ACPR/android_system_core
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

DO NOT MERGE: Switch fs_mgr to use SHA-256 instead of SHA-1

Browse source 
Verity metadata signatures will be switched to SHA-256. Switch
fs_mgr signature verification to use the correct algorithm.

Needs matching changes from
  https://googleplex-android-review.git.corp.google.com/#/c/579905/
  https://googleplex-android-review.git.corp.google.com/#/c/583213/
  https://googleplex-android-review.git.corp.google.com/#/c/583214/
  https://googleplex-android-review.git.corp.google.com/#/c/583233/

Bug: 15984840
Bug: 18120110
Bug: 17917515
Change-Id: I8f90519bffa105a0eb7abeaad3aea1ffceb851e2
(cherry picked from commit a3465e250c)
This commit is contained in:
Sami Tolvanen 2014-11-06 20:33:07 -08:00 committed by Iliyan Malchev
parent eb6036ac6b
commit 9573a13bbc
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
fs_mgr/fs_mgr_verity.c
View file

@ -86,11 +86,11 @@ static RSAPublicKey *load_key(char *path)
static int verify_table(char *signature, char *table, int table_length) static int verify_table(char *signature, char *table, int table_length)
{ {
RSAPublicKey *key; RSAPublicKey *key;
uint8_t hash_buf[SHA_DIGEST_SIZE]; uint8_t hash_buf[SHA256_DIGEST_SIZE];
int retval = -1; int retval = -1;
// Hash the table // Hash the table
SHA_hash((uint8_t*)table, table_length, hash_buf); SHA256_hash((uint8_t*)table, table_length, hash_buf);
// Now get the public key from the keyfile // Now get the public key from the keyfile
key = load_key(VERITY_TABLE_RSA_KEY); key = load_key(VERITY_TABLE_RSA_KEY);
@ -104,7 +104,7 @@ static int verify_table(char *signature, char *table, int table_length)
(uint8_t*) signature, (uint8_t*) signature,
RSANUMBYTES, RSANUMBYTES,
(uint8_t*) hash_buf, (uint8_t*) hash_buf,
SHA_DIGEST_SIZE)) { SHA256_DIGEST_SIZE)) {
ERROR("Couldn't verify table."); ERROR("Couldn't verify table.");
goto out; goto out;
} }