ret = EVP_DigestVerifyInit(evp_md_ctx, NULL, EVP_sha256(), NULL, public_key);
ASSERT_RETV(ret == 1, print_openssl_error(), "EVP_DigestVerifyInit failed");
+ // Hash delta
ret = EVP_DigestVerifyUpdate(evp_md_ctx, signed_file.delta, signed_file.delta_size);
ASSERT_RETV(ret == 1, print_openssl_error(), "EVP_DigestVerifyUpdate failed");
+ // Decrypt signature and compare with hashed delta
ret = EVP_DigestVerifyFinal(evp_md_ctx, signed_file.signature, signed_file.signature_size);
ASSERT_RETV(ret == 1, print_openssl_error(), "EVP_DigestVerifyFinal failed");
_D("CA file : %s", CA_FILE);
has_root_ca = (access(CA_FILE, F_OK) == 0) ? true : false;
+ /**
+ * Root CA / Signed File | Action
+ * -------------------------------------------
+ * X X | Skip verification
+ * X O | Deny
+ * O X | Deny
+ * O O | Try to verify
+ */
_D("Signed(%d), Root CA(%d)", is_signed_file, has_root_ca);
if (is_signed_file) {
if (!has_root_ca) {
#define MAGIC_NUMBER "TOTA_SIGNED_V1"
#define MAGIC_NUMBER_SIZE (sizeof(MAGIC_NUMBER) - 1)
+/**
+ * This structure is same with TOTA signed file.
+ * So, please sync it with signer.
+ */
struct signed_file {
// Data
unsigned char *delta;
projects / platform / core / system / tota-ua.git / commitdiff