recovery: Dump the signature in the zip package.
We have been occasionally seeing "signature verification failed" error
message when applying an update. Make more verbose output to help
debugging.
Bug: 28246534
Change-Id: Id83633adc9b86b3fd36abbb504e430f0816f12e4
diff --git a/verifier.cpp b/verifier.cpp
index f5299b4..16cc7cf 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -27,6 +27,7 @@
#include "asn1_decoder.h"
#include "common.h"
+#include "print_sha1.h"
#include "ui.h"
#include "verifier.h"
@@ -230,9 +231,14 @@
uint8_t* sig_der = nullptr;
size_t sig_der_length = 0;
+ uint8_t* signature = eocd + eocd_size - signature_start;
size_t signature_size = signature_start - FOOTER_SIZE;
- if (!read_pkcs7(eocd + eocd_size - signature_start, signature_size, &sig_der,
- &sig_der_length)) {
+
+ LOGI("signature (offset: 0x%zx, length: %zu): %s\n",
+ length - signature_start, signature_size,
+ print_hex(signature, signature_size).c_str());
+
+ if (!read_pkcs7(signature, signature_size, &sig_der, &sig_der_length)) {
LOGE("Could not find signature DER block\n");
return VERIFY_FAILURE;
}
@@ -287,6 +293,13 @@
}
i++;
}
+
+ if (need_sha1) {
+ LOGI("SHA-1 digest: %s\n", print_hex(sha1, SHA_DIGEST_LENGTH).c_str());
+ }
+ if (need_sha256) {
+ LOGI("SHA-256 digest: %s\n", print_hex(sha256, SHA256_DIGEST_LENGTH).c_str());
+ }
free(sig_der);
LOGE("failed to verify whole-file signature\n");
return VERIFY_FAILURE;