Amebis/Updater
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch to SHA-256 (phase 1)

Browse Source 
Updater will treat all hashes as SHA-256 when checking for updates in
the new catalog - the future releases.

While we keep hashing and signing the old catalog file using SHA-1 - the
past releases.

Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman 2020-02-25 12:44:11 +01:00
parent 07d891aa37
commit 877c2cc357
4 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
UpdSignXML/main.cpp
View File

@ -67,8 +67,8 @@ int _tmain(int argc, _TCHAR *argv[])
for (wxXmlNode *prolog = document->GetChildren(); prolog;) { for (wxXmlNode *prolog = document->GetChildren(); prolog;) {
if (prolog->GetType() == wxXML_COMMENT_NODE) { if (prolog->GetType() == wxXML_COMMENT_NODE) {
wxString content = prolog->GetContent(); wxString content = prolog->GetContent();
if (content.length() >= _countof(wxS(UPDATER_SIGNATURE_MARK)) - 1 && if (content.length() >= _countof(wxS(UPDATER_SIGNATURE_MARK_SHA1)) - 1 &&
memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1)) == 0) memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK_SHA1), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK_SHA1)) - 1)) == 0)
{ {
// Previous signature found. Remove it. // Previous signature found. Remove it.
wxXmlNode *signature = prolog; wxXmlNode *signature = prolog;
@ -111,7 +111,7 @@ int _tmain(int argc, _TCHAR *argv[])
// Encode signature (Base64) and append to the document prolog. // Encode signature (Base64) and append to the document prolog.
wxString signature; wxString signature;
signature += wxS(UPDATER_SIGNATURE_MARK); signature += wxS(UPDATER_SIGNATURE_MARK_SHA1);
signature += wxBase64Encode(sig); signature += wxBase64Encode(sig);
document->AddChild(new wxXmlNode(wxXML_COMMENT_NODE, wxS(""), signature)); document->AddChild(new wxXmlNode(wxXML_COMMENT_NODE, wxS(""), signature));

2
Updater/include/Updater/chkthread.h
View File

@ -167,7 +167,7 @@ protected:
wxUint32 m_version; ///< Latest product version available (numerical) wxUint32 m_version; ///< Latest product version available (numerical)
wxString m_versionStr; ///< Latest product version available (string) wxString m_versionStr; ///< Latest product version available (string)
wxArrayString m_urls; ///< List of update package file downloads wxArrayString m_urls; ///< List of update package file downloads
wxMemoryBuffer m_hash; ///< Update package SHA-1 hash wxMemoryBuffer m_hash; ///< Update package hash
wxString m_fileName; ///< Downloaded package file name wxString m_fileName; ///< Downloaded package file name
}; };

3
Updater/include/Updater/common.h
View File

@ -44,7 +44,8 @@
//#endif //#endif
#define UPDATER_API #define UPDATER_API
#define UPDATER_SIGNATURE_MARK "SHA1SIGN:" #define UPDATER_SIGNATURE_MARK_SHA1 "SHA1SIGN:"
#define UPDATER_SIGNATURE_MARK_SHA256 "SIGNATURE:"
#endif // !defined(RC_INVOKED) && !defined(MIDL_PASS) #endif // !defined(RC_INVOKED) && !defined(MIDL_PASS)
#endif // !defined(__UPDATER_common_h__) #endif // !defined(__UPDATER_common_h__)

12
Updater/src/chkthread.cpp
View File

@ -220,11 +220,11 @@ wxXmlDocument* wxUpdCheckThread::GetCatalogue()
if (prolog->GetType() == wxXML_COMMENT_NODE) { if (prolog->GetType() == wxXML_COMMENT_NODE) {
wxString content = prolog->GetContent(); wxString content = prolog->GetContent();
const size_t content_len = content.length(); const size_t content_len = content.length();
if (content_len >= _countof(wxS(UPDATER_SIGNATURE_MARK)) - 1 && if (content_len >= _countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1 &&
memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1)) == 0) memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK_SHA256), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1)) == 0)
{ {
// Read the signature. // Read the signature.
const size_t signature_len = content_len - (_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1); const size_t signature_len = content_len - (_countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1);
const size_t len = wxBase64DecodedSize(signature_len); const size_t len = wxBase64DecodedSize(signature_len);
const size_t res = wxBase64Decode(sig.GetWriteBuf(len), len, content.Right(signature_len), wxBase64DecodeMode_SkipWS); const size_t res = wxBase64Decode(sig.GetWriteBuf(len), len, content.Right(signature_len), wxBase64DecodeMode_SkipWS);
if (res != wxCONV_FAILED) { if (res != wxCONV_FAILED) {
@ -247,7 +247,7 @@ wxXmlDocument* wxUpdCheckThread::GetCatalogue()
// Hash the content. // Hash the content.
if (TestDestroy()) return NULL; if (TestDestroy()) return NULL;
wxCryptoHashSHA1 ch(*m_cs); wxCryptoHashSHA256 ch(*m_cs);
if (!wxXmlHashNode(ch, document)) if (!wxXmlHashNode(ch, document))
continue; continue;
@ -435,7 +435,7 @@ bool wxUpdCheckThread::DownloadUpdatePackage()
{ {
if (wxFileExists(m_fileName)) { if (wxFileExists(m_fileName)) {
// Calculate file hash. // Calculate file hash.
wxCryptoHashSHA1 ch(*m_cs); wxCryptoHashSHA256 ch(*m_cs);
if (ch.HashFile(m_fileName)) { if (ch.HashFile(m_fileName)) {
wxMemoryBuffer buf; wxMemoryBuffer buf;
ch.GetValue(buf); ch.GetValue(buf);
@ -480,7 +480,7 @@ bool wxUpdCheckThread::DownloadUpdatePackage()
} }
// Save update package to file, and calculate hash. // Save update package to file, and calculate hash.
wxCryptoHashSHA1 ch(*m_cs); wxCryptoHashSHA256 ch(*m_cs);
wxMemoryBuffer buf(4*1024); wxMemoryBuffer buf(4*1024);
char *data = static_cast<char*>(buf.GetData()); char *data = static_cast<char*>(buf.GetData());
const size_t nBlock = buf.GetBufSize(); const size_t nBlock = buf.GetBufSize();