From 908ad77af8731c0e8a7645575ea71fbbdd404d41 Mon Sep 17 00:00:00 2001 From: xunchang Date: Tue, 26 Mar 2019 09:54:34 -0700 Subject: Allow RSA 4096 key in package verification The RSA_verify sitll works for 4096 bits keys. And we just need to loose the check on modulus. Sample commands to generate the key & package: 1. openssl genrsa -out keypair.pem 4096 2. openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt \ -in keypair.pem -out private.pk8 3. openssl req -new -x509 -key keypair.pem -out public.x509.pem \ -days 365 4. java -Djava.library.path=prebuilts/sdk/tools/linux/lib64 -jar \ prebuilts/sdk/tools/lib/signapk.jar -w public.x509.pem private.pk8 \ unsigned.zip signed.zip Bug: 129163830 Test: unit tests pass Change-Id: I5a5ff539c9ff1955c02ec2ce4b17563cb92808a4 --- verifier.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'verifier.h') diff --git a/verifier.h b/verifier.h index 106b86b85..ef9feaff0 100644 --- a/verifier.h +++ b/verifier.h @@ -88,7 +88,8 @@ class VerifierInterface { // VERIFY_FAILURE (if any error is encountered or no key matches the signature). int verify_file(VerifierInterface* package, const std::vector& keys); -// Checks that the RSA key has a modulus of 2048 bits long, and public exponent is 3 or 65537. +// Checks that the RSA key has a modulus of 2048 or 4096 bits long, and public exponent is 3 or +// 65537. bool CheckRSAKey(const std::unique_ptr& rsa); // Checks that the field size of the curve for the EC key is 256 bits. -- cgit v1.2.3