commit cda3c034bc46a4040dcd31a3a512ffd56dfe28c2
author xunchang <xunchang@google.com> Tue Mar 26 15:41:14 2019 -0700
committer Tianjie Xu <xunchang@google.com> Tue Apr 02 01:32:28 2019 +0000
tree 08047606804777795fcadd27cd8f6aec4af7f45c
parent 8546a717e5389bb9cb5067f4eb139520802a7537

Support signing payload with 4096 bits RSA keys

The 32 bytes sha256 hash was padded to 256 bytes before payload signing
and verification. During the padding, we appended a hard coded header
according to RFC3447 spec.

As we want to support signing with 4096 bits keys, the format of the
padding doesn't change but the length needs adjustion. Now callers will
pass in the RSA size in bytes in the padding function. And the
verification function will now take the raw 32 bytes sha256 hash instead
of the padded value.

The new key for unittest is generated by:
openssl genrsa -out unittest_key_RSA4096.pem 4096

Bug: 129163830
Test: unit tests pass, create and install an update signed by 4096 bits key.
Change-Id: I8e0d02ddb1472e22976c0f170e8bf2b8b094c7d4

payload_generator/payload_signer.cc

diff --git a/payload_generator/payload_signer.cc b/payload_generator/payload_signer.cc
index cbca7fe..92313dc 100644
--- a/payload_generator/payload_signer.cc
+++ b/payload_generator/payload_signer.cc
@@ -28,6 +28,7 @@
 #include <openssl/err.h>
 #include <openssl/pem.h>
 
+#include "update_engine/common/constants.h"
 #include "update_engine/common/hash_calculator.h"
 #include "update_engine/common/subprocess.h"
 #include "update_engine/common/utils.h"
@@ -253,14 +254,13 @@
   string signature(payload.begin() + signatures_offset, payload.end());
   string public_key;
   TEST_AND_RETURN_FALSE(utils::ReadFile(public_key_path, &public_key));
-  TEST_AND_RETURN_FALSE(PayloadVerifier::PadRSA2048SHA256Hash(&payload_hash));
+  TEST_AND_RETURN_FALSE(payload_hash.size() == kSHA256Size);
   TEST_AND_RETURN_FALSE(
       PayloadVerifier::VerifySignature(signature, public_key, payload_hash));
   if (metadata_signature_size) {
     signature.assign(payload.begin() + metadata_size,
                      payload.begin() + metadata_size + metadata_signature_size);
-    TEST_AND_RETURN_FALSE(
-        PayloadVerifier::PadRSA2048SHA256Hash(&metadata_hash));
+    TEST_AND_RETURN_FALSE(metadata_hash.size() == kSHA256Size);
     TEST_AND_RETURN_FALSE(
         PayloadVerifier::VerifySignature(signature, public_key, metadata_hash));
   }
@@ -272,10 +272,7 @@
                              brillo::Blob* out_signature) {
   LOG(INFO) << "Signing hash with private key: " << private_key_path;
   // We expect unpadded SHA256 hash coming in
-  TEST_AND_RETURN_FALSE(hash.size() == 32);
-  brillo::Blob padded_hash(hash);
-  PayloadVerifier::PadRSA2048SHA256Hash(&padded_hash);
-
+  TEST_AND_RETURN_FALSE(hash.size() == kSHA256Size);
   // The code below executes the equivalent of:
   //
   // openssl rsautl -raw -sign -inkey |private_key_path|
@@ -286,6 +283,10 @@
   RSA* rsa = PEM_read_RSAPrivateKey(fprikey, nullptr, nullptr, nullptr);
   fclose(fprikey);
   TEST_AND_RETURN_FALSE(rsa != nullptr);
+
+  brillo::Blob padded_hash = hash;
+  PayloadVerifier::PadRSASHA256Hash(&padded_hash, RSA_size(rsa));
+
   brillo::Blob signature(RSA_size(rsa));
   ssize_t signature_size = RSA_private_encrypt(padded_hash.size(),
                                                padded_hash.data(),