Amebis/Updater
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Switch to SHA-256 (phase 2)

Browse Source 
We switched to a new update catalog file that is using SHA-256 hashes
and signatures.

Signed-off-by: Simon Rozman <simon@rozman.si>
This commit is contained in:
Simon Rozman 2020-02-25 13:20:06 +01:00
parent e7617949b3
commit 8baf612a6c
4 changed files with 13 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
UpdPublish/main.cpp
View File

@ -171,8 +171,8 @@ int _tmain(int argc, _TCHAR *argv[])
wxCryptoSessionRSAAES cs; wxCryptoSessionRSAAES cs;
wxCHECK(cs.IsOk(), -1); wxCHECK(cs.IsOk(), -1);
// Calculate file SHA-1 hash. // Calculate file hash.
wxCryptoHashSHA1 ch(cs); wxUpdaterHashGen ch(cs);
wxCHECK(ch.HashFile(filenamePckg), 3); wxCHECK(ch.HashFile(filenamePckg), 3);
ch.GetValue(hash); ch.GetValue(hash);
} }
@ -289,7 +289,6 @@ int _tmain(int argc, _TCHAR *argv[])
url_present = true; url_present = true;
} }
// Write output XML document. // Write output XML document.
const wxString& filenameOut = parser.GetParam(1); const wxString& filenameOut = parser.GetParam(1);
if (!doc.Save(filenameOut, wxXML_NO_INDENTATION)) { if (!doc.Save(filenameOut, wxXML_NO_INDENTATION)) {

8
UpdSignXML/main.cpp
View File

@ -67,8 +67,8 @@ int _tmain(int argc, _TCHAR *argv[])
for (wxXmlNode *prolog = document->GetChildren(); prolog;) { for (wxXmlNode *prolog = document->GetChildren(); prolog;) {
if (prolog->GetType() == wxXML_COMMENT_NODE) { if (prolog->GetType() == wxXML_COMMENT_NODE) {
wxString content = prolog->GetContent(); wxString content = prolog->GetContent();
if (content.length() >= _countof(wxS(UPDATER_SIGNATURE_MARK_SHA1)) - 1 && if (content.length() >= _countof(wxS(UPDATER_SIGNATURE_MARK)) - 1 &&
memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK_SHA1), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK_SHA1)) - 1)) == 0) memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1)) == 0)
{ {
// Previous signature found. Remove it. // Previous signature found. Remove it.
wxXmlNode *signature = prolog; wxXmlNode *signature = prolog;
@ -100,7 +100,7 @@ int _tmain(int argc, _TCHAR *argv[])
} }
// Hash the XML content. // Hash the XML content.
wxCryptoHashSHA1 ch(cs); wxUpdaterHashGen ch(cs);
if (!wxXmlHashNode(ch, document)) if (!wxXmlHashNode(ch, document))
return 2; return 2;
@ -111,7 +111,7 @@ int _tmain(int argc, _TCHAR *argv[])
// Encode signature (Base64) and append to the document prolog. // Encode signature (Base64) and append to the document prolog.
wxString signature; wxString signature;
signature += wxS(UPDATER_SIGNATURE_MARK_SHA1); signature += wxS(UPDATER_SIGNATURE_MARK);
signature += wxBase64Encode(sig); signature += wxBase64Encode(sig);
document->AddChild(new wxXmlNode(wxXML_COMMENT_NODE, wxS(""), signature)); document->AddChild(new wxXmlNode(wxXML_COMMENT_NODE, wxS(""), signature));

3
Updater/include/Updater/common.h
View File

@ -44,8 +44,7 @@
//#endif //#endif
#define UPDATER_API #define UPDATER_API
#define UPDATER_SIGNATURE_MARK_SHA1 "SHA1SIGN:" #define UPDATER_SIGNATURE_MARK "SIGNATURE:"
#define UPDATER_SIGNATURE_MARK_SHA256 "SIGNATURE:"
#endif // !defined(RC_INVOKED) && !defined(MIDL_PASS) #endif // !defined(RC_INVOKED) && !defined(MIDL_PASS)
#endif // !defined(__UPDATER_common_h__) #endif // !defined(__UPDATER_common_h__)

12
Updater/src/chkthread.cpp
View File

@ -220,11 +220,11 @@ wxXmlDocument* wxUpdCheckThread::GetCatalogue()
if (prolog->GetType() == wxXML_COMMENT_NODE) { if (prolog->GetType() == wxXML_COMMENT_NODE) {
wxString content = prolog->GetContent(); wxString content = prolog->GetContent();
const size_t content_len = content.length(); const size_t content_len = content.length();
if (content_len >= _countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1 && if (content_len >= _countof(wxS(UPDATER_SIGNATURE_MARK)) - 1 &&
memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK_SHA256), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1)) == 0) memcmp((const wxStringCharType*)content, wxS(UPDATER_SIGNATURE_MARK), sizeof(wxStringCharType)*(_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1)) == 0)
{ {
// Read the signature. // Read the signature.
const size_t signature_len = content_len - (_countof(wxS(UPDATER_SIGNATURE_MARK_SHA256)) - 1); const size_t signature_len = content_len - (_countof(wxS(UPDATER_SIGNATURE_MARK)) - 1);
const size_t len = wxBase64DecodedSize(signature_len); const size_t len = wxBase64DecodedSize(signature_len);
const size_t res = wxBase64Decode(sig.GetWriteBuf(len), len, content.Right(signature_len), wxBase64DecodeMode_SkipWS); const size_t res = wxBase64Decode(sig.GetWriteBuf(len), len, content.Right(signature_len), wxBase64DecodeMode_SkipWS);
if (res != wxCONV_FAILED) { if (res != wxCONV_FAILED) {
@ -247,7 +247,7 @@ wxXmlDocument* wxUpdCheckThread::GetCatalogue()
// Hash the content. // Hash the content.
if (TestDestroy()) return NULL; if (TestDestroy()) return NULL;
wxCryptoHashSHA256 ch(*m_cs); wxUpdaterHashChk ch(*m_cs);
if (!wxXmlHashNode(ch, document)) if (!wxXmlHashNode(ch, document))
continue; continue;
@ -435,7 +435,7 @@ bool wxUpdCheckThread::DownloadUpdatePackage()
{ {
if (wxFileExists(m_fileName)) { if (wxFileExists(m_fileName)) {
// Calculate file hash. // Calculate file hash.
wxCryptoHashSHA256 ch(*m_cs); wxUpdaterHashChk ch(*m_cs);
if (ch.HashFile(m_fileName)) { if (ch.HashFile(m_fileName)) {
wxMemoryBuffer buf; wxMemoryBuffer buf;
ch.GetValue(buf); ch.GetValue(buf);
@ -480,7 +480,7 @@ bool wxUpdCheckThread::DownloadUpdatePackage()
} }
// Save update package to file, and calculate hash. // Save update package to file, and calculate hash.
wxCryptoHashSHA256 ch(*m_cs); wxUpdaterHashChk ch(*m_cs);
wxMemoryBuffer buf(4*1024); wxMemoryBuffer buf(4*1024);
char *data = static_cast<char*>(buf.GetData()); char *data = static_cast<char*>(buf.GetData());
const size_t nBlock = buf.GetBufSize(); const size_t nBlock = buf.GetBufSize();