3f15ada51b05428f0b2601126b5d63467970c607 |
|
06-Feb-2018 |
Tao Bao <tbao@google.com> |
releasetools: Capture stderr output when calling delta_generator. Prior to this CL, the call to delta_generator in check_ota_package_signature.VerifyAbOtaPayload() didn't redirect stderr. The logs (mostly INFO) on successful verification added noise to the normal output, which also upset the unittest result parser. This CL captures stderr outputs from delta_generator, and will only dump them on error. Bug: 72884343 Test: `python -m unittest -v test_ota_from_target_files > /dev/null` gives clean output. Test: Inject error into delta_generator. The call to check_ota_package_signature correctly dumps both of stdout and stderr outputs. Change-Id: I014a4b21bf758dcf0a4b9963259d6019851935ee
/build/make/tools/releasetools/check_ota_package_signature.py
|
04e1f012ddcdb24b107c6955eac5d4218a54e78f |
|
04-Feb-2018 |
Tao Bao <tbao@google.com> |
releasetools: Fix an issue with pubkey extraction. When calling 'openssl x509 -pubkey' to extract the public key from a certificate, openssl 1.0 and 1.1 handle the '-out' parameter differently. openssl 1.0 doesn't write the output into the specified filename, which leads to the payload verification failure in check_ota_package_signature.VerifyAbOtaPayload(). This CL addresses the issue by always collecting the output from stdout instead. It also refactors the two copies into common.ExtractPublicKey(), and adds unittest. get_testdata_dir() is moved into test_utils.py that holds common utils for running the unittests. Bug: 72884343 Test: python -m unittest test_common Test: python -m unittest test_ota_from_target_files Test: Run sign_target_files_apks with '--replace_ota_keys' on marlin target_files zip. Check the payload pubkey replacement. Test: Trigger the tests with forrest, and tests no longer fail on machines with openssl 1.0.1. Change-Id: Ib0389b360f064053e9aa7cc0546d718e7b23003b
/build/make/tools/releasetools/check_ota_package_signature.py
|
750385e455da6cd13c14de83094c4b351e7432f9 |
|
15-Dec-2017 |
Tao Bao <tbao@google.com> |
releasetools: Use delta_generator to verify payload signatures. We used to take a hard approach by parsing the payload with Python script. This can be done by calling deleta_generator directly, which also avoids the dependency on protobuf. - Passing case $ ./build/make/tools/releasetools/check_ota_package_signature.py \ build/target/product/security/testkey.x509.pem \ out/dist/aosp_marlin-ota-eng.zip Package: out/dist/aosp_marlin-ota-eng.zip Certificate: build/target/product/security/testkey.x509.pem ... Whole package signature VERIFIED Verifying A/B OTA payload signatures... [1215/122842:INFO:generate_delta_main.cc(171)] Verifying signed payload. [1215/122845:INFO:payload_verifier.cc(93)] signature blob size = 264 [1215/122845:INFO:payload_verifier.cc(112)] Verified correct signature 1 out of 1 signatures. [1215/122845:INFO:payload_verifier.cc(93)] signature blob size = 264 [1215/122845:INFO:payload_verifier.cc(112)] Verified correct signature 1 out of 1 signatures. [1215/122845:INFO:generate_delta_main.cc(181)] Done verifying signed payload. Payload signatures VERIFIED $ echo $? 0 - Failing case Sign the whole package file with a different key, but leaving payload entries intact. $ ./build/make/tools/releasetools/check_ota_package_signature.py \ testkey2.x509.pem \ marlin-ota-mismatching.zip Package: marlin-ota-mismatching.zip Certificate: testkey2.x509.pem ... Whole package signature VERIFIED Verifying A/B OTA payload signatures... [1215/123054:INFO:generate_delta_main.cc(171)] Verifying signed payload. [1215/123056:INFO:payload_verifier.cc(93)] signature blob size = 264 [1215/123056:ERROR:payload_verifier.cc(118)] None of the 1 signatures is correct. Expected: [1215/123056:INFO:utils.cc(444)] Logging array of length: 256 [1215/123056:INFO:utils.cc(461)] 0x00000000 : 00 01 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ... [1215/123056:ERROR:payload_verifier.cc(121)] But found decrypted hashes: [1215/123056:INFO:utils.cc(444)] Logging array of length: 256 [1215/123056:INFO:utils.cc(461)] 0x00000000 : 52 68 78 36 f6 9e cd 2d 5e 9f 31 d5 26 03 c9 aa ... [1215/123056:ERROR:payload_signer.cc(333)] PayloadVerifier::VerifySignature( signature_blob, public_key_path, payload_hash) failed. [1215/123056:INFO:generate_delta_main.cc(177)] VerifySignedPayload failed ERROR: Failed to verify payload with delta_generator: marlin-ota-mismatching.zip $ echo $? 1 Bug: 65261072 Test: See above. Change-Id: Id2e065655ec49b80dd2b13c6a859f41913be055b
/build/make/tools/releasetools/check_ota_package_signature.py
|
d2ae0b061329d50a6004847fd5a5fcce11bbd4e2 |
|
21-Nov-2017 |
Tao Bao <tbao@google.com> |
check_ota_package_signature.py: Set up PYTHONPATH. ... to include system/update_engine/scripts if ANDROID_BUILD_TOP is set (e.g. after lunching a target). Test: ./build/make/tools/releasetools/check_ota_package_signature.py works without manually setting PYTHONPATH. Change-Id: I0c5101fab2dd69cb6a598b909aa04bc4d5f45284
/build/make/tools/releasetools/check_ota_package_signature.py
|
a198b1e964cf9c90c0ddbe21b58cab203d769ebd |
|
01-Sep-2017 |
Tao Bao <tbao@google.com> |
releasetools: Validate A/B OTA payload signatures. $ PYTHONPATH=$PYTHONPATH:system/update_engine/scripts \ ./build/make/tools/releasetools/check_ota_package_signature.py \ build/target/product/security/testkey.x509.pem \ out/dist/aosp_marlin-ota-eng.zip Package: out/dist/aosp_marlin-ota-eng.zip Certificate: build/target/product/security/testkey.x509.pem ... Whole package signature VERIFIED Verifying A/B OTA payload signatures... ... Payload signatures VERIFIED Bug: 65261072 Test: Signed a package and its payload with the right keys; ran the command above. Test: Signed the payload with a different key; ran the command above and observed the reported verification failure. Change-Id: If626ecb327a9826cd0956eef94914c939068a7d1
/build/make/tools/releasetools/check_ota_package_signature.py
|
4c851b1098577f67f20742edbc086ee045e61c47 |
|
19-Sep-2016 |
Tao Bao <tbao@google.com> |
Change the default parameter values in common.MakeTempFile(). tempfile.TemporaryFile() complains when 'None' is passed as the prefix/suffix. It uses prefix='tmp' and suffix='' as the default values and we should do the same. Test: Call check_ota_package_signature.py and ota_from_target_files.py and they still work. Change-Id: I7fb023a3fd0b1a57c009631d0c57a7bb8e4cb5a3
/build/make/tools/releasetools/check_ota_package_signature.py
|
9c63fb59bdc51b8ec1e2e55014e53b29e0c3abe1 |
|
13-Sep-2016 |
Tao Bao <tbao@google.com> |
Add a script that verifies OTA package signature. Currently it supports verifying packages signed with RSA algorithms (v1-v4 as in bootable/recovery/verifier.cpp). No support for ECDSA (v5) signed packages yet. $ ./build/tools/releasetools/check_ota_package_signature.py \ bootable/recovery/tests/testdata/testkey_v1.x509.pem \ bootable/recovery/tests/testdata/otasigned_v1.zip Package: bootable/recovery/tests/testdata/otasigned_v1.zip Certificate: bootable/recovery/tests/testdata/testkey_v1.x509.pem Comment length: 1738 Signed data length: 2269 Use SHA-256: False Digest: 115e688ec3b77743070b743453e2fc6ce8754484 VERIFIED Bug: 31523193 Test: Used the tool to verify existing packages (like above). Change-Id: I71d3569e858c729cb64825c5c7688ededc397aa8
/build/make/tools/releasetools/check_ota_package_signature.py
|