Switch to SHA-256 (phase 2)

We switched to a new update catalog file that is using SHA-256 hashes and signatures. Signed-off-by: Simon Rozman <simon@rozman.si>
2020-02-25 13:20:06 +01:00 · 2020-02-25 13:20:06 +01:00 · 8baf612a6c
commit 8baf612a6c
parent e7617949b3
4 changed files with 13 additions and 15 deletions
--- a/UpdPublish/main.cpp
+++ b/UpdPublish/main.cpp
@ -171,8 +171,8 @@ int _tmain(int argc, _TCHAR *argv[])
        wxCryptoSessionRSAAES cs;
        wxCHECK(cs.IsOk(), -1);

-        // Calculate file SHA-1 hash.
-        wxCryptoHashSHA1 ch(cs);
+        // Calculate file hash.
+        wxUpdaterHashGen ch(cs);
        wxCHECK(ch.HashFile(filenamePckg), 3);
        ch.GetValue(hash);
    }
@ -289,7 +289,6 @@ int _tmain(int argc, _TCHAR *argv[])
        url_present = true;
    }

-
    // Write output XML document.
    const wxString& filenameOut = parser.GetParam(1);
    if (!doc.Save(filenameOut, wxXML_NO_INDENTATION)) {
--- a/UpdSignXML/main.cpp
+++ b/UpdSignXML/main.cpp
@ -67,8 +67,8 @@ int _tmain(int argc, _TCHAR *argv[])
    for (wxXmlNode *prolog = document->GetChildren(); prolog;) {
        if (prolog->GetType() == wxXML_COMMENT_NODE) {
            wxString content = prolog->GetContent();
-            if (content.length() >= _countof(wxS(UPDATER_SIGNATURE_MARK_SHA1)) - 1 &&
-                memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK_SHA1), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK_SHA1)) - 1)) == 0)
+            if (content.length() >= _countof(wxS(UPDATER_SIGNATURE_MARK)) - 1 &&
+                memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1)) == 0)
            {
                // Previous signature found. Remove it.
                wxXmlNode *signature = prolog;
@ -100,7 +100,7 @@ int _tmain(int argc, _TCHAR *argv[])
    }

    // Hash the XML content.
-    wxCryptoHashSHA1 ch(cs);
+    wxUpdaterHashGen ch(cs);
    if (!wxXmlHashNode(ch, document))
        return 2;

@ -111,7 +111,7 @@ int _tmain(int argc, _TCHAR *argv[])

    // Encode signature (Base64) and append to the document prolog.
    wxString signature;
-    signature += wxS(UPDATER_SIGNATURE_MARK_SHA1);
+    signature += wxS(UPDATER_SIGNATURE_MARK);
    signature += wxBase64Encode(sig);
    document->AddChild(new wxXmlNode(wxXML_COMMENT_NODE, wxS(""), signature));

--- a/Updater/include/Updater/common.h
+++ b/Updater/include/Updater/common.h
@ -44,8 +44,7 @@
 //#endif
 #define UPDATER_API

-#define UPDATER_SIGNATURE_MARK_SHA1   "SHA1SIGN:"
-#define UPDATER_SIGNATURE_MARK_SHA256 "SIGNATURE:"
+#define UPDATER_SIGNATURE_MARK "SIGNATURE:"

 #endif // !defined(RC_INVOKED) && !defined(MIDL_PASS)
 #endif // !defined(__UPDATER_common_h__)
--- a/Updater/src/chkthread.cpp
+++ b/Updater/src/chkthread.cpp
@ -220,11 +220,11 @@ wxXmlDocument* wxUpdCheckThread::GetCatalogue()
            if (prolog->GetType() == wxXML_COMMENT_NODE) {
                wxString content = prolog->GetContent();
                const size_t content_len = content.length();
-                if (content_len >= _countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1 &&
-                    memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK_SHA256), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1)) == 0)
+                if (content_len >= _countof(wxS(UPDATER_SIGNATURE_MARK)) - 1 &&
+                    memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1)) == 0)
                {
                    // Read the signature.
-                    const size_t signature_len = content_len - (_countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1);
+                    const size_t signature_len = content_len - (_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1);
                    const size_t len = wxBase64DecodedSize(signature_len);
                    const size_t res = wxBase64Decode(sig.GetWriteBuf(len), len, content.Right(signature_len), wxBase64DecodeMode_SkipWS);
                    if (res != wxCONV_FAILED) {
@ -247,7 +247,7 @@ wxXmlDocument* wxUpdCheckThread::GetCatalogue()

        // Hash the content.
        if (TestDestroy()) return NULL;
-        wxCryptoHashSHA256 ch(*m_cs);
+        wxUpdaterHashChk ch(*m_cs);
        if (!wxXmlHashNode(ch, document))
            continue;

@ -435,7 +435,7 @@ bool wxUpdCheckThread::DownloadUpdatePackage()
 {
    if (wxFileExists(m_fileName)) {
        // Calculate file hash.
-        wxCryptoHashSHA256 ch(*m_cs);
+        wxUpdaterHashChk ch(*m_cs);
        if (ch.HashFile(m_fileName)) {
            wxMemoryBuffer buf;
            ch.GetValue(buf);
@ -480,7 +480,7 @@ bool wxUpdCheckThread::DownloadUpdatePackage()
        }

        // Save update package to file, and calculate hash.
-        wxCryptoHashSHA256 ch(*m_cs);
+        wxUpdaterHashChk ch(*m_cs);
        wxMemoryBuffer buf(4*1024);
        char *data = static_cast<char*>(buf.GetData());
        const size_t nBlock = buf.GetBufSize();