diff --git a/app/src/main/java/com/topjohnwu/magisk/tasks/MagiskInstaller.kt b/app/src/main/java/com/topjohnwu/magisk/tasks/MagiskInstaller.kt index 5357f9703..e6de79548 100644 --- a/app/src/main/java/com/topjohnwu/magisk/tasks/MagiskInstaller.kt +++ b/app/src/main/java/com/topjohnwu/magisk/tasks/MagiskInstaller.kt @@ -266,7 +266,7 @@ abstract class MagiskInstaller { val patched = File(installDir, "new-boot.img") if (isSigned) { - console.add("- Signing boot image with test keys") + console.add("- Signing boot image with verity keys") val signed = File(installDir, "signed.img") try { withStreams(SuFileInputStream(patched), signed.outputStream().buffered()) { diff --git a/scripts/util_functions.sh b/scripts/util_functions.sh index a2af6444b..6482e114a 100644 --- a/scripts/util_functions.sh +++ b/scripts/util_functions.sh @@ -256,7 +256,7 @@ flash_image() { esac if $BOOTSIGNED; then CMD2="$BOOTSIGNER -sign" - ui_print "- Sign image with test keys" + ui_print "- Sign image with verity keys" else CMD2="cat -" fi diff --git a/signing/src/main/java/com/topjohnwu/signing/SignBoot.java b/signing/src/main/java/com/topjohnwu/signing/SignBoot.java index ce1494ff5..c7347b2b7 100644 --- a/signing/src/main/java/com/topjohnwu/signing/SignBoot.java +++ b/signing/src/main/java/com/topjohnwu/signing/SignBoot.java @@ -33,6 +33,12 @@ public class SignBoot { private static final int BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET = 1632; private static final int BOOT_IMAGE_HEADER_V2_DTB_SIZE_OFFSET = 1648; + /* Arbitrary maximum header version value; when greater assume the field is dt/extra size */ + private static final int BOOT_IMAGE_HEADER_VERSION_MAXIMUM = 8; + + /* Maximum header size byte value to read (bootimg minimum page size) */ + private static final int BOOT_IMAGE_HEADER_SIZE_MAXIMUM = 2048; + private static class PushBackRWStream extends FilterInputStream { private OutputStream out; private int pos = 0; @@ -82,7 +88,7 @@ public class SignBoot { InputStream cert, InputStream key) { try { PushBackRWStream in = new PushBackRWStream(imgIn, imgOut); - byte[] hdr = new byte[1024]; + byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM]; // First read the header in.read(hdr); int signableSize = getSignableImageSize(hdr); @@ -113,7 +119,7 @@ public class SignBoot { public static boolean verifySignature(InputStream imgIn, InputStream certIn) { try { // Read the header for size - byte[] hdr = new byte[1024]; + byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM]; if (imgIn.read(hdr) != hdr.length) return false; int signableSize = getSignableImageSize(hdr); @@ -141,7 +147,8 @@ public class SignBoot { System.err.println("Signature is INVALID"); } } catch (Exception e) { - System.err.println("Invalid image: not signed"); + e.printStackTrace(); + return false; } return false; } @@ -165,8 +172,8 @@ public class SignBoot { + ((kernelSize + pageSize - 1) / pageSize) * pageSize + ((ramdskSize + pageSize - 1) / pageSize) * pageSize + ((secondSize + pageSize - 1) / pageSize) * pageSize; - int headerVersion = image.getInt(); // boot image header version or extra size - if (headerVersion > 0 && headerVersion < 4) { + int headerVersion = image.getInt(); // boot image header version or dt/extra size + if (headerVersion > 0 && headerVersion < BOOT_IMAGE_HEADER_VERSION_MAXIMUM) { image.position(BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET); int recoveryDtboLength = image.getInt(); length += ((recoveryDtboLength + pageSize - 1) / pageSize) * pageSize; @@ -183,7 +190,7 @@ public class SignBoot { "Invalid image header: invalid header length"); } } else { - // headerVersion is 0 or actually extra size in this case + // headerVersion is 0 or actually dt/extra size in this case length += ((headerVersion + pageSize - 1) / pageSize) * pageSize; } length = ((length + pageSize - 1) / pageSize) * pageSize;