Allow RSA 4096 key in package verification
The RSA_verify sitll works for 4096 bits keys. And we just
need to loose the check on modulus.
Sample commands to generate the key & package:
1. openssl genrsa -out keypair.pem 4096
2. openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt \
-in keypair.pem -out private.pk8
3. openssl req -new -x509 -key keypair.pem -out public.x509.pem \
-days 365
4. java -Djava.library.path=prebuilts/sdk/tools/linux/lib64 -jar \
prebuilts/sdk/tools/lib/signapk.jar -w public.x509.pem private.pk8 \
unsigned.zip signed.zip
Bug: 129163830
Test: unit tests pass
Change-Id: I5a5ff539c9ff1955c02ec2ce4b17563cb92808a4
diff --git a/tests/component/verifier_test.cpp b/tests/component/verifier_test.cpp
index c904cd0..bdb8af2 100644
--- a/tests/component/verifier_test.cpp
+++ b/tests/component/verifier_test.cpp
@@ -158,6 +158,17 @@
VerifyPackageWithSingleCertificate("otasigned_v5.zip", std::move(cert));
}
+TEST(VerifierTest, LoadCertificateFromBuffer_sha256_rsa4096_bits) {
+ Certificate cert(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
+ LoadKeyFromFile(from_testdata_base("testkey_4096bits.x509.pem"), &cert);
+
+ ASSERT_EQ(SHA256_DIGEST_LENGTH, cert.hash_len);
+ ASSERT_EQ(Certificate::KEY_TYPE_RSA, cert.key_type);
+ ASSERT_EQ(nullptr, cert.ec);
+
+ VerifyPackageWithSingleCertificate("otasigned_4096bits.zip", std::move(cert));
+}
+
TEST(VerifierTest, LoadCertificateFromBuffer_check_rsa_keys) {
std::unique_ptr<RSA, RSADeleter> rsa(RSA_new());
std::unique_ptr<BIGNUM, decltype(&BN_free)> exponent(BN_new(), BN_free);