Allow RSA 4096 key in package verification The RSA_verify sitll works for 4096 bits keys. And we just need to loose the check on modulus. Sample commands to generate the key & package: 1. openssl genrsa -out keypair.pem 4096 2. openssl pkcs8 -topk8 -inform PEM -outform DER -nocrypt \ -in keypair.pem -out private.pk8 3. openssl req -new -x509 -key keypair.pem -out public.x509.pem \ -days 365 4. java -Djava.library.path=prebuilts/sdk/tools/linux/lib64 -jar \ prebuilts/sdk/tools/lib/signapk.jar -w public.x509.pem private.pk8 \ unsigned.zip signed.zip Bug: 129163830 Test: unit tests pass Change-Id: I5a5ff539c9ff1955c02ec2ce4b17563cb92808a4

commit: 908ad77af8731c0e8a7645575ea71fbbdd404d41 [log] [tgz]
author: xunchang <xunchang@google.com> Tue Mar 26 09:54:34 2019 -0700
committer: xunchang <xunchang@google.com> Tue Mar 26 12:28:23 2019 -0700
tree: e348ee403e9305962978ec7e326245a8e3b1d8da
parent: 6287253eb4e00d6a6a1116be2f447be9c545ce97 [diff] [blame]
diff --git a/verifier.cpp b/verifier.cpp
index 68a011e..08d852b 100644
--- a/verifier.cpp
+++ b/verifier.cpp

@@ -373,8 +373,8 @@
   const BIGNUM* out_e;
   RSA_get0_key(rsa.get(), &out_n, &out_e, nullptr /* private exponent */);
   auto modulus_bits = BN_num_bits(out_n);
-  if (modulus_bits != 2048) {
-    LOG(ERROR) << "Modulus should be 2048 bits long, actual: " << modulus_bits;
+  if (modulus_bits != 2048 && modulus_bits != 4096) {
+    LOG(ERROR) << "Modulus should be 2048 or 4096 bits long, actual: " << modulus_bits;
     return false;
   }
commit	908ad77af8731c0e8a7645575ea71fbbdd404d41	[log] [tgz]
author	xunchang <xunchang@google.com>	Tue Mar 26 09:54:34 2019 -0700
committer	xunchang <xunchang@google.com>	Tue Mar 26 12:28:23 2019 -0700
tree	e348ee403e9305962978ec7e326245a8e3b1d8da
parent	6287253eb4e00d6a6a1116be2f447be9c545ce97 [diff] [blame]