diff options
| author | Adam Ierymenko <[email protected]> | 2020-08-21 14:23:31 -0700 |
|---|---|---|
| committer | Adam Ierymenko <[email protected]> | 2020-08-21 14:23:31 -0700 |
| commit | 2ac49d99dd2159827330a890e99d2e828b39e106 (patch) | |
| tree | b61e7c8498e659db506bcde5f5a99b79fe48f000 /service/SoftwareUpdater.cpp | |
| parent | 3fd8efe6423ca6c0e089bc14e090dd7d2eccca32 (diff) | |
AES integrated on send side.
Diffstat (limited to 'service/SoftwareUpdater.cpp')
| -rw-r--r-- | service/SoftwareUpdater.cpp | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/service/SoftwareUpdater.cpp b/service/SoftwareUpdater.cpp index 6ace5fd8..8c76ab3e 100644 --- a/service/SoftwareUpdater.cpp +++ b/service/SoftwareUpdater.cpp @@ -112,10 +112,10 @@ void SoftwareUpdater::setUpdateDistribution(bool distribute) // If update meta is called e.g. foo.exe.json, then foo.exe is the update itself const std::string binPath(udd + ZT_PATH_SEPARATOR_S + u->substr(0,u->length() - 5)); const std::string metaHash(OSUtils::jsonBinFromHex(d.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH])); - if ((metaHash.length() == ZT_SHA512_DIGEST_LEN)&&(OSUtils::readFile(binPath.c_str(),d.bin))) { - std::array<uint8_t,ZT_SHA512_DIGEST_LEN> sha512; - SHA512::hash(sha512.data(),d.bin.data(),(unsigned int)d.bin.length()); - if (!memcmp(sha512.data(),metaHash.data(),ZT_SHA512_DIGEST_LEN)) { // double check that hash in JSON is correct + if ((metaHash.length() == 64)&&(OSUtils::readFile(binPath.c_str(),d.bin))) { + std::array<uint8_t,64> sha512; + SHA512(sha512.data(),d.bin.data(),(unsigned int)d.bin.length()); + if (!memcmp(sha512.data(),metaHash.data(),64)) { // double check that hash in JSON is correct d.meta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIZE] = d.bin.length(); // override with correct value -- setting this in meta json is optional std::array<uint8_t,16> shakey; memcpy(shakey.data(),sha512.data(),16); @@ -333,10 +333,10 @@ bool SoftwareUpdater::check(const int64_t now) const std::string binPath(_homePath + ZT_PATH_SEPARATOR_S ZT_SOFTWARE_UPDATE_BIN_FILENAME); try { // (1) Check the hash itself to make sure the image is basically okay - uint8_t sha512[ZT_SHA512_DIGEST_LEN]; - SHA512::hash(sha512,_download.data(),(unsigned int)_download.length()); - char hexbuf[(ZT_SHA512_DIGEST_LEN * 2) + 2]; - if (OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH],"") == Utils::hex(sha512,ZT_SHA512_DIGEST_LEN,hexbuf)) { + uint8_t sha512[64]; + SHA512(sha512,_download.data(),(unsigned int)_download.length()); + char hexbuf[(64 * 2) + 2]; + if (OSUtils::jsonString(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_HASH],"") == Utils::hex(sha512,64,hexbuf)) { // (2) Check signature by signing authority const std::string sig(OSUtils::jsonBinFromHex(_latestMeta[ZT_SOFTWARE_UPDATE_JSON_UPDATE_SIGNATURE])); if (Identity(ZT_SOFTWARE_UPDATE_SIGNING_AUTHORITY).verify(_download.data(),(unsigned int)_download.length(),sig.data(),(unsigned int)sig.length())) { |