diff options
Diffstat (limited to '')
-rw-r--r-- | verifier.cpp | 27 |
1 files changed, 21 insertions, 6 deletions
diff --git a/verifier.cpp b/verifier.cpp index 1d6cf811a..996a1fdf9 100644 --- a/verifier.cpp +++ b/verifier.cpp @@ -28,11 +28,14 @@ #include "asn1_decoder.h" #include "common.h" +#include "print_sha1.h" #include "ui.h" #include "verifier.h" extern RecoveryUI* ui; +static constexpr size_t MiB = 1024 * 1024; + /* * Simple version of PKCS#7 SignedData extraction. This extracts the * signature OCTET STRING to be used for signature verification. @@ -188,8 +191,6 @@ int verify_file(unsigned char* addr, size_t length, } } -#define BUFFER_SIZE 4096 - bool need_sha1 = false; bool need_sha256 = false; for (const auto& key : keys) { @@ -207,8 +208,10 @@ int verify_file(unsigned char* addr, size_t length, double frac = -1.0; size_t so_far = 0; while (so_far < signed_len) { - size_t size = signed_len - so_far; - if (size > BUFFER_SIZE) size = BUFFER_SIZE; + // On a Nexus 5X, experiment showed 16MiB beat 1MiB by 6% faster for a + // 1196MiB full OTA and 60% for an 89MiB incremental OTA. + // http://b/28135231. + size_t size = std::min(signed_len - so_far, 16 * MiB); if (need_sha1) SHA1_Update(&sha1_ctx, addr + so_far, size); if (need_sha256) SHA256_Update(&sha256_ctx, addr + so_far, size); @@ -229,9 +232,14 @@ int verify_file(unsigned char* addr, size_t length, uint8_t* sig_der = nullptr; size_t sig_der_length = 0; + uint8_t* signature = eocd + eocd_size - signature_start; size_t signature_size = signature_start - FOOTER_SIZE; - if (!read_pkcs7(eocd + eocd_size - signature_start, signature_size, &sig_der, - &sig_der_length)) { + + LOGI("signature (offset: 0x%zx, length: %zu): %s\n", + length - signature_start, signature_size, + print_hex(signature, signature_size).c_str()); + + if (!read_pkcs7(signature, signature_size, &sig_der, &sig_der_length)) { LOGE("Could not find signature DER block\n"); return VERIFY_FAILURE; } @@ -286,6 +294,13 @@ int verify_file(unsigned char* addr, size_t length, } i++; } + + if (need_sha1) { + LOGI("SHA-1 digest: %s\n", print_hex(sha1, SHA_DIGEST_LENGTH).c_str()); + } + if (need_sha256) { + LOGI("SHA-256 digest: %s\n", print_hex(sha256, SHA256_DIGEST_LENGTH).c_str()); + } free(sig_der); LOGE("failed to verify whole-file signature\n"); return VERIFY_FAILURE; |