From 8baf612a6ca9eb6955912f208776929413bd5b79 Mon Sep 17 00:00:00 2001
From: Simon Rozman <simon@rozman.si>
Date: Tue, 25 Feb 2020 13:20:06 +0100
Subject: [PATCH] Switch to SHA-256 (phase 2)

We switched to a new update catalog file that is using SHA-256 hashes
and signatures.

Signed-off-by: Simon Rozman <simon@rozman.si>
---
 UpdPublish/main.cpp              |  5 ++---
 UpdSignXML/main.cpp              |  8 ++++----
 Updater/include/Updater/common.h |  3 +--
 Updater/src/chkthread.cpp        | 12 ++++++------
 4 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/UpdPublish/main.cpp b/UpdPublish/main.cpp
index 2a4cb18..c78352f 100644
--- a/UpdPublish/main.cpp
+++ b/UpdPublish/main.cpp
@@ -171,8 +171,8 @@ int _tmain(int argc, _TCHAR *argv[])
         wxCryptoSessionRSAAES cs;
         wxCHECK(cs.IsOk(), -1);
 
-        // Calculate file SHA-1 hash.
-        wxCryptoHashSHA1 ch(cs);
+        // Calculate file hash.
+        wxUpdaterHashGen ch(cs);
         wxCHECK(ch.HashFile(filenamePckg), 3);
         ch.GetValue(hash);
     }
@@ -289,7 +289,6 @@ int _tmain(int argc, _TCHAR *argv[])
         url_present = true;
     }
 
-
     // Write output XML document.
     const wxString& filenameOut = parser.GetParam(1);
     if (!doc.Save(filenameOut, wxXML_NO_INDENTATION)) {
diff --git a/UpdSignXML/main.cpp b/UpdSignXML/main.cpp
index ee05574..36f0fb5 100644
--- a/UpdSignXML/main.cpp
+++ b/UpdSignXML/main.cpp
@@ -67,8 +67,8 @@ int _tmain(int argc, _TCHAR *argv[])
     for (wxXmlNode *prolog = document->GetChildren(); prolog;) {
         if (prolog->GetType() == wxXML_COMMENT_NODE) {
             wxString content = prolog->GetContent();
-            if (content.length() >= _countof(wxS(UPDATER_SIGNATURE_MARK_SHA1)) - 1 &&
-                memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK_SHA1), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK_SHA1)) - 1)) == 0)
+            if (content.length() >= _countof(wxS(UPDATER_SIGNATURE_MARK)) - 1 &&
+                memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1)) == 0)
             {
                 // Previous signature found. Remove it.
                 wxXmlNode *signature = prolog;
@@ -100,7 +100,7 @@ int _tmain(int argc, _TCHAR *argv[])
     }
 
     // Hash the XML content.
-    wxCryptoHashSHA1 ch(cs);
+    wxUpdaterHashGen ch(cs);
     if (!wxXmlHashNode(ch, document))
         return 2;
 
@@ -111,7 +111,7 @@ int _tmain(int argc, _TCHAR *argv[])
 
     // Encode signature (Base64) and append to the document prolog.
     wxString signature;
-    signature += wxS(UPDATER_SIGNATURE_MARK_SHA1);
+    signature += wxS(UPDATER_SIGNATURE_MARK);
     signature += wxBase64Encode(sig);
     document->AddChild(new wxXmlNode(wxXML_COMMENT_NODE, wxS(""), signature));
 
diff --git a/Updater/include/Updater/common.h b/Updater/include/Updater/common.h
index 6616207..512cf35 100644
--- a/Updater/include/Updater/common.h
+++ b/Updater/include/Updater/common.h
@@ -44,8 +44,7 @@
 //#endif
 #define UPDATER_API
 
-#define UPDATER_SIGNATURE_MARK_SHA1   "SHA1SIGN:"
-#define UPDATER_SIGNATURE_MARK_SHA256 "SIGNATURE:"
+#define UPDATER_SIGNATURE_MARK "SIGNATURE:"
 
 #endif // !defined(RC_INVOKED) && !defined(MIDL_PASS)
 #endif // !defined(__UPDATER_common_h__)
diff --git a/Updater/src/chkthread.cpp b/Updater/src/chkthread.cpp
index bf8a5d9..059f774 100644
--- a/Updater/src/chkthread.cpp
+++ b/Updater/src/chkthread.cpp
@@ -220,11 +220,11 @@ wxXmlDocument* wxUpdCheckThread::GetCatalogue()
             if (prolog->GetType() == wxXML_COMMENT_NODE) {
                 wxString content = prolog->GetContent();
                 const size_t content_len = content.length();
-                if (content_len >= _countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1 &&
-                    memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK_SHA256), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1)) == 0)
+                if (content_len >= _countof(wxS(UPDATER_SIGNATURE_MARK)) - 1 &&
+                    memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1)) == 0)
                 {
                     // Read the signature.
-                    const size_t signature_len = content_len - (_countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1);
+                    const size_t signature_len = content_len - (_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1);
                     const size_t len = wxBase64DecodedSize(signature_len);
                     const size_t res = wxBase64Decode(sig.GetWriteBuf(len), len, content.Right(signature_len), wxBase64DecodeMode_SkipWS);
                     if (res != wxCONV_FAILED) {
@@ -247,7 +247,7 @@ wxXmlDocument* wxUpdCheckThread::GetCatalogue()
 
         // Hash the content.
         if (TestDestroy()) return NULL;
-        wxCryptoHashSHA256 ch(*m_cs);
+        wxUpdaterHashChk ch(*m_cs);
         if (!wxXmlHashNode(ch, document))
             continue;
 
@@ -435,7 +435,7 @@ bool wxUpdCheckThread::DownloadUpdatePackage()
 {
     if (wxFileExists(m_fileName)) {
         // Calculate file hash.
-        wxCryptoHashSHA256 ch(*m_cs);
+        wxUpdaterHashChk ch(*m_cs);
         if (ch.HashFile(m_fileName)) {
             wxMemoryBuffer buf;
             ch.GetValue(buf);
@@ -480,7 +480,7 @@ bool wxUpdCheckThread::DownloadUpdatePackage()
         }
 
         // Save update package to file, and calculate hash.
-        wxCryptoHashSHA256 ch(*m_cs);
+        wxUpdaterHashChk ch(*m_cs);
         wxMemoryBuffer buf(4*1024);
         char *data = static_cast<char*>(buf.GetData());
         const size_t nBlock = buf.GetBufSize();