From 877c2cc357e19c2e531d935b4fe04e856c6d1576 Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Tue, 25 Feb 2020 12:44:11 +0100
Subject: [PATCH] Switch to SHA-256 (phase 1)

Updater will treat all hashes as SHA-256 when checking for updates in
the new catalog - the future releases.

While we keep hashing and signing the old catalog file using SHA-1 - the
past releases.

Signed-off-by: Simon Rozman <simon@rozman.si>
---
 UpdSignXML/main.cpp                 |  6 +++---
 Updater/include/Updater/chkthread.h |  2 +-
 Updater/include/Updater/common.h    |  3 ++-
 Updater/src/chkthread.cpp           | 12 ++++++------
 4 files changed, 12 insertions(+), 11 deletions(-)

diff --git a/UpdSignXML/main.cpp b/UpdSignXML/main.cpp
index e57be8b..ee05574 100644
--- a/UpdSignXML/main.cpp
+++ b/UpdSignXML/main.cpp
@@ -67,8 +67,8 @@ int _tmain(int argc, _TCHAR *argv[])
     for (wxXmlNode *prolog = document->GetChildren(); prolog;) {
         if (prolog->GetType() == wxXML_COMMENT_NODE) {
             wxString content = prolog->GetContent();
-            if (content.length() >= _countof(wxS(UPDATER_SIGNATURE_MARK)) - 1 &&
-                memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1)) == 0)
+            if (content.length() >= _countof(wxS(UPDATER_SIGNATURE_MARK_SHA1)) - 1 &&
+                memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK_SHA1), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK_SHA1)) - 1)) == 0)
             {
                 // Previous signature found. Remove it.
                 wxXmlNode *signature = prolog;
@@ -111,7 +111,7 @@ int _tmain(int argc, _TCHAR *argv[])
 
     // Encode signature (Base64) and append to the document prolog.
     wxString signature;
-    signature += wxS(UPDATER_SIGNATURE_MARK);
+    signature += wxS(UPDATER_SIGNATURE_MARK_SHA1);
     signature += wxBase64Encode(sig);
     document->AddChild(new wxXmlNode(wxXML_COMMENT_NODE, wxS(""), signature));
 
diff --git a/Updater/include/Updater/chkthread.h b/Updater/include/Updater/chkthread.h
index 1440f95..6ac54ab 100644
--- a/Updater/include/Updater/chkthread.h
+++ b/Updater/include/Updater/chkthread.h
@@ -167,7 +167,7 @@ protected:
     wxUint32 m_version;     ///< Latest product version available (numerical)
     wxString m_versionStr;  ///< Latest product version available (string)
     wxArrayString m_urls;   ///< List of update package file downloads
-    wxMemoryBuffer m_hash;  ///< Update package SHA-1 hash
+    wxMemoryBuffer m_hash;  ///< Update package hash
 
     wxString m_fileName;    ///< Downloaded package file name
 };
diff --git a/Updater/include/Updater/common.h b/Updater/include/Updater/common.h
index c2c1c16..6616207 100644
--- a/Updater/include/Updater/common.h
+++ b/Updater/include/Updater/common.h
@@ -44,7 +44,8 @@
 //#endif
 #define UPDATER_API
 
-#define UPDATER_SIGNATURE_MARK  "SHA1SIGN:"
+#define UPDATER_SIGNATURE_MARK_SHA1   "SHA1SIGN:"
+#define UPDATER_SIGNATURE_MARK_SHA256 "SIGNATURE:"
 
 #endif // !defined(RC_INVOKED) && !defined(MIDL_PASS)
 #endif // !defined(__UPDATER_common_h__)
diff --git a/Updater/src/chkthread.cpp b/Updater/src/chkthread.cpp
index 5320735..bf8a5d9 100644
--- a/Updater/src/chkthread.cpp
+++ b/Updater/src/chkthread.cpp
@@ -220,11 +220,11 @@ wxXmlDocument* wxUpdCheckThread::GetCatalogue()
             if (prolog->GetType() == wxXML_COMMENT_NODE) {
                 wxString content = prolog->GetContent();
                 const size_t content_len = content.length();
-                if (content_len >= _countof(wxS(UPDATER_SIGNATURE_MARK)) - 1 &&
-                    memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1)) == 0)
+                if (content_len >= _countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1 &&
+                    memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK_SHA256), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1)) == 0)
                 {
                     // Read the signature.
-                    const size_t signature_len = content_len - (_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1);
+                    const size_t signature_len = content_len - (_countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1);
                     const size_t len = wxBase64DecodedSize(signature_len);
                     const size_t res = wxBase64Decode(sig.GetWriteBuf(len), len, content.Right(signature_len), wxBase64DecodeMode_SkipWS);
                     if (res != wxCONV_FAILED) {
@@ -247,7 +247,7 @@ wxXmlDocument* wxUpdCheckThread::GetCatalogue()
 
         // Hash the content.
         if (TestDestroy()) return NULL;
-        wxCryptoHashSHA1 ch(*m_cs);
+        wxCryptoHashSHA256 ch(*m_cs);
         if (!wxXmlHashNode(ch, document))
             continue;
 
@@ -435,7 +435,7 @@ bool wxUpdCheckThread::DownloadUpdatePackage()
 {
     if (wxFileExists(m_fileName)) {
         // Calculate file hash.
-        wxCryptoHashSHA1 ch(*m_cs);
+        wxCryptoHashSHA256 ch(*m_cs);
         if (ch.HashFile(m_fileName)) {
             wxMemoryBuffer buf;
             ch.GetValue(buf);
@@ -480,7 +480,7 @@ bool wxUpdCheckThread::DownloadUpdatePackage()
         }
 
         // Save update package to file, and calculate hash.
-        wxCryptoHashSHA1 ch(*m_cs);
+        wxCryptoHashSHA256 ch(*m_cs);
         wxMemoryBuffer buf(4*1024);
         char *data = static_cast<char*>(buf.GetData());
         const size_t nBlock = buf.GetBufSize();