PawletOS/android_bootable_recovery
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Allow RSA 4096 key in package verification

Browse Source 
The RSA_verify sitll works for 4096 bits keys. And we just
need to loose the check on modulus.

Sample commands to generate the key & package:
1. openssl genrsa -out keypair.pem 4096
2. openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt \
   -in keypair.pem -out private.pk8
3. openssl req -new -x509 -key keypair.pem -out public.x509.pem \
   -days 365
4. java -Djava.library.path=prebuilts/sdk/tools/linux/lib64 -jar \
   prebuilts/sdk/tools/lib/signapk.jar -w public.x509.pem private.pk8 \
   unsigned.zip signed.zip

Bug: 129163830
Test: unit tests pass
Change-Id: I5a5ff539c9ff1955c02ec2ce4b17563cb92808a4
This commit is contained in:
xunchang
2019-03-26 09:54:34 -07:00
parent 6287253eb4
commit 908ad77af8
5 changed files with 50 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
verifier.cpp
View File

@@ -373,8 +373,8 @@ bool CheckRSAKey(const std::unique_ptr<RSA, RSADeleter>& rsa) {
const BIGNUM* out_e;
RSA_get0_key(rsa.get(), &out_n, &out_e, nullptr /* private exponent */);
auto modulus_bits = BN_num_bits(out_n);
if (modulus_bits != 2048) {
LOG(ERROR) << "Modulus should be 2048 bits long, actual: " << modulus_bits;
if (modulus_bits != 2048 && modulus_bits != 4096) {
LOG(ERROR) << "Modulus should be 2048 or 4096 bits long, actual: " << modulus_bits;
return false;
}