From: Mattias Nissler Date: Thu, 31 Mar 2016 14:29:37 +0000 (+0200) Subject: Switch to BoringSSL for crypto. X-Git-Url: http://git.osdn.net/view?p=android-x86%2Fsystem-extras.git;a=commitdiff_plain;h=1653edc9113212f98108716f2a00928e58f28f5d Switch to BoringSSL for crypto. Adjust code and dependencies to use BoringSSL + libcrypto_utils instead of libmincrypt. Change-Id: Id1b4ee538923e9dac68a7db2521b70007119c268 --- diff --git a/libfec/Android.mk b/libfec/Android.mk index 45fb19ec..7dcdb25c 100644 --- a/libfec/Android.mk +++ b/libfec/Android.mk @@ -17,7 +17,7 @@ common_src_files := \ fec_process.cpp common_static_libraries := \ - libmincrypt \ + libcrypto_utils_static \ libcrypto_static \ libcutils \ libbase diff --git a/libfec/fec_private.h b/libfec/fec_private.h index 238c4e2e..0d94228e 100644 --- a/libfec/fec_private.h +++ b/libfec/fec_private.h @@ -23,17 +23,17 @@ #include #include #include -#include #include +#include #include #include #include -#include -#include -#include -#include +#include #include +#include +#include +#include /* processing parameters */ #define WORK_MIN_THREADS 1 @@ -59,7 +59,7 @@ struct verity_header { uint32_t magic; uint32_t version; - uint8_t signature[RSANUMBYTES]; + uint8_t signature[ANDROID_PUBKEY_MODULUS_SIZE]; uint32_t length; }; diff --git a/libfec/include/fec/io.h b/libfec/include/fec/io.h index 3b5dac06..d8c88daa 100644 --- a/libfec/include/fec/io.h +++ b/libfec/include/fec/io.h @@ -24,7 +24,8 @@ #include #include #include -#include + +#include #ifdef __cplusplus extern "C" { @@ -70,8 +71,8 @@ struct fec_ecc_metadata { struct fec_verity_metadata { bool disabled; uint64_t data_size; - uint8_t signature[RSANUMBYTES]; - uint8_t ecc_signature[RSANUMBYTES]; + uint8_t signature[ANDROID_PUBKEY_MODULUS_SIZE]; + uint8_t ecc_signature[ANDROID_PUBKEY_MODULUS_SIZE]; const char *table; uint32_t table_length; }; diff --git a/libfec/test/Android.mk b/libfec/test/Android.mk index a2bba554..d78c6d21 100644 --- a/libfec/test/Android.mk +++ b/libfec/test/Android.mk @@ -11,6 +11,7 @@ LOCAL_MODULE_TAGS := optional LOCAL_STATIC_LIBRARIES := \ libfec_host \ libfec_rs_host \ + libcrypto_utils_static \ libcrypto_static \ libext4_utils_host \ libsquashfs_utils_host \ diff --git a/verity/Android.mk b/verity/Android.mk index 7b3d13f3..5f9df5e5 100644 --- a/verity/Android.mk +++ b/verity/Android.mk @@ -18,7 +18,7 @@ LOCAL_MODULE := generate_verity_key LOCAL_SRC_FILES := generate_verity_key.c LOCAL_MODULE_CLASS := EXECUTABLES LOCAL_MODULE_TAGS := optional -LOCAL_SHARED_LIBRARIES := libcrypto-host +LOCAL_SHARED_LIBRARIES := libcrypto_utils libcrypto-host include $(BUILD_HOST_EXECUTABLE) include $(CLEAR_VARS) diff --git a/verity/fec/Android.mk b/verity/fec/Android.mk index c13f5775..0b742c12 100644 --- a/verity/fec/Android.mk +++ b/verity/fec/Android.mk @@ -11,6 +11,7 @@ LOCAL_MODULE_TAGS := optional LOCAL_STATIC_LIBRARIES := \ libsparse_host \ libz \ + libcrypto_utils_static \ libcrypto_static \ libfec_host \ libfec_rs_host \ @@ -29,6 +30,7 @@ LOCAL_FORCE_STATIC_EXECUTABLE := true LOCAL_SRC_FILES := main.cpp image.cpp LOCAL_MODULE_TAGS := optional LOCAL_STATIC_LIBRARIES := \ + libcrypto_utils_static \ libcrypto_static \ libfec \ libfec_rs \ diff --git a/verity/generate_verity_key.c b/verity/generate_verity_key.c index 0da978fc..c598afbc 100644 --- a/verity/generate_verity_key.c +++ b/verity/generate_verity_key.c @@ -23,11 +23,7 @@ #include #include -/* HACK: we need the RSAPublicKey struct - * but RSA_verify conflits with openssl */ -#define RSA_verify RSA_verify_mincrypt -#include "mincrypt/rsa.h" -#undef RSA_verify +#include #include #include @@ -35,58 +31,9 @@ #include #include -// Convert OpenSSL RSA private key to android pre-computed RSAPublicKey format. -// Lifted from secure adb's mincrypt key generation. -static int convert_to_mincrypt_format(RSA *rsa, RSAPublicKey *pkey) -{ - int ret = -1; - unsigned int i; - - if (RSA_size(rsa) != RSANUMBYTES) - goto out; - - BN_CTX* ctx = BN_CTX_new(); - BIGNUM* r32 = BN_new(); - BIGNUM* rr = BN_new(); - BIGNUM* r = BN_new(); - BIGNUM* rem = BN_new(); - BIGNUM* n = BN_new(); - BIGNUM* n0inv = BN_new(); - - BN_set_bit(r32, 32); - BN_copy(n, rsa->n); - BN_set_bit(r, RSANUMWORDS * 32); - BN_mod_sqr(rr, r, n, ctx); - BN_div(NULL, rem, n, r32, ctx); - BN_mod_inverse(n0inv, rem, r32, ctx); - - pkey->len = RSANUMWORDS; - pkey->n0inv = 0 - BN_get_word(n0inv); - for (i = 0; i < RSANUMWORDS; i++) { - BN_div(rr, rem, rr, r32, ctx); - pkey->rr[i] = BN_get_word(rem); - BN_div(n, rem, n, r32, ctx); - pkey->n[i] = BN_get_word(rem); - } - pkey->exponent = BN_get_word(rsa->e); - - ret = 0; - - BN_free(n0inv); - BN_free(n); - BN_free(rem); - BN_free(r); - BN_free(rr); - BN_free(r32); - BN_CTX_free(ctx); - -out: - return ret; -} - static int write_public_keyfile(RSA *private_key, const char *private_key_path) { - RSAPublicKey pkey; + uint8_t key_data[ANDROID_PUBKEY_ENCODED_SIZE]; BIO *bfile = NULL; char *path = NULL; int ret = -1; @@ -94,14 +41,14 @@ static int write_public_keyfile(RSA *private_key, const char *private_key_path) if (asprintf(&path, "%s.pub", private_key_path) < 0) goto out; - if (convert_to_mincrypt_format(private_key, &pkey) < 0) + if (!android_pubkey_encode(private_key, key_data, sizeof(key_data))) goto out; bfile = BIO_new_file(path, "w"); if (!bfile) goto out; - BIO_write(bfile, &pkey, sizeof(pkey)); + BIO_write(bfile, key_data, sizeof(key_data)); BIO_flush(bfile); ret = 0;