signing: fixes for bootimg hdr_v1 and hdr_v2

- increase SignBoot bootimg header version maximum from 4 to 8 (upstream AOSP is already at 3) and make a variable for future ease - hdr read size of 1024 bytes was too small as hdr_v1 and hdr_v2 have increased the used header page areas to 1632 and 1648 bytes, respectively, so raise this to the minimum page size of 2048 and also make a variable for future ease - do not return "not signed" for all caught exceptions, show StackTrace for future debugging then still return false for script purposes - correct "test keys" boot image signing strings (scripts and app) to "verity keys"
2019-11-02 00:26:53 -03:00 · 2019-11-02 00:26:53 -03:00 · c85b1c56af
commit c85b1c56af
parent 6dd34aec47
3 changed files with 15 additions and 8 deletions
--- a/app/src/main/java/com/topjohnwu/magisk/tasks/MagiskInstaller.kt
+++ b/app/src/main/java/com/topjohnwu/magisk/tasks/MagiskInstaller.kt
@ -266,7 +266,7 @@ abstract class MagiskInstaller {

        val patched = File(installDir, "new-boot.img")
        if (isSigned) {
-            console.add("- Signing boot image with test keys")
+            console.add("- Signing boot image with verity keys")
            val signed = File(installDir, "signed.img")
            try {
                withStreams(SuFileInputStream(patched), signed.outputStream().buffered()) {
--- a/scripts/util_functions.sh
+++ b/scripts/util_functions.sh
@ -256,7 +256,7 @@ flash_image() {
  esac
  if $BOOTSIGNED; then
    CMD2="$BOOTSIGNER -sign"
-    ui_print "- Sign image with test keys"
+    ui_print "- Sign image with verity keys"
  else
    CMD2="cat -"
  fi
--- a/signing/src/main/java/com/topjohnwu/signing/SignBoot.java
+++ b/signing/src/main/java/com/topjohnwu/signing/SignBoot.java
@ -33,6 +33,12 @@ public class SignBoot {
    private static final int BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET = 1632;
    private static final int BOOT_IMAGE_HEADER_V2_DTB_SIZE_OFFSET = 1648;

+    /* Arbitrary maximum header version value; when greater assume the field is dt/extra size */
+    private static final int BOOT_IMAGE_HEADER_VERSION_MAXIMUM = 8;
+
+    /* Maximum header size byte value to read (bootimg minimum page size) */
+    private static final int BOOT_IMAGE_HEADER_SIZE_MAXIMUM = 2048;
+
    private static class PushBackRWStream extends FilterInputStream {
        private OutputStream out;
        private int pos = 0;
@ -82,7 +88,7 @@ public class SignBoot {
                                      InputStream cert, InputStream key) {
        try {
            PushBackRWStream in = new PushBackRWStream(imgIn, imgOut);
-            byte[] hdr = new byte[1024];
+            byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM];
            // First read the header
            in.read(hdr);
            int signableSize = getSignableImageSize(hdr);
@ -113,7 +119,7 @@ public class SignBoot {
    public static boolean verifySignature(InputStream imgIn, InputStream certIn) {
        try {
            // Read the header for size
-            byte[] hdr = new byte[1024];
+            byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM];
            if (imgIn.read(hdr) != hdr.length)
                return false;
            int signableSize = getSignableImageSize(hdr);
@ -141,7 +147,8 @@ public class SignBoot {
                System.err.println("Signature is INVALID");
            }
        } catch (Exception e) {
-            System.err.println("Invalid image: not signed");
+            e.printStackTrace();
+            return false;
        }
        return false;
    }
@ -165,8 +172,8 @@ public class SignBoot {
                + ((kernelSize + pageSize - 1) / pageSize) * pageSize
                + ((ramdskSize + pageSize - 1) / pageSize) * pageSize
                + ((secondSize + pageSize - 1) / pageSize) * pageSize;
-        int headerVersion = image.getInt(); // boot image header version or extra size
-        if (headerVersion > 0 && headerVersion < 4) {
+        int headerVersion = image.getInt(); // boot image header version or dt/extra size
+        if (headerVersion > 0 && headerVersion < BOOT_IMAGE_HEADER_VERSION_MAXIMUM) {
            image.position(BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET);
            int recoveryDtboLength = image.getInt();
            length += ((recoveryDtboLength + pageSize - 1) / pageSize) * pageSize;
@ -183,7 +190,7 @@ public class SignBoot {
                        "Invalid image header: invalid header length");
            }
        } else {
-            // headerVersion is 0 or actually extra size in this case
+            // headerVersion is 0 or actually dt/extra size in this case
            length += ((headerVersion + pageSize - 1) / pageSize) * pageSize;
        }
        length = ((length + pageSize - 1) / pageSize) * pageSize;