Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / 35b3584ab4041aa32e1d049bd6ddff5941b03df2 / . / payload_generator / payload_signer.cc
blob: 25ead8accc652ff2956e4181605ec7afbced018c [file] [log] [blame]
Alex Deymoaea4c1c2015-08-19 20:24:43 -0700[diff] [blame]1//
2// Copyright (C) 2011 The Android Open Source Project
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15//
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]16
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]17#include "update_engine/payload_generator/payload_signer.h"
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]18
Alex Deymo6f20dd42015-08-18 16:42:46 -0700[diff] [blame]19#include <endian.h>
20
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]21#include <base/logging.h>
Alex Vakulenko75039d72014-03-25 12:36:28 -0700[diff] [blame]22#include <base/strings/string_split.h>
23#include <base/strings/string_util.h>
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]24#include <brillo/data_encoding.h>
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]25#include <openssl/pem.h>
26
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]27#include "update_engine/omaha_hash_calculator.h"
Alex Deymo14158572015-06-13 03:37:08 -0700[diff] [blame]28#include "update_engine/payload_generator/payload_file.h"
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]29#include "update_engine/payload_verifier.h"
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]30#include "update_engine/subprocess.h"
31#include "update_engine/update_metadata.pb.h"
32#include "update_engine/utils.h"
33
34using std::string;
35using std::vector;
36
37namespace chromeos_update_engine {
38
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]39namespace {
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame]40
Alex Deymob552a682015-09-30 09:36:49 -0700[diff] [blame]41// The payload verifier will check all the signatures included in the payload
42// regardless of the version field. Old version of the verifier require the
43// version field to be included and be 1.
44const uint32_t kSignatureMessageLegacyVersion = 1;
45
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]46// Given raw |signatures|, packs them into a protobuf and serializes it into a
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]47// binary blob. Returns true on success, false otherwise.
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]48bool ConvertSignatureToProtobufBlob(const vector<brillo::Blob>& signatures,
49 brillo::Blob* out_signature_blob) {
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]50 // Pack it into a protobuf
51 Signatures out_message;
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]52 for (const brillo::Blob& signature : signatures) {
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]53 Signatures_Signature* sig_message = out_message.add_signatures();
Alex Deymob552a682015-09-30 09:36:49 -0700[diff] [blame]54 // Set all the signatures with the same version number.
55 sig_message->set_version(kSignatureMessageLegacyVersion);
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]56 sig_message->set_data(signature.data(), signature.size());
57 }
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]58
59 // Serialize protobuf
60 string serialized;
61 TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized));
62 out_signature_blob->insert(out_signature_blob->end(),
63 serialized.begin(),
64 serialized.end());
65 LOG(INFO) << "Signature blob size: " << out_signature_blob->size();
66 return true;
67}
68
69// Given an unsigned payload under |payload_path| and the |signature_blob_size|
70// generates an updated payload that includes a dummy signature op in its
Jay Srinivasan738fdf32012-12-07 17:40:54 -0800[diff] [blame]71// manifest. It populates |out_metadata_size| with the size of the final
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]72// manifest after adding the dummy signature operation, and
73// |out_signatures_offset| with the expected offset for the new blob. Returns
74// true on success, false otherwise.
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]75bool AddSignatureOpToPayload(const string& payload_path,
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]76 uint64_t signature_blob_size,
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]77 brillo::Blob* out_payload,
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]78 uint64_t* out_metadata_size,
79 uint64_t* out_signatures_offset) {
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]80 const int kProtobufOffset = 20;
81 const int kProtobufSizeOffset = 12;
82
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]83 // Loads the payload.
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]84 brillo::Blob payload;
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]85 DeltaArchiveManifest manifest;
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]86 uint64_t metadata_size;
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]87 TEST_AND_RETURN_FALSE(PayloadVerifier::LoadPayload(
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]88 payload_path, &payload, &manifest, &metadata_size));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]89
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]90 // Is there already a signature op in place?
91 if (manifest.has_signatures_size()) {
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]92 // The signature op is tied to the size of the signature blob, but not it's
93 // contents. We don't allow the manifest to change if there is already an op
94 // present, because that might invalidate previously generated
95 // hashes/signatures.
96 if (manifest.signatures_size() != signature_blob_size) {
97 LOG(ERROR) << "Attempt to insert different signature sized blob. "
98 << "(current:" << manifest.signatures_size()
99 << "new:" << signature_blob_size << ")";
100 return false;
101 }
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]102
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]103 LOG(INFO) << "Matching signature sizes already present.";
104 } else {
105 // Updates the manifest to include the signature operation.
Alex Deymo14158572015-06-13 03:37:08 -0700[diff] [blame]106 AddSignatureOp(payload.size() - metadata_size,
107 signature_blob_size,
108 &manifest);
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]109
110 // Updates the payload to include the new manifest.
111 string serialized_manifest;
112 TEST_AND_RETURN_FALSE(manifest.AppendToString(&serialized_manifest));
113 LOG(INFO) << "Updated protobuf size: " << serialized_manifest.size();
114 payload.erase(payload.begin() + kProtobufOffset,
115 payload.begin() + metadata_size);
116 payload.insert(payload.begin() + kProtobufOffset,
117 serialized_manifest.begin(),
118 serialized_manifest.end());
119
120 // Updates the protobuf size.
121 uint64_t size_be = htobe64(serialized_manifest.size());
122 memcpy(&payload[kProtobufSizeOffset], &size_be, sizeof(size_be));
123 metadata_size = serialized_manifest.size() + kProtobufOffset;
124
125 LOG(INFO) << "Updated payload size: " << payload.size();
126 LOG(INFO) << "Updated metadata size: " << metadata_size;
127 }
128
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]129 out_payload->swap(payload);
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]130 *out_metadata_size = metadata_size;
131 *out_signatures_offset = metadata_size + manifest.signatures_offset();
132 LOG(INFO) << "Signature Blob Offset: " << *out_signatures_offset;
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]133 return true;
134}
Alex Vakulenkod2779df2014-06-16 13:19:00 -0700[diff] [blame]135} // namespace
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]136
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]137bool PayloadSigner::SignHash(const brillo::Blob& hash,
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]138 const string& private_key_path,
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]139 brillo::Blob* out_signature) {
Jay Srinivasan51dcf262012-09-13 17:24:32 -0700[diff] [blame]140 LOG(INFO) << "Signing hash with private key: " << private_key_path;
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]141 string sig_path;
142 TEST_AND_RETURN_FALSE(
Alex Vakulenko88b591f2014-08-28 16:48:57 -0700[diff] [blame]143 utils::MakeTempFile("signature.XXXXXX", &sig_path, nullptr));
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]144 ScopedPathUnlinker sig_path_unlinker(sig_path);
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]145
146 string hash_path;
147 TEST_AND_RETURN_FALSE(
Alex Vakulenko88b591f2014-08-28 16:48:57 -0700[diff] [blame]148 utils::MakeTempFile("hash.XXXXXX", &hash_path, nullptr));
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]149 ScopedPathUnlinker hash_path_unlinker(hash_path);
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame]150 // We expect unpadded SHA256 hash coming in
151 TEST_AND_RETURN_FALSE(hash.size() == 32);
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]152 brillo::Blob padded_hash(hash);
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]153 PayloadVerifier::PadRSA2048SHA256Hash(&padded_hash);
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]154 TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(),
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame]155 padded_hash.data(),
156 padded_hash.size()));
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]157
Alex Deymob552a682015-09-30 09:36:49 -0700[diff] [blame]158 // This runs on the server, so it's okay to copy out and call openssl
159 // executable rather than properly use the library.
160 vector<string> cmd = {"openssl", "rsautl", "-raw", "-sign", "-inkey",
161 private_key_path, "-in", hash_path, "-out", sig_path};
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]162 int return_code = 0;
Alex Vakulenko88b591f2014-08-28 16:48:57 -0700[diff] [blame]163 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code,
164 nullptr));
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]165 TEST_AND_RETURN_FALSE(return_code == 0);
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]166
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]167 brillo::Blob signature;
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]168 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]169 out_signature->swap(signature);
170 return true;
171}
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]172
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]173bool PayloadSigner::SignPayload(const string& unsigned_payload_path,
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]174 const vector<string>& private_key_paths,
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]175 brillo::Blob* out_signature_blob) {
176 brillo::Blob hash_data;
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]177 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfFile(
178 unsigned_payload_path, -1, &hash_data) ==
179 utils::FileSize(unsigned_payload_path));
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]180
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]181 vector<brillo::Blob> signatures;
Alex Deymo020600d2014-11-05 21:05:55 -0800[diff] [blame]182 for (const string& path : private_key_paths) {
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]183 brillo::Blob signature;
Alex Deymo020600d2014-11-05 21:05:55 -0800[diff] [blame]184 TEST_AND_RETURN_FALSE(SignHash(hash_data, path, &signature));
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]185 signatures.push_back(signature);
186 }
187 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures,
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]188 out_signature_blob));
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]189 return true;
190}
191
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]192bool PayloadSigner::SignatureBlobLength(const vector<string>& private_key_paths,
193 uint64_t* out_length) {
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]194 DCHECK(out_length);
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]195
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]196 string x_path;
197 TEST_AND_RETURN_FALSE(
Alex Vakulenko88b591f2014-08-28 16:48:57 -0700[diff] [blame]198 utils::MakeTempFile("signed_data.XXXXXX", &x_path, nullptr));
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]199 ScopedPathUnlinker x_path_unlinker(x_path);
200 TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1));
201
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]202 brillo::Blob sig_blob;
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]203 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path,
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]204 private_key_paths,
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]205 &sig_blob));
206 *out_length = sig_blob.size();
207 return true;
208}
209
Don Garrettc2e9f5f2013-10-18 16:42:40 -0700[diff] [blame]210bool PayloadSigner::PrepPayloadForHashing(
211 const string& payload_path,
212 const vector<int>& signature_sizes,
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]213 brillo::Blob* payload_out,
Don Garrettc2e9f5f2013-10-18 16:42:40 -0700[diff] [blame]214 uint64_t* metadata_size_out,
215 uint64_t* signatures_offset_out) {
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]216 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
217
218 // Loads the payload and adds the signature op to it.
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]219 vector<brillo::Blob> signatures;
Alex Deymo020600d2014-11-05 21:05:55 -0800[diff] [blame]220 for (int signature_size : signature_sizes) {
221 signatures.emplace_back(signature_size, 0);
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]222 }
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]223 brillo::Blob signature_blob;
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]224 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures,
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]225 &signature_blob));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]226 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path,
227 signature_blob.size(),
Don Garrettc2e9f5f2013-10-18 16:42:40 -0700[diff] [blame]228 payload_out,
229 metadata_size_out,
230 signatures_offset_out));
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]231
Don Garrettc2e9f5f2013-10-18 16:42:40 -0700[diff] [blame]232 return true;
233}
234
235bool PayloadSigner::HashPayloadForSigning(const string& payload_path,
236 const vector<int>& signature_sizes,
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]237 brillo::Blob* out_hash_data) {
238 brillo::Blob payload;
Don Garrettc2e9f5f2013-10-18 16:42:40 -0700[diff] [blame]239 uint64_t metadata_size;
240 uint64_t signatures_offset;
241
242 TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path,
243 signature_sizes,
244 &payload,
245 &metadata_size,
246 &signatures_offset));
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]247
248 // Calculates the hash on the updated payload. Note that we stop calculating
249 // before we reach the signature information.
Alex Vakulenkof68bbbc2015-02-09 12:53:18 -0800[diff] [blame]250 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(payload.data(),
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]251 signatures_offset,
252 out_hash_data));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]253 return true;
254}
255
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]256bool PayloadSigner::HashMetadataForSigning(const string& payload_path,
Don Garrettc2e9f5f2013-10-18 16:42:40 -0700[diff] [blame]257 const vector<int>& signature_sizes,
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]258 brillo::Blob* out_metadata_hash) {
259 brillo::Blob payload;
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]260 uint64_t metadata_size;
Don Garrettc2e9f5f2013-10-18 16:42:40 -0700[diff] [blame]261 uint64_t signatures_offset;
262
263 TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path,
264 signature_sizes,
265 &payload,
266 &metadata_size,
267 &signatures_offset));
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]268
269 // Calculates the hash on the manifest.
Alex Vakulenkof68bbbc2015-02-09 12:53:18 -0800[diff] [blame]270 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(payload.data(),
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]271 metadata_size,
272 out_metadata_hash));
273 return true;
274}
275
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]276bool PayloadSigner::AddSignatureToPayload(
277 const string& payload_path,
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]278 const vector<brillo::Blob>& signatures,
Jay Srinivasan738fdf32012-12-07 17:40:54 -0800[diff] [blame]279 const string& signed_payload_path,
280 uint64_t *out_metadata_size) {
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]281 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
282
283 // Loads the payload and adds the signature op to it.
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]284 brillo::Blob signature_blob;
Andrew de los Reyesc24e3f32011-08-30 15:45:20 -0700[diff] [blame]285 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures,
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]286 &signature_blob));
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]287 brillo::Blob payload;
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]288 uint64_t signatures_offset;
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]289 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path,
290 signature_blob.size(),
Jay Srinivasan738fdf32012-12-07 17:40:54 -0800[diff] [blame]291 &payload,
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]292 out_metadata_size,
293 &signatures_offset));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]294 // Appends the signature blob to the end of the payload and writes the new
295 // payload.
Don Garrett2ae37872013-10-25 13:33:20 -0700[diff] [blame]296 LOG(INFO) << "Payload size before signatures: " << payload.size();
297 payload.resize(signatures_offset);
298 payload.insert(payload.begin() + signatures_offset,
299 signature_blob.begin(),
300 signature_blob.end());
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]301 LOG(INFO) << "Signed payload size: " << payload.size();
302 TEST_AND_RETURN_FALSE(utils::WriteFile(signed_payload_path.c_str(),
303 payload.data(),
304 payload.size()));
305 return true;
306}
307
Alex Vakulenkof68bbbc2015-02-09 12:53:18 -0800[diff] [blame]308bool PayloadSigner::GetMetadataSignature(const void* const metadata,
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]309 size_t metadata_size,
Jay Srinivasan51dcf262012-09-13 17:24:32 -0700[diff] [blame]310 const string& private_key_path,
311 string* out_signature) {
312 // Calculates the hash on the updated payload. Note that the payload includes
313 // the signature op but doesn't include the signature blob at the end.
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]314 brillo::Blob metadata_hash;
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]315 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(metadata,
316 metadata_size,
317 &metadata_hash));
Jay Srinivasan51dcf262012-09-13 17:24:32 -0700[diff] [blame]318
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]319 brillo::Blob signature;
Jay Srinivasanf4318702012-09-24 11:56:24 -0700[diff] [blame]320 TEST_AND_RETURN_FALSE(SignHash(metadata_hash,
Jay Srinivasan51dcf262012-09-13 17:24:32 -0700[diff] [blame]321 private_key_path,
322 &signature));
323
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]324 *out_signature = brillo::data_encoding::Base64Encode(signature);
Jay Srinivasan51dcf262012-09-13 17:24:32 -0700[diff] [blame]325 return true;
326}
327
328
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]329} // namespace chromeos_update_engine