| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "update_engine/payload_signer.h" | 5 #include "update_engine/payload_signer.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/string_util.h" | 8 #include "base/string_util.h" |
| 9 #include "update_engine/omaha_hash_calculator.h" | 9 #include "update_engine/omaha_hash_calculator.h" |
| 10 #include "update_engine/subprocess.h" | 10 #include "update_engine/subprocess.h" |
| (...skipping 12 matching lines...) Expand all Loading... |
| 23 vector<char>* out_signature_blob) { | 23 vector<char>* out_signature_blob) { |
| 24 string sig_path; | 24 string sig_path; |
| 25 TEST_AND_RETURN_FALSE( | 25 TEST_AND_RETURN_FALSE( |
| 26 utils::MakeTempFile("/tmp/signature.XXXXXX", &sig_path, NULL)); | 26 utils::MakeTempFile("/tmp/signature.XXXXXX", &sig_path, NULL)); |
| 27 ScopedPathUnlinker sig_path_unlinker(sig_path); | 27 ScopedPathUnlinker sig_path_unlinker(sig_path); |
| 28 | 28 |
| 29 string hash_path; | 29 string hash_path; |
| 30 TEST_AND_RETURN_FALSE( | 30 TEST_AND_RETURN_FALSE( |
| 31 utils::MakeTempFile("/tmp/hash.XXXXXX", &hash_path, NULL)); | 31 utils::MakeTempFile("/tmp/hash.XXXXXX", &hash_path, NULL)); |
| 32 ScopedPathUnlinker hash_path_unlinker(hash_path); | 32 ScopedPathUnlinker hash_path_unlinker(hash_path); |
| 33 | 33 |
| 34 vector<char> hash_data; | 34 vector<char> hash_data; |
| 35 { | 35 { |
| 36 vector<char> payload; | 36 vector<char> payload; |
| 37 // TODO(adlr): Read file in chunks. Not urgent as this runs on the server. | 37 // TODO(adlr): Read file in chunks. Not urgent as this runs on the server. |
| 38 TEST_AND_RETURN_FALSE(utils::ReadFile(unsigned_payload_path, &payload)); | 38 TEST_AND_RETURN_FALSE(utils::ReadFile(unsigned_payload_path, &payload)); |
| 39 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfData(payload, | 39 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfData(payload, |
| 40 &hash_data)); | 40 &hash_data)); |
| 41 } | 41 } |
| 42 TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(), | 42 TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(), |
| 43 &hash_data[0], | 43 &hash_data[0], |
| 44 hash_data.size())); | 44 hash_data.size())); |
| 45 | 45 |
| 46 // This runs on the server, so it's okay to cop out and call openssl | 46 // This runs on the server, so it's okay to cop out and call openssl |
| 47 // executable rather than properly use the library | 47 // executable rather than properly use the library |
| 48 vector<string> cmd; | 48 vector<string> cmd; |
| 49 SplitString("/usr/bin/openssl rsautl -pkcs -sign -inkey x -in x -out x", | 49 SplitString("/usr/bin/openssl rsautl -pkcs -sign -inkey x -in x -out x", |
| 50 ' ', | 50 ' ', |
| 51 &cmd); | 51 &cmd); |
| 52 cmd[cmd.size() - 5] = private_key_path; | 52 cmd[cmd.size() - 5] = private_key_path; |
| 53 cmd[cmd.size() - 3] = hash_path; | 53 cmd[cmd.size() - 3] = hash_path; |
| 54 cmd[cmd.size() - 1] = sig_path; | 54 cmd[cmd.size() - 1] = sig_path; |
| 55 | 55 |
| 56 int return_code = 0; | 56 int return_code = 0; |
| 57 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code)); | 57 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code)); |
| 58 TEST_AND_RETURN_FALSE(return_code == 0); | 58 TEST_AND_RETURN_FALSE(return_code == 0); |
| 59 | 59 |
| 60 vector<char> signature; | 60 vector<char> signature; |
| 61 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature)); | 61 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature)); |
| 62 | 62 |
| 63 // Pack it into a protobuf | 63 // Pack it into a protobuf |
| 64 Signatures out_message; | 64 Signatures out_message; |
| 65 Signatures_Signature* sig_message = out_message.add_signatures(); | 65 Signatures_Signature* sig_message = out_message.add_signatures(); |
| 66 sig_message->set_version(kSignatureMessageVersion); | 66 sig_message->set_version(kSignatureMessageVersion); |
| 67 sig_message->set_data(signature.data(), signature.size()); | 67 sig_message->set_data(signature.data(), signature.size()); |
| 68 | 68 |
| 69 // Serialize protobuf | 69 // Serialize protobuf |
| 70 string serialized; | 70 string serialized; |
| 71 TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized)); | 71 TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized)); |
| 72 out_signature_blob->insert(out_signature_blob->end(), | 72 out_signature_blob->insert(out_signature_blob->end(), |
| 73 serialized.begin(), | 73 serialized.begin(), |
| 74 serialized.end()); | 74 serialized.end()); |
| 75 return true; | 75 return true; |
| 76 } | 76 } |
| 77 | 77 |
| 78 bool PayloadSigner::SignatureBlobLength( | 78 bool PayloadSigner::SignatureBlobLength( |
| 79 const string& private_key_path, | 79 const string& private_key_path, |
| 80 uint64_t* out_length) { | 80 uint64_t* out_length) { |
| 81 DCHECK(out_length); | 81 DCHECK(out_length); |
| 82 | 82 |
| 83 string x_path; | 83 string x_path; |
| 84 TEST_AND_RETURN_FALSE( | 84 TEST_AND_RETURN_FALSE( |
| 85 utils::MakeTempFile("/tmp/signed_data.XXXXXX", &x_path, NULL)); | 85 utils::MakeTempFile("/tmp/signed_data.XXXXXX", &x_path, NULL)); |
| 86 ScopedPathUnlinker x_path_unlinker(x_path); | 86 ScopedPathUnlinker x_path_unlinker(x_path); |
| 87 TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1)); | 87 TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1)); |
| 88 | 88 |
| 89 vector<char> sig_blob; | 89 vector<char> sig_blob; |
| 90 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path, | 90 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path, |
| 91 private_key_path, | 91 private_key_path, |
| 92 &sig_blob)); | 92 &sig_blob)); |
| 93 *out_length = sig_blob.size(); | 93 *out_length = sig_blob.size(); |
| 94 return true; | 94 return true; |
| 95 } | 95 } |
| 96 | 96 |
| 97 } // namespace chromeos_update_engine | 97 } // namespace chromeos_update_engine |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 3419018:
AU: Switch from SHA-1 to SHA-256 hash. (Closed)
Base URL: ssh://git@gitrw.chromium.org:9222/update_engine.git