platform: msm_shared: Validate the decrypted signature For a successful boot image authentication, the RSA decrypt api returns the size of ASN1 encoded signature (PKCS#1 magic + sha256), compare the size returned by RSA decrypt API with size of ASN1 if they match the signature is valid otherwise fail with an error. This check avoids vulnerability due to trailing data placed at the end of digest. Change-Id: Ib7077efce6369a253b09a0def8e53d035ee345b8

commit: 583ea4ce7a8b8f4b497f48f505f815650fca70de [log] [tgz]
author: Channagoud Kadabi <ckadabi@codeaurora.org> Tue Sep 08 14:55:09 2015 -0700
committer: Channagoud Kadabi <ckadabi@codeaurora.org> Wed Sep 16 11:43:40 2015 -0700
tree: 35d27bf867ecad37676adcd4c78075c89635564e
parent: 9c68f9de633fcf844e81dabbadf316ae1cbe92b3 [diff] [blame]
diff --git a/platform/msm_shared/include/boot_verifier.h b/platform/msm_shared/include/boot_verifier.h
index efe0c1b..3b6d649 100644
--- a/platform/msm_shared/include/boot_verifier.h
+++ b/platform/msm_shared/include/boot_verifier.h

@@ -158,4 +158,7 @@
 bool boot_verify_validate_keystore(unsigned char * user_addr);
 /* Function to check if partition is allowed to flash in verified mode */
 bool boot_verify_flash_allowed(const char * entry);
+bool boot_verify_compare_sha256(unsigned char *image_ptr,
+		unsigned int image_size, unsigned char *signature_ptr, RSA *rsa);
+KEYSTORE *boot_gerity_get_oem_keystore();
 #endif
commit	583ea4ce7a8b8f4b497f48f505f815650fca70de	[log] [tgz]
author	Channagoud Kadabi <ckadabi@codeaurora.org>	Tue Sep 08 14:55:09 2015 -0700
committer	Channagoud Kadabi <ckadabi@codeaurora.org>	Wed Sep 16 11:43:40 2015 -0700
tree	35d27bf867ecad37676adcd4c78075c89635564e
parent	9c68f9de633fcf844e81dabbadf316ae1cbe92b3 [diff] [blame]