21e6deb647
The signature size is needed during payload hashing and signing. We used to sign the update_engine's payload with RSA keys only. In this case, the signature size always equals the key size. But the assumption is no longer true for EC keys, whose DER-encoded signature size is a variant with a maximum size. Therefore, we always give the maximum signature size to the delta generator, who then add paddings to the real signature if necessary. The maximum signature size is calculated by calling the delta_generator with the new option '--calculate_signature_size'. For custom payload signers, we also deprecate the '--payload_signer_key_size' and replace it with '--payload_signer_maximum_signature_size'. The EC key in the test is generated with: The EC key in the unittest is generated with the command: openssl ecparam -name prime256v1 -genkey -noout -out prime256v1-key.pem openssl pkey -in prime256v1-key.pem -out testkey_EC.key Bug: 141244025 Test: sign and verify a payload Change-Id: Ife6e269d8aa3d870405aca20086330f1795e167f
5 lines
241 B
Text
5 lines
241 B
Text
-----BEGIN PRIVATE KEY-----
|
|
MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgGaguGj8Yb1KkqKHd
|
|
ISblUsjtOCbzAuVpX81i02sm8FWhRANCAARBnuotwKOsuvjH6iwTDhOAi7Q5pLWz
|
|
xDkZjg2pcfbfi9FFTvLYETas7B2W6fx9PUezUmHTFTDV2JZuMYYFdZOw
|
|
-----END PRIVATE KEY-----
|