Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / bdfaaf0304bb1b49a1fc1252a6d2181830b404e1^! / . / payload_signer.h
commitbdfaaf0304bb1b49a1fc1252a6d2181830b404e1[log] [tgz]
authorAndrew de los Reyes <adlr@chromium.org>Wed Mar 30 10:35:12 2011 -0700
committerAndrew de los Reyes <adlr@chromium.org>Wed Mar 30 10:35:12 2011 -0700
tree1f11b1bf46a19eeb324f31c312b8216a01ab6a2e
parent44d98d9e964a7be0f440ed8104bbcb8d1b23a4bb [diff] [blame]
AU: Switch to 2048 bit RSA keys; Pad SHA256 hashes appropriately.

Manually pad hashes according to how SHA256 hashes should be padded
for use in RSA 2048 bit encryption.

Also, remove the public key from the repository, as it's generated by
scons.

In an upcoming CL, I will test via an actual update.

BUG=chromium-os:13341
TEST=unittests

Review URL: http://codereview.chromium.org/6771024

Change-Id: I8aa93ed54e4d32b46f4d817a5ae5c36d9f0885f6

diff --git a/payload_signer.h b/payload_signer.h
index eb0663d..ee1bee9 100644
--- a/payload_signer.h
+++ b/payload_signer.h

@@ -67,6 +67,12 @@
   static bool VerifySignedPayload(const std::string& payload_path,
                                   const std::string& public_key_path);
 
+  // Pads a SHA256 hash so that it may be encrypted/signed with RSA2048
+  // using the PKCS#1 v1.5 scheme.
+  // hash should be a pointer to vector of exactly 256 bits. The vector
+  // will be modified in place and will result in having a length of
+  // 2048 bits. Returns true on success, false otherwise.
+  static bool PadRSA2048SHA256Hash(std::vector<char>* hash);
  private:
   // This should never be constructed
   DISALLOW_IMPLICIT_CONSTRUCTORS(PayloadSigner);