diff options
author | Tianjie Xu <xunchang@google.com> | 2019-03-27 18:57:38 +0100 |
---|---|---|
committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2019-03-27 18:57:38 +0100 |
commit | 3168ddf79dee2b7256eb43b404dad5c3a0d71af2 (patch) | |
tree | 2be8560dae4dfc7cf748d295d7c57da9a8973de7 | |
parent | Merge "Move out the code to parse block map in MemMap" (diff) | |
parent | Allow RSA 4096 key in package verification (diff) | |
download | android_bootable_recovery-3168ddf79dee2b7256eb43b404dad5c3a0d71af2.tar android_bootable_recovery-3168ddf79dee2b7256eb43b404dad5c3a0d71af2.tar.gz android_bootable_recovery-3168ddf79dee2b7256eb43b404dad5c3a0d71af2.tar.bz2 android_bootable_recovery-3168ddf79dee2b7256eb43b404dad5c3a0d71af2.tar.lz android_bootable_recovery-3168ddf79dee2b7256eb43b404dad5c3a0d71af2.tar.xz android_bootable_recovery-3168ddf79dee2b7256eb43b404dad5c3a0d71af2.tar.zst android_bootable_recovery-3168ddf79dee2b7256eb43b404dad5c3a0d71af2.zip |
-rw-r--r-- | tests/component/verifier_test.cpp | 11 | ||||
-rw-r--r-- | tests/testdata/otasigned_4096bits.zip | bin | 0 -> 4055 bytes | |||
-rw-r--r-- | tests/testdata/testkey_4096bits.x509.pem | 35 | ||||
-rw-r--r-- | verifier.cpp | 4 | ||||
-rw-r--r-- | verifier.h | 3 |
5 files changed, 50 insertions, 3 deletions
diff --git a/tests/component/verifier_test.cpp b/tests/component/verifier_test.cpp index c904cd038..bdb8af231 100644 --- a/tests/component/verifier_test.cpp +++ b/tests/component/verifier_test.cpp @@ -158,6 +158,17 @@ TEST(VerifierTest, LoadCertificateFromBuffer_sha256_ec256bits) { VerifyPackageWithSingleCertificate("otasigned_v5.zip", std::move(cert)); } +TEST(VerifierTest, LoadCertificateFromBuffer_sha256_rsa4096_bits) { + Certificate cert(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr); + LoadKeyFromFile(from_testdata_base("testkey_4096bits.x509.pem"), &cert); + + ASSERT_EQ(SHA256_DIGEST_LENGTH, cert.hash_len); + ASSERT_EQ(Certificate::KEY_TYPE_RSA, cert.key_type); + ASSERT_EQ(nullptr, cert.ec); + + VerifyPackageWithSingleCertificate("otasigned_4096bits.zip", std::move(cert)); +} + TEST(VerifierTest, LoadCertificateFromBuffer_check_rsa_keys) { std::unique_ptr<RSA, RSADeleter> rsa(RSA_new()); std::unique_ptr<BIGNUM, decltype(&BN_free)> exponent(BN_new(), BN_free); diff --git a/tests/testdata/otasigned_4096bits.zip b/tests/testdata/otasigned_4096bits.zip Binary files differnew file mode 100644 index 000000000..5016dfc9a --- /dev/null +++ b/tests/testdata/otasigned_4096bits.zip diff --git a/tests/testdata/testkey_4096bits.x509.pem b/tests/testdata/testkey_4096bits.x509.pem new file mode 100644 index 000000000..cba30d61b --- /dev/null +++ b/tests/testdata/testkey_4096bits.x509.pem @@ -0,0 +1,35 @@ +-----BEGIN CERTIFICATE----- +MIIGADCCA+igAwIBAgIJAJiRMVvanGUaMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g +VmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UE +AwwHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe +Fw0xODEwMzAxMjEzNTFaFw00NjAzMTcxMjEzNTFaMIGUMQswCQYDVQQGEwJVUzET +MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G +A1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHQW5kcm9p +ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCAiIwDQYJKoZI +hvcNAQEBBQADggIPADCCAgoCggIBAL3ghKA8Gz9qOORY8gMY4wlB2tCJLDUO2tFG +LVK1UphtQMp+YEcz/0VQKVV7de7z6V4EMQ5P1HbxHOsjcKn/zXAl4YgFt7b5kZbC +bpNK4CYHEfho3j6fpYtq5d9q8rIA2kI0uZkkqPy1zXKTl2C2PjOoAnLQRk5xBVQG +M10/wYsf7yX36mSWoJJwKPp/EzVFpA+hX8HpljeIiZ6CFzKwJdqv9zO/xzfp6NsX +Tv5EGdkDxmw3qQqKgyl8dLMTZ/2zNfvVOMeZDusEPDF7A/lbU1byLWrKQdCzVb40 +yc7BCSRGYwM29R/byOcgD+lslwKSGzgzNmQXICt1tXz9bSJR8qh4tlAaiRc3ZKBe +hJWIFGkGtD/cDGtDE5DbNAOz6CdSDdE2XN0Qf0cfN1RHVE6fo2FtFicRRVuFBt8M +2cbQ7bzmEvtHD6W6dsf120FH7gppXKmnhMx1WazpxR2QltbiYDTy2ZZi4paS/jDB +fL9gMCWp3Ohg2y74NGfUw5CQWQsDpcki6I7RvwClBCyOV51LHn5LE/nY4DkVrZxk +Pw0/YrTWz5J5PbdMetTuIunE4ec4lm8nZnh1ET+2MHx2+RoyF5vBs4rp1KHHRaEA +veD2AfQOWxz7kOG9+akFot7n+QoWEGdwY0mJ9jsO/IITCjv3VbD7o0OoJv1R2AW5 +sK2KQ4PDAgMBAAGjUzBRMB0GA1UdDgQWBBT2EbrayXGhY6VCvSlLtRNyjW9ceDAf +BgNVHSMEGDAWgBT2EbrayXGhY6VCvSlLtRNyjW9ceDAPBgNVHRMBAf8EBTADAQH/ +MA0GCSqGSIb3DQEBCwUAA4ICAQC7SsWap9zDKmuR0qMUZ6wlualnag0hUG1jZHQP +t63KO6LmNNMSuXRX60Zcq6WWzgLOyoT4HqHZZ47Jamfb4XQQcnWMMW0tJ3pDtTkz +dZILBInHJO8QPYI8Du6XWsDLSvMajq6ueBtO3NdcgsNL7eiHf3WoOtajLZxFM94Z +MESkUQOIsqHolYeTMHLTsuGkX1CK2Zw3Xn18bUSTYwZCHa6mYH00ItUBfetGCnWh +Y7bth/R15Cc+hocSB7ZsOa/R5kDyDdFDIKrnV5nH5Yd7CryrYC6Ac5UarYrxSJTq +eKPwqUlJB/tJW/lvdLt8YaURbFGzf/ZqU12zZRafYjmMjcQvfpzMoDSnbvHTA9IR +ZGO7dwhwykoSaL4/8LWde49xQUq6F2pQBRmEr+7mTzml1MaM5cWEk5emkCMXgLog +k+c56CAk1EdM1teWik7wR0TIqkkYyYJHTSg61GkXUIXrZJ6iYx2ejDg1+QTPm9rU +Yr7nP52gVkQuUAX1+xB6wKLSDizQJw8SNiUGXl5+2vwV6+0BI3/CXlQ8I/nRPBC1 +oqOIkRSbE+IF7DP9QvYuNG/3bZZQ8LUVeHxqI5Mq8K2VIJZd95AIwPNMH34SaDGz +9xjG28Fq4ZkuDP0pCsHM9d2XEwK5PEVS18WW5fJ/QcJKMno4IPTB70ZBBjVzv6Y+ +MYjOrw== +-----END CERTIFICATE----- diff --git a/verifier.cpp b/verifier.cpp index 68a011e0d..08d852b37 100644 --- a/verifier.cpp +++ b/verifier.cpp @@ -373,8 +373,8 @@ bool CheckRSAKey(const std::unique_ptr<RSA, RSADeleter>& rsa) { const BIGNUM* out_e; RSA_get0_key(rsa.get(), &out_n, &out_e, nullptr /* private exponent */); auto modulus_bits = BN_num_bits(out_n); - if (modulus_bits != 2048) { - LOG(ERROR) << "Modulus should be 2048 bits long, actual: " << modulus_bits; + if (modulus_bits != 2048 && modulus_bits != 4096) { + LOG(ERROR) << "Modulus should be 2048 or 4096 bits long, actual: " << modulus_bits; return false; } diff --git a/verifier.h b/verifier.h index 106b86b85..ef9feaff0 100644 --- a/verifier.h +++ b/verifier.h @@ -88,7 +88,8 @@ class VerifierInterface { // VERIFY_FAILURE (if any error is encountered or no key matches the signature). int verify_file(VerifierInterface* package, const std::vector<Certificate>& keys); -// Checks that the RSA key has a modulus of 2048 bits long, and public exponent is 3 or 65537. +// Checks that the RSA key has a modulus of 2048 or 4096 bits long, and public exponent is 3 or +// 65537. bool CheckRSAKey(const std::unique_ptr<RSA, RSADeleter>& rsa); // Checks that the field size of the curve for the EC key is 256 bits. |