aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSen Jiang <senj@google.com>2019-02-21 23:13:02 -0800
committerandroid-build-merger <android-build-merger@google.com>2019-02-21 23:13:02 -0800
commit0730ba3059694686e1cdbb55e8445c5f02daf186 (patch)
tree18d6a0d1ebe0f73c266a8194823c4ad4565615b5
parentfc631e786a9e03ba798e7bf9dbdd7e75c8f295df (diff)
parent9b2f178969a5e8123943307cf6aaa739faeaa3f7 (diff)
downloadupdate_engine-0730ba3059694686e1cdbb55e8445c5f02daf186.tar.gz
Use string for Signatures protobuf.
am: 9b2f178969 Change-Id: I25db9de427fe915467af552e36a5f17ed0705c7d
Diffstat
-rw-r--r--payload_consumer/delta_performer.cc9
-rw-r--r--payload_consumer/delta_performer.h2
-rw-r--r--payload_consumer/delta_performer_integration_test.cc2
-rw-r--r--payload_consumer/payload_metadata.cc19
-rw-r--r--payload_consumer/payload_verifier.cc9
-rw-r--r--payload_consumer/payload_verifier.h4
-rw-r--r--payload_generator/payload_file.cc21
-rw-r--r--payload_generator/payload_signer.cc96
-rw-r--r--payload_generator/payload_signer.h10
-rw-r--r--payload_generator/payload_signer_unittest.cc44
10 files changed, 101 insertions, 115 deletions
diff --git a/payload_consumer/delta_performer.cc b/payload_consumer/delta_performer.cc
index f405bd93..489c821d 100644
--- a/payload_consumer/delta_performer.cc
+++ b/payload_consumer/delta_performer.cc
@@ -1586,8 +1586,7 @@ bool DeltaPerformer::ExtractSignatureMessage() {
// blob and the signed sha-256 context.
LOG_IF(WARNING,
!prefs_->SetString(kPrefsUpdateStateSignatureBlob,
- string(signatures_message_data_.begin(),
- signatures_message_data_.end())))
+ signatures_message_data_))
<< "Unable to store the signature blob.";
LOG(INFO) << "Extracted signature data of size "
@@ -1970,11 +1969,7 @@ bool DeltaPerformer::PrimeUpdateState() {
signed_hash_calculator_.SetContext(signed_hash_context));
}
- string signature_blob;
- if (prefs_->GetString(kPrefsUpdateStateSignatureBlob, &signature_blob)) {
- signatures_message_data_.assign(signature_blob.begin(),
- signature_blob.end());
- }
+ prefs_->GetString(kPrefsUpdateStateSignatureBlob, &signatures_message_data_);
string hash_context;
TEST_AND_RETURN_FALSE(
diff --git a/payload_consumer/delta_performer.h b/payload_consumer/delta_performer.h
index 55cb2a46..17cb5995 100644
--- a/payload_consumer/delta_performer.h
+++ b/payload_consumer/delta_performer.h
@@ -377,7 +377,7 @@ class DeltaPerformer : public FileWriter {
HashCalculator signed_hash_calculator_;
// Signatures message blob extracted directly from the payload.
- brillo::Blob signatures_message_data_;
+ std::string signatures_message_data_;
// The public key to be used. Provided as a member so that tests can
// override with test keys.
diff --git a/payload_consumer/delta_performer_integration_test.cc b/payload_consumer/delta_performer_integration_test.cc
index e064077f..6b4771d6 100644
--- a/payload_consumer/delta_performer_integration_test.cc
+++ b/payload_consumer/delta_performer_integration_test.cc
@@ -596,7 +596,7 @@ static void ApplyDeltaFile(bool full_kernel,
EXPECT_EQ(2, sigs_message.signatures_size());
else
EXPECT_EQ(1, sigs_message.signatures_size());
- const Signatures_Signature& signature = sigs_message.signatures(0);
+ const Signatures::Signature& signature = sigs_message.signatures(0);
EXPECT_EQ(1U, signature.version());
uint64_t expected_sig_data_length = 0;
diff --git a/payload_consumer/payload_metadata.cc b/payload_consumer/payload_metadata.cc
index b631c87c..8b3eb4e1 100644
--- a/payload_consumer/payload_metadata.cc
+++ b/payload_consumer/payload_metadata.cc
@@ -25,6 +25,8 @@
#include "update_engine/payload_consumer/payload_constants.h"
#include "update_engine/payload_consumer/payload_verifier.h"
+using std::string;
+
namespace chromeos_update_engine {
const uint64_t PayloadMetadata::kDeltaVersionOffset = sizeof(kDeltaMagic);
@@ -155,12 +157,16 @@ bool PayloadMetadata::GetManifest(const brillo::Blob& payload,
ErrorCode PayloadMetadata::ValidateMetadataSignature(
const brillo::Blob& payload,
- const std::string& metadata_signature,
- const std::string& pem_public_key) const {
+ const string& metadata_signature,
+ const string& pem_public_key) const {
if (payload.size() < metadata_size_ + metadata_signature_size_)
return ErrorCode::kDownloadMetadataSignatureError;
- brillo::Blob metadata_signature_blob, metadata_signature_protobuf_blob;
+ // A single signature in raw bytes.
+ brillo::Blob metadata_signature_blob;
+ // The serialized Signatures protobuf message stored in major version >=2
+ // payload, it may contain multiple signatures.
+ string metadata_signature_protobuf;
if (!metadata_signature.empty()) {
// Convert base64-encoded signature to raw bytes.
if (!brillo::data_encoding::Base64Decode(metadata_signature,
@@ -170,13 +176,12 @@ ErrorCode PayloadMetadata::ValidateMetadataSignature(
return ErrorCode::kDownloadMetadataSignatureError;
}
} else if (major_payload_version_ == kBrilloMajorPayloadVersion) {
- metadata_signature_protobuf_blob.assign(
+ metadata_signature_protobuf.assign(
payload.begin() + metadata_size_,
payload.begin() + metadata_size_ + metadata_signature_size_);
}
- if (metadata_signature_blob.empty() &&
- metadata_signature_protobuf_blob.empty()) {
+ if (metadata_signature_blob.empty() && metadata_signature_protobuf.empty()) {
LOG(ERROR) << "Missing mandatory metadata signature in both Omaha "
<< "response and payload.";
return ErrorCode::kDownloadMetadataSignatureMissingError;
@@ -210,7 +215,7 @@ ErrorCode PayloadMetadata::ValidateMetadataSignature(
return ErrorCode::kDownloadMetadataSignatureMismatch;
}
} else {
- if (!PayloadVerifier::VerifySignature(metadata_signature_protobuf_blob,
+ if (!PayloadVerifier::VerifySignature(metadata_signature_protobuf,
pem_public_key,
calculated_metadata_hash)) {
LOG(ERROR) << "Manifest hash verification failed.";
diff --git a/payload_consumer/payload_verifier.cc b/payload_consumer/payload_verifier.cc
index 2f7c133a..3eb1da8b 100644
--- a/payload_consumer/payload_verifier.cc
+++ b/payload_consumer/payload_verifier.cc
@@ -79,13 +79,12 @@ const uint8_t kRSA2048SHA256Padding[] = {
} // namespace
-bool PayloadVerifier::VerifySignature(const brillo::Blob& signature_blob,
+bool PayloadVerifier::VerifySignature(const string& signature_proto,
const string& pem_public_key,
const brillo::Blob& hash_data) {
Signatures signatures;
- LOG(INFO) << "signature blob size = " << signature_blob.size();
- TEST_AND_RETURN_FALSE(
- signatures.ParseFromArray(signature_blob.data(), signature_blob.size()));
+ LOG(INFO) << "signature blob size = " << signature_proto.size();
+ TEST_AND_RETURN_FALSE(signatures.ParseFromString(signature_proto));
if (!signatures.signatures_size()) {
LOG(ERROR) << "No signatures stored in the blob.";
@@ -95,7 +94,7 @@ bool PayloadVerifier::VerifySignature(const brillo::Blob& signature_blob,
std::vector<brillo::Blob> tested_hashes;
// Tries every signature in the signature blob.
for (int i = 0; i < signatures.signatures_size(); i++) {
- const Signatures_Signature& signature = signatures.signatures(i);
+ const Signatures::Signature& signature = signatures.signatures(i);
brillo::Blob sig_data(signature.data().begin(), signature.data().end());
brillo::Blob sig_hash_data;
if (!GetRawHashFromSignature(sig_data, pem_public_key, &sig_hash_data))
diff --git a/payload_consumer/payload_verifier.h b/payload_consumer/payload_verifier.h
index ec23ef21..09bdbf95 100644
--- a/payload_consumer/payload_verifier.h
+++ b/payload_consumer/payload_verifier.h
@@ -31,13 +31,13 @@ namespace chromeos_update_engine {
class PayloadVerifier {
public:
- // Interprets |signature_blob| as a protocol buffer containing the Signatures
+ // Interprets |signature_proto| as a protocol buffer containing the Signatures
// message and decrypts each signature data using the |pem_public_key|.
// |pem_public_key| should be a PEM format RSA public key data.
// Returns whether *any* of the decrypted hashes matches the |hash_data|.
// In case of any error parsing the signatures or the public key, returns
// false.
- static bool VerifySignature(const brillo::Blob& signature_blob,
+ static bool VerifySignature(const std::string& signature_proto,
const std::string& pem_public_key,
const brillo::Blob& hash_data);
diff --git a/payload_generator/payload_file.cc b/payload_generator/payload_file.cc
index 775a509d..085ea16a 100644
--- a/payload_generator/payload_file.cc
+++ b/payload_generator/payload_file.cc
@@ -197,7 +197,7 @@ bool PayloadFile::WritePayload(const string& payload_file,
uint64_t signature_blob_length = 0;
if (!private_key_path.empty()) {
TEST_AND_RETURN_FALSE(PayloadSigner::SignatureBlobLength(
- vector<string>(1, private_key_path), &signature_blob_length));
+ {private_key_path}, &signature_blob_length));
PayloadSigner::AddSignatureToManifest(
next_blob_offset,
signature_blob_length,
@@ -207,7 +207,7 @@ bool PayloadFile::WritePayload(const string& payload_file,
// Serialize protobuf
string serialized_manifest;
- TEST_AND_RETURN_FALSE(manifest_.AppendToString(&serialized_manifest));
+ TEST_AND_RETURN_FALSE(manifest_.SerializeToString(&serialized_manifest));
uint64_t metadata_size =
sizeof(kDeltaMagic) + 2 * sizeof(uint64_t) + serialized_manifest.size();
@@ -251,13 +251,12 @@ bool PayloadFile::WritePayload(const string& payload_file,
// Write metadata signature blob.
if (major_version_ == kBrilloMajorPayloadVersion &&
!private_key_path.empty()) {
- brillo::Blob metadata_hash, metadata_signature;
+ brillo::Blob metadata_hash;
TEST_AND_RETURN_FALSE(HashCalculator::RawHashOfFile(
payload_file, metadata_size, &metadata_hash));
- TEST_AND_RETURN_FALSE(
- PayloadSigner::SignHashWithKeys(metadata_hash,
- vector<string>(1, private_key_path),
- &metadata_signature));
+ string metadata_signature;
+ TEST_AND_RETURN_FALSE(PayloadSigner::SignHashWithKeys(
+ metadata_hash, {private_key_path}, &metadata_signature));
TEST_AND_RETURN_FALSE_ERRNO(
writer.Write(metadata_signature.data(), metadata_signature.size()));
}
@@ -281,16 +280,16 @@ bool PayloadFile::WritePayload(const string& payload_file,
// Write payload signature blob.
if (!private_key_path.empty()) {
LOG(INFO) << "Signing the update...";
- brillo::Blob signature_blob;
+ string signature;
TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(
payload_file,
- vector<string>(1, private_key_path),
+ {private_key_path},
metadata_size,
metadata_signature_size,
metadata_size + metadata_signature_size + manifest_.signatures_offset(),
- &signature_blob));
+ &signature));
TEST_AND_RETURN_FALSE_ERRNO(
- writer.Write(signature_blob.data(), signature_blob.size()));
+ writer.Write(signature.data(), signature.size()));
}
ReportPayloadUsage(metadata_size);
diff --git a/payload_generator/payload_signer.cc b/payload_generator/payload_signer.cc
index 2d0489a2..cbca7fe3 100644
--- a/payload_generator/payload_signer.cc
+++ b/payload_generator/payload_signer.cc
@@ -52,38 +52,36 @@ namespace {
const uint32_t kSignatureMessageLegacyVersion = 1;
// Given raw |signatures|, packs them into a protobuf and serializes it into a
-// binary blob. Returns true on success, false otherwise.
-bool ConvertSignatureToProtobufBlob(const vector<brillo::Blob>& signatures,
- brillo::Blob* out_signature_blob) {
+// string. Returns true on success, false otherwise.
+bool ConvertSignaturesToProtobuf(const vector<brillo::Blob>& signatures,
+ string* out_serialized_signature) {
// Pack it into a protobuf
Signatures out_message;
for (const brillo::Blob& signature : signatures) {
- Signatures_Signature* sig_message = out_message.add_signatures();
+ Signatures::Signature* sig_message = out_message.add_signatures();
// Set all the signatures with the same version number.
sig_message->set_version(kSignatureMessageLegacyVersion);
sig_message->set_data(signature.data(), signature.size());
}
// Serialize protobuf
- string serialized;
- TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized));
- out_signature_blob->insert(
- out_signature_blob->end(), serialized.begin(), serialized.end());
- LOG(INFO) << "Signature blob size: " << out_signature_blob->size();
+ TEST_AND_RETURN_FALSE(
+ out_message.SerializeToString(out_serialized_signature));
+ LOG(INFO) << "Signature blob size: " << out_serialized_signature->size();
return true;
}
-// Given an unsigned payload under |payload_path| and the |signature_blob| and
-// |metadata_signature_blob| generates an updated payload that includes the
+// Given an unsigned payload under |payload_path| and the |payload_signature|
+// and |metadata_signature| generates an updated payload that includes the
// signatures. It populates |out_metadata_size| with the size of the final
// manifest after adding the dummy signature operation, and
// |out_signatures_offset| with the expected offset for the new blob, and
-// |out_metadata_signature_size| which will be size of |metadata_signature_blob|
+// |out_metadata_signature_size| which will be size of |metadata_signature|
// if the payload major version supports metadata signature, 0 otherwise.
// Returns true on success, false otherwise.
bool AddSignatureBlobToPayload(const string& payload_path,
- const brillo::Blob& signature_blob,
- const brillo::Blob& metadata_signature_blob,
+ const string& payload_signature,
+ const string& metadata_signature,
brillo::Blob* out_payload,
uint64_t* out_metadata_size,
uint32_t* out_metadata_signature_size,
@@ -100,8 +98,7 @@ bool AddSignatureBlobToPayload(const string& payload_path,
payload_metadata.GetMetadataSignatureSize();
if (payload_metadata.GetMajorVersion() == kBrilloMajorPayloadVersion) {
// Write metadata signature size in header.
- uint32_t metadata_signature_size_be =
- htobe32(metadata_signature_blob.size());
+ uint32_t metadata_signature_size_be = htobe32(metadata_signature.size());
memcpy(payload.data() + manifest_offset,
&metadata_signature_size_be,
sizeof(metadata_signature_size_be));
@@ -110,9 +107,9 @@ bool AddSignatureBlobToPayload(const string& payload_path,
payload.erase(payload.begin() + metadata_size,
payload.begin() + metadata_size + metadata_signature_size);
payload.insert(payload.begin() + metadata_size,
- metadata_signature_blob.begin(),
- metadata_signature_blob.end());
- metadata_signature_size = metadata_signature_blob.size();
+ metadata_signature.begin(),
+ metadata_signature.end());
+ metadata_signature_size = metadata_signature.size();
LOG(INFO) << "Metadata signature size: " << metadata_signature_size;
}
@@ -125,10 +122,10 @@ bool AddSignatureBlobToPayload(const string& payload_path,
// contents. We don't allow the manifest to change if there is already an op
// present, because that might invalidate previously generated
// hashes/signatures.
- if (manifest.signatures_size() != signature_blob.size()) {
+ if (manifest.signatures_size() != payload_signature.size()) {
LOG(ERROR) << "Attempt to insert different signature sized blob. "
<< "(current:" << manifest.signatures_size()
- << "new:" << signature_blob.size() << ")";
+ << "new:" << payload_signature.size() << ")";
return false;
}
@@ -137,7 +134,7 @@ bool AddSignatureBlobToPayload(const string& payload_path,
// Updates the manifest to include the signature operation.
PayloadSigner::AddSignatureToManifest(
payload.size() - metadata_size - metadata_signature_size,
- signature_blob.size(),
+ payload_signature.size(),
payload_metadata.GetMajorVersion() == kChromeOSMajorPayloadVersion,
&manifest);
@@ -164,8 +161,8 @@ bool AddSignatureBlobToPayload(const string& payload_path,
LOG(INFO) << "Signature Blob Offset: " << signatures_offset;
payload.resize(signatures_offset);
payload.insert(payload.begin() + signatures_offset,
- signature_blob.begin(),
- signature_blob.end());
+ payload_signature.begin(),
+ payload_signature.end());
*out_payload = std::move(payload);
*out_metadata_size = metadata_size;
@@ -253,21 +250,19 @@ bool PayloadSigner::VerifySignedPayload(const string& payload_path,
signatures_offset,
&payload_hash,
&metadata_hash));
- brillo::Blob signature_blob(payload.begin() + signatures_offset,
- payload.end());
+ string signature(payload.begin() + signatures_offset, payload.end());
string public_key;
TEST_AND_RETURN_FALSE(utils::ReadFile(public_key_path, &public_key));
TEST_AND_RETURN_FALSE(PayloadVerifier::PadRSA2048SHA256Hash(&payload_hash));
- TEST_AND_RETURN_FALSE(PayloadVerifier::VerifySignature(
- signature_blob, public_key, payload_hash));
+ TEST_AND_RETURN_FALSE(
+ PayloadVerifier::VerifySignature(signature, public_key, payload_hash));
if (metadata_signature_size) {
- signature_blob.assign(
- payload.begin() + metadata_size,
- payload.begin() + metadata_size + metadata_signature_size);
+ signature.assign(payload.begin() + metadata_size,
+ payload.begin() + metadata_size + metadata_signature_size);
TEST_AND_RETURN_FALSE(
PayloadVerifier::PadRSA2048SHA256Hash(&metadata_hash));
- TEST_AND_RETURN_FALSE(PayloadVerifier::VerifySignature(
- signature_blob, public_key, metadata_hash));
+ TEST_AND_RETURN_FALSE(
+ PayloadVerifier::VerifySignature(signature, public_key, metadata_hash));
}
return true;
}
@@ -311,7 +306,7 @@ bool PayloadSigner::SignHash(const brillo::Blob& hash,
bool PayloadSigner::SignHashWithKeys(const brillo::Blob& hash_data,
const vector<string>& private_key_paths,
- brillo::Blob* out_signature_blob) {
+ string* out_serialized_signature) {
vector<brillo::Blob> signatures;
for (const string& path : private_key_paths) {
brillo::Blob signature;
@@ -319,7 +314,7 @@ bool PayloadSigner::SignHashWithKeys(const brillo::Blob& hash_data,
signatures.push_back(signature);
}
TEST_AND_RETURN_FALSE(
- ConvertSignatureToProtobufBlob(signatures, out_signature_blob));
+ ConvertSignaturesToProtobuf(signatures, out_serialized_signature));
return true;
}
@@ -328,7 +323,7 @@ bool PayloadSigner::SignPayload(const string& unsigned_payload_path,
const uint64_t metadata_size,
const uint32_t metadata_signature_size,
const uint64_t signatures_offset,
- brillo::Blob* out_signature_blob) {
+ string* out_serialized_signature) {
brillo::Blob payload;
TEST_AND_RETURN_FALSE(utils::ReadFile(unsigned_payload_path, &payload));
brillo::Blob hash_data;
@@ -339,16 +334,16 @@ bool PayloadSigner::SignPayload(const string& unsigned_payload_path,
&hash_data,
nullptr));
TEST_AND_RETURN_FALSE(
- SignHashWithKeys(hash_data, private_key_paths, out_signature_blob));
+ SignHashWithKeys(hash_data, private_key_paths, out_serialized_signature));
return true;
}
bool PayloadSigner::SignatureBlobLength(const vector<string>& private_key_paths,
uint64_t* out_length) {
DCHECK(out_length);
- brillo::Blob x_blob(1, 'x'), hash_blob, sig_blob;
- TEST_AND_RETURN_FALSE(
- HashCalculator::RawHashOfBytes(x_blob.data(), x_blob.size(), &hash_blob));
+ brillo::Blob hash_blob;
+ TEST_AND_RETURN_FALSE(HashCalculator::RawHashOfData({'x'}, &hash_blob));
+ string sig_blob;
TEST_AND_RETURN_FALSE(
SignHashWithKeys(hash_blob, private_key_paths, &sig_blob));
*out_length = sig_blob.size();
@@ -365,17 +360,16 @@ bool PayloadSigner::HashPayloadForSigning(const string& payload_path,
for (int signature_size : signature_sizes) {
signatures.emplace_back(signature_size, 0);
}
- brillo::Blob signature_blob;
- TEST_AND_RETURN_FALSE(
- ConvertSignatureToProtobufBlob(signatures, &signature_blob));
+ string signature;
+ TEST_AND_RETURN_FALSE(ConvertSignaturesToProtobuf(signatures, &signature));
brillo::Blob payload;
uint64_t metadata_size, signatures_offset;
uint32_t metadata_signature_size;
// Prepare payload for hashing.
TEST_AND_RETURN_FALSE(AddSignatureBlobToPayload(payload_path,
- signature_blob,
- signature_blob,
+ signature,
+ signature,
&payload,
&metadata_size,
&metadata_signature_size,
@@ -398,19 +392,19 @@ bool PayloadSigner::AddSignatureToPayload(
// TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
// Loads the payload and adds the signature op to it.
- brillo::Blob signature_blob, metadata_signature_blob;
+ string payload_signature, metadata_signature;
TEST_AND_RETURN_FALSE(
- ConvertSignatureToProtobufBlob(payload_signatures, &signature_blob));
+ ConvertSignaturesToProtobuf(payload_signatures, &payload_signature));
if (!metadata_signatures.empty()) {
- TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(
- metadata_signatures, &metadata_signature_blob));
+ TEST_AND_RETURN_FALSE(
+ ConvertSignaturesToProtobuf(metadata_signatures, &metadata_signature));
}
brillo::Blob payload;
uint64_t signatures_offset;
uint32_t metadata_signature_size;
TEST_AND_RETURN_FALSE(AddSignatureBlobToPayload(payload_path,
- signature_blob,
- metadata_signature_blob,
+ payload_signature,
+ metadata_signature,
&payload,
out_metadata_size,
&metadata_signature_size,
diff --git a/payload_generator/payload_signer.h b/payload_generator/payload_signer.h
index b2d6606c..7854e126 100644
--- a/payload_generator/payload_signer.h
+++ b/payload_generator/payload_signer.h
@@ -54,17 +54,17 @@ class PayloadSigner {
brillo::Blob* out_signature);
// Sign |hash_data| blob with all private keys in |private_key_paths|, then
- // convert the signatures to protobuf blob.
+ // convert the signatures to serialized protobuf.
static bool SignHashWithKeys(
const brillo::Blob& hash_data,
const std::vector<std::string>& private_key_paths,
- brillo::Blob* out_signature_blob);
+ std::string* out_serialized_signature);
// Given an unsigned payload in |unsigned_payload_path|, private keys in
// |private_key_path|, metadata size in |metadata_size|, metadata signature
// size in |metadata_signature_size| and signatures offset in
// |signatures_offset|, calculates the payload signature blob into
- // |out_signature_blob|. Note that the payload must already have an
+ // |out_serialized_signature|. Note that the payload must already have an
// updated manifest that includes the dummy signature op and correct metadata
// signature size in header. Returns true on success, false otherwise.
static bool SignPayload(const std::string& unsigned_payload_path,
@@ -72,9 +72,9 @@ class PayloadSigner {
const uint64_t metadata_size,
const uint32_t metadata_signature_size,
const uint64_t signatures_offset,
- brillo::Blob* out_signature_blob);
+ std::string* out_serialized_signature);
- // Returns the length of out_signature_blob that will result in a call
+ // Returns the length of out_serialized_signature that will result in a call
// to SignPayload with the given private keys. Returns true on success.
static bool SignatureBlobLength(
const std::vector<std::string>& private_key_paths, uint64_t* out_length);
diff --git a/payload_generator/payload_signer_unittest.cc b/payload_generator/payload_signer_unittest.cc
index 52d51bc4..0b863b1e 100644
--- a/payload_generator/payload_signer_unittest.cc
+++ b/payload_generator/payload_signer_unittest.cc
@@ -86,19 +86,16 @@ const uint8_t kDataSignature[] = {
0x43, 0xb9, 0xab, 0x7d};
namespace {
-void SignSampleData(brillo::Blob* out_signature_blob,
- const vector<string>& private_keys) {
- brillo::Blob data_blob(std::begin(kDataToSign),
- std::begin(kDataToSign) + strlen(kDataToSign));
+void SignSampleData(string* out_signature, const vector<string>& private_keys) {
uint64_t length = 0;
EXPECT_TRUE(PayloadSigner::SignatureBlobLength(private_keys, &length));
EXPECT_GT(length, 0U);
brillo::Blob hash_blob;
EXPECT_TRUE(HashCalculator::RawHashOfBytes(
- data_blob.data(), data_blob.size(), &hash_blob));
- EXPECT_TRUE(PayloadSigner::SignHashWithKeys(
- hash_blob, private_keys, out_signature_blob));
- EXPECT_EQ(length, out_signature_blob->size());
+ kDataToSign, strlen(kDataToSign), &hash_blob));
+ EXPECT_TRUE(
+ PayloadSigner::SignHashWithKeys(hash_blob, private_keys, out_signature));
+ EXPECT_EQ(length, out_signature->size());
}
} // namespace
@@ -112,18 +109,16 @@ class PayloadSignerTest : public ::testing::Test {
};
TEST_F(PayloadSignerTest, SignSimpleTextTest) {
- brillo::Blob signature_blob;
- SignSampleData(&signature_blob,
- {GetBuildArtifactsPath(kUnittestPrivateKeyPath)});
+ string signature;
+ SignSampleData(&signature, {GetBuildArtifactsPath(kUnittestPrivateKeyPath)});
// Check the signature itself
Signatures signatures;
- EXPECT_TRUE(
- signatures.ParseFromArray(signature_blob.data(), signature_blob.size()));
+ EXPECT_TRUE(signatures.ParseFromString(signature));
EXPECT_EQ(1, signatures.signatures_size());
- const Signatures_Signature& signature = signatures.signatures(0);
- EXPECT_EQ(1U, signature.version());
- const string& sig_data = signature.data();
+ const Signatures::Signature& sig = signatures.signatures(0);
+ EXPECT_EQ(1U, sig.version());
+ const string& sig_data = sig.data();
ASSERT_EQ(arraysize(kDataSignature), sig_data.size());
for (size_t i = 0; i < arraysize(kDataSignature); i++) {
EXPECT_EQ(kDataSignature[i], static_cast<uint8_t>(sig_data[i]));
@@ -131,8 +126,8 @@ TEST_F(PayloadSignerTest, SignSimpleTextTest) {
}
TEST_F(PayloadSignerTest, VerifyAllSignatureTest) {
- brillo::Blob signature_blob;
- SignSampleData(&signature_blob,
+ string signature;
+ SignSampleData(&signature,
{GetBuildArtifactsPath(kUnittestPrivateKeyPath),
GetBuildArtifactsPath(kUnittestPrivateKey2Path)});
@@ -141,28 +136,27 @@ TEST_F(PayloadSignerTest, VerifyAllSignatureTest) {
EXPECT_TRUE(utils::ReadFile(GetBuildArtifactsPath(kUnittestPublicKeyPath),
&public_key));
EXPECT_TRUE(PayloadVerifier::VerifySignature(
- signature_blob, public_key, padded_hash_data_));
+ signature, public_key, padded_hash_data_));
EXPECT_TRUE(utils::ReadFile(GetBuildArtifactsPath(kUnittestPublicKey2Path),
&public_key));
EXPECT_TRUE(PayloadVerifier::VerifySignature(
- signature_blob, public_key, padded_hash_data_));
+ signature, public_key, padded_hash_data_));
}
TEST_F(PayloadSignerTest, VerifySignatureTest) {
- brillo::Blob signature_blob;
- SignSampleData(&signature_blob,
- {GetBuildArtifactsPath(kUnittestPrivateKeyPath)});
+ string signature;
+ SignSampleData(&signature, {GetBuildArtifactsPath(kUnittestPrivateKeyPath)});
string public_key;
EXPECT_TRUE(utils::ReadFile(GetBuildArtifactsPath(kUnittestPublicKeyPath),
&public_key));
EXPECT_TRUE(PayloadVerifier::VerifySignature(
- signature_blob, public_key, padded_hash_data_));
+ signature, public_key, padded_hash_data_));
// Passing the invalid key should fail the verification.
EXPECT_TRUE(utils::ReadFile(GetBuildArtifactsPath(kUnittestPublicKey2Path),
&public_key));
EXPECT_TRUE(PayloadVerifier::VerifySignature(
- signature_blob, public_key, padded_hash_data_));
+ signature, public_key, padded_hash_data_));
}
TEST_F(PayloadSignerTest, SkipMetadataSignatureTest) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-07 22:10:28 +0000