AU: Support signed payload verification through the delta generator.
The following command will verify a signed payload:
./delta_generator -in_file <payload> -public_key <key.pem>
Add a unit test for signature verification.
BUG=chromium-os:10936
TEST=unit tests
Change-Id: I3bb464608c22229141f9819b27503b6de778c495
Review URL: http://codereview.chromium.org/6271003
diff --git a/payload_signer.h b/payload_signer.h
index 5ebba19..eb0663d 100644
--- a/payload_signer.h
+++ b/payload_signer.h
@@ -39,13 +39,6 @@
static bool SignatureBlobLength(const std::string& private_key_path,
uint64_t* out_length);
- // Returns false if the payload signature can't be verified. Returns true
- // otherwise and sets |out_hash| to the signed payload hash.
- static bool VerifySignature(const std::vector<char>& signature_blob,
- const std::string& public_key_path,
- std::vector<char>* out_hash_data);
-
-
// Given an unsigned payload in |payload_path| (with no dummy signature op)
// and the raw |signature_size| calculates the raw hash that needs to be
// signed in |out_hash_data|. Returns true on success, false otherwise.
@@ -62,6 +55,18 @@
const std::vector<char>& signature,
const std::string& signed_payload_path);
+ // Returns false if the payload signature can't be verified. Returns true
+ // otherwise and sets |out_hash| to the signed payload hash.
+ static bool VerifySignature(const std::vector<char>& signature_blob,
+ const std::string& public_key_path,
+ std::vector<char>* out_hash_data);
+
+ // Returns true if the payload in |payload_path| is signed and its hash can be
+ // verified using the public key in |public_key_path|. Returns false
+ // otherwise.
+ static bool VerifySignedPayload(const std::string& payload_path,
+ const std::string& public_key_path);
+
private:
// This should never be constructed
DISALLOW_IMPLICIT_CONSTRUCTORS(PayloadSigner);