From c85b1c56af6fc2493380f902962407dcb292a5a5 Mon Sep 17 00:00:00 2001
From: osm0sis <osm0sis@outlook.com>
Date: Sat, 2 Nov 2019 00:26:53 -0300
Subject: [PATCH] signing: fixes for bootimg hdr_v1 and hdr_v2 - increase
 SignBoot bootimg header version maximum from 4 to 8 (upstream AOSP is already
 at 3) and make a variable for future ease - hdr read size of 1024 bytes was
 too small as hdr_v1 and hdr_v2 have increased the used header page areas to
 1632 and 1648 bytes, respectively, so raise this to the minimum page size of
 2048 and also make a variable for future ease - do not return "not signed"
 for all caught exceptions, show StackTrace for future debugging then still
 return false for script purposes - correct "test keys" boot image signing
 strings (scripts and app) to "verity keys"

---
 .../topjohnwu/magisk/tasks/MagiskInstaller.kt |  2 +-
 scripts/util_functions.sh                     |  2 +-
 .../java/com/topjohnwu/signing/SignBoot.java  | 19 +++++++++++++------
 3 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/app/src/main/java/com/topjohnwu/magisk/tasks/MagiskInstaller.kt b/app/src/main/java/com/topjohnwu/magisk/tasks/MagiskInstaller.kt
index 5357f9703..e6de79548 100644
--- a/app/src/main/java/com/topjohnwu/magisk/tasks/MagiskInstaller.kt
+++ b/app/src/main/java/com/topjohnwu/magisk/tasks/MagiskInstaller.kt
@@ -266,7 +266,7 @@ abstract class MagiskInstaller {
 
         val patched = File(installDir, "new-boot.img")
         if (isSigned) {
-            console.add("- Signing boot image with test keys")
+            console.add("- Signing boot image with verity keys")
             val signed = File(installDir, "signed.img")
             try {
                 withStreams(SuFileInputStream(patched), signed.outputStream().buffered()) {
diff --git a/scripts/util_functions.sh b/scripts/util_functions.sh
index a2af6444b..6482e114a 100644
--- a/scripts/util_functions.sh
+++ b/scripts/util_functions.sh
@@ -256,7 +256,7 @@ flash_image() {
   esac
   if $BOOTSIGNED; then
     CMD2="$BOOTSIGNER -sign"
-    ui_print "- Sign image with test keys"
+    ui_print "- Sign image with verity keys"
   else
     CMD2="cat -"
   fi
diff --git a/signing/src/main/java/com/topjohnwu/signing/SignBoot.java b/signing/src/main/java/com/topjohnwu/signing/SignBoot.java
index ce1494ff5..c7347b2b7 100644
--- a/signing/src/main/java/com/topjohnwu/signing/SignBoot.java
+++ b/signing/src/main/java/com/topjohnwu/signing/SignBoot.java
@@ -33,6 +33,12 @@ public class SignBoot {
     private static final int BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET = 1632;
     private static final int BOOT_IMAGE_HEADER_V2_DTB_SIZE_OFFSET = 1648;
 
+    /* Arbitrary maximum header version value; when greater assume the field is dt/extra size */
+    private static final int BOOT_IMAGE_HEADER_VERSION_MAXIMUM = 8;
+
+    /* Maximum header size byte value to read (bootimg minimum page size) */
+    private static final int BOOT_IMAGE_HEADER_SIZE_MAXIMUM = 2048;
+
     private static class PushBackRWStream extends FilterInputStream {
         private OutputStream out;
         private int pos = 0;
@@ -82,7 +88,7 @@ public class SignBoot {
                                       InputStream cert, InputStream key) {
         try {
             PushBackRWStream in = new PushBackRWStream(imgIn, imgOut);
-            byte[] hdr = new byte[1024];
+            byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM];
             // First read the header
             in.read(hdr);
             int signableSize = getSignableImageSize(hdr);
@@ -113,7 +119,7 @@ public class SignBoot {
     public static boolean verifySignature(InputStream imgIn, InputStream certIn) {
         try {
             // Read the header for size
-            byte[] hdr = new byte[1024];
+            byte[] hdr = new byte[BOOT_IMAGE_HEADER_SIZE_MAXIMUM];
             if (imgIn.read(hdr) != hdr.length)
                 return false;
             int signableSize = getSignableImageSize(hdr);
@@ -141,7 +147,8 @@ public class SignBoot {
                 System.err.println("Signature is INVALID");
             }
         } catch (Exception e) {
-            System.err.println("Invalid image: not signed");
+            e.printStackTrace();
+            return false;
         }
         return false;
     }
@@ -165,8 +172,8 @@ public class SignBoot {
                 + ((kernelSize + pageSize - 1) / pageSize) * pageSize
                 + ((ramdskSize + pageSize - 1) / pageSize) * pageSize
                 + ((secondSize + pageSize - 1) / pageSize) * pageSize;
-        int headerVersion = image.getInt(); // boot image header version or extra size
-        if (headerVersion > 0 && headerVersion < 4) {
+        int headerVersion = image.getInt(); // boot image header version or dt/extra size
+        if (headerVersion > 0 && headerVersion < BOOT_IMAGE_HEADER_VERSION_MAXIMUM) {
             image.position(BOOT_IMAGE_HEADER_V1_RECOVERY_DTBO_SIZE_OFFSET);
             int recoveryDtboLength = image.getInt();
             length += ((recoveryDtboLength + pageSize - 1) / pageSize) * pageSize;
@@ -183,7 +190,7 @@ public class SignBoot {
                         "Invalid image header: invalid header length");
             }
         } else {
-            // headerVersion is 0 or actually extra size in this case
+            // headerVersion is 0 or actually dt/extra size in this case
             length += ((headerVersion + pageSize - 1) / pageSize) * pageSize;
         }
         length = ((length + pageSize - 1) / pageSize) * pageSize;