updater: fetch signed hashes from getmonero.org, verify downloads

2026-04-04 11:47:26 -04:00 · 2020-04-14 21:03:15 +00:00
parent 8e4124f06a
commit ea25b71ca6
10 changed files with 131 additions and 33 deletions
--- a/src/qt/updater.cpp
+++ b/src/qt/updater.cpp
@@ -30,6 +30,7 @@

 #include <openpgp/hash.h>

+#include "network.h"
 #include "utils.h"

 Updater::Updater()
@@ -39,17 +40,41 @@ Updater::Updater()
    m_maintainers.emplace_back(fileGetContents(":/monero/utils/gpg_keys/luigi1111.asc").toStdString());
 }

-QPair<QString, QString> Updater::verifySignaturesAndHashSum(
+QByteArray Updater::fetchSignedHash(
+    const QString &binaryFilename,
+    const QByteArray &hashFromDns,
+    QPair<QString, QString> &signers) const
+{
+    static constexpr const char hashesTxtUrl[] = "https://web.getmonero.org/downloads/hashes.txt";
+    static constexpr const char hashesTxtSigUrl[] = "https://web.getmonero.org/downloads/hashes.txt.sig";
+
+    const Network network;
+    std::string hashesTxt = network.get(hashesTxtUrl);
+    std::string hashesTxtSig = network.get(hashesTxtSigUrl);
+
+    const QByteArray signedHash = verifyParseSignedHahes(
+        QByteArray(&hashesTxt[0], hashesTxt.size()),
+        QByteArray(&hashesTxtSig[0], hashesTxtSig.size()),
+        binaryFilename,
+        signers);
+
+    if (signedHash != hashFromDns)
+    {
+        throw std::runtime_error("DNS hash mismatch");
+    }
+
+    return signedHash;
+}
+
+QByteArray Updater::verifyParseSignedHahes(
    const QByteArray &armoredSignedHashes,
    const QByteArray &secondDetachedSignature,
    const QString &binaryFilename,
-    const void *binaryData,
-    size_t binarySize) const
+    QPair<QString, QString> &signers) const
 {
-    QString firstSigner;
-    const QString signedMessage = verifySignature(armoredSignedHashes, firstSigner);
+    const QString signedMessage = verifySignature(armoredSignedHashes, signers.first);

-    QString secondSigner = verifySignature(
+    signers.second = verifySignature(
        epee::span<const uint8_t>(
            reinterpret_cast<const uint8_t *>(armoredSignedHashes.data()),
            armoredSignedHashes.size()),
@@ -57,19 +82,31 @@ QPair<QString, QString> Updater::verifySignaturesAndHashSum(
            reinterpret_cast<const uint8_t *>(secondDetachedSignature.data()),
            secondDetachedSignature.size())));

-    if (firstSigner == secondSigner)
+    if (signers.first == signers.second)
    {
        throw std::runtime_error("both signatures were generated by the same person");
    }

-    const QByteArray signedHash = parseShasumOutput(signedMessage, binaryFilename);
+    return parseShasumOutput(signedMessage, binaryFilename);
+}
+
+QPair<QString, QString> Updater::verifySignaturesAndHashSum(
+    const QByteArray &armoredSignedHashes,
+    const QByteArray &secondDetachedSignature,
+    const QString &binaryFilename,
+    const void *binaryData,
+    size_t binarySize) const
+{
+    QPair<QString, QString> signers;
+    const QByteArray signedHash =
+        verifyParseSignedHahes(armoredSignedHashes, secondDetachedSignature, binaryFilename, signers);
    const QByteArray calculatedHash = getHash(binaryData, binarySize);
    if (signedHash != calculatedHash)
    {
        throw std::runtime_error("hash sum mismatch");
    }

-    return {firstSigner, secondSigner};
+    return signers;
 }

 QByteArray Updater::getHash(const void *data, size_t size) const