AU: Payload Signer class
This class can take a private key and sign a blob of data. The API is
amenable to the upcoming change to delta_diff_generator that will use
it.
Also, minor change to the protobuf to support signatures.
TEST=unittests
BUG=5662
Review URL: http://codereview.chromium.org/3173032
diff --git a/payload_signer.h b/payload_signer.h
new file mode 100644
index 0000000..781a513
--- /dev/null
+++ b/payload_signer.h
@@ -0,0 +1,38 @@
+// Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef CHROMEOS_PLATFORM_UPDATE_ENGINE_PAYLOAD_SIGNER_H__
+#define CHROMEOS_PLATFORM_UPDATE_ENGINE_PAYLOAD_SIGNER_H__
+
+#include <string>
+#include <vector>
+#include "base/basictypes.h"
+
+// This function signs a payload with the OS vendor's private key.
+// It takes an update up to the signature blob and returns the signature
+// blob, which should be appended. See update_metadata.proto for more info.
+
+namespace chromeos_update_engine {
+
+extern const uint32_t kSignatureMessageVersion;
+
+class PayloadSigner {
+ public:
+ static bool SignPayload(const std::string& unsigned_payload_path,
+ const std::string& private_key_path,
+ std::vector<char>* out_signature_blob);
+
+ // Returns the length of out_signature_blob that will result in a call
+ // to SignPayload with a given private key. Returns true on success.
+ static bool SignatureBlobLength(const std::string& private_key_path,
+ uint64_t* out_length);
+
+ private:
+ // This should never be constructed
+ DISALLOW_IMPLICIT_CONSTRUCTORS(PayloadSigner);
+};
+
+} // namespace chromeos_update_engine
+
+#endif // CHROMEOS_PLATFORM_UPDATE_ENGINE_PAYLOAD_SIGNER_H__