1*d57664e9SAndroid Build Coastguard Worker#!/bin/bash 2*d57664e9SAndroid Build Coastguard Worker 3*d57664e9SAndroid Build Coastguard Worker# Script to verify signatures, with both signature & data given in b64 4*d57664e9SAndroid Build Coastguard Worker# Args: 5*d57664e9SAndroid Build Coastguard Worker# 1. data (base64 encoded) 6*d57664e9SAndroid Build Coastguard Worker# 2. signature (base64 encoded) 7*d57664e9SAndroid Build Coastguard Worker# The arg values can be taken from the debug log for SignedConfigService when verbose logging is 8*d57664e9SAndroid Build Coastguard Worker# enabled. 9*d57664e9SAndroid Build Coastguard Worker 10*d57664e9SAndroid Build Coastguard Workerfunction verify() { 11*d57664e9SAndroid Build Coastguard Worker D=${1} 12*d57664e9SAndroid Build Coastguard Worker S=${2} 13*d57664e9SAndroid Build Coastguard Worker K=${3} 14*d57664e9SAndroid Build Coastguard Worker echo Trying ${K} 15*d57664e9SAndroid Build Coastguard Worker openssl dgst -sha256 -verify $(dirname $0)/${K} -signature <(echo ${S} | base64 -d) <(echo ${D} | base64 -d) 16*d57664e9SAndroid Build Coastguard Worker} 17*d57664e9SAndroid Build Coastguard Worker 18*d57664e9SAndroid Build Coastguard Worker 19*d57664e9SAndroid Build Coastguard WorkerPROD_KEY_NAME=prod_public.pem 20*d57664e9SAndroid Build Coastguard WorkerDEBUG_KEY_NAME=debug_public.pem 21*d57664e9SAndroid Build Coastguard WorkerSIGNATURE="$2" 22*d57664e9SAndroid Build Coastguard WorkerDATA="$1" 23*d57664e9SAndroid Build Coastguard Worker 24*d57664e9SAndroid Build Coastguard Workerecho DATA: ${DATA} 25*d57664e9SAndroid Build Coastguard Workerecho SIGNATURE: ${SIGNATURE} 26*d57664e9SAndroid Build Coastguard Worker 27*d57664e9SAndroid Build Coastguard Workerif verify "${DATA}" "${SIGNATURE}" "${PROD_KEY_NAME}"; then 28*d57664e9SAndroid Build Coastguard Worker echo Verified with ${PROD_KEY_NAME} 29*d57664e9SAndroid Build Coastguard Worker exit 0 30*d57664e9SAndroid Build Coastguard Workerfi 31*d57664e9SAndroid Build Coastguard Worker 32*d57664e9SAndroid Build Coastguard Workerif verify "${DATA}" "${SIGNATURE}" "${DEBUG_KEY_NAME}"; then 33*d57664e9SAndroid Build Coastguard Worker echo Verified with ${DEBUG_KEY_NAME} 34*d57664e9SAndroid Build Coastguard Worker exit 0 35*d57664e9SAndroid Build Coastguard Workerfi 36*d57664e9SAndroid Build Coastguard Workerexit 1 37