Update to support OEMCrypto v16 with ODK

common/vmp_checker.cc

@@ -13,12 +13,14 @@
 #include "common/vmp_checker.h"
 
 #include <stddef.h>
+
 #include <vector>
 
 #include <cstdint>
 #include "glog/logging.h"
 #include "common/certificate_type.h"
 #include "common/error_space.h"
+#include "common/hash_algorithm_util.h"
 #include "common/rsa_key.h"
 #include "common/x509_cert.h"
 #include "protos/public/errors.pb.h"
@@ -253,11 +255,11 @@ Status VmpChecker::SelectCertificateType(CertificateType cert_type) {
   Status status = ca_cert->LoadDer(
       cert_type == kCertificateTypeProduction
           ? std::string(reinterpret_cast<const char*>(
-                       kProdVmpCodeSigningDrmRootCertificate),
-                   sizeof(kProdVmpCodeSigningDrmRootCertificate))
+                            kProdVmpCodeSigningDrmRootCertificate),
+                        sizeof(kProdVmpCodeSigningDrmRootCertificate))
           : std::string(reinterpret_cast<const char*>(
-                       kDevVmpCodeSigningDrmRootCertificate),
-                   sizeof(kDevVmpCodeSigningDrmRootCertificate)));
+                            kDevVmpCodeSigningDrmRootCertificate),
+                        sizeof(kDevVmpCodeSigningDrmRootCertificate)));
   if (!status.ok()) return status;
 
   ca_.reset(new X509CA(ca_cert.release()));
@@ -334,7 +336,9 @@ Status VmpChecker::VerifyVmpData(const std::string& vmp_data, Result* result) {
     std::unique_ptr<RsaPublicKey> key(cert->GetRsaPublicKey());
     std::string message(binary_info.binary_hash());
     message += binary_info.flags() & 0xff;
-    if (!key->VerifySignature(message, binary_info.signature())) {
+    if (!key->VerifySignature(
+            message, HashAlgorithmProtoToEnum(binary_info.hash_algorithm()),
+            binary_info.signature())) {
       LOG(INFO) << "Code signature verification failed for file \""
                 << binary_info.file_name() << "\".";
       *result = kTampered;