Merge "Allow RSA 4096 key in package verification"
This commit is contained in:
Tianjie Xu
Gerrit Code Review
@@ -158,6 +158,17 @@ TEST(VerifierTest, LoadCertificateFromBuffer_sha256_ec256bits) {
|
|||||||
VerifyPackageWithSingleCertificate("otasigned_v5.zip", std::move(cert));
|
VerifyPackageWithSingleCertificate("otasigned_v5.zip", std::move(cert));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
TEST(VerifierTest, LoadCertificateFromBuffer_sha256_rsa4096_bits) {
|
||||||
|
Certificate cert(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
|
||||||
|
LoadKeyFromFile(from_testdata_base("testkey_4096bits.x509.pem"), &cert);
|
||||||
|
|
||||||
|
ASSERT_EQ(SHA256_DIGEST_LENGTH, cert.hash_len);
|
||||||
|
ASSERT_EQ(Certificate::KEY_TYPE_RSA, cert.key_type);
|
||||||
|
ASSERT_EQ(nullptr, cert.ec);
|
||||||
|
|
||||||
|
VerifyPackageWithSingleCertificate("otasigned_4096bits.zip", std::move(cert));
|
||||||
|
}
|
||||||
|
|
||||||
TEST(VerifierTest, LoadCertificateFromBuffer_check_rsa_keys) {
|
TEST(VerifierTest, LoadCertificateFromBuffer_check_rsa_keys) {
|
||||||
std::unique_ptr<RSA, RSADeleter> rsa(RSA_new());
|
std::unique_ptr<RSA, RSADeleter> rsa(RSA_new());
|
||||||
std::unique_ptr<BIGNUM, decltype(&BN_free)> exponent(BN_new(), BN_free);
|
std::unique_ptr<BIGNUM, decltype(&BN_free)> exponent(BN_new(), BN_free);
|
||||||
|
|||||||
BIN
Binary file not shown.
+35
@@ -0,0 +1,35 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIGADCCA+igAwIBAgIJAJiRMVvanGUaMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
|
||||||
|
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g
|
||||||
|
VmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UE
|
||||||
|
AwwHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
|
||||||
|
Fw0xODEwMzAxMjEzNTFaFw00NjAzMTcxMjEzNTFaMIGUMQswCQYDVQQGEwJVUzET
|
||||||
|
MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G
|
||||||
|
A1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHQW5kcm9p
|
||||||
|
ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCAiIwDQYJKoZI
|
||||||
|
hvcNAQEBBQADggIPADCCAgoCggIBAL3ghKA8Gz9qOORY8gMY4wlB2tCJLDUO2tFG
|
||||||
|
LVK1UphtQMp+YEcz/0VQKVV7de7z6V4EMQ5P1HbxHOsjcKn/zXAl4YgFt7b5kZbC
|
||||||
|
bpNK4CYHEfho3j6fpYtq5d9q8rIA2kI0uZkkqPy1zXKTl2C2PjOoAnLQRk5xBVQG
|
||||||
|
M10/wYsf7yX36mSWoJJwKPp/EzVFpA+hX8HpljeIiZ6CFzKwJdqv9zO/xzfp6NsX
|
||||||
|
Tv5EGdkDxmw3qQqKgyl8dLMTZ/2zNfvVOMeZDusEPDF7A/lbU1byLWrKQdCzVb40
|
||||||
|
yc7BCSRGYwM29R/byOcgD+lslwKSGzgzNmQXICt1tXz9bSJR8qh4tlAaiRc3ZKBe
|
||||||
|
hJWIFGkGtD/cDGtDE5DbNAOz6CdSDdE2XN0Qf0cfN1RHVE6fo2FtFicRRVuFBt8M
|
||||||
|
2cbQ7bzmEvtHD6W6dsf120FH7gppXKmnhMx1WazpxR2QltbiYDTy2ZZi4paS/jDB
|
||||||
|
fL9gMCWp3Ohg2y74NGfUw5CQWQsDpcki6I7RvwClBCyOV51LHn5LE/nY4DkVrZxk
|
||||||
|
Pw0/YrTWz5J5PbdMetTuIunE4ec4lm8nZnh1ET+2MHx2+RoyF5vBs4rp1KHHRaEA
|
||||||
|
veD2AfQOWxz7kOG9+akFot7n+QoWEGdwY0mJ9jsO/IITCjv3VbD7o0OoJv1R2AW5
|
||||||
|
sK2KQ4PDAgMBAAGjUzBRMB0GA1UdDgQWBBT2EbrayXGhY6VCvSlLtRNyjW9ceDAf
|
||||||
|
BgNVHSMEGDAWgBT2EbrayXGhY6VCvSlLtRNyjW9ceDAPBgNVHRMBAf8EBTADAQH/
|
||||||
|
MA0GCSqGSIb3DQEBCwUAA4ICAQC7SsWap9zDKmuR0qMUZ6wlualnag0hUG1jZHQP
|
||||||
|
t63KO6LmNNMSuXRX60Zcq6WWzgLOyoT4HqHZZ47Jamfb4XQQcnWMMW0tJ3pDtTkz
|
||||||
|
dZILBInHJO8QPYI8Du6XWsDLSvMajq6ueBtO3NdcgsNL7eiHf3WoOtajLZxFM94Z
|
||||||
|
MESkUQOIsqHolYeTMHLTsuGkX1CK2Zw3Xn18bUSTYwZCHa6mYH00ItUBfetGCnWh
|
||||||
|
Y7bth/R15Cc+hocSB7ZsOa/R5kDyDdFDIKrnV5nH5Yd7CryrYC6Ac5UarYrxSJTq
|
||||||
|
eKPwqUlJB/tJW/lvdLt8YaURbFGzf/ZqU12zZRafYjmMjcQvfpzMoDSnbvHTA9IR
|
||||||
|
ZGO7dwhwykoSaL4/8LWde49xQUq6F2pQBRmEr+7mTzml1MaM5cWEk5emkCMXgLog
|
||||||
|
k+c56CAk1EdM1teWik7wR0TIqkkYyYJHTSg61GkXUIXrZJ6iYx2ejDg1+QTPm9rU
|
||||||
|
Yr7nP52gVkQuUAX1+xB6wKLSDizQJw8SNiUGXl5+2vwV6+0BI3/CXlQ8I/nRPBC1
|
||||||
|
oqOIkRSbE+IF7DP9QvYuNG/3bZZQ8LUVeHxqI5Mq8K2VIJZd95AIwPNMH34SaDGz
|
||||||
|
9xjG28Fq4ZkuDP0pCsHM9d2XEwK5PEVS18WW5fJ/QcJKMno4IPTB70ZBBjVzv6Y+
|
||||||
|
MYjOrw==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
+2
-2
@@ -373,8 +373,8 @@ bool CheckRSAKey(const std::unique_ptr<RSA, RSADeleter>& rsa) {
|
|||||||
const BIGNUM* out_e;
|
const BIGNUM* out_e;
|
||||||
RSA_get0_key(rsa.get(), &out_n, &out_e, nullptr /* private exponent */);
|
RSA_get0_key(rsa.get(), &out_n, &out_e, nullptr /* private exponent */);
|
||||||
auto modulus_bits = BN_num_bits(out_n);
|
auto modulus_bits = BN_num_bits(out_n);
|
||||||
if (modulus_bits != 2048) {
|
if (modulus_bits != 2048 && modulus_bits != 4096) {
|
||||||
LOG(ERROR) << "Modulus should be 2048 bits long, actual: " << modulus_bits;
|
LOG(ERROR) << "Modulus should be 2048 or 4096 bits long, actual: " << modulus_bits;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
+2
-1
@@ -88,7 +88,8 @@ class VerifierInterface {
|
|||||||
// VERIFY_FAILURE (if any error is encountered or no key matches the signature).
|
// VERIFY_FAILURE (if any error is encountered or no key matches the signature).
|
||||||
int verify_file(VerifierInterface* package, const std::vector<Certificate>& keys);
|
int verify_file(VerifierInterface* package, const std::vector<Certificate>& keys);
|
||||||
|
|
||||||
// Checks that the RSA key has a modulus of 2048 bits long, and public exponent is 3 or 65537.
|
// Checks that the RSA key has a modulus of 2048 or 4096 bits long, and public exponent is 3 or
|
||||||
|
// 65537.
|
||||||
bool CheckRSAKey(const std::unique_ptr<RSA, RSADeleter>& rsa);
|
bool CheckRSAKey(const std::unique_ptr<RSA, RSADeleter>& rsa);
|
||||||
|
|
||||||
// Checks that the field size of the curve for the EC key is 256 bits.
|
// Checks that the field size of the curve for the EC key is 256 bits.
|
||||||
|
|||||||
Reference in New Issue
Block a user