diff options
| author | Scott Lobdell <slobdell@google.com> | 2019-03-05 11:56:41 -0800 |
|---|---|---|
| committer | Scott Lobdell <slobdell@google.com> | 2019-03-05 16:53:31 -0800 |
| commit | 838bccb515036433be3a55bec702336f170df38a (patch) | |
| tree | eb94a5e0cbab6fa3e8f5539fed44dd081f48fc04 /payload_consumer/payload_metadata.cc | |
| parent | 2af3457b7362c163b1896f7a4b6eee69f8439296 (diff) | |
| parent | 4eee53f5949d5e4cb43894b3d190daf635e31338 (diff) | |
Merge QP1A.190228.005
Change-Id: I546552fe26b74b96c18d929cdda1a527bbcdf4dc
Diffstat (limited to 'payload_consumer/payload_metadata.cc')
| -rw-r--r-- | payload_consumer/payload_metadata.cc | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/payload_consumer/payload_metadata.cc b/payload_consumer/payload_metadata.cc index b631c87c..8b3eb4e1 100644 --- a/payload_consumer/payload_metadata.cc +++ b/payload_consumer/payload_metadata.cc @@ -25,6 +25,8 @@ #include "update_engine/payload_consumer/payload_constants.h" #include "update_engine/payload_consumer/payload_verifier.h" +using std::string; + namespace chromeos_update_engine { const uint64_t PayloadMetadata::kDeltaVersionOffset = sizeof(kDeltaMagic); @@ -155,12 +157,16 @@ bool PayloadMetadata::GetManifest(const brillo::Blob& payload, ErrorCode PayloadMetadata::ValidateMetadataSignature( const brillo::Blob& payload, - const std::string& metadata_signature, - const std::string& pem_public_key) const { + const string& metadata_signature, + const string& pem_public_key) const { if (payload.size() < metadata_size_ + metadata_signature_size_) return ErrorCode::kDownloadMetadataSignatureError; - brillo::Blob metadata_signature_blob, metadata_signature_protobuf_blob; + // A single signature in raw bytes. + brillo::Blob metadata_signature_blob; + // The serialized Signatures protobuf message stored in major version >=2 + // payload, it may contain multiple signatures. + string metadata_signature_protobuf; if (!metadata_signature.empty()) { // Convert base64-encoded signature to raw bytes. if (!brillo::data_encoding::Base64Decode(metadata_signature, @@ -170,13 +176,12 @@ ErrorCode PayloadMetadata::ValidateMetadataSignature( return ErrorCode::kDownloadMetadataSignatureError; } } else if (major_payload_version_ == kBrilloMajorPayloadVersion) { - metadata_signature_protobuf_blob.assign( + metadata_signature_protobuf.assign( payload.begin() + metadata_size_, payload.begin() + metadata_size_ + metadata_signature_size_); } - if (metadata_signature_blob.empty() && - metadata_signature_protobuf_blob.empty()) { + if (metadata_signature_blob.empty() && metadata_signature_protobuf.empty()) { LOG(ERROR) << "Missing mandatory metadata signature in both Omaha " << "response and payload."; return ErrorCode::kDownloadMetadataSignatureMissingError; @@ -210,7 +215,7 @@ ErrorCode PayloadMetadata::ValidateMetadataSignature( return ErrorCode::kDownloadMetadataSignatureMismatch; } } else { - if (!PayloadVerifier::VerifySignature(metadata_signature_protobuf_blob, + if (!PayloadVerifier::VerifySignature(metadata_signature_protobuf, pem_public_key, calculated_metadata_hash)) { LOG(ERROR) << "Manifest hash verification failed."; |