Amebis/Updater
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch to SHA-256 (phase 1)

Browse Source 
Updater will treat all hashes as SHA-256 when checking for updates in
the new catalog - the future releases.

While we keep hashing and signing the old catalog file using SHA-1 - the
past releases.

Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman 2020-02-25 12:44:11 +01:00
parent 07d891aa37
commit 877c2cc357
4 changed files with 12 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
UpdSignXML/main.cpp
View File

@ -67,8 +67,8 @@ int _tmain(int argc, _TCHAR *argv[])
for (wxXmlNode *prolog = document->GetChildren(); prolog;) {
if (prolog->GetType() == wxXML_COMMENT_NODE) {
wxString content = prolog->GetContent();
if (content.length() >= _countof(wxS(UPDATER_SIGNATURE_MARK)) - 1 &&
memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1)) == 0)
if (content.length() >= _countof(wxS(UPDATER_SIGNATURE_MARK_SHA1)) - 1 &&
memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK_SHA1), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK_SHA1)) - 1)) == 0)
{
// Previous signature found. Remove it.
wxXmlNode *signature = prolog;
@ -111,7 +111,7 @@ int _tmain(int argc, _TCHAR *argv[])
// Encode signature (Base64) and append to the document prolog.
wxString signature;
signature += wxS(UPDATER_SIGNATURE_MARK);
signature += wxS(UPDATER_SIGNATURE_MARK_SHA1);
signature += wxBase64Encode(sig);
document->AddChild(new wxXmlNode(wxXML_COMMENT_NODE, wxS(""), signature));

2
Updater/include/Updater/chkthread.h
View File

@ -167,7 +167,7 @@ protected:
wxUint32 m_version; ///< Latest product version available (numerical)
wxString m_versionStr; ///< Latest product version available (string)
wxArrayString m_urls; ///< List of update package file downloads
wxMemoryBuffer m_hash; ///< Update package SHA-1 hash
wxMemoryBuffer m_hash; ///< Update package hash
wxString m_fileName; ///< Downloaded package file name
};

3
Updater/include/Updater/common.h
View File

@ -44,7 +44,8 @@
//#endif
#define UPDATER_API
#define UPDATER_SIGNATURE_MARK "SHA1SIGN:"
#define UPDATER_SIGNATURE_MARK_SHA1 "SHA1SIGN:"
#define UPDATER_SIGNATURE_MARK_SHA256 "SIGNATURE:"
#endif // !defined(RC_INVOKED) && !defined(MIDL_PASS)
#endif // !defined(__UPDATER_common_h__)

12
Updater/src/chkthread.cpp
View File

@ -220,11 +220,11 @@ wxXmlDocument* wxUpdCheckThread::GetCatalogue()
if (prolog->GetType() == wxXML_COMMENT_NODE) {
wxString content = prolog->GetContent();
const size_t content_len = content.length();
if (content_len >= _countof(wxS(UPDATER_SIGNATURE_MARK)) - 1 &&
memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1)) == 0)
if (content_len >= _countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1 &&
memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK_SHA256), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1)) == 0)
{
// Read the signature.
const size_t signature_len = content_len - (_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1);
const size_t signature_len = content_len - (_countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1);
const size_t len = wxBase64DecodedSize(signature_len);
const size_t res = wxBase64Decode(sig.GetWriteBuf(len), len, content.Right(signature_len), wxBase64DecodeMode_SkipWS);
if (res != wxCONV_FAILED) {
@ -247,7 +247,7 @@ wxXmlDocument* wxUpdCheckThread::GetCatalogue()
// Hash the content.
if (TestDestroy()) return NULL;
wxCryptoHashSHA1 ch(*m_cs);
wxCryptoHashSHA256 ch(*m_cs);
if (!wxXmlHashNode(ch, document))
continue;
@ -435,7 +435,7 @@ bool wxUpdCheckThread::DownloadUpdatePackage()
{
if (wxFileExists(m_fileName)) {
// Calculate file hash.
wxCryptoHashSHA1 ch(*m_cs);
wxCryptoHashSHA256 ch(*m_cs);
if (ch.HashFile(m_fileName)) {
wxMemoryBuffer buf;
ch.GetValue(buf);
@ -480,7 +480,7 @@ bool wxUpdCheckThread::DownloadUpdatePackage()
}
// Save update package to file, and calculate hash.
wxCryptoHashSHA1 ch(*m_cs);
wxCryptoHashSHA256 ch(*m_cs);
wxMemoryBuffer buf(4*1024);
char *data = static_cast<char*>(buf.GetData());
const size_t nBlock = buf.GetBufSize();