Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(67)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: payload_signer.cc

Issue 3132033: AU: Sign delta payloads (Closed) Base URL: ssh://git@chromiumos-git/update_engine.git
Patch Set: fixes for review Created 10 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « omaha_hash_calculator.cc ('k') | payload_signer_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "update_engine/payload_signer.h" 5 #include "update_engine/payload_signer.h"
6 6
7 #include "base/logging.h" 7 #include "base/logging.h"
8 #include "base/string_util.h" 8 #include "base/string_util.h"
9 #include "update_engine/omaha_hash_calculator.h"
9 #include "update_engine/subprocess.h" 10 #include "update_engine/subprocess.h"
10 #include "update_engine/update_metadata.pb.h" 11 #include "update_engine/update_metadata.pb.h"
11 #include "update_engine/utils.h" 12 #include "update_engine/utils.h"
12 13
13 using std::string; 14 using std::string;
14 using std::vector; 15 using std::vector;
15 16
16 namespace chromeos_update_engine { 17 namespace chromeos_update_engine {
17 18
18 const uint32_t kSignatureMessageVersion = 1; 19 const uint32_t kSignatureMessageVersion = 1;
19 20
20 bool PayloadSigner::SignPayload(const string& unsigned_payload_path, 21 bool PayloadSigner::SignPayload(const string& unsigned_payload_path,
21 const string& private_key_path, 22 const string& private_key_path,
22 vector<char>* out_signature_blob) { 23 vector<char>* out_signature_blob) {
23 string sig_path; 24 string sig_path;
24 TEST_AND_RETURN_FALSE( 25 TEST_AND_RETURN_FALSE(
25 utils::MakeTempFile("/tmp/signature.XXXXXX", &sig_path, NULL)); 26 utils::MakeTempFile("/tmp/signature.XXXXXX", &sig_path, NULL));
26 ScopedPathUnlinker sig_path_unlinker(sig_path); 27 ScopedPathUnlinker sig_path_unlinker(sig_path);
28
29 string hash_path;
30 TEST_AND_RETURN_FALSE(
31 utils::MakeTempFile("/tmp/hash.XXXXXX", &hash_path, NULL));
32 ScopedPathUnlinker hash_path_unlinker(hash_path);
33
34 vector<char> hash_data;
35 {
36 vector<char> payload;
37 // TODO(adlr): Read file in chunks. Not urgent as this runs on the server.
38 TEST_AND_RETURN_FALSE(utils::ReadFile(unsigned_payload_path, &payload));
39 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfData(payload,
40 &hash_data));
41 }
42 TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(),
43 &hash_data[0],
44 hash_data.size()));
27 45
28 // This runs on the server, so it's okay to cop out and call openssl 46 // This runs on the server, so it's okay to cop out and call openssl
29 // executable rather than properly use the library 47 // executable rather than properly use the library
30 vector<string> cmd; 48 vector<string> cmd;
31 SplitString("/usr/bin/openssl rsautl -pkcs -sign -inkey x -in x -out x", 49 SplitString("/usr/bin/openssl rsautl -pkcs -sign -inkey x -in x -out x",
32 ' ', 50 ' ',
33 &cmd); 51 &cmd);
34 cmd[cmd.size() - 5] = private_key_path; 52 cmd[cmd.size() - 5] = private_key_path;
35 cmd[cmd.size() - 3] = unsigned_payload_path; 53 cmd[cmd.size() - 3] = hash_path;
36 cmd[cmd.size() - 1] = sig_path; 54 cmd[cmd.size() - 1] = sig_path;
37 55
38 int return_code = 0; 56 int return_code = 0;
39 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code)); 57 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code));
40 TEST_AND_RETURN_FALSE(return_code == 0); 58 TEST_AND_RETURN_FALSE(return_code == 0);
41 59
42 vector<char> signature; 60 vector<char> signature;
43 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature)); 61 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature));
44 62
45 // Pack it into a protobuf 63 // Pack it into a protobuf
(...skipping 24 matching lines...) Expand all
70 88
71 vector<char> sig_blob; 89 vector<char> sig_blob;
72 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path, 90 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path,
73 private_key_path, 91 private_key_path,
74 &sig_blob)); 92 &sig_blob));
75 *out_length = sig_blob.size(); 93 *out_length = sig_blob.size();
76 return true; 94 return true;
77 } 95 }
78 96
79 } // namespace chromeos_update_engine 97 } // namespace chromeos_update_engine
OLDNEW
« no previous file with comments | « omaha_hash_calculator.cc ('k') | payload_signer_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698