OLD | NEW |
1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "update_engine/payload_signer.h" | 5 #include "update_engine/payload_signer.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "base/string_util.h" | 8 #include "base/string_util.h" |
| 9 #include "update_engine/omaha_hash_calculator.h" |
9 #include "update_engine/subprocess.h" | 10 #include "update_engine/subprocess.h" |
10 #include "update_engine/update_metadata.pb.h" | 11 #include "update_engine/update_metadata.pb.h" |
11 #include "update_engine/utils.h" | 12 #include "update_engine/utils.h" |
12 | 13 |
13 using std::string; | 14 using std::string; |
14 using std::vector; | 15 using std::vector; |
15 | 16 |
16 namespace chromeos_update_engine { | 17 namespace chromeos_update_engine { |
17 | 18 |
18 const uint32_t kSignatureMessageVersion = 1; | 19 const uint32_t kSignatureMessageVersion = 1; |
19 | 20 |
20 bool PayloadSigner::SignPayload(const string& unsigned_payload_path, | 21 bool PayloadSigner::SignPayload(const string& unsigned_payload_path, |
21 const string& private_key_path, | 22 const string& private_key_path, |
22 vector<char>* out_signature_blob) { | 23 vector<char>* out_signature_blob) { |
23 string sig_path; | 24 string sig_path; |
24 TEST_AND_RETURN_FALSE( | 25 TEST_AND_RETURN_FALSE( |
25 utils::MakeTempFile("/tmp/signature.XXXXXX", &sig_path, NULL)); | 26 utils::MakeTempFile("/tmp/signature.XXXXXX", &sig_path, NULL)); |
26 ScopedPathUnlinker sig_path_unlinker(sig_path); | 27 ScopedPathUnlinker sig_path_unlinker(sig_path); |
| 28 |
| 29 string hash_path; |
| 30 TEST_AND_RETURN_FALSE( |
| 31 utils::MakeTempFile("/tmp/hash.XXXXXX", &hash_path, NULL)); |
| 32 ScopedPathUnlinker hash_path_unlinker(hash_path); |
| 33 |
| 34 vector<char> hash_data; |
| 35 { |
| 36 vector<char> payload; |
| 37 // TODO(adlr): Read file in chunks. Not urgent as this runs on the server. |
| 38 TEST_AND_RETURN_FALSE(utils::ReadFile(unsigned_payload_path, &payload)); |
| 39 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfData(payload, |
| 40 &hash_data)); |
| 41 } |
| 42 TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(), |
| 43 &hash_data[0], |
| 44 hash_data.size())); |
27 | 45 |
28 // This runs on the server, so it's okay to cop out and call openssl | 46 // This runs on the server, so it's okay to cop out and call openssl |
29 // executable rather than properly use the library | 47 // executable rather than properly use the library |
30 vector<string> cmd; | 48 vector<string> cmd; |
31 SplitString("/usr/bin/openssl rsautl -pkcs -sign -inkey x -in x -out x", | 49 SplitString("/usr/bin/openssl rsautl -pkcs -sign -inkey x -in x -out x", |
32 ' ', | 50 ' ', |
33 &cmd); | 51 &cmd); |
34 cmd[cmd.size() - 5] = private_key_path; | 52 cmd[cmd.size() - 5] = private_key_path; |
35 cmd[cmd.size() - 3] = unsigned_payload_path; | 53 cmd[cmd.size() - 3] = hash_path; |
36 cmd[cmd.size() - 1] = sig_path; | 54 cmd[cmd.size() - 1] = sig_path; |
37 | 55 |
38 int return_code = 0; | 56 int return_code = 0; |
39 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code)); | 57 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code)); |
40 TEST_AND_RETURN_FALSE(return_code == 0); | 58 TEST_AND_RETURN_FALSE(return_code == 0); |
41 | 59 |
42 vector<char> signature; | 60 vector<char> signature; |
43 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature)); | 61 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature)); |
44 | 62 |
45 // Pack it into a protobuf | 63 // Pack it into a protobuf |
(...skipping 24 matching lines...) Expand all Loading... |
70 | 88 |
71 vector<char> sig_blob; | 89 vector<char> sig_blob; |
72 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path, | 90 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path, |
73 private_key_path, | 91 private_key_path, |
74 &sig_blob)); | 92 &sig_blob)); |
75 *out_length = sig_blob.size(); | 93 *out_length = sig_blob.size(); |
76 return true; | 94 return true; |
77 } | 95 } |
78 | 96 |
79 } // namespace chromeos_update_engine | 97 } // namespace chromeos_update_engine |
OLD | NEW |