commit 6cf830b8913e741d7d3c7ed047b2cbdbb222034e
author Tianjie Xu <xunchang@google.com> Mon Sep 30 11:31:49 2019 -0700
committer Tianjie Xu <xunchang@google.com> Fri Oct 04 18:29:37 2019 +0000
tree 834340d818e6604ef8b944b3ce31a0388ed28935
parent c288d5ba2182a0b2742fa93d04db3e024b00e98e

Factor out the RSA verification in payload verifier

Right now, the payload is always signed with a RSA key, and the payload
verifier takes the public key as a PEM encoded string.

As we want to support payload signing with EC keys, we need to figure
out the key types first in the verifier. So, add an overload function in
payload verifier to accept EVP_PKEY as the public key.

Bug: 141244025
Test: unittests pass
Change-Id: Ibbdac5a7a3de48347100861aeac0013bff43da6f

payload_consumer/delta_performer.cc

diff --git a/payload_consumer/delta_performer.cc b/payload_consumer/delta_performer.cc
index 3ff98ca..8049af7 100644
--- a/payload_consumer/delta_performer.cc
+++ b/payload_consumer/delta_performer.cc
@@ -1794,8 +1794,12 @@
   TEST_AND_RETURN_VAL(ErrorCode::kDownloadPayloadPubKeyVerificationError,
                       hash_data.size() == kSHA256Size);
 
-  if (!PayloadVerifier::VerifySignature(
-          signatures_message_data_, public_key, hash_data)) {
+  auto payload_verifier = PayloadVerifier::CreateInstance(public_key);
+  if (!payload_verifier) {
+    LOG(ERROR) << "Failed to create the payload verifier from " << public_key;
+    return ErrorCode::kDownloadPayloadPubKeyVerificationError;
+  }
+  if (!payload_verifier->VerifySignature(signatures_message_data_, hash_data)) {
     // The autoupdate_CatchBadSignatures test checks for this string
     // in log-files. Keep in sync.
     LOG(ERROR) << "Public key verification failed, thus update failed.";