diff --git a/native/src/boot/lib.rs b/native/src/boot/lib.rs index ecd5e95df..c02761fef 100644 --- a/native/src/boot/lib.rs +++ b/native/src/boot/lib.rs @@ -5,8 +5,7 @@ pub use base; use cpio::cpio_commands; use patch::{hexpatch, patch_encryption, patch_verity}; use payload::extract_boot_from_payload; -use sha::{get_sha, sha1_hash, sha256_hash, SHA}; -use sign::{sign_boot_image, verify_boot_image}; +use sign::{get_sha, sha1_hash, sha256_hash, sign_boot_image, verify_boot_image, SHA}; mod cpio; mod patch; @@ -15,7 +14,6 @@ mod payload; #[allow(warnings)] mod proto; mod ramdisk; -mod sha; mod sign; #[cxx::bridge] diff --git a/native/src/boot/sha.rs b/native/src/boot/sha.rs deleted file mode 100644 index d4b1e1a65..000000000 --- a/native/src/boot/sha.rs +++ /dev/null @@ -1,52 +0,0 @@ -use digest::DynDigest; -use sha1::Sha1; -use sha2::Sha256; - -pub enum SHA { - SHA1(Sha1), - SHA256(Sha256), -} - -impl SHA { - pub fn update(&mut self, data: &[u8]) { - match self { - SHA::SHA1(h) => h.update(data), - SHA::SHA256(h) => h.update(data), - } - } - - pub fn output_size(&self) -> usize { - match self { - SHA::SHA1(h) => h.output_size(), - SHA::SHA256(h) => h.output_size(), - } - } - - pub fn finalize_into(&mut self, out: &mut [u8]) { - match self { - SHA::SHA1(h) => h.finalize_into_reset(out), - SHA::SHA256(h) => h.finalize_into_reset(out), - } - .ok(); - } -} - -pub fn get_sha(use_sha1: bool) -> Box { - Box::new(if use_sha1 { - SHA::SHA1(Sha1::default()) - } else { - SHA::SHA256(Sha256::default()) - }) -} - -pub fn sha1_hash(data: &[u8], out: &mut [u8]) { - let mut h = Sha1::default(); - h.update(data); - DynDigest::finalize_into(h, out).ok(); -} - -pub fn sha256_hash(data: &[u8], out: &mut [u8]) { - let mut h = Sha256::default(); - h.update(data); - DynDigest::finalize_into(h, out).ok(); -} diff --git a/native/src/boot/sign.rs b/native/src/boot/sign.rs index 8ea58b58c..4766e3f26 100644 --- a/native/src/boot/sign.rs +++ b/native/src/boot/sign.rs @@ -15,6 +15,7 @@ use rsa::pkcs8::SubjectPublicKeyInfoRef; use rsa::signature::hazmat::{PrehashSigner, PrehashVerifier}; use rsa::signature::SignatureEncoding; use rsa::{RsaPrivateKey, RsaPublicKey}; +use sha1::Sha1; use sha2::{Sha256, Sha384}; use x509_cert::der::asn1::{OctetString, PrintableString}; use x509_cert::der::Any; @@ -26,6 +27,55 @@ use base::{log_err, LoggedResult, MappedFile, ResultExt, StrErr, Utf8CStr}; use crate::ffi::BootImage; +pub enum SHA { + SHA1(Sha1), + SHA256(Sha256), +} + +impl SHA { + pub fn update(&mut self, data: &[u8]) { + match self { + SHA::SHA1(h) => h.update(data), + SHA::SHA256(h) => h.update(data), + } + } + + pub fn output_size(&self) -> usize { + match self { + SHA::SHA1(h) => h.output_size(), + SHA::SHA256(h) => h.output_size(), + } + } + + pub fn finalize_into(&mut self, out: &mut [u8]) { + match self { + SHA::SHA1(h) => h.finalize_into_reset(out), + SHA::SHA256(h) => h.finalize_into_reset(out), + } + .ok(); + } +} + +pub fn get_sha(use_sha1: bool) -> Box { + Box::new(if use_sha1 { + SHA::SHA1(Sha1::default()) + } else { + SHA::SHA256(Sha256::default()) + }) +} + +pub fn sha1_hash(data: &[u8], out: &mut [u8]) { + let mut h = Sha1::default(); + h.update(data); + DynDigest::finalize_into(h, out).ok(); +} + +pub fn sha256_hash(data: &[u8], out: &mut [u8]) { + let mut h = Sha256::default(); + h.update(data); + DynDigest::finalize_into(h, out).ok(); +} + #[allow(clippy::large_enum_variant)] enum SigningKey { SHA256withRSA(RsaSigningKey), @@ -147,7 +197,7 @@ impl Signer { * }, * signature ::= OCTET STRING * } -*/ + */ #[derive(Sequence)] struct AuthenticatedAttributes {