signing: fixes for bootimg hdr_v1 and hdr_v2

- increase SignBoot bootimg header version maximum from 4 to 8 (upstream AOSP is already at 3) and make a variable for future ease
- hdr read size of 1024 bytes was too small as hdr_v1 and hdr_v2 have increased the used header page areas to 1632 and 1648 bytes, respectively, so raise this to the minimum page size of 2048 and also make a variable for future ease
- do not return "not signed" for all caught exceptions, show StackTrace for future debugging then still return false for script purposes
- correct "test keys" boot image signing strings (scripts and app) to "verity keys"

app/src/main/java/com/topjohnwu/magisk/tasks/MagiskInstaller.kt

@@ -266,7 +266,7 @@ abstract class MagiskInstaller {
 
         val patched = File(installDir, "new-boot.img")
         if (isSigned) {
-            console.add("- Signing boot image with test keys")
+            console.add("- Signing boot image with verity keys")
             val signed = File(installDir, "signed.img")
             try {
                 withStreams(SuFileInputStream(patched), signed.outputStream().buffered()) {

scripts/util_functions.sh

@@ -256,7 +256,7 @@ flash_image() {
   esac
   if $BOOTSIGNED; then
     CMD2="$BOOTSIGNER -sign"
-    ui_print "- Sign image with test keys"
+    ui_print "- Sign image with verity keys"
   else
     CMD2="cat -"
   fi

signing/src/main/java/com/topjohnwu/signing/SignBoot.java

@@ -33,6 +33,12 @@ public class SignBoot {
     private static final int BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET = 1632;
     private static final int BOOT_IMAGE_HEADER_V2_DTB_SIZE_OFFSET = 1648;
 
+    /* Arbitrary maximum header version value; when greater assume the field is dt/extra size */
+    private static final int BOOT_IMAGE_HEADER_VERSION_MAXIMUM = 8;
+
+    /* Maximum header size byte value to read (bootimg minimum page size) */
+    private static final int BOOT_IMAGE_HEADER_SIZE_MAXIMUM = 2048;
+
     private static class PushBackRWStream extends FilterInputStream {
         private OutputStream out;
         private int pos = 0;
@@ -82,7 +88,7 @@ public class SignBoot {
                                       InputStream cert, InputStream key) {
         try {
             PushBackRWStream in = new PushBackRWStream(imgIn, imgOut);
-            byte[] hdr = new byte[1024];
+            byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM];
             // First read the header
             in.read(hdr);
             int signableSize = getSignableImageSize(hdr);
@@ -113,7 +119,7 @@ public class SignBoot {
     public static boolean verifySignature(InputStream imgIn, InputStream certIn) {
         try {
             // Read the header for size
-            byte[] hdr = new byte[1024];
+            byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM];
             if (imgIn.read(hdr) != hdr.length)
                 return false;
             int signableSize = getSignableImageSize(hdr);
@@ -141,7 +147,8 @@ public class SignBoot {
                 System.err.println("Signature is INVALID");
             }
         } catch (Exception e) {
-            System.err.println("Invalid image: not signed");
+            e.printStackTrace();
+            return false;
         }
         return false;
     }
@@ -165,8 +172,8 @@ public class SignBoot {
                 + ((kernelSize + pageSize - 1) / pageSize) * pageSize
                 + ((ramdskSize + pageSize - 1) / pageSize) * pageSize
                 + ((secondSize + pageSize - 1) / pageSize) * pageSize;
-        int headerVersion = image.getInt(); // boot image header version or extra size
-        if (headerVersion > 0 && headerVersion < 4) {
+        int headerVersion = image.getInt(); // boot image header version or dt/extra size
+        if (headerVersion > 0 && headerVersion < BOOT_IMAGE_HEADER_VERSION_MAXIMUM) {
             image.position(BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET);
             int recoveryDtboLength = image.getInt();
             length += ((recoveryDtboLength + pageSize - 1) / pageSize) * pageSize;
@@ -183,7 +190,7 @@ public class SignBoot {
                         "Invalid image header: invalid header length");
             }
         } else {
-            // headerVersion is 0 or actually extra size in this case
+            // headerVersion is 0 or actually dt/extra size in this case
             length += ((headerVersion + pageSize - 1) / pageSize) * pageSize;
         }
         length = ((length + pageSize - 1) / pageSize) * pageSize;