AU: Support signed payload verification through the delta generator.
The following command will verify a signed payload:
./delta_generator -in_file <payload> -public_key <key.pem>
Add a unit test for signature verification.
BUG=chromium-os:10936
TEST=unit tests
Change-Id: I3bb464608c22229141f9819b27503b6de778c495
Review URL: http://codereview.chromium.org/6271003
diff --git a/generate_delta_main.cc b/generate_delta_main.cc
index 9fc7fd7..0f791e0 100644
--- a/generate_delta_main.cc
+++ b/generate_delta_main.cc
@@ -40,6 +40,7 @@
DEFINE_string(out_file, "", "Path to output delta payload file");
DEFINE_string(out_hash_file, "", "Path to output hash file");
DEFINE_string(private_key, "", "Path to private key in .pem format");
+DEFINE_string(public_key, "", "Path to public key in .pem format");
DEFINE_string(prefs_dir, "/tmp/update_engine_prefs",
"Preferences directory, used with apply_delta");
DEFINE_int32(signature_size, 0, "Raw signature size used for hash calculation");
@@ -94,6 +95,16 @@
LOG(INFO) << "Done signing payload.";
}
+void VerifySignedPayload() {
+ LOG(INFO) << "Verifying signed payload.";
+ LOG_IF(FATAL, FLAGS_in_file.empty())
+ << "Must pass --in_file to verify signed payload.";
+ LOG_IF(FATAL, FLAGS_public_key.empty())
+ << "Must pass --public_key to verify signed payload.";
+ CHECK(PayloadSigner::VerifySignedPayload(FLAGS_in_file, FLAGS_public_key));
+ LOG(INFO) << "Done verifying signed payload.";
+}
+
void ApplyDelta() {
LOG(INFO) << "Applying delta.";
LOG_IF(FATAL, FLAGS_old_image.empty())
@@ -154,6 +165,10 @@
SignPayload();
return 0;
}
+ if (!FLAGS_public_key.empty()) {
+ VerifySignedPayload();
+ return 0;
+ }
if (!FLAGS_in_file.empty()) {
ApplyDelta();
return 0;