Revert "Revert "Fastbootd: flashing certification""
CMS functionality is now available
This reverts commit 068b71dd9cd6cb03dfcdc0c9deced361780bc0d3.
Conflicts:
fastbootd/Android.mk
fastbootd/fastbootd.c
fastbootd/utils.c
fastbootd/utils.h
Change-Id: I1a27459b41d9297603deb124c65f237ff971e5b6
diff --git a/fastbootd/commands/flash.c b/fastbootd/commands/flash.c
index 5f8b931..0954217 100644
--- a/fastbootd/commands/flash.c
+++ b/fastbootd/commands/flash.c
@@ -39,6 +39,9 @@
#include "utils.h"
#include "commands/partitions.h"
+#ifdef FLASH_CERT
+#include "secure.h"
+#endif
#define ALLOWED_CHARS "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_-."
#define BUFFER_SIZE 1024 * 1024
@@ -112,3 +115,47 @@
return 0;
}
+
+#ifdef FLASH_CERT
+
+int flash_validate_certificate(int signed_fd, int *data_fd) {
+ int ret = 0;
+ const char *cert_path;
+ X509_STORE *store = NULL;
+ CMS_ContentInfo *content_info;
+ BIO *content;
+
+ cert_path = fastboot_getvar("certificate-path");
+ if (!strcmp(cert_path, "")) {
+ D(ERR, "could not find cert-key value in config file");
+ goto finish;
+ }
+
+ store = cert_store_from_path(cert_path);
+ if (store == NULL) {
+ D(ERR, "unable to create certification store");
+ goto finish;
+ }
+
+ if (cert_read(signed_fd, &content_info, &content)) {
+ D(ERR, "reading data failed");
+ goto finish;
+ }
+
+ ret = cert_verify(content, content_info, store, data_fd);
+ cert_release(content, content_info);
+
+ return ret;
+
+finish:
+ if (store != NULL)
+ cert_release_store(store);
+
+ return ret;
+}
+
+#else
+int flash_validate_certificate(int signed_fd, int *data_fd) {
+ return 1;
+}
+#endif