45942518a5
Integrate this into SignatureVerifier too. Bug: 110509075 Test: atest CtsSignedConfigHostTestCases Test: atest SignedConfigTest Change-Id: I816598c3332f9577c802109053d0d0b9b1f2a699
37 lines
808 B
Bash
Executable File
37 lines
808 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# Script to verify signatures, with both signature & data given in b64
|
|
# Args:
|
|
# 1. data (base64 encoded)
|
|
# 2. signature (base64 encoded)
|
|
# The arg values can be taken from the debug log for SignedConfigService when verbose logging is
|
|
# enabled.
|
|
|
|
function verify() {
|
|
D=${1}
|
|
S=${2}
|
|
K=${3}
|
|
echo Trying ${K}
|
|
openssl dgst -sha256 -verify $(dirname $0)/${K} -signature <(echo ${S} | base64 -d) <(echo ${D} | base64 -d)
|
|
}
|
|
|
|
|
|
PROD_KEY_NAME=prod_public.pem
|
|
DEBUG_KEY_NAME=debug_public.pem
|
|
SIGNATURE="$2"
|
|
DATA="$1"
|
|
|
|
echo DATA: ${DATA}
|
|
echo SIGNATURE: ${SIGNATURE}
|
|
|
|
if verify "${DATA}" "${SIGNATURE}" "${PROD_KEY_NAME}"; then
|
|
echo Verified with ${PROD_KEY_NAME}
|
|
exit 0
|
|
fi
|
|
|
|
if verify "${DATA}" "${SIGNATURE}" "${DEBUG_KEY_NAME}"; then
|
|
echo Verified with ${DEBUG_KEY_NAME}
|
|
exit 0
|
|
fi
|
|
exit 1
|