Add support for using public key sent by Omaha.
This adds support for Omaha to specify what RSA public to use for
verifying both the metadata hash signature and the payload itself.
For security reasons, we only allow this for non-official builds
e.g. for official builds we keep using the key stored on the root
file-system.
Also, if the key is specified in the Omaha response then we make hash
checks mandatory; e.g. if the signatures don't check out, fail the
update.
See CL:175283 for the devserver changes to transmit the public key and
signed metadata hash.
BUG=chromium:264352
TEST=New unit tests + unit tests pass + manual testing.
Change-Id: I709be02662a484c6284bb78683b973554e482928
Reviewed-on: https://chromium-review.googlesource.com/175285
Reviewed-by: Don Garrett <[email protected]>
Commit-Queue: David Zeuthen <[email protected]>
Tested-by: David Zeuthen <[email protected]>
diff --git a/install_plan.h b/install_plan.h
index 3ec9d55..29ce212 100644
--- a/install_plan.h
+++ b/install_plan.h
@@ -25,7 +25,8 @@
uint64_t metadata_size,
const std::string& metadata_signature,
const std::string& install_path,
- const std::string& kernel_install_path);
+ const std::string& kernel_install_path,
+ const std::string& public_key_rsa);
// Default constructor: Initialize all members which don't have a class
// initializer.
@@ -71,6 +72,10 @@
// True if Powerwash is required on reboot after applying the payload.
// False otherwise.
bool powerwash_required;
+
+ // If not blank, a base-64 encoded representation of the PEM-encoded
+ // public key in the response.
+ std::string public_key_rsa;
};
class InstallPlanAction;
