Add sanity check when loading public keys for OTA package For RSA keys, check if it has a 2048 bits modulus, and its public exponent is 3 or 65537. For EC keys, check if the field size is 256 bits for its curve. Bug: 116655889 Test: unit tests pass Change-Id: I5c00f4d2b61c98c434f0b49db232155d5d0770ec

commit: b5110de1b3a159dad898b0b0636bc7fb8f582faf [log] [tgz]
author: Tianjie Xu <xunchang@google.com> Tue Oct 23 23:31:43 2018 -0700
committer: Tianjie Xu <xunchang@google.com> Wed Oct 24 16:25:09 2018 -0700
tree: c5d9117bdbd15c95b135becd471c3cb41d5983cc
parent: ee9c65a38ed080b7d8336985c90359acd50afb77 [diff] [blame]
diff --git a/verifier.h b/verifier.h
index b7924c7..9448232 100644
--- a/verifier.h
+++ b/verifier.h

@@ -72,6 +72,12 @@
 
 bool load_keys(const char* filename, std::vector<Certificate>& certs);
 
+// Checks that the RSA key has a modulus of 2048 bits long, and public exponent is 3 or 65537.
+bool CheckRSAKey(const std::unique_ptr<RSA, RSADeleter>& rsa);
+
+// Checks that the field size of the curve for the EC key is 256 bits.
+bool CheckECKey(const std::unique_ptr<EC_KEY, ECKEYDeleter>& ec_key);
+
 // Parses a PEM-encoded x509 certificate from the given buffer and saves it into |cert|. Returns
 // false if there is a parsing failure or the signature's encryption algorithm is not supported.
 bool LoadCertificateFromBuffer(const std::vector<uint8_t>& pem_content, Certificate* cert);
commit	b5110de1b3a159dad898b0b0636bc7fb8f582faf	[log] [tgz]
author	Tianjie Xu <xunchang@google.com>	Tue Oct 23 23:31:43 2018 -0700
committer	Tianjie Xu <xunchang@google.com>	Wed Oct 24 16:25:09 2018 -0700
tree	c5d9117bdbd15c95b135becd471c3cb41d5983cc
parent	ee9c65a38ed080b7d8336985c90359acd50afb77 [diff] [blame]