Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(393)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 3132033: AU: Sign delta payloads (Closed)

Created:
10 years, 4 months ago by adlr
Modified:
9 years ago
Reviewers:
petkov
CC:
chromium-os-reviews_chromium.org, petkov, adlr
Base URL:
ssh://git@chromiumos-git/update_engine.git
Visibility:
Public.

Description

AU: Sign delta payloads - Change .proto to have explicit offset/length of signature. I was hoping the length could be kept out of the proto, but it needs to go in. The way we cheat and keep the signature in the file is to have a dummer install operation at the end that will cause old clients to write the signature data to nowhere. - Change delta generator to take an optional private key, which if present will cause the payload to be signed - Cleanup Omaha hash calculator, which should be renamed to SHA1 hash calculator, and allow export of the non-base64 encoded SHA1 result. - Note: signatures are not yet checked. That will come in a future CL. BUG=5662 TEST=unittests

Patch Set 1 #

Total comments: 12

Patch Set 2 : merge origin/master #

Patch Set 3 : fixes for review #

Unified diffs Side-by-side diffs Delta from patch set Stats (+248 lines, -113 lines) Patch
M delta_diff_generator.h View 2 chunks +4 lines, -1 line 0 comments Download
M delta_diff_generator.cc View 1 2 26 chunks +90 lines, -51 lines 0 comments Download
M delta_performer_unittest.cc View 5 chunks +44 lines, -9 lines 0 comments Download
M generate_delta_main.cc View 2 chunks +3 lines, -1 line 0 comments Download
M omaha_hash_calculator.h View 1 2 4 chunks +15 lines, -6 lines 0 comments Download
M omaha_hash_calculator.cc View 1 2 2 chunks +51 lines, -23 lines 0 comments Download
M payload_signer.cc View 1 2 3 chunks +19 lines, -1 line 0 comments Download
M payload_signer_unittest.cc View 1 chunk +18 lines, -18 lines 0 comments Download
M update_metadata.proto View 1 chunk +4 lines, -3 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
adlr
10 years, 4 months ago (2010-08-21 02:43:29 UTC) #1
petkov
LGTM w/ some nits and comments. http://codereview.chromium.org/3132033/diff/1/2 File delta_diff_generator.cc (right): http://codereview.chromium.org/3132033/diff/1/2#newcode886 delta_diff_generator.cc:886: //op->set_data_offset(next_blob_offset); remove comment? ...
10 years, 4 months ago (2010-08-22 06:06:05 UTC) #2
adlr
10 years, 4 months ago (2010-08-24 00:37:43 UTC) #3 
Thanks. fixed and will submit when tree opens

http://codereview.chromium.org/3132033/diff/1/2
File delta_diff_generator.cc (right):

http://codereview.chromium.org/3132033/diff/1/2#newcode886
delta_diff_generator.cc:886: //op->set_data_offset(next_blob_offset);
On 2010/08/22 06:06:05, petkov wrote:
> remove comment?
> 

Done.

http://codereview.chromium.org/3132033/diff/1/6
File omaha_hash_calculator.cc (right):

http://codereview.chromium.org/3132033/diff/1/6#newcode20
omaha_hash_calculator.cc:20: LOG(ERROR) << "SHA1_Init failed";
On 2010/08/22 06:06:05, petkov wrote:
> You could use LOG_IF(ERROR, !valid_) << ...
> 

Done.

http://codereview.chromium.org/3132033/diff/1/6#newcode53
omaha_hash_calculator.cc:53: success = (BIO_flush(b64) == 1);
On 2010/08/22 06:06:05, petkov wrote:
> This success assignment is unused as is. Also, it seems that the updated code
> may return true even if the base64 encoding failed.
> 

Good catch! I think it's good now

http://codereview.chromium.org/3132033/diff/1/6#newcode73
omaha_hash_calculator.cc:73: LOG(ERROR) << "SHA1_Final failed.";
On 2010/08/22 06:06:05, petkov wrote:
> Shouldn't you be returning an error status if SHA1_Final fails so that the
> caller can also error out?
> 

Done.

http://codereview.chromium.org/3132033/diff/1/7
File omaha_hash_calculator.h (right):

http://codereview.chromium.org/3132033/diff/1/7#newcode11
omaha_hash_calculator.h:11: #include "base/logging.h"
On 2010/08/22 06:06:05, petkov wrote:
> sort
> 

Done.

http://codereview.chromium.org/3132033/diff/1/8
File payload_signer.cc (right):

http://codereview.chromium.org/3132033/diff/1/8#newcode48
payload_signer.cc:48: SplitString("/usr/bin/openssl rsautl -pkcs -sign -inkey x
-in x -out x",
On 2010/08/22 06:06:05, petkov wrote:
> Argh, this is a bit ugly. I guess you can't use StringPrintf because the paths
> may contain spaces...
> 

Exactly. It would be awesome if you could initialize a vector with something
like {"/usr/bin/openssl", "rsautl", "-pkcs", ..., some_string, "-out",
other_string};

Powered by Google App Engine
This is Rietveld 408576698