From 908ad77af8731c0e8a7645575ea71fbbdd404d41 Mon Sep 17 00:00:00 2001
From: xunchang <xunchang@google.com>
Date: Tue, 26 Mar 2019 09:54:34 -0700
Subject: [PATCH] Allow RSA 4096 key in package verification

The RSA_verify sitll works for 4096 bits keys. And we just
need to loose the check on modulus.

Sample commands to generate the key & package:
1. openssl genrsa -out keypair.pem 4096
2. openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt \
   -in keypair.pem -out private.pk8
3. openssl req -new -x509 -key keypair.pem -out public.x509.pem \
   -days 365
4. java -Djava.library.path=prebuilts/sdk/tools/linux/lib64 -jar \
   prebuilts/sdk/tools/lib/signapk.jar -w public.x509.pem private.pk8 \
   unsigned.zip signed.zip

Bug: 129163830
Test: unit tests pass
Change-Id: I5a5ff539c9ff1955c02ec2ce4b17563cb92808a4
---
 tests/component/verifier_test.cpp        |  11 +++++++
 tests/testdata/otasigned_4096bits.zip    | Bin 0 -> 4055 bytes
 tests/testdata/testkey_4096bits.x509.pem |  35 +++++++++++++++++++++++
 verifier.cpp                             |   4 +--
 verifier.h                               |   3 +-
 5 files changed, 50 insertions(+), 3 deletions(-)
 create mode 100644 tests/testdata/otasigned_4096bits.zip
 create mode 100644 tests/testdata/testkey_4096bits.x509.pem

diff --git a/tests/component/verifier_test.cpp b/tests/component/verifier_test.cpp
index c904cd03..bdb8af23 100644
--- a/tests/component/verifier_test.cpp
+++ b/tests/component/verifier_test.cpp
@@ -158,6 +158,17 @@ TEST(VerifierTest, LoadCertificateFromBuffer_sha256_ec256bits) {
   VerifyPackageWithSingleCertificate("otasigned_v5.zip", std::move(cert));
 }
 
+TEST(VerifierTest, LoadCertificateFromBuffer_sha256_rsa4096_bits) {
+  Certificate cert(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
+  LoadKeyFromFile(from_testdata_base("testkey_4096bits.x509.pem"), &cert);
+
+  ASSERT_EQ(SHA256_DIGEST_LENGTH, cert.hash_len);
+  ASSERT_EQ(Certificate::KEY_TYPE_RSA, cert.key_type);
+  ASSERT_EQ(nullptr, cert.ec);
+
+  VerifyPackageWithSingleCertificate("otasigned_4096bits.zip", std::move(cert));
+}
+
 TEST(VerifierTest, LoadCertificateFromBuffer_check_rsa_keys) {
   std::unique_ptr<RSA, RSADeleter> rsa(RSA_new());
   std::unique_ptr<BIGNUM, decltype(&BN_free)> exponent(BN_new(), BN_free);
diff --git a/tests/testdata/otasigned_4096bits.zip b/tests/testdata/otasigned_4096bits.zip
new file mode 100644
index 0000000000000000000000000000000000000000..5016dfc9a7b72782f7ba0392ed9dc78f7cf5b025
GIT binary patch
literal 4055
zcmd6oc{tQv|Ho%D%-CXNnTRYAnP%+!z7J!h6e2SA>@z}^O!jP9#w|NdmQWEgkyH{<
zL}jTEvSp7+wr5<=egE#B-|zQ4e?RAYUEj|+@9+C_u5*3QIiD9E3x>b}02TnF9aB4a
z|J8s1H~_QP4FD((gBTi~VdMd@upBu5)hNhNEDX=+%9`SgPPzE`oO1Rh1p0XrPWcg?
zU0ef+1r*ce$12=$%i&4Q#<G<A;_+JiJ*mL@=P45D_nEjsu%age`~At0Wu7Sti`QLS
z&pIB>ai|)L+*Y!(A#Dq1d}pGSVnx#Td7{M9YwrTgxK%zO@6U;P5W)P)oQB?7RnDmZ
zs@Y!kudsla^So49h{-wqn4-KGYZC+hyK8O+6Da1{$FO33TTou2z;tfsupP&zENEb|
z!OrXBzIj3~+-dx+-bd@%x!5BvF3K5Q+nt$m8}RQTP5T$h{nQ`Zvy*%ph4eK6X{TKV
zoML|$HSD@-$M&V%>DL?N_Xd`yv3RBVMV(N6^^h`~FN-=|ZAjN9Cu7|$zeP#9<>jx-
z{`)VE?{OS-_h<IvcJBBcDvt|&OZ-ZsDE)kS?gc<8Woa)A(d+Ol)zC>O?=B2CA6Y2W
ziM3=m8?NEYHIzHauhvsq5py_~sN%qvd`Dk8N8QwLC|R_G#-c9#K<-&S*1N+#sL;nV
zb*k`Mp~VqbE_m&0c%sztQ3CZ$=EB16(Aq{8O8#8I%z!?#dAaqy>IFBt{&J$gkK`AR
zYJ!-{Vp~(M-r%x<8CXwIw7e%W1-IJMmg64eE*W%Ry=^}3Z-E;bY~tIctY*~Z<yrME
zgkE_?ceHHTHBWGwCN#{CUmZ%7FYNs`P$bRDB+&IexYdY*Mp)U%a;RXr_WedWO3P*k
z9U!r2)qeU#IgddXeUPZ%Gc0x^&01-tPkX!f$NSddMW7_@VIQ`xh;?iQx1Q|~mOj?9
z_DAm5*hk0*wG{<4ow}GY$8S!~VD}kncYJn_xKgZlRkhE^fN1W$<>Wf4rg!V5Iie^@
z1GH;&>?PqTQoo4s`uqAj0%rX&ZnwCD`0veHbZ%+2YC`GQ0Ic(hbKUosxMs^nytvoG
zCy^6{sc#ybwLso?Nsj`!Q&$l<*DI5xc6;SYK57~w;2||7Un0|``xz>Xu$=0zoMbMn
z+Y$tw;XO<{*^Z4$k-K_gI8r5LID|Sq{#0bKSFmN<c*172OY8W^pu(vf-~&eyu-Eq&
z%MP=G8{x0ir=PG)0>>u(LK?G>$wAvh69>-Q!J0-)JWE+Y$~Ge|Iz3#LnHbE1UY`gT
zpn?5LzrN_kOnIf#br&l({^pRWB7@dD;o>!sezJwTo|8eL(Z$DKyi8RP?vjQCthW_>
zzW8KpS~nu21E6zFG2`dm+pr<O4;>lf+LPgG%YA~5M-|J^lTCZsbeAvqk9g{+`E%5R
z72|=4HsSY1dorush27n`X_KuF^51GYHQ2tEvq7(wpoSomfyrD+l^rTLe;BQxLhdv7
zhLwCiBG`Htaxt7+yJY&Fl%M+^iHmQ><DBdIL)nSIfq9qkE0mUox+e0Q%SIx@%X;5u
z-`YN=&q?UqI;?TgE2l4`i!h22n6u{krAu?opsedxS!F$mxfEf0#xwbzfi%zS>>nOD
zY0i&V=Wgh25(D2&s{M@429ee=MxQDIJS9xh-il?1-~*laOoaW$Slqr|qKyh}#+jgu
z%s0JVWy=*fTlK8yw|c&%yKVNoUU(>kxBuEu7)*@cJ6~-FctbNLREeD#C2bS0Xg8f-
zBXqov)ocq;S%=Fz_aB++)a55f%z9>t)h17;K4vS3$#_XqHn<|C>If2&J(u8!TCG7S
zrNMtRFTAt#@`xT=`9U|+(+nj*qp)K=)L8b2r_t*9!pClE#q>}AaeRJ71_Fx+xv}GB
zr`57JG=zH+!TSF83`Y;ma3`93L+pfvrq<llY;&mrf<D}@{`S<=^;(ub%}K?GVd>D5
zb!<h|Xqv~e?Mz>|T&{_7-Fy!)BFN{qkgaz7JT8B%raM0?x0l98tTYYtn!SKYY{|`+
zG1iJma;a4^xqv*5T&`Y%mg=~c4jFBCmotN?HS0r>`vpJGqFyQOEOUS5#ABIRoK`Y_
zl`sJS7a8>(j|GC@jOzdIsPGpd{u%#;5kL?R;BQL&KIs7^{%$82-T%Z4JeCQ1;07_C
z>x{_57)ir|Jl%a=2_lz5MXVV;U4L%?nhfKB!ldI&;^^!^W>7JiWgksu*#-fD7)~@h
z6y_9X0(1pKKtLt{n)PoZu$T;mpvh21K6thm3<82cFu)%-G4><*uE>MDKW7B8GV-Fc
zFsx`86nqu}MS#v)V-RSrg8>U0T;KV!r<-4(uctGH7tM1ZGPAK;_>p{x&Yr#^HlD6m
zFo)0_2RfXMS@)k*{7Yf|KMMG7MHDUaKWl&ic@cjSRp-x$Vo(-+l#d;wf<eopF>)Ar
zMT{LEyMhv09;5u{@V|B0WRU3ZKbWyGU^0l4u@N9RhztS(TE}CGHI8U|sZ5<;1M^S9
zbVvFUPbzYZ^c%^ZZaDpik4|@_ld=51A^ybKtE8p%IY$VF!*VcqRd7MfzjD9VUt%JG
zsi|@6CgquLrrG#$X0D$eU$ly-H@v3Dyw>UfBYFzWx#AT&4ZVSxIZlmQ@)e-KJ|kQJ
z(;29|gLeB3;bjT>Jb_Z2;V<<o3ZZCto3rF%`y53%A+eCmCwE_B<Q`qVty6h!c9ajd
zXCN>PetB8B5}tJZL^!b?;l5k1xcy$GGnZolqJg;z-m<s0S(EkZ*6pi5`$VDZO*>57
z$OWvlAw2qOMuc<jat<ith>E-tflow+)DXVwBWkr)5z>f9Ch{p0iXCIJ6L>tK54AtB
zdFvz6M-{;Jvy!LT`;{(yJ``mvtbE4!46dlm*@st>%g{a+I>t8qvTw2F8~3&`CzTf5
zxiPA1yae~WP+1<+L$a-&>kvw(eE905ur^G&^p%pahi(sVb3#j0ewuX}Mg3H8AAFvk
zZp#X$c8SiW_O}73kdvwB3b02bv52jqan-{$`2=lt?Mn|oyv+#JY%&iUToRpoF)^b;
z@so55A#rIpqQir?kaB!^?e$4>gC(7YC5)Zi1peT#7u-&tXx*x0D*ZCE1?N5F?(brn
zxT(&uLq@>W>1Xe6m+4m=-?bWIYQA5Sq<{T62n+-O%dF8>Xd%YM5#oUGLU=a0Xd_(#
zB`#FG))UwUL|}^Fg%Gsx!DlfDKbrU2|8L+tFd%@yeFzg8%m}|9JI1|c96KQ3v02Bh
z@=wpDy>GrN<8iN+Xs&ekVn2rWaUl>nn`*k%OTQ@$a5odrEf`(6OQpO4z3Gnmd9-BM
zJ+;freRP6&D3Fwl@sX7b({E6fCuOig5<A704{4G$IF@qkp1w9)N2b=+h8)3t`gno-
z9J@FhA4RHA`%osEZz%so0BvyF3Y<_^GMgQri4Gj7o49=upER7W>=+U5W02_r)f1|{
z;}oGF`W_guU<4<XxHK-t{~%3CYQ@EKGdEsVz1ROuXN|pIU!-d0TyE!d{8f0%T_@DF
zploDK(yB?;d`Q_!rKu_NwyFJ=AMtUxGnMPIRejW^m$gH^D{s*y)#Q{Hry}!viWSOz
zR|mlFxCkzfudw)cn{j(Q(OzjNxSAHAYewVq!ZQiP+*|r)sY)GunLOPQlbLfTU5xJ<
zO(b(hbyh@t(AfOLM@kZI#n|9gl_`H0+1Nr#ZP1esAG<&(EOikoOjc3cg1pTe8NBpl
zM!TTc#sGz9+Soo6_O$dJ$H_iPPHrU$sH0=#$j;$~MW9&JGsiO;Vq5(hhZ;)D5^nP3
zA-*zwm*3UfL@D^ueJJ>qhQlG@USgTjD>d076bE`b%hPpp;Ye-|Og)|d<!HOtL@tVL
z_XNDXXXA4Y0@SQwc=}@pWqK`2_nDbon2N}c_GKeosA5pt9W6}4n|l~C=nbRvbTfc~
zjxPN#t(pIeO}{hkH&ihyDTE9HJhBi>c&JnC$1=Xi^F<B3aA%+@kv}cZPYih1(WgUr
zG^Uif05nw3-nOJ`;k1Q2*|<LWRxF%9|8{J=u8hM{mHo)#2_S50Nz)!V9Bi5Nz(RSq
zMprE%cxb#|50+PdOj|71w|%5}ttlY;6`nO9V#jStc;UIA=ZZ}7NcC=QPJ?ad;r<x$
zjcZb|);E#G@`c9Fb{;jQah`9D4wuq9(h(YJSGji5+^}o%jHNWUjKaK!g?;%Xxc8N|
zC|2VFie|EQUeexvg8*Jc7W=}s-Llm#l3I&!@xk!=c&I|=VSD@x+2&Wi+7l<FIO~pB
z#>o3)Gq>z)PkRUtwEKShz(eH?`(h(w$KJX3*6Otibna1UJ)N>zmdNb-$snl8h6$5+
zCrJ-&r(snwR3;-6DYdf~;XXdK_RE!+xUCRv?TV6(8fPi}Hb*V+Q9pgFp3e61^MugG
z(ZQC)ZjM`zY6HU-bCK7Tm?mK9cE^V7%c+(jQ%U{C)p1WF=+7!Wh{vMl^<F2#4H{oP
z%g(6p>wPU$JB`7VBLyh#L|BdTCN%EBjGpOH4OGezivpDMNSh&tYMChf0$GTcVvNpE
zmXTAv5isk?TK-&S0;?LBB8f8#sI0DSPB4yoY9qn(NWi@$OY70_>ATl;i*UaX*c-Io
ZyyTYD&W~T}^NvWhUv}e%?e9y&{s9fSzaRhr

literal 0
HcmV?d00001

diff --git a/tests/testdata/testkey_4096bits.x509.pem b/tests/testdata/testkey_4096bits.x509.pem
new file mode 100644
index 00000000..cba30d61
--- /dev/null
+++ b/tests/testdata/testkey_4096bits.x509.pem
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGADCCA+igAwIBAgIJAJiRMVvanGUaMA0GCSqGSIb3DQEBCwUAMIGUMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4g
+VmlldzEQMA4GA1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UE
+AwwHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
+Fw0xODEwMzAxMjEzNTFaFw00NjAzMTcxMjEzNTFaMIGUMQswCQYDVQQGEwJVUzET
+MBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEQMA4G
+A1UECgwHQW5kcm9pZDEQMA4GA1UECwwHQW5kcm9pZDEQMA4GA1UEAwwHQW5kcm9p
+ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCAiIwDQYJKoZI
+hvcNAQEBBQADggIPADCCAgoCggIBAL3ghKA8Gz9qOORY8gMY4wlB2tCJLDUO2tFG
+LVK1UphtQMp+YEcz/0VQKVV7de7z6V4EMQ5P1HbxHOsjcKn/zXAl4YgFt7b5kZbC
+bpNK4CYHEfho3j6fpYtq5d9q8rIA2kI0uZkkqPy1zXKTl2C2PjOoAnLQRk5xBVQG
+M10/wYsf7yX36mSWoJJwKPp/EzVFpA+hX8HpljeIiZ6CFzKwJdqv9zO/xzfp6NsX
+Tv5EGdkDxmw3qQqKgyl8dLMTZ/2zNfvVOMeZDusEPDF7A/lbU1byLWrKQdCzVb40
+yc7BCSRGYwM29R/byOcgD+lslwKSGzgzNmQXICt1tXz9bSJR8qh4tlAaiRc3ZKBe
+hJWIFGkGtD/cDGtDE5DbNAOz6CdSDdE2XN0Qf0cfN1RHVE6fo2FtFicRRVuFBt8M
+2cbQ7bzmEvtHD6W6dsf120FH7gppXKmnhMx1WazpxR2QltbiYDTy2ZZi4paS/jDB
+fL9gMCWp3Ohg2y74NGfUw5CQWQsDpcki6I7RvwClBCyOV51LHn5LE/nY4DkVrZxk
+Pw0/YrTWz5J5PbdMetTuIunE4ec4lm8nZnh1ET+2MHx2+RoyF5vBs4rp1KHHRaEA
+veD2AfQOWxz7kOG9+akFot7n+QoWEGdwY0mJ9jsO/IITCjv3VbD7o0OoJv1R2AW5
+sK2KQ4PDAgMBAAGjUzBRMB0GA1UdDgQWBBT2EbrayXGhY6VCvSlLtRNyjW9ceDAf
+BgNVHSMEGDAWgBT2EbrayXGhY6VCvSlLtRNyjW9ceDAPBgNVHRMBAf8EBTADAQH/
+MA0GCSqGSIb3DQEBCwUAA4ICAQC7SsWap9zDKmuR0qMUZ6wlualnag0hUG1jZHQP
+t63KO6LmNNMSuXRX60Zcq6WWzgLOyoT4HqHZZ47Jamfb4XQQcnWMMW0tJ3pDtTkz
+dZILBInHJO8QPYI8Du6XWsDLSvMajq6ueBtO3NdcgsNL7eiHf3WoOtajLZxFM94Z
+MESkUQOIsqHolYeTMHLTsuGkX1CK2Zw3Xn18bUSTYwZCHa6mYH00ItUBfetGCnWh
+Y7bth/R15Cc+hocSB7ZsOa/R5kDyDdFDIKrnV5nH5Yd7CryrYC6Ac5UarYrxSJTq
+eKPwqUlJB/tJW/lvdLt8YaURbFGzf/ZqU12zZRafYjmMjcQvfpzMoDSnbvHTA9IR
+ZGO7dwhwykoSaL4/8LWde49xQUq6F2pQBRmEr+7mTzml1MaM5cWEk5emkCMXgLog
+k+c56CAk1EdM1teWik7wR0TIqkkYyYJHTSg61GkXUIXrZJ6iYx2ejDg1+QTPm9rU
+Yr7nP52gVkQuUAX1+xB6wKLSDizQJw8SNiUGXl5+2vwV6+0BI3/CXlQ8I/nRPBC1
+oqOIkRSbE+IF7DP9QvYuNG/3bZZQ8LUVeHxqI5Mq8K2VIJZd95AIwPNMH34SaDGz
+9xjG28Fq4ZkuDP0pCsHM9d2XEwK5PEVS18WW5fJ/QcJKMno4IPTB70ZBBjVzv6Y+
+MYjOrw==
+-----END CERTIFICATE-----
diff --git a/verifier.cpp b/verifier.cpp
index 68a011e0..08d852b3 100644
--- a/verifier.cpp
+++ b/verifier.cpp
@@ -373,8 +373,8 @@ bool CheckRSAKey(const std::unique_ptr<RSA, RSADeleter>& rsa) {
   const BIGNUM* out_e;
   RSA_get0_key(rsa.get(), &out_n, &out_e, nullptr /* private exponent */);
   auto modulus_bits = BN_num_bits(out_n);
-  if (modulus_bits != 2048) {
-    LOG(ERROR) << "Modulus should be 2048 bits long, actual: " << modulus_bits;
+  if (modulus_bits != 2048 && modulus_bits != 4096) {
+    LOG(ERROR) << "Modulus should be 2048 or 4096 bits long, actual: " << modulus_bits;
     return false;
   }
 
diff --git a/verifier.h b/verifier.h
index 106b86b8..ef9feaff 100644
--- a/verifier.h
+++ b/verifier.h
@@ -88,7 +88,8 @@ class VerifierInterface {
 //  VERIFY_FAILURE (if any error is encountered or no key matches the signature).
 int verify_file(VerifierInterface* package, const std::vector<Certificate>& keys);
 
-// Checks that the RSA key has a modulus of 2048 bits long, and public exponent is 3 or 65537.
+// Checks that the RSA key has a modulus of 2048 or 4096 bits long, and public exponent is 3 or
+// 65537.
 bool CheckRSAKey(const std::unique_ptr<RSA, RSADeleter>& rsa);
 
 // Checks that the field size of the curve for the EC key is 256 bits.