Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / 932bc4c1c271bc1b03da9a1bfe7c37017c58bffa^! / . / payload_signer.cc
commit932bc4c1c271bc1b03da9a1bfe7c37017c58bffa[log] [tgz]
authorAndrew de los Reyes <adlr@chromium.org>Mon Aug 23 18:14:09 2010 -0700
committerAndrew de los Reyes <adlr@chromium.org>Mon Aug 23 18:14:09 2010 -0700
treeaa35851a53da7d42d1dca3005af19a5c07bb42a7
parentaf183050a13b6851d7e385bb697ae290ccdaf880 [diff] [blame]
AU: Sign delta payloads

- Change .proto to have explicit offset/length of signature. I was
  hoping the length could be kept out of the proto, but it needs to go
  in. The way we cheat and keep the signature in the file is to have a
  dummer install operation at the end that will cause old clients to
  write the signature data to nowhere.

- Change delta generator to take an optional private key, which if
  present will cause the payload to be signed

- Cleanup Omaha hash calculator, which should be renamed to SHA1 hash
  calculator, and allow export of the non-base64 encoded SHA1 result.

- Note: signatures are not yet checked. That will come in a future CL.

BUG=5662
TEST=unittests

Review URL: http://codereview.chromium.org/3132033

diff --git a/payload_signer.cc b/payload_signer.cc
index 03ff391..2fa9616 100644
--- a/payload_signer.cc
+++ b/payload_signer.cc

@@ -6,6 +6,7 @@
 
 #include "base/logging.h"
 #include "base/string_util.h"
+#include "update_engine/omaha_hash_calculator.h"
 #include "update_engine/subprocess.h"
 #include "update_engine/update_metadata.pb.h"
 #include "update_engine/utils.h"
@@ -24,6 +25,23 @@
   TEST_AND_RETURN_FALSE(
       utils::MakeTempFile("/tmp/signature.XXXXXX", &sig_path, NULL));
   ScopedPathUnlinker sig_path_unlinker(sig_path);
+
+  string hash_path;
+  TEST_AND_RETURN_FALSE(
+      utils::MakeTempFile("/tmp/hash.XXXXXX", &hash_path, NULL));
+  ScopedPathUnlinker hash_path_unlinker(hash_path);
+  
+  vector<char> hash_data;
+  {
+    vector<char> payload;
+    // TODO(adlr): Read file in chunks. Not urgent as this runs on the server.
+    TEST_AND_RETURN_FALSE(utils::ReadFile(unsigned_payload_path, &payload));
+    TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfData(payload,
+                                                             &hash_data));
+  }
+  TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(),
+                                         &hash_data[0],
+                                         hash_data.size()));
   
   // This runs on the server, so it's okay to cop out and call openssl
   // executable rather than properly use the library
@@ -32,7 +50,7 @@
               ' ',
               &cmd);
   cmd[cmd.size() - 5] = private_key_path;
-  cmd[cmd.size() - 3] = unsigned_payload_path;
+  cmd[cmd.size() - 3] = hash_path;
   cmd[cmd.size() - 1] = sig_path;
   
   int return_code = 0;