commit b0ae5ed8a40003479f70a8bde35df491636e527b
author Sami Tolvanen <samitolvanen@google.com> Fri Jun 03 13:58:26 2016 -0700
committer Sami Tolvanen <samitolvanen@google.com> Mon Jun 06 13:54:00 2016 -0700
tree 2e5b738a7cc96452308345a8be42107efe1e0ed1
parent db7ef4749e8d06fb0ad891a03a5fc4f22b2044d2

fs_mgr: validate corrected signatures

If signature verification fails and we have an error corrected
signature available, attempt to verify that instead.

Needs changes from
  Ie913c21ba1d07d6df4c6feeb7226b2ec963f4d19

Bug: 28943429
Change-Id: I7d48701916fe430b17aa05acb120f22a1802733d

fs_mgr/fs_mgr_verity.cpp

diff --git a/fs_mgr/fs_mgr_verity.cpp b/fs_mgr/fs_mgr_verity.cpp
index b5141c9..719096f 100644
--- a/fs_mgr/fs_mgr_verity.cpp
+++ b/fs_mgr/fs_mgr_verity.cpp
@@ -150,6 +150,18 @@
     return retval;
 }
 
+static int verify_verity_signature(const struct fec_verity_metadata& verity)
+{
+    if (verify_table(verity.signature, verity.table,
+            verity.table_length) == 0 ||
+        verify_table(verity.ecc_signature, verity.table,
+            verity.table_length) == 0) {
+        return 0;
+    }
+
+    return -1;
+}
+
 static int invalidate_table(char *table, size_t table_length)
 {
     size_t n = 0;
@@ -919,8 +931,7 @@
     }
 
     // verify the signature on the table
-    if (verify_table(verity.signature, verity.table,
-            verity.table_length) < 0) {
+    if (verify_verity_signature(verity) < 0) {
         if (params.mode == VERITY_MODE_LOGGING) {
             // the user has been warned, allow mounting without dm-verity
             retval = FS_MGR_SETUP_VERITY_SUCCESS;