From 8febafa67e93b2159804b1130a41f15b009de1cd Mon Sep 17 00:00:00 2001 From: Elliott Hughes Date: Wed, 13 Apr 2016 16:39:56 -0700 Subject: Use BoringSSL instead of mincrypt to speed up package verification. This changes the verification code in bootable/recovery to use BoringSSL instead of mincrypt. Cherry-pick of 452df6d99c81c4eeee3d2c7b2171901e8b7bc54a, with merge conflict resolution, extra logging in verifier.cpp, and an increase in the hash chunk size from 4KiB to 1MiB. Bug: http://b/28135231 Change-Id: I1ed7efd52223dd6f6a4629cad187cbc383d5aa84 --- verifier.h | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) (limited to 'verifier.h') diff --git a/verifier.h b/verifier.h index 4eafc7565..58083fe14 100644 --- a/verifier.h +++ b/verifier.h @@ -20,32 +20,42 @@ #include #include -#include "mincrypt/p256.h" -#include "mincrypt/rsa.h" +#include +#include +#include -typedef struct { - p256_int x; - p256_int y; -} ECPublicKey; +struct RSADeleter { + void operator()(RSA* rsa) { + RSA_free(rsa); + } +}; + +struct ECKEYDeleter { + void operator()(EC_KEY* ec_key) { + EC_KEY_free(ec_key); + } +}; struct Certificate { typedef enum { - RSA, - EC, + KEY_TYPE_RSA, + KEY_TYPE_EC, } KeyType; - Certificate(int hash_len_, KeyType key_type_, - std::unique_ptr&& rsa_, - std::unique_ptr&& ec_) : - hash_len(hash_len_), - key_type(key_type_), - rsa(std::move(rsa_)), - ec(std::move(ec_)) { } + Certificate(int hash_len_, + KeyType key_type_, + std::unique_ptr&& rsa_, + std::unique_ptr&& ec_) + : hash_len(hash_len_), + key_type(key_type_), + rsa(std::move(rsa_)), + ec(std::move(ec_)) {} - int hash_len; // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256) + // SHA_DIGEST_LENGTH (SHA-1) or SHA256_DIGEST_LENGTH (SHA-256) + int hash_len; KeyType key_type; - std::unique_ptr rsa; - std::unique_ptr ec; + std::unique_ptr rsa; + std::unique_ptr ec; }; /* addr and length define a an update package file that has been -- cgit v1.2.3