Use string for Signatures protobuf.
To avoid conversion between brillo::Blob and string.
Also use SerializeToString() instead of AppendToString().
Test: update_engine_unittests
Change-Id: I0ad0fb5f45223f9f51f940de727660a9e62052bb
diff --git a/payload_consumer/delta_performer.cc b/payload_consumer/delta_performer.cc
index f405bd9..489c821 100644
--- a/payload_consumer/delta_performer.cc
+++ b/payload_consumer/delta_performer.cc
@@ -1586,8 +1586,7 @@
// blob and the signed sha-256 context.
LOG_IF(WARNING,
!prefs_->SetString(kPrefsUpdateStateSignatureBlob,
- string(signatures_message_data_.begin(),
- signatures_message_data_.end())))
+ signatures_message_data_))
<< "Unable to store the signature blob.";
LOG(INFO) << "Extracted signature data of size "
@@ -1970,11 +1969,7 @@
signed_hash_calculator_.SetContext(signed_hash_context));
}
- string signature_blob;
- if (prefs_->GetString(kPrefsUpdateStateSignatureBlob, &signature_blob)) {
- signatures_message_data_.assign(signature_blob.begin(),
- signature_blob.end());
- }
+ prefs_->GetString(kPrefsUpdateStateSignatureBlob, &signatures_message_data_);
string hash_context;
TEST_AND_RETURN_FALSE(
diff --git a/payload_consumer/delta_performer.h b/payload_consumer/delta_performer.h
index 55cb2a4..17cb599 100644
--- a/payload_consumer/delta_performer.h
+++ b/payload_consumer/delta_performer.h
@@ -377,7 +377,7 @@
HashCalculator signed_hash_calculator_;
// Signatures message blob extracted directly from the payload.
- brillo::Blob signatures_message_data_;
+ std::string signatures_message_data_;
// The public key to be used. Provided as a member so that tests can
// override with test keys.
diff --git a/payload_consumer/delta_performer_integration_test.cc b/payload_consumer/delta_performer_integration_test.cc
index e064077..6b4771d 100644
--- a/payload_consumer/delta_performer_integration_test.cc
+++ b/payload_consumer/delta_performer_integration_test.cc
@@ -596,7 +596,7 @@
EXPECT_EQ(2, sigs_message.signatures_size());
else
EXPECT_EQ(1, sigs_message.signatures_size());
- const Signatures_Signature& signature = sigs_message.signatures(0);
+ const Signatures::Signature& signature = sigs_message.signatures(0);
EXPECT_EQ(1U, signature.version());
uint64_t expected_sig_data_length = 0;
diff --git a/payload_consumer/payload_metadata.cc b/payload_consumer/payload_metadata.cc
index b631c87..8b3eb4e 100644
--- a/payload_consumer/payload_metadata.cc
+++ b/payload_consumer/payload_metadata.cc
@@ -25,6 +25,8 @@
#include "update_engine/payload_consumer/payload_constants.h"
#include "update_engine/payload_consumer/payload_verifier.h"
+using std::string;
+
namespace chromeos_update_engine {
const uint64_t PayloadMetadata::kDeltaVersionOffset = sizeof(kDeltaMagic);
@@ -155,12 +157,16 @@
ErrorCode PayloadMetadata::ValidateMetadataSignature(
const brillo::Blob& payload,
- const std::string& metadata_signature,
- const std::string& pem_public_key) const {
+ const string& metadata_signature,
+ const string& pem_public_key) const {
if (payload.size() < metadata_size_ + metadata_signature_size_)
return ErrorCode::kDownloadMetadataSignatureError;
- brillo::Blob metadata_signature_blob, metadata_signature_protobuf_blob;
+ // A single signature in raw bytes.
+ brillo::Blob metadata_signature_blob;
+ // The serialized Signatures protobuf message stored in major version >=2
+ // payload, it may contain multiple signatures.
+ string metadata_signature_protobuf;
if (!metadata_signature.empty()) {
// Convert base64-encoded signature to raw bytes.
if (!brillo::data_encoding::Base64Decode(metadata_signature,
@@ -170,13 +176,12 @@
return ErrorCode::kDownloadMetadataSignatureError;
}
} else if (major_payload_version_ == kBrilloMajorPayloadVersion) {
- metadata_signature_protobuf_blob.assign(
+ metadata_signature_protobuf.assign(
payload.begin() + metadata_size_,
payload.begin() + metadata_size_ + metadata_signature_size_);
}
- if (metadata_signature_blob.empty() &&
- metadata_signature_protobuf_blob.empty()) {
+ if (metadata_signature_blob.empty() && metadata_signature_protobuf.empty()) {
LOG(ERROR) << "Missing mandatory metadata signature in both Omaha "
<< "response and payload.";
return ErrorCode::kDownloadMetadataSignatureMissingError;
@@ -210,7 +215,7 @@
return ErrorCode::kDownloadMetadataSignatureMismatch;
}
} else {
- if (!PayloadVerifier::VerifySignature(metadata_signature_protobuf_blob,
+ if (!PayloadVerifier::VerifySignature(metadata_signature_protobuf,
pem_public_key,
calculated_metadata_hash)) {
LOG(ERROR) << "Manifest hash verification failed.";
diff --git a/payload_consumer/payload_verifier.cc b/payload_consumer/payload_verifier.cc
index 2f7c133..3eb1da8 100644
--- a/payload_consumer/payload_verifier.cc
+++ b/payload_consumer/payload_verifier.cc
@@ -79,13 +79,12 @@
} // namespace
-bool PayloadVerifier::VerifySignature(const brillo::Blob& signature_blob,
+bool PayloadVerifier::VerifySignature(const string& signature_proto,
const string& pem_public_key,
const brillo::Blob& hash_data) {
Signatures signatures;
- LOG(INFO) << "signature blob size = " << signature_blob.size();
- TEST_AND_RETURN_FALSE(
- signatures.ParseFromArray(signature_blob.data(), signature_blob.size()));
+ LOG(INFO) << "signature blob size = " << signature_proto.size();
+ TEST_AND_RETURN_FALSE(signatures.ParseFromString(signature_proto));
if (!signatures.signatures_size()) {
LOG(ERROR) << "No signatures stored in the blob.";
@@ -95,7 +94,7 @@
std::vector<brillo::Blob> tested_hashes;
// Tries every signature in the signature blob.
for (int i = 0; i < signatures.signatures_size(); i++) {
- const Signatures_Signature& signature = signatures.signatures(i);
+ const Signatures::Signature& signature = signatures.signatures(i);
brillo::Blob sig_data(signature.data().begin(), signature.data().end());
brillo::Blob sig_hash_data;
if (!GetRawHashFromSignature(sig_data, pem_public_key, &sig_hash_data))
diff --git a/payload_consumer/payload_verifier.h b/payload_consumer/payload_verifier.h
index ec23ef2..09bdbf9 100644
--- a/payload_consumer/payload_verifier.h
+++ b/payload_consumer/payload_verifier.h
@@ -31,13 +31,13 @@
class PayloadVerifier {
public:
- // Interprets |signature_blob| as a protocol buffer containing the Signatures
+ // Interprets |signature_proto| as a protocol buffer containing the Signatures
// message and decrypts each signature data using the |pem_public_key|.
// |pem_public_key| should be a PEM format RSA public key data.
// Returns whether *any* of the decrypted hashes matches the |hash_data|.
// In case of any error parsing the signatures or the public key, returns
// false.
- static bool VerifySignature(const brillo::Blob& signature_blob,
+ static bool VerifySignature(const std::string& signature_proto,
const std::string& pem_public_key,
const brillo::Blob& hash_data);