Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / 981a9fb68ec5fe56f57b3ecb117a0dc681bf5e83 / . / payload_generator / payload_signer.cc
blob: f3cc4de877479ef541c744913275b689b6832c25 [file] [log] [blame]
Darin Petkov85d02b72011-05-17 13:25:51 -0700[diff] [blame]1// Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]5#include "update_engine/payload_generator/payload_signer.h"
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]6
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]7#include <base/logging.h>
Alex Vakulenko75039d72014-03-25 12:36:28 -0700[diff] [blame]8#include <base/strings/string_split.h>
9#include <base/strings/string_util.h>
Alex Vakulenko981a9fb2015-02-09 12:51:24 -0800[diff] [blame^]10#include <chromeos/data_encoding.h>
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]11#include <openssl/pem.h>
12
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]13#include "update_engine/omaha_hash_calculator.h"
Alex Deymo161c4a12014-05-16 15:56:21 -0700[diff] [blame]14#include "update_engine/payload_generator/delta_diff_generator.h"
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]15#include "update_engine/payload_verifier.h"
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]16#include "update_engine/subprocess.h"
17#include "update_engine/update_metadata.pb.h"
18#include "update_engine/utils.h"
19
20using std::string;
21using std::vector;
22
23namespace chromeos_update_engine {
24
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]25namespace {
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame]26
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]27// Given raw |signatures|, packs them into a protobuf and serializes it into a
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]28// binary blob. Returns true on success, false otherwise.
Ben Chanf9cb98c2014-09-21 18:31:30 -0700[diff] [blame]29bool ConvertSignatureToProtobufBlob(const vector<vector<char>>& signatures,
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]30 vector<char>* out_signature_blob) {
31 // Pack it into a protobuf
32 Signatures out_message;
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]33 uint32_t version = kSignatureMessageOriginalVersion;
34 LOG_IF(WARNING, kSignatureMessageCurrentVersion -
35 kSignatureMessageOriginalVersion + 1 < signatures.size())
Jay Srinivasan51dcf262012-09-13 17:24:32 -0700[diff] [blame]36 << "You may want to support clients in the range ["
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]37 << kSignatureMessageOriginalVersion << ", "
38 << kSignatureMessageCurrentVersion << "] inclusive, but you only "
39 << "provided " << signatures.size() << " signatures.";
Alex Deymo020600d2014-11-05 21:05:55 -0800[diff] [blame]40 for (const vector<char>& signature : signatures) {
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]41 Signatures_Signature* sig_message = out_message.add_signatures();
42 sig_message->set_version(version++);
43 sig_message->set_data(signature.data(), signature.size());
44 }
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]45
46 // Serialize protobuf
47 string serialized;
48 TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized));
49 out_signature_blob->insert(out_signature_blob->end(),
50 serialized.begin(),
51 serialized.end());
52 LOG(INFO) << "Signature blob size: " << out_signature_blob->size();
53 return true;
54}
55
56// Given an unsigned payload under |payload_path| and the |signature_blob_size|
57// generates an updated payload that includes a dummy signature op in its
Jay Srinivasan738fdf32012-12-07 17:40:54 -0800[diff] [blame]58// manifest. It populates |out_metadata_size| with the size of the final
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]59// manifest after adding the dummy signature operation, and
60// |out_signatures_offset| with the expected offset for the new blob. Returns
61// true on success, false otherwise.
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]62bool AddSignatureOpToPayload(const string& payload_path,
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]63 uint64_t signature_blob_size,
Jay Srinivasan738fdf32012-12-07 17:40:54 -0800[diff] [blame]64 vector<char>* out_payload,
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]65 uint64_t* out_metadata_size,
66 uint64_t* out_signatures_offset) {
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]67 const int kProtobufOffset = 20;
68 const int kProtobufSizeOffset = 12;
69
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]70 // Loads the payload.
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]71 vector<char> payload;
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]72 DeltaArchiveManifest manifest;
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]73 uint64_t metadata_size;
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]74 TEST_AND_RETURN_FALSE(PayloadVerifier::LoadPayload(
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]75 payload_path, &payload, &manifest, &metadata_size));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]76
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]77 // Is there already a signature op in place?
78 if (manifest.has_signatures_size()) {
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]79 // The signature op is tied to the size of the signature blob, but not it's
80 // contents. We don't allow the manifest to change if there is already an op
81 // present, because that might invalidate previously generated
82 // hashes/signatures.
83 if (manifest.signatures_size() != signature_blob_size) {
84 LOG(ERROR) << "Attempt to insert different signature sized blob. "
85 << "(current:" << manifest.signatures_size()
86 << "new:" << signature_blob_size << ")";
87 return false;
88 }
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]89
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]90 LOG(INFO) << "Matching signature sizes already present.";
91 } else {
92 // Updates the manifest to include the signature operation.
93 DeltaDiffGenerator::AddSignatureOp(payload.size() - metadata_size,
94 signature_blob_size,
95 &manifest);
96
97 // Updates the payload to include the new manifest.
98 string serialized_manifest;
99 TEST_AND_RETURN_FALSE(manifest.AppendToString(&serialized_manifest));
100 LOG(INFO) << "Updated protobuf size: " << serialized_manifest.size();
101 payload.erase(payload.begin() + kProtobufOffset,
102 payload.begin() + metadata_size);
103 payload.insert(payload.begin() + kProtobufOffset,
104 serialized_manifest.begin(),
105 serialized_manifest.end());
106
107 // Updates the protobuf size.
108 uint64_t size_be = htobe64(serialized_manifest.size());
109 memcpy(&payload[kProtobufSizeOffset], &size_be, sizeof(size_be));
110 metadata_size = serialized_manifest.size() + kProtobufOffset;
111
112 LOG(INFO) << "Updated payload size: " << payload.size();
113 LOG(INFO) << "Updated metadata size: " << metadata_size;
114 }
115
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]116 out_payload->swap(payload);
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]117 *out_metadata_size = metadata_size;
118 *out_signatures_offset = metadata_size + manifest.signatures_offset();
119 LOG(INFO) << "Signature Blob Offset: " << *out_signatures_offset;
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]120 return true;
121}
Alex Vakulenkod2779df2014-06-16 13:19:00 -0700[diff] [blame]122} // namespace
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]123
124bool PayloadSigner::SignHash(const vector<char>& hash,
125 const string& private_key_path,
126 vector<char>* out_signature) {
Jay Srinivasan51dcf262012-09-13 17:24:32 -0700[diff] [blame]127 LOG(INFO) << "Signing hash with private key: " << private_key_path;
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]128 string sig_path;
129 TEST_AND_RETURN_FALSE(
Alex Vakulenko88b591f2014-08-28 16:48:57 -0700[diff] [blame]130 utils::MakeTempFile("signature.XXXXXX", &sig_path, nullptr));
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]131 ScopedPathUnlinker sig_path_unlinker(sig_path);
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]132
133 string hash_path;
134 TEST_AND_RETURN_FALSE(
Alex Vakulenko88b591f2014-08-28 16:48:57 -0700[diff] [blame]135 utils::MakeTempFile("hash.XXXXXX", &hash_path, nullptr));
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]136 ScopedPathUnlinker hash_path_unlinker(hash_path);
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame]137 // We expect unpadded SHA256 hash coming in
138 TEST_AND_RETURN_FALSE(hash.size() == 32);
139 vector<char> padded_hash(hash);
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]140 PayloadVerifier::PadRSA2048SHA256Hash(&padded_hash);
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]141 TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(),
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame]142 padded_hash.data(),
143 padded_hash.size()));
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]144
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]145 // This runs on the server, so it's okay to cop out and call openssl
146 // executable rather than properly use the library
147 vector<string> cmd;
Mike Frysinger2149be42012-03-12 19:23:47 -0400[diff] [blame]148 base::SplitString("openssl rsautl -raw -sign -inkey x -in x -out x",
Chris Masoned903c3b2011-05-12 15:35:46 -0700[diff] [blame]149 ' ',
150 &cmd);
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]151 cmd[cmd.size() - 5] = private_key_path;
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]152 cmd[cmd.size() - 3] = hash_path;
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]153 cmd[cmd.size() - 1] = sig_path;
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]154
Alex Deymo719bfff2014-07-11 12:12:32 -0700[diff] [blame]155 // When running unittests, we need to use the openssl version from the
156 // SYSROOT instead of the one on the $PATH (host).
157 cmd[0] = utils::GetPathOnBoard("openssl");
158
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]159 int return_code = 0;
Alex Vakulenko88b591f2014-08-28 16:48:57 -0700[diff] [blame]160 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code,
161 nullptr));
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]162 TEST_AND_RETURN_FALSE(return_code == 0);
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]163
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]164 vector<char> signature;
165 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]166 out_signature->swap(signature);
167 return true;
168}
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]169
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]170bool PayloadSigner::SignPayload(const string& unsigned_payload_path,
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]171 const vector<string>& private_key_paths,
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]172 vector<char>* out_signature_blob) {
173 vector<char> hash_data;
174 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfFile(
175 unsigned_payload_path, -1, &hash_data) ==
176 utils::FileSize(unsigned_payload_path));
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]177
Ben Chanf9cb98c2014-09-21 18:31:30 -0700[diff] [blame]178 vector<vector<char>> signatures;
Alex Deymo020600d2014-11-05 21:05:55 -0800[diff] [blame]179 for (const string& path : private_key_paths) {
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]180 vector<char> signature;
Alex Deymo020600d2014-11-05 21:05:55 -0800[diff] [blame]181 TEST_AND_RETURN_FALSE(SignHash(hash_data, path, &signature));
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]182 signatures.push_back(signature);
183 }
184 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures,
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]185 out_signature_blob));
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]186 return true;
187}
188
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]189bool PayloadSigner::SignatureBlobLength(const vector<string>& private_key_paths,
190 uint64_t* out_length) {
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]191 DCHECK(out_length);
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]192
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]193 string x_path;
194 TEST_AND_RETURN_FALSE(
Alex Vakulenko88b591f2014-08-28 16:48:57 -0700[diff] [blame]195 utils::MakeTempFile("signed_data.XXXXXX", &x_path, nullptr));
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]196 ScopedPathUnlinker x_path_unlinker(x_path);
197 TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1));
198
199 vector<char> sig_blob;
200 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path,
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]201 private_key_paths,
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]202 &sig_blob));
203 *out_length = sig_blob.size();
204 return true;
205}
206
Don Garrettc2e9f5f2013-10-18 16:42:40 -0700[diff] [blame]207bool PayloadSigner::PrepPayloadForHashing(
208 const string& payload_path,
209 const vector<int>& signature_sizes,
210 vector<char>* payload_out,
211 uint64_t* metadata_size_out,
212 uint64_t* signatures_offset_out) {
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]213 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
214
215 // Loads the payload and adds the signature op to it.
Ben Chanf9cb98c2014-09-21 18:31:30 -0700[diff] [blame]216 vector<vector<char>> signatures;
Alex Deymo020600d2014-11-05 21:05:55 -0800[diff] [blame]217 for (int signature_size : signature_sizes) {
218 signatures.emplace_back(signature_size, 0);
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]219 }
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]220 vector<char> signature_blob;
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]221 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures,
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]222 &signature_blob));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]223 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path,
224 signature_blob.size(),
Don Garrettc2e9f5f2013-10-18 16:42:40 -0700[diff] [blame]225 payload_out,
226 metadata_size_out,
227 signatures_offset_out));
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]228
Don Garrettc2e9f5f2013-10-18 16:42:40 -0700[diff] [blame]229 return true;
230}
231
232bool PayloadSigner::HashPayloadForSigning(const string& payload_path,
233 const vector<int>& signature_sizes,
234 vector<char>* out_hash_data) {
235 vector<char> payload;
236 uint64_t metadata_size;
237 uint64_t signatures_offset;
238
239 TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path,
240 signature_sizes,
241 &payload,
242 &metadata_size,
243 &signatures_offset));
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]244
245 // Calculates the hash on the updated payload. Note that we stop calculating
246 // before we reach the signature information.
247 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(&payload[0],
248 signatures_offset,
249 out_hash_data));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]250 return true;
251}
252
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]253bool PayloadSigner::HashMetadataForSigning(const string& payload_path,
Don Garrettc2e9f5f2013-10-18 16:42:40 -0700[diff] [blame]254 const vector<int>& signature_sizes,
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]255 vector<char>* out_metadata_hash) {
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]256 vector<char> payload;
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]257 uint64_t metadata_size;
Don Garrettc2e9f5f2013-10-18 16:42:40 -0700[diff] [blame]258 uint64_t signatures_offset;
259
260 TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path,
261 signature_sizes,
262 &payload,
263 &metadata_size,
264 &signatures_offset));
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]265
266 // Calculates the hash on the manifest.
267 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(&payload[0],
268 metadata_size,
269 out_metadata_hash));
270 return true;
271}
272
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]273bool PayloadSigner::AddSignatureToPayload(
274 const string& payload_path,
Ben Chanf9cb98c2014-09-21 18:31:30 -0700[diff] [blame]275 const vector<vector<char>>& signatures,
Jay Srinivasan738fdf32012-12-07 17:40:54 -0800[diff] [blame]276 const string& signed_payload_path,
277 uint64_t *out_metadata_size) {
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]278 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
279
280 // Loads the payload and adds the signature op to it.
281 vector<char> signature_blob;
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]282 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures,
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]283 &signature_blob));
284 vector<char> payload;
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]285 uint64_t signatures_offset;
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]286 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path,
287 signature_blob.size(),
Jay Srinivasan738fdf32012-12-07 17:40:54 -0800[diff] [blame]288 &payload,
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]289 out_metadata_size,
290 &signatures_offset));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]291 // Appends the signature blob to the end of the payload and writes the new
292 // payload.
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]293 LOG(INFO) << "Payload size before signatures: " << payload.size();
294 payload.resize(signatures_offset);
295 payload.insert(payload.begin() + signatures_offset,
296 signature_blob.begin(),
297 signature_blob.end());
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]298 LOG(INFO) << "Signed payload size: " << payload.size();
299 TEST_AND_RETURN_FALSE(utils::WriteFile(signed_payload_path.c_str(),
300 payload.data(),
301 payload.size()));
302 return true;
303}
304
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]305bool PayloadSigner::GetMetadataSignature(const char* const metadata,
306 size_t metadata_size,
Jay Srinivasan51dcf262012-09-13 17:24:32 -0700[diff] [blame]307 const string& private_key_path,
308 string* out_signature) {
309 // Calculates the hash on the updated payload. Note that the payload includes
310 // the signature op but doesn't include the signature blob at the end.
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]311 vector<char> metadata_hash;
312 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(metadata,
313 metadata_size,
314 &metadata_hash));
Jay Srinivasan51dcf262012-09-13 17:24:32 -0700[diff] [blame]315
316 vector<char> signature;
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]317 TEST_AND_RETURN_FALSE(SignHash(metadata_hash,
Jay Srinivasan51dcf262012-09-13 17:24:32 -0700[diff] [blame]318 private_key_path,
319 &signature));
320
Alex Vakulenko981a9fb2015-02-09 12:51:24 -0800[diff] [blame^]321 *out_signature = chromeos::data_encoding::Base64Encode(signature.data(),
322 signature.size());
Jay Srinivasan51dcf262012-09-13 17:24:32 -0700[diff] [blame]323 return true;
324}
325
326
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]327} // namespace chromeos_update_engine