OLD | NEW |
1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CHROMEOS_PLATFORM_UPDATE_ENGINE_PAYLOAD_SIGNER_H__ | 5 #ifndef CHROMEOS_PLATFORM_UPDATE_ENGINE_PAYLOAD_SIGNER_H__ |
6 #define CHROMEOS_PLATFORM_UPDATE_ENGINE_PAYLOAD_SIGNER_H__ | 6 #define CHROMEOS_PLATFORM_UPDATE_ENGINE_PAYLOAD_SIGNER_H__ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 21 matching lines...) Expand all Loading... |
32 // false otherwise. | 32 // false otherwise. |
33 static bool SignPayload(const std::string& unsigned_payload_path, | 33 static bool SignPayload(const std::string& unsigned_payload_path, |
34 const std::string& private_key_path, | 34 const std::string& private_key_path, |
35 std::vector<char>* out_signature_blob); | 35 std::vector<char>* out_signature_blob); |
36 | 36 |
37 // Returns the length of out_signature_blob that will result in a call | 37 // Returns the length of out_signature_blob that will result in a call |
38 // to SignPayload with a given private key. Returns true on success. | 38 // to SignPayload with a given private key. Returns true on success. |
39 static bool SignatureBlobLength(const std::string& private_key_path, | 39 static bool SignatureBlobLength(const std::string& private_key_path, |
40 uint64_t* out_length); | 40 uint64_t* out_length); |
41 | 41 |
42 // Returns false if the payload signature can't be verified. Returns true | |
43 // otherwise and sets |out_hash| to the signed payload hash. | |
44 static bool VerifySignature(const std::vector<char>& signature_blob, | |
45 const std::string& public_key_path, | |
46 std::vector<char>* out_hash_data); | |
47 | |
48 | |
49 // Given an unsigned payload in |payload_path| (with no dummy signature op) | 42 // Given an unsigned payload in |payload_path| (with no dummy signature op) |
50 // and the raw |signature_size| calculates the raw hash that needs to be | 43 // and the raw |signature_size| calculates the raw hash that needs to be |
51 // signed in |out_hash_data|. Returns true on success, false otherwise. | 44 // signed in |out_hash_data|. Returns true on success, false otherwise. |
52 static bool HashPayloadForSigning(const std::string& payload_path, | 45 static bool HashPayloadForSigning(const std::string& payload_path, |
53 int signature_size, | 46 int signature_size, |
54 std::vector<char>* out_hash_data); | 47 std::vector<char>* out_hash_data); |
55 | 48 |
56 // Given an unsigned payload in |payload_path| (with no dummy signature op) | 49 // Given an unsigned payload in |payload_path| (with no dummy signature op) |
57 // and the raw |signature| updates the payload to include the signature thus | 50 // and the raw |signature| updates the payload to include the signature thus |
58 // turning it into a signed payload. The new payload is stored in | 51 // turning it into a signed payload. The new payload is stored in |
59 // |signed_payload_path|. |payload_path| and |signed_payload_path| can point | 52 // |signed_payload_path|. |payload_path| and |signed_payload_path| can point |
60 // to the same file. Returns true on success, false otherwise. | 53 // to the same file. Returns true on success, false otherwise. |
61 static bool AddSignatureToPayload(const std::string& payload_path, | 54 static bool AddSignatureToPayload(const std::string& payload_path, |
62 const std::vector<char>& signature, | 55 const std::vector<char>& signature, |
63 const std::string& signed_payload_path); | 56 const std::string& signed_payload_path); |
64 | 57 |
| 58 // Returns false if the payload signature can't be verified. Returns true |
| 59 // otherwise and sets |out_hash| to the signed payload hash. |
| 60 static bool VerifySignature(const std::vector<char>& signature_blob, |
| 61 const std::string& public_key_path, |
| 62 std::vector<char>* out_hash_data); |
| 63 |
| 64 // Returns true if the payload in |payload_path| is signed and its hash can be |
| 65 // verified using the public key in |public_key_path|. Returns false |
| 66 // otherwise. |
| 67 static bool VerifySignedPayload(const std::string& payload_path, |
| 68 const std::string& public_key_path); |
| 69 |
65 private: | 70 private: |
66 // This should never be constructed | 71 // This should never be constructed |
67 DISALLOW_IMPLICIT_CONSTRUCTORS(PayloadSigner); | 72 DISALLOW_IMPLICIT_CONSTRUCTORS(PayloadSigner); |
68 }; | 73 }; |
69 | 74 |
70 } // namespace chromeos_update_engine | 75 } // namespace chromeos_update_engine |
71 | 76 |
72 #endif // CHROMEOS_PLATFORM_UPDATE_ENGINE_PAYLOAD_SIGNER_H__ | 77 #endif // CHROMEOS_PLATFORM_UPDATE_ENGINE_PAYLOAD_SIGNER_H__ |
OLD | NEW |