Merge "fs_mgr: validate corrected signatures" into nyc-dev

author: Sami Tolvanen <samitolvanen@google.com> 2016-06-07 00:01:55 +0000
committer: Android (Google) Code Review <android-gerrit@google.com> 2016-06-07 00:01:56 +0000
commit: eacbb824c9ee2ccec9e1de641d03e7370888eabc (patch)
tree: b3fb209978dd2d0e984b38f176fd62c7a8d9d6ef
parent: a6d56611404f2e1c0c9f4ab7c8471af0e80b2026 (diff)
parent: 830126637ae4e5198df075fba57c1e498624dab6 (diff)
download: core-eacbb824c9ee2ccec9e1de641d03e7370888eabc.tar.gz
1 files changed, 13 insertions, 2 deletions
diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp
index b5141c934..719096f9b 100644
--- a/fs_mgr/fs_mgr_verity.cpp
+++ b/fs_mgr/fs_mgr_verity.cpp
@@ -150,6 +150,18 @@ out:
     return retval;
 }
 
+static int verify_verity_signature(const struct fec_verity_metadata& verity)
+{
+    if (verify_table(verity.signature, verity.table,
+            verity.table_length) == 0 ||
+        verify_table(verity.ecc_signature, verity.table,
+            verity.table_length) == 0) {
+        return 0;
+    }
+
+    return -1;
+}
+
 static int invalidate_table(char *table, size_t table_length)
 {
     size_t n = 0;
@@ -919,8 +931,7 @@ int fs_mgr_setup_verity(struct fstab_rec *fstab)
     }
 
     // verify the signature on the table
-    if (verify_table(verity.signature, verity.table,
-            verity.table_length) < 0) {
+    if (verify_verity_signature(verity) < 0) {
         if (params.mode == VERITY_MODE_LOGGING) {
             // the user has been warned, allow mounting without dm-verity
             retval = FS_MGR_SETUP_VERITY_SUCCESS;
author	Sami Tolvanen <samitolvanen@google.com>	2016-06-07 00:01:55 +0000
committer	Android (Google) Code Review <android-gerrit@google.com>	2016-06-07 00:01:56 +0000
commit	eacbb824c9ee2ccec9e1de641d03e7370888eabc (patch)
tree	b3fb209978dd2d0e984b38f176fd62c7a8d9d6ef
parent	a6d56611404f2e1c0c9f4ab7c8471af0e80b2026 (diff)
parent	830126637ae4e5198df075fba57c1e498624dab6 (diff)
download	core-eacbb824c9ee2ccec9e1de641d03e7370888eabc.tar.gz