Support needed for generating metadata signature in paygen
The metadata is the first portion of a payload that contains the following:
1. magic string ("CrOS")
2. version number
3. length of the manifest protobuf
4. manifest protobuf itself
<payload blobs begin here>
<payload signature as the last blob>
Currently we have a manifest signature which protects only #4 above. In
this CL we're extending the scope of manifest signature to include the rest
of the metadata (1-4). The reason we need to do this is to protect the
version value in HTTP as we're going to use it in future to have the
flexibility to change the protobuf format of the manifest.
Besides this change, this CL also contains:
1. Renaming of manifest_size and manifest_signature to metadata_size and
metadata_signature respectively to reflect the above change and keep
consistent terminology throughout. Also it renames protobuf_offset and
protobuf_length to manifest_offset and manifest_size to increase the
contextual semantics of the protobuf.
2. Addition of a new command-line option --out_metadata_hash_file in
delta_generator so that au_generate can use it in a subsequent CL to get
the SHA256 hash of the payload metadata in order to get it signed with
the signer.
3. Reusing LoadPayload in unit tests to get rid of some hardcoding. Also
updated delta_performer to localize such hardcoded constants within that
class and not have callers worry about those values.
BUG=chromium-os:33603
TEST=Tested on ZGB. Reran existing unit tests.
Change-Id: Iace5aebe8f7d054a0fa3a224a588ef52d85f510b
Reviewed-on: https://gerrit.chromium.org/gerrit/33726
Commit-Ready: Jay Srinivasan <jaysri@chromium.org>
Reviewed-by: Jay Srinivasan <jaysri@chromium.org>
Tested-by: Jay Srinivasan <jaysri@chromium.org>
diff --git a/payload_signer.cc b/payload_signer.cc
index 19a9230..1df710f 100644
--- a/payload_signer.cc
+++ b/payload_signer.cc
@@ -78,25 +78,6 @@
return true;
}
-bool LoadPayload(const string& payload_path,
- vector<char>* out_payload,
- DeltaArchiveManifest* out_manifest,
- uint64_t* out_metadata_size) {
- vector<char> payload;
- // Loads the payload and parses the manifest.
- TEST_AND_RETURN_FALSE(utils::ReadFile(payload_path, &payload));
- LOG(INFO) << "Payload size: " << payload.size();
- ActionExitCode error = kActionCodeSuccess;
- InstallPlan install_plan;
- DeltaPerformer delta_performer(NULL, &install_plan);
- TEST_AND_RETURN_FALSE(delta_performer.ParsePayloadMetadata(
- payload, out_manifest, out_metadata_size, &error) ==
- DeltaPerformer::kMetadataParseSuccess);
- LOG(INFO) << "Metadata size: " << *out_metadata_size;
- out_payload->swap(payload);
- return true;
-}
-
// Given an unsigned payload under |payload_path| and the |signature_blob_size|
// generates an updated payload that includes a dummy signature op in its
// manifest. Returns true on success, false otherwise.
@@ -110,7 +91,7 @@
vector<char> payload;
DeltaArchiveManifest manifest;
uint64_t metadata_size;
- TEST_AND_RETURN_FALSE(LoadPayload(
+ TEST_AND_RETURN_FALSE(PayloadSigner::LoadPayload(
payload_path, &payload, &manifest, &metadata_size));
TEST_AND_RETURN_FALSE(!manifest.has_signatures_offset() &&
!manifest.has_signatures_size());
@@ -139,6 +120,25 @@
}
} // namespace {}
+bool PayloadSigner::LoadPayload(const string& payload_path,
+ vector<char>* out_payload,
+ DeltaArchiveManifest* out_manifest,
+ uint64_t* out_metadata_size) {
+ vector<char> payload;
+ // Loads the payload and parses the manifest.
+ TEST_AND_RETURN_FALSE(utils::ReadFile(payload_path, &payload));
+ LOG(INFO) << "Payload size: " << payload.size();
+ ActionExitCode error = kActionCodeSuccess;
+ InstallPlan install_plan;
+ DeltaPerformer delta_performer(NULL, &install_plan);
+ TEST_AND_RETURN_FALSE(delta_performer.ParsePayloadMetadata(
+ payload, out_manifest, out_metadata_size, &error) ==
+ DeltaPerformer::kMetadataParseSuccess);
+ LOG(INFO) << "Metadata size: " << *out_metadata_size;
+ out_payload->swap(payload);
+ return true;
+}
+
bool PayloadSigner::SignHash(const vector<char>& hash,
const string& private_key_path,
vector<char>* out_signature) {
@@ -328,7 +328,7 @@
return true;
}
-bool PayloadSigner::HashPayloadForSigning(const std::string& payload_path,
+bool PayloadSigner::HashPayloadForSigning(const string& payload_path,
const vector<int>& signature_sizes,
vector<char>* out_hash_data) {
// TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
@@ -354,6 +354,22 @@
return true;
}
+bool PayloadSigner::HashMetadataForSigning(const string& payload_path,
+ vector<char>* out_metadata_hash) {
+ // Extract the manifest first.
+ vector<char> payload;
+ DeltaArchiveManifest manifest_proto;
+ uint64_t metadata_size;
+ TEST_AND_RETURN_FALSE(LoadPayload(
+ payload_path, &payload, &manifest_proto, &metadata_size));
+
+ // Calculates the hash on the manifest.
+ TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(&payload[0],
+ metadata_size,
+ out_metadata_hash));
+ return true;
+}
+
bool PayloadSigner::AddSignatureToPayload(
const string& payload_path,
const vector<vector<char> >& signatures,
@@ -388,19 +404,19 @@
return true;
}
-bool PayloadSigner::GetManifestSignature(const char* manifest,
- size_t manifest_size,
+bool PayloadSigner::GetMetadataSignature(const char* const metadata,
+ size_t metadata_size,
const string& private_key_path,
string* out_signature) {
// Calculates the hash on the updated payload. Note that the payload includes
// the signature op but doesn't include the signature blob at the end.
- vector<char> manifest_hash;
- TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(manifest,
- manifest_size,
- &manifest_hash));
+ vector<char> metadata_hash;
+ TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(metadata,
+ metadata_size,
+ &metadata_hash));
vector<char> signature;
- TEST_AND_RETURN_FALSE(SignHash(manifest_hash,
+ TEST_AND_RETURN_FALSE(SignHash(metadata_hash,
private_key_path,
&signature));