summaryrefslogtreecommitdiffstats
path: root/verifier.h (unfollow)
Commit message (Collapse)AuthorFilesLines
2018-10-25Remove the load_keys functionTianjie Xu1-2/+0
This function is used to parse the result of dumpKeys. It's no longer needed as we are now parsing the public keys from the zipfile. Bug: 116655889 Test: unit tests pass Change-Id: I817906e451664058c644f4329ff499bbe4587ebb
2018-10-25Add sanity check when loading public keys for OTA packageTianjie Xu1-0/+6
For RSA keys, check if it has a 2048 bits modulus, and its public exponent is 3 or 65537. For EC keys, check if the field size is 256 bits for its curve. Bug: 116655889 Test: unit tests pass Change-Id: I5c00f4d2b61c98c434f0b49db232155d5d0770ec
2018-10-18Load X509 keys from ziparchiveTianjie Xu1-0/+4
Add a function to parse the zip archive and load the certificate from all the zip entries with the suffix "x509.pem". Bug: 116655889 Test: unittests pass Change-Id: I93bf7aef7462c0623e89fc2d466d7af2d3a758bc
2018-10-12Add function to load the key from x509.pem fileTianjie Xu1-0/+6
We used to convert a pem certificate file to some intermediate plain text format; and parse that format under recovery mode. This is uncessary since the x509.pem can be directly parsed with openssl functions. Add the function to load the public key from one x509.pem file and corresponding unit tests. And we will add more cls to extract the pem files from otacert.zip later. Bug: 116655889 Test: verify package with 5 supported certficate versions Change-Id: Ibc6c696c534567f005db75143cc4ef8d4bdea6a0
2017-03-23Const modifiersMikhail Lappo1-2/+2
This functions do not change class variables Would be good to mark them as const, so class variables are not changed by coincidence Change-Id: Iea34f6d26dbd1bde813035160e07ff2a681989e6
2017-03-21verify_file: Add constness to a few addresses.Tao Bao1-1/+1
We should not touch any data while verifying packages (or parsing the in-memory ASN.1 structures). Test: mmma bootable/recovery Test: recovery_component_test passes. Test: recovery_unit_test passes. Change-Id: Ie990662c6451ec066a1807b3081c9296afbdb0bf
2017-03-17Drop the dependency on 'ui' in verify_file().Tao Bao1-6/+8
verify_file() has a dependency on the global variable of 'ui' for posting the verification progress, which requires the users of libverifier to provide a UI instance. This CL adds an optional argument to verify_file() so that it can post the progress through the provided callback function. As a result, we can drop the MockUI class in verifier_test.cpp. Test: recovery_component_test passes. Test: verify_file() posts progress update when installing an OTA. Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1 (cherry picked from commit 5e535014dd7961fbf812abeaa27f3339775031f1)
2017-03-17Drop the dependency on 'ui' in verify_file().Tao Bao1-6/+8
verify_file() has a dependency on the global variable of 'ui' for posting the verification progress, which requires the users of libverifier to provide a UI instance. This CL adds an optional argument to verify_file() so that it can post the progress through the provided callback function. As a result, we can drop the MockUI class in verifier_test.cpp. Test: recovery_component_test passes. Test: verify_file() posts progress update when installing an OTA. Change-Id: I8b87d0f0d99777ea755d33d6dbbe2b6d44243bf1
2016-04-14Use BoringSSL instead of mincrypt to speed up package verification.Elliott Hughes1-18/+28
This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with merge conflict resolution, extra logging in verifier.cpp, and an increase in the hash chunk size from 4KiB to 1MiB. Bug: http://b/28135231 Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84
2016-04-06Convert recovery to use BoringSSL instead of mincrypt.Mattias Nissler1-18/+28
This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Change-Id: I37b37d84b22e81c32ac180cd1240c02150ddf3a7
2016-02-03recovery: Refactor verifier and verifier_test.Tao Bao1-6/+17
Move to using std::vector and std::unique_ptr to manage key certificates to stop memory leaks. Bug: 26908001 Change-Id: Ia5f799bc8dcc036a0ffae5eaa8d9f6e09abd031c
2014-01-16do verification and extraction on memory, not filesDoug Zongker1-3/+6
Changes minzip and recovery's file signature verification to work on memory regions, rather than files. For packages which are regular files, install.cpp now mmap()s them into memory and then passes the mapped memory to the verifier and to the minzip library. Support for files which are raw block maps (which will be used when we have packages written to encrypted data partitions) is present but largely untested so far. Bug: 12188746 Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
2013-10-10Add support for ECDSA signaturesKenny Root1-2/+15
This adds support for key version 5 which is an EC key using the NIST P-256 curve parameters. OTAs may be signed with these keys using the ECDSA signature algorithm with SHA-256. Change-Id: Id88672a3deb70681c78d5ea0d739e10f839e4567
2013-09-25verifier: update to support certificates using SHA-256Doug Zongker1-2/+7
(cherry picked from commit bac7fba02763ae5e78e8e4ba0bea727330ad953e) Change-Id: I01c38d7fea088622a8b0bbf2c833fa2d969417af
2013-04-10verifier: update to support certificates using SHA-256Doug Zongker1-2/+7
Change-Id: Ifd5a29d459acf101311fa1c220f728c3d0ac2e4e
2012-11-02move key loading to verifier codeDoug Zongker1-0/+2
Add an option to verifier_test to load keys from a file, the way the recovery does. Change-Id: Icba0e391164f2c1a9fefeab4b0bcb878e91d17b4
2009-11-13eclair snapshotJean-Baptiste Queru1-6/+6
2009-08-17do not merge: cherry-picked 60151a295ccf726238dc47456d80b427db6d6a38 from master branchDoug Zongker1-6/+6
2009-08-15verify whole-file signature instead of jarsigner signaturesDoug Zongker1-6/+6
In recovery, verify a signature that covers the entire zip file, instead of using the jarsigner format to verify individual files. Bug: 1328985
2009-03-04auto import from //depot/cupcake/@135843The Android Open Source Project1-0/+30
2009-03-04auto import from //depot/cupcake/@135843The Android Open Source Project1-30/+0