DO NOT MERGE: Switch fs_mgr to use SHA-256 instead of SHA-1

Verity metadata signatures will be switched to SHA-256. Switch fs_mgr signature verification to use the correct algorithm. Needs matching changes from https://googleplex-android-review.git.corp.google.com/#/c/579905/ https://googleplex-android-review.git.corp.google.com/#/c/583213/ https://googleplex-android-review.git.corp.google.com/#/c/583214/ https://googleplex-android-review.git.corp.google.com/#/c/583233/ Bug: 15984840 Bug: 18120110 Bug: 17917515 Change-Id: I8f90519bffa105a0eb7abeaad3aea1ffceb851e2 (cherry picked from commit a3465e250c)
2014-11-06 20:33:07 -08:00 · 2014-11-06 20:33:07 -08:00 · 9573a13bbc
parent eb6036ac6b
commit 9573a13bbc
1 changed files with 3 additions and 3 deletions
--- a/fs_mgr/fs_mgr_verity.c
+++ b/fs_mgr/fs_mgr_verity.c
@ -86,11 +86,11 @@ static RSAPublicKey *load_key(char *path)
 static int verify_table(char *signature, char *table, int table_length)
 {
    RSAPublicKey *key;
-    uint8_t hash_buf[SHA_DIGEST_SIZE];
+    uint8_t hash_buf[SHA256_DIGEST_SIZE];
    int retval = -1;

    // Hash the table
-    SHA_hash((uint8_t*)table, table_length, hash_buf);
+    SHA256_hash((uint8_t*)table, table_length, hash_buf);

    // Now get the public key from the keyfile
    key = load_key(VERITY_TABLE_RSA_KEY);
@ -104,7 +104,7 @@ static int verify_table(char *signature, char *table, int table_length)
                    (uint8_t*) signature,
                    RSANUMBYTES,
                    (uint8_t*) hash_buf,
-                    SHA_DIGEST_SIZE)) {
+                    SHA256_DIGEST_SIZE)) {
        ERROR("Couldn't verify table.");
        goto out;
    }