From 71e3e09ec2ac4f022e8f9213657746d8cad5dd97 Mon Sep 17 00:00:00 2001 From: Tao Bao Date: Tue, 2 Feb 2016 14:02:27 -0800 Subject: recovery: Refactor verifier and verifier_test. Move to using std::vector and std::unique_ptr to manage key certificates to stop memory leaks. Bug: 26908001 Change-Id: Ia5f799bc8dcc036a0ffae5eaa8d9f6e09abd031c --- verifier.h | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) (limited to 'verifier.h') diff --git a/verifier.h b/verifier.h index 15f8d98e4..4eafc7565 100644 --- a/verifier.h +++ b/verifier.h @@ -17,6 +17,9 @@ #ifndef _RECOVERY_VERIFIER_H #define _RECOVERY_VERIFIER_H +#include +#include + #include "mincrypt/p256.h" #include "mincrypt/rsa.h" @@ -25,17 +28,25 @@ typedef struct { p256_int y; } ECPublicKey; -typedef struct { +struct Certificate { typedef enum { RSA, EC, } KeyType; + Certificate(int hash_len_, KeyType key_type_, + std::unique_ptr&& rsa_, + std::unique_ptr&& ec_) : + hash_len(hash_len_), + key_type(key_type_), + rsa(std::move(rsa_)), + ec(std::move(ec_)) { } + int hash_len; // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256) KeyType key_type; - RSAPublicKey* rsa; - ECPublicKey* ec; -} Certificate; + std::unique_ptr rsa; + std::unique_ptr ec; +}; /* addr and length define a an update package file that has been * loaded (or mmap'ed, or whatever) into memory. Verify that the file @@ -43,9 +54,9 @@ typedef struct { * one of the constants below. */ int verify_file(unsigned char* addr, size_t length, - const Certificate *pKeys, unsigned int numKeys); + const std::vector& keys); -Certificate* load_keys(const char* filename, int* numKeys); +bool load_keys(const char* filename, std::vector& certs); #define VERIFY_SUCCESS 0 #define VERIFY_FAILURE 1 -- cgit v1.2.3 From 8febafa67e93b2159804b1130a41f15b009de1cd Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Wed, 13 Apr 2016 16:39:56 -0700 Subject: Use BoringSSL instead of mincrypt to speed up package verification. This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with merge conflict resolution, extra logging in verifier.cpp, and an increase in the hash chunk size from 4KiB to 1MiB. Bug: http://b/28135231 Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84 --- verifier.h | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) (limited to 'verifier.h') diff --git a/verifier.h b/verifier.h index 4eafc7565..58083fe14 100644 --- a/verifier.h +++ b/verifier.h @@ -20,32 +20,42 @@ #include #include -#include "mincrypt/p256.h" -#include "mincrypt/rsa.h" +#include +#include +#include -typedef struct { - p256_int x; - p256_int y; -} ECPublicKey; +struct RSADeleter { + void operator()(RSA* rsa) { + RSA_free(rsa); + } +}; + +struct ECKEYDeleter { + void operator()(EC_KEY* ec_key) { + EC_KEY_free(ec_key); + } +}; struct Certificate { typedef enum { - RSA, - EC, + KEY_TYPE_RSA, + KEY_TYPE_EC, } KeyType; - Certificate(int hash_len_, KeyType key_type_, - std::unique_ptr&& rsa_, - std::unique_ptr&& ec_) : - hash_len(hash_len_), - key_type(key_type_), - rsa(std::move(rsa_)), - ec(std::move(ec_)) { } + Certificate(int hash_len_, + KeyType key_type_, + std::unique_ptr&& rsa_, + std::unique_ptr&& ec_) + : hash_len(hash_len_), + key_type(key_type_), + rsa(std::move(rsa_)), + ec(std::move(ec_)) {} - int hash_len; // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256) + // SHA_DIGEST_LENGTH (SHA-1) or SHA256_DIGEST_LENGTH (SHA-256) + int hash_len; KeyType key_type; - std::unique_ptr rsa; - std::unique_ptr ec; + std::unique_ptr rsa; + std::unique_ptr ec; }; /* addr and length define a an update package file that has been -- cgit v1.2.3