OLD | NEW |
1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "update_engine/payload_signer.h" | 5 #include "update_engine/payload_signer.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "base/string_util.h" | 8 #include "base/string_util.h" |
9 #include "update_engine/omaha_hash_calculator.h" | 9 #include "update_engine/omaha_hash_calculator.h" |
10 #include "update_engine/subprocess.h" | 10 #include "update_engine/subprocess.h" |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
87 TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1)); | 87 TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1)); |
88 | 88 |
89 vector<char> sig_blob; | 89 vector<char> sig_blob; |
90 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path, | 90 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path, |
91 private_key_path, | 91 private_key_path, |
92 &sig_blob)); | 92 &sig_blob)); |
93 *out_length = sig_blob.size(); | 93 *out_length = sig_blob.size(); |
94 return true; | 94 return true; |
95 } | 95 } |
96 | 96 |
| 97 bool PayloadSigner::VerifySignature(const std::vector<char>& signature_blob, |
| 98 const std::string& public_key_path, |
| 99 std::vector<char>* out_hash_data) { |
| 100 TEST_AND_RETURN_FALSE(!public_key_path.empty()); |
| 101 |
| 102 Signatures signatures; |
| 103 TEST_AND_RETURN_FALSE(signatures.ParseFromArray(&signature_blob[0], |
| 104 signature_blob.size())); |
| 105 |
| 106 // Finds a signature that matches the current version. |
| 107 int sig_index = 0; |
| 108 for (; sig_index < signatures.signatures_size(); sig_index++) { |
| 109 const Signatures_Signature& signature = signatures.signatures(sig_index); |
| 110 if (signature.has_version() && |
| 111 signature.version() == kSignatureMessageVersion) { |
| 112 break; |
| 113 } |
| 114 } |
| 115 TEST_AND_RETURN_FALSE(sig_index < signatures.signatures_size()); |
| 116 |
| 117 const Signatures_Signature& signature = signatures.signatures(sig_index); |
| 118 const string sig_data = signature.data(); |
| 119 string sig_path; |
| 120 TEST_AND_RETURN_FALSE( |
| 121 utils::MakeTempFile("/var/run/signature.XXXXXX", &sig_path, NULL)); |
| 122 ScopedPathUnlinker sig_path_unlinker(sig_path); |
| 123 TEST_AND_RETURN_FALSE(utils::WriteFile(sig_path.c_str(), |
| 124 &sig_data[0], |
| 125 sig_data.size())); |
| 126 string hash_path; |
| 127 TEST_AND_RETURN_FALSE( |
| 128 utils::MakeTempFile("/var/run/hash.XXXXXX", &hash_path, NULL)); |
| 129 ScopedPathUnlinker hash_path_unlinker(hash_path); |
| 130 |
| 131 // TODO(petkov): This runs on the client so it will be cleaner if it uses |
| 132 // direct openssl library calls. |
| 133 vector<string> cmd; |
| 134 SplitString("/usr/bin/openssl rsautl -verify -pubin -inkey x -in x -out x", |
| 135 ' ', |
| 136 &cmd); |
| 137 cmd[cmd.size() - 5] = public_key_path; |
| 138 cmd[cmd.size() - 3] = sig_path; |
| 139 cmd[cmd.size() - 1] = hash_path; |
| 140 |
| 141 int return_code = 0; |
| 142 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code)); |
| 143 TEST_AND_RETURN_FALSE(return_code == 0); |
| 144 |
| 145 TEST_AND_RETURN_FALSE(utils::ReadFile(hash_path, out_hash_data)); |
| 146 return true; |
| 147 } |
| 148 |
97 } // namespace chromeos_update_engine | 149 } // namespace chromeos_update_engine |
OLD | NEW |