Gitiles
Code Review Sign In
review.blissroms.org / platform_system_update_engine / c24e3f313b2bbd1f3d782a3eec9a7d5fea67dbd9^! / . / payload_signer_unittest.cc
commitc24e3f313b2bbd1f3d782a3eec9a7d5fea67dbd9[log] [tgz]
authorAndrew de los Reyes <adlr@chromium.org>Tue Aug 30 15:45:20 2011 -0700
committerAndrew de los Reyes <adlr@chromium.org>Thu Sep 01 11:32:28 2011 -0700
tree90835edf15c47b7d1277ae59e6d04d2e3897f5ff
parent771e1bd1ed58ef791ccc41a2b9d96e257403abec [diff] [blame]
Support for signing with multiple signature files, key sizes.

If we do a key-rotation in the future, we'll want to sign updates with
two keys. This CL changes the delta generator in a
backwards-compatible way to take multiple key lengths and signature
files: On a command line where one could be given before, now multiple
may be given by colon-delimiting them.

Also, adds two unittests to show that old and new clients can
successfully verify a payload when it's signed by old and new keys.

BUG=chromium-os:19873
TEST=unittests; tested on device

Change-Id: I2063095773a5c71c32704c30b12d6eab2a5f3b80
Reviewed-on: http://gerrit.chromium.org/gerrit/6999
Reviewed-by: Andrew de los Reyes <adlr@chromium.org>
Tested-by: Andrew de los Reyes <adlr@chromium.org>

diff --git a/payload_signer_unittest.cc b/payload_signer_unittest.cc
index f7c59a6..0a5a883 100644
--- a/payload_signer_unittest.cc
+++ b/payload_signer_unittest.cc

@@ -15,11 +15,14 @@
 
 // Note: the test key was generated with the following command:
 // openssl genrsa -out unittest_key.pem 2048
+// The public-key version is created by the build system.
 
 namespace chromeos_update_engine {
 
 const char* kUnittestPrivateKeyPath = "unittest_key.pem";
 const char* kUnittestPublicKeyPath = "unittest_key.pub.pem";
+const char* kUnittestPrivateKey2Path = "unittest_key2.pem";
+const char* kUnittestPublicKey2Path = "unittest_key2.pub.pem";
 
 // Some data and its corresponding hash and signature:
 const char kDataToSign[] = "This is some data to sign.";
@@ -86,12 +89,14 @@
                                kDataToSign,
                                strlen(kDataToSign)));
   uint64_t length = 0;
-  EXPECT_TRUE(PayloadSigner::SignatureBlobLength(kUnittestPrivateKeyPath,
-                                                 &length));
+  EXPECT_TRUE(PayloadSigner::SignatureBlobLength(
+      vector<string> (1, kUnittestPrivateKeyPath),
+      &length));
   EXPECT_GT(length, 0);
-  EXPECT_TRUE(PayloadSigner::SignPayload(data_path,
-                                         kUnittestPrivateKeyPath,
-                                         out_signature_blob));
+  EXPECT_TRUE(PayloadSigner::SignPayload(
+      data_path,
+      vector<string>(1, kUnittestPrivateKeyPath),
+      out_signature_blob));
   EXPECT_EQ(length, out_signature_blob->size());
 }
 }
@@ -106,7 +111,7 @@
                                         signature_blob.size()));
   EXPECT_EQ(1, signatures.signatures_size());
   const Signatures_Signature& signature = signatures.signatures(0);
-  EXPECT_EQ(kSignatureMessageVersion, signature.version());
+  EXPECT_EQ(kSignatureMessageOriginalVersion, signature.version());
   const string sig_data = signature.data();
   ASSERT_EQ(arraysize(kDataSignature), sig_data.size());
   for (size_t i = 0; i < arraysize(kDataSignature); i++) {