payload_signer.cc - Issue 3173032: AU: Payload Signer class

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: payload_signer.cc

Issue 3173032: AU: Payload Signer class (Closed) Base URL: ssh://git@chromiumos-git/update_engine.git

Patch Set: git pull Created 10 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: payload_signer.cc

diff --git a/payload_signer.cc b/payload_signer.cc

new file mode 100644

index 0000000000000000000000000000000000000000..03ff391a9e8f6e764be086208a092c8222c12e5e

--- /dev/null

+++ b/payload_signer.cc

@@ -0,0 +1,79 @@

+// Use of this source code is governed by a BSD-style license that can be

+// found in the LICENSE file.

+#include "update_engine/payload_signer.h"

+#include "base/logging.h"

+#include "base/string_util.h"

+#include "update_engine/subprocess.h"

+#include "update_engine/update_metadata.pb.h"

+#include "update_engine/utils.h"

+using std::string;

+using std::vector;

+namespace chromeos_update_engine {

+const uint32_t kSignatureMessageVersion = 1;

+bool PayloadSigner::SignPayload(const string& unsigned_payload_path,

+ const string& private_key_path,

+ vector<char>* out_signature_blob) {

+ string sig_path;

+ TEST_AND_RETURN_FALSE(

+ utils::MakeTempFile("/tmp/signature.XXXXXX", &sig_path, NULL));

+ ScopedPathUnlinker sig_path_unlinker(sig_path);

+ // This runs on the server, so it's okay to cop out and call openssl

+ // executable rather than properly use the library

+ vector<string> cmd;

+ SplitString("/usr/bin/openssl rsautl -pkcs -sign -inkey x -in x -out x",

+ ' ',

+ &cmd);

+ cmd[cmd.size() - 5] = private_key_path;

+ cmd[cmd.size() - 3] = unsigned_payload_path;

+ cmd[cmd.size() - 1] = sig_path;

+ int return_code = 0;

+ TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code));

+ TEST_AND_RETURN_FALSE(return_code == 0);

+ vector<char> signature;

+ TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature));

+ // Pack it into a protobuf

+ Signatures out_message;

+ Signatures_Signature* sig_message = out_message.add_signatures();

+ sig_message->set_version(kSignatureMessageVersion);

+ sig_message->set_data(signature.data(), signature.size());

+ // Serialize protobuf

+ string serialized;

+ TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized));

+ out_signature_blob->insert(out_signature_blob->end(),

+ serialized.begin(),

+ serialized.end());

+ return true;

+bool PayloadSigner::SignatureBlobLength(

+ const string& private_key_path,

+ uint64_t* out_length) {

+ DCHECK(out_length);

+ string x_path;

+ TEST_AND_RETURN_FALSE(

+ utils::MakeTempFile("/tmp/signed_data.XXXXXX", &x_path, NULL));

+ ScopedPathUnlinker x_path_unlinker(x_path);

+ TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1));

+ vector<char> sig_blob;

+ TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path,

+ private_key_path,

+ &sig_blob));

+ *out_length = sig_blob.size();

+ return true;

+} // namespace chromeos_update_engine

« no previous file with comments | « payload_signer.h ('k') | payload_signer_unittest.cc » ('j') | no next file with comments »