h> #include <unistd.h> +#include <chrono> #include <vector> #include "common.h" @@ -228,6 +229,7 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount) return INSTALL_CORRUPT; } + // Load keys. std::vector<Certificate> loadedKeys; if (!load_keys(PUBLIC_KEYS_FILE, loadedKeys)) { LOGE("Failed to load keys\n"); @@ -235,18 +237,19 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount) } LOGI("%zu key(s) loaded from %s\n", loadedKeys.size(), PUBLIC_KEYS_FILE); + // Verify package. ui->Print("Verifying update package...\n"); - + auto t0 = std::chrono::system_clock::now(); int err = verify_file(map.addr, map.length, loadedKeys); - LOGI("verify_file returned %d\n", err); + std::chrono::duration<double> duration = std::chrono::system_clock::now() - t0; + ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err); if (err != VERIFY_SUCCESS) { LOGE("signature verification failed\n"); sysReleaseMap(&map); return INSTALL_CORRUPT; } - /* Try to open the package. - */ + // Try to open the package. ZipArchive zip; err = mzOpenZipArchive(map.addr, map.length, &zip); if (err != 0) { @@ -255,8 +258,7 @@ really_install_package(const char *path, bool* wipe_cache, bool needs_mount) return INSTALL_CORRUPT; } - /* Verify and install the contents of the package. - */ + // Verify and install the contents of the package. ui->Print("Installing update...\n"); ui->SetEnableReboot(false); int result = try_update_binary(path, &zip, wipe_cache); diff --git a/verifier.cpp b/verifier.cpp index 6e1581272..4004b0228 100644 --- a/verifier.cpp +++ b/verifier.cpp @@ -32,6 +32,8 @@ extern RecoveryUI* ui; +static constexpr size_t MiB = 1024 * 1024; + /* * Simple version of PKCS#7 SignedData extraction. This extracts the * signature OCTET STRING to be used for signature verification. @@ -187,8 +189,6 @@ int verify_file(unsigned char* addr, size_t length, } } -#define BUFFER_SIZE 4096 - bool need_sha1 = false; bool need_sha256 = false; for (const auto& key : keys) { @@ -206,8 +206,10 @@ int verify_file(unsigned char* addr, size_t length, double frac = -1.0; size_t so_far = 0; while (so_far < signed_len) { - size_t size = signed_len - so_far; - if (size > BUFFER_SIZE) size = BUFFER_SIZE; + // On a Nexus 9, experiment didn't show any performance improvement with + // larger sizes past 1MiB, and they reduce the granularity of the progress + // bar. http://b/28135231. + size_t size = std::min(signed_len - so_far, 1 * MiB); if (need_sha1) SHA1_Update(&sha1_ctx, addr + so_far, size); if (need_sha256) SHA256_Update(&sha256_ctx, addr + so_far, size); |