From 9573a13bbc015c555adff1e4e0fbef2a18963111 Mon Sep 17 00:00:00 2001 From: Sami Tolvanen Date: Thu, 6 Nov 2014 20:33:07 -0800 Subject: DO NOT MERGE: Switch fs_mgr to use SHA-256 instead of SHA-1 Verity metadata signatures will be switched to SHA-256. Switch fs_mgr signature verification to use the correct algorithm. Needs matching changes from https://googleplex-android-review.git.corp.google.com/#/c/579905/ https://googleplex-android-review.git.corp.google.com/#/c/583213/ https://googleplex-android-review.git.corp.google.com/#/c/583214/ https://googleplex-android-review.git.corp.google.com/#/c/583233/ Bug: 15984840 Bug: 18120110 Bug: 17917515 Change-Id: I8f90519bffa105a0eb7abeaad3aea1ffceb851e2 (cherry picked from commit a3465e250cfc3c00931735711e11ad61cf84d8b2) --- fs_mgr/fs_mgr_verity.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'fs_mgr') diff --git a/fs_mgr/fs_mgr_verity.c b/fs_mgr/fs_mgr_verity.c index 83e8043..b2f493a 100644 --- a/fs_mgr/fs_mgr_verity.c +++ b/fs_mgr/fs_mgr_verity.c @@ -86,11 +86,11 @@ static RSAPublicKey *load_key(char *path) static int verify_table(char *signature, char *table, int table_length) { RSAPublicKey *key; - uint8_t hash_buf[SHA_DIGEST_SIZE]; + uint8_t hash_buf[SHA256_DIGEST_SIZE]; int retval = -1; // Hash the table - SHA_hash((uint8_t*)table, table_length, hash_buf); + SHA256_hash((uint8_t*)table, table_length, hash_buf); // Now get the public key from the keyfile key = load_key(VERITY_TABLE_RSA_KEY); @@ -104,7 +104,7 @@ static int verify_table(char *signature, char *table, int table_length) (uint8_t*) signature, RSANUMBYTES, (uint8_t*) hash_buf, - SHA_DIGEST_SIZE)) { + SHA256_DIGEST_SIZE)) { ERROR("Couldn't verify table."); goto out; } -- cgit v1.1