Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a3465e25 authored by Sami Tolvanen's avatar Sami Tolvanen
Browse files

Switch fs_mgr to use SHA-256 instead of SHA-1 

Verity metadata signatures will be switched to SHA-256. Switch
fs_mgr signature verification to use the correct algorithm.

Needs matching changes from
  https://googleplex-android-review.git.corp.google.com/#/c/579905/
  https://googleplex-android-review.git.corp.google.com/#/c/583213/
  https://googleplex-android-review.git.corp.google.com/#/c/583214/
  https://googleplex-android-review.git.corp.google.com/#/c/583233/

Bug: 17917515
Change-Id: I8f90519bffa105a0eb7abeaad3aea1ffceb851e2
parent 35c265a3

fs_mgr/fs_mgr_verity.c

+3 −3
Original line number Diff line number Diff line
@@ -86,11 +86,11 @@ static RSAPublicKey *load_key(char *path) 
static int verify_table(char *signature, char *table, int table_length)

{

    RSAPublicKey *key;

    uint8_t hash_buf[SHA_DIGEST_SIZE];

    uint8_t hash_buf[SHA256_DIGEST_SIZE];

    int retval = -1;



    // Hash the table

    SHA_hash((uint8_t*)table, table_length, hash_buf);

    SHA256_hash((uint8_t*)table, table_length, hash_buf);



    // Now get the public key from the keyfile

    key = load_key(VERITY_TABLE_RSA_KEY);
@@ -104,7 +104,7 @@ static int verify_table(char *signature, char *table, int table_length) 
                    (uint8_t*) signature,

                    RSANUMBYTES,

                    (uint8_t*) hash_buf,

                    SHA_DIGEST_SIZE)) {

                    SHA256_DIGEST_SIZE)) {

        ERROR("Couldn't verify table.");

        goto out;

    }