Merge "Pass the correct signature size to payload generator"

am: 33edbc98c8

Change-Id: I8e1fca4e043a580f71ddb026365f41deb74bb55d

tools/releasetools/ota_from_target_files.py

@@ -168,6 +168,9 @@ A/B OTA specific options
   --payload_signer_args <args>
       Specify the arguments needed for payload signer.
 
+  --payload_signer_key_size <key_size>
+      Specify the key size in bytes of the payload signer.
+
   --skip_postinstall
       Skip the postinstall hooks when generating an A/B OTA package (default:
       False). Note that this discards ALL the hooks, including non-optional
@@ -224,6 +227,7 @@ OPTIONS.stash_threshold = 0.8
 OPTIONS.log_diff = None
 OPTIONS.payload_signer = None
 OPTIONS.payload_signer_args = []
+OPTIONS.payload_signer_key_size = None
 OPTIONS.extracted_input = None
 OPTIONS.key_passwords = []
 OPTIONS.skip_postinstall = False
@@ -468,9 +472,35 @@ class PayloadSigner(object):
       self.signer = "openssl"
       self.signer_args = ["pkeyutl", "-sign", "-inkey", signing_key,
                           "-pkeyopt", "digest:sha256"]
+      self.key_size = self._GetKeySizeInBytes(signing_key)
     else:
       self.signer = OPTIONS.payload_signer
       self.signer_args = OPTIONS.payload_signer_args
+      if OPTIONS.payload_signer_key_size:
+        self.key_size = int(OPTIONS.payload_signer_key_size)
+        assert self.key_size == 256 or self.key_size == 512, \
+            "Unsupported key size {}".format(OPTIONS.payload_signer_key_size)
+      else:
+        self.key_size = 256
+
+  @staticmethod
+  def _GetKeySizeInBytes(signing_key):
+    modulus_file = common.MakeTempFile(prefix="modulus-")
+    cmd = ["openssl", "rsa", "-inform", "PEM", "-in", signing_key, "-modulus",
+           "-noout", "-out", modulus_file]
+    common.RunAndCheckOutput(cmd, verbose=False)
+
+    with open(modulus_file) as f:
+      modulus_string = f.read()
+    # The modulus string has the format "Modulus=$data", where $data is the
+    # concatenation of hex dump of the modulus.
+    MODULUS_PREFIX = "Modulus="
+    assert modulus_string.startswith(MODULUS_PREFIX)
+    modulus_string = modulus_string[len(MODULUS_PREFIX):]
+    key_size = len(modulus_string) / 2
+    assert key_size == 256 or key_size == 512, \
+        "Unsupported key size {}".format(key_size)
+    return key_size
 
   def Sign(self, in_file):
     """Signs the given input file. Returns the output filename."""
@@ -539,7 +569,7 @@ class Payload(object):
     metadata_sig_file = common.MakeTempFile(prefix="sig-", suffix=".bin")
     cmd = ["brillo_update_payload", "hash",
            "--unsigned_payload", self.payload_file,
-           "--signature_size", "256",
+           "--signature_size", str(payload_signer.key_size),
            "--metadata_hash_file", metadata_sig_file,
            "--payload_hash_file", payload_sig_file]
     common.RunAndCheckOutput(cmd)
@@ -554,7 +584,7 @@ class Payload(object):
     cmd = ["brillo_update_payload", "sign",
            "--unsigned_payload", self.payload_file,
            "--payload", signed_payload_file,
-           "--signature_size", "256",
+           "--signature_size", str(payload_signer.key_size),
            "--metadata_signature_file", signed_metadata_sig_file,
            "--payload_signature_file", signed_payload_sig_file]
     common.RunAndCheckOutput(cmd)
@@ -2087,6 +2117,8 @@ def main(argv):
       OPTIONS.payload_signer = a
     elif o == "--payload_signer_args":
       OPTIONS.payload_signer_args = shlex.split(a)
+    elif o == "--payload_signer_key_size":
+      OPTIONS.payload_signer_key_size = a
     elif o == "--extracted_input_target_files":
       OPTIONS.extracted_input = a
     elif o == "--skip_postinstall":
@@ -2125,6 +2157,7 @@ def main(argv):
                                  "log_diff=",
                                  "payload_signer=",
                                  "payload_signer_args=",
+                                 "payload_signer_key_size=",
                                  "extracted_input_target_files=",
                                  "skip_postinstall",
                                  "retrofit_dynamic_partitions",

tools/releasetools/test_ota_from_target_files.py

@@ -1182,6 +1182,7 @@ class PayloadSignerTest(test_utils.ReleaseToolsTestCase):
   def test_init(self):
     payload_signer = PayloadSigner()
     self.assertEqual('openssl', payload_signer.signer)
+    self.assertEqual(256, payload_signer.key_size)
 
   def test_init_withPassword(self):
     common.OPTIONS.package_key = os.path.join(
@@ -1195,9 +1196,16 @@ class PayloadSignerTest(test_utils.ReleaseToolsTestCase):
   def test_init_withExternalSigner(self):
     common.OPTIONS.payload_signer = 'abc'
     common.OPTIONS.payload_signer_args = ['arg1', 'arg2']
+    common.OPTIONS.payload_signer_key_size = '512'
     payload_signer = PayloadSigner()
     self.assertEqual('abc', payload_signer.signer)
     self.assertEqual(['arg1', 'arg2'], payload_signer.signer_args)
+    self.assertEqual(512, payload_signer.key_size)
+
+  def test_GetKeySizeInBytes_512Bytes(self):
+    signing_key = os.path.join(self.testdata_dir, 'testkey_RSA4096.key')
+    key_size = PayloadSigner._GetKeySizeInBytes(signing_key)
+    self.assertEqual(512, key_size)
 
   def test_Sign(self):
     payload_signer = PayloadSigner()

tools/releasetools/testdata/testkey_RSA4096.key

@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQC7y8EH4O8M9aA7
+UhaWLlW5ceQxZi0P7DNOgog/82SIZh1/Vv0S8KCu9LcngK60oIejPU3k9zb0Mpl2
+4OEtupbOq9SV0nyRIp33rs9EJ0zm8keZ2jEfwTubdhE4GumlwkbfYHlMPmpufqOq
+uxKfCOUZk3ZEC5RFDBqVLGrf9m22ITMQwNGj/u/mtAg2UXRGy534eU1evHOFH8tD
+IxXd378m+gRY+bPi6fOkrJgAw6N01NwwsHRxxQsVgp8m1EKpPJ+ARRtP6YYtNsNB
+KTOXqZw18OD7eG7yVONAf7oSOMNRK7qg6ZU6YN/y1k+YZF3D/1HU9THoDXIpBHoW
+R2SpEM63Ua8ilSmx9PfoaDn27VrpjIcq50HqKAXOvclxOCyVD0pRkrryPpevYCVu
+x9/InmW3K4dPiAy0KmmS4ZSLUJnr6Lnkt8C3VxXHqZ4T7MlgrjrO70YqCxeDvYE0
+KL/e/UeJ69nANybkDThhBkxkOC1vvik3VXO4ITPEKCnLHdvdj8rwkjqf3Ex5A0g8
+XaH0l6I72pqxXi8nnU9udLrUEdHUT1KHzjnZBVP6aomcDy5Gnbb6wXTBTkB7fdQB
+nGcqT0DH67PqJE/rCUguVSmX4KGyOVrr5S1GQTg1EmHbF2Kf6P0YJpcVU7PHRE8s
+BisP39wzoE5XsIpn/aKpWdpcfqxjTQIDAQABAoICAQCB/vtyLryLpgPyzFIiR5TD
+uBkUMPyEhybE9ArI6fzvhnBo05h/4d34/iFC0QsesfjygN9I3fBGfjhJWEXH19/I
+1J1l0Ly14taiu3lyXhoXzCLQV3+l0acnaEVnJwoR2jghLLEKnDIkprk42CJ9wDSG
+zdMSK0nJuiU0mfipa/ZqGvU0ZaU49qKuenUs1Jm+3/hMJfvu1ljJEEcuBD2Axv+V
+RYB47vEc5IHpvifCb6rYlviNI7iXgKS5kSAGSuySJgrrSessGCTva3chxhmWpKwj
+ksjKioWSbjyZS1FMh8p8h966wLayIJklikCy5tcZc8X7und/gL9DsXuprGX7uky8
+3ZS2cJjiVimkwoROq5VPa+0SBmNJWRBNvRfARiaKkyyidVxIsvjFNDFPQp1jYlzM
+fvGJwgnCiUQP56hvri3irriWN8Le2U8lqQQ7YaDLKcsf6iiMGwfxcK+6E4MUv797
+V5CZXSC7RrPd9wdj6UIqtgSGVUH3BV7kB+fYYfvV15kpj6IXYTxElfAZ2ak3g9sv
+JZ6moKbRN0xSufkDftMGv77cH13v97Iy3Whp8zEPMBnbsdpPp6DpIH8sl2R7O+zr
+uMty6vXw0Ux69LEpz4b4HyD7t65zTSwpou5YhfZt/yRzovawsQIRGlc4E1FJDFjf
+e9LvazMXo/us3T5LNv5pAQKCAQEA5Kq1RJgMlvKOfGaEah1xu65s3I1lGuz+9c1x
+geYFlta9H2vG1aADUtgmIBjjC+1z4KLD9jrjrwwbqKnisu7/qUOR6Qf8BHFbrMSs
+J8IMOD3Vw/UVc/8LCjoI4n1XaKYJtOyIxKJtWKAbgtvgVOAGSt47LEOOchXNnAKv
+C3Flak3ADYaUQFLoiwmp6WdSL+uiLisukKNjmYu8vxhg9255p31PB6xixd0raoF/
+oDTfgY1fG/OFXvQd+GcjrTJ2Lqk1GtZqau5MEkS5jsKKnPJ6+ozd2t+QVkMrIQER
+WeTtZ7gimJo6QF8uyyG8WqT1qxbO2zV4Nrwak6ozRFhEJdnJrQKCAQEA0j5hY6sr
+apIvEUFsK6k1rEb77+1p85eyCOSYZpHEIe0hy89MjMUFA5IKhsXnUqhkiuJURUrD
+VtccWWJt5DUgS6HzJUGjeXo07wkqVz+10l+l+RSHleNBYlbxSpZQtvkKQkISF56c
+bSjLzOGM4RE8NxBdFg6EijwlKlZ8kW1ZJaQv9fuR+QS9DFXSiYUJSDiwLF0F6ogQ
+i1h3RN3RIKYc9kizYqBKaksg8EfQEyJs2Rhl5JrPmdZvDTpSeGRqz66WbdL4gSNv
+ud64BYY+Uhec9yH2HDal1l/j1dFbh+Nzs2v4b5TYmCO/zX5GfucUrZaGHbZcovlo
+/abKhURKW/N0IQKCAQEAhz0PCAqFJ6E89AYNulS/tyhp6ecWLN6NzAI9Z34LQDKw
+l6y+ZAnG7XA43DLb1WoSZoDdNPuPPTAEC7SuBvWi7xCvcwrt2hLRDVUkHD9/yqOH
+keWZUok8lkfMiWdoEtRgWUireuA1m3zVyIcSHiCAmDbm+D7cOEz81ZAgxrvCJyTk
+uRsnAwQF1HVasFgTG5RYzsVrPM/lUCJ89ugMMUp9WLmbzAYARNWRn+QG/1FF/vEF
+lxpnfskSEJ+vUffOPbqFVeIJ/kQBaayLsgsMv9YJNbWqYJBoZRxEnbhr8qaaYgVd
+MLPGT9v7aNgC9fkp8o4CuVLeTkDh1wOKXpl1dI1h4QKCAQEAgfNExxI517lbllLV
+xXblUgLeHkKkxofw50ZEXMGkdUPZK9yJ+Eie/MH796nDfXfQDXgvllTLwJVdVHJe
+cjvUJmuHmnOj06YRqd4EacFbZRjxwa9Kzv6Un3AV3IBki3QLP0EPZcIH9gDNV2ni
+Zgr9KRvYLZXznm3mmvCyNkFcZMPDUUuZwk2HfGRfqditEBLZ8dHdokVP1JFtxwdE
+B+Yk6KWvGzrwRBsD1QDOP8V7egR2loKJ5xB/u7Fc4EVRL+U93cwVBd0dZcmf/Oop
+AxzNTIOVV4L/pi3G6ZZp+OhBz5jhCjb6Wa9fEmkGsdGrGlB7vUnGoIWAu6eobg7z
+1zn3gQKCAQBwyViGs7b5HuYQ8UNkvBK9MxUE6h/qHEshbw+QtD/wcdNNpwLTawoW
+JH3bWzD01p1DsbRx/bcV5yaiWDhuslSH2xB6+N1gx2ohg8lPmFhKQiR1OTQ3L603
+Y+3h8FNO/c3YPcNr/k4N+tVKPSJvz0NcbkNs9qGUUsiEppVtc17VFAv/yPicV/wP
+0vC4Qw4xitSlIzD1QtPl0HfhA3ZM6fBb0lYx3tpJjmkrWPVjwWhYIAVLD6j7Jark
+NtMW9wSG21atSgWX1jFOiVsu3qzDpMvLXbH2FpAO9t+9GSDcSzfUMQLymWyW1+Dl
+L0rBGoJyEopSbtycAkWEHb/YLolfaTRd
+-----END PRIVATE KEY-----