Verify AU payload manifest signature if present.
In order to support downloads over http for a number of reasons, we need
to secure http downloads. The first step in this process is to
verify the signature of the manifest itself before parsing. This can be
done even for https-based downloads in order to provide defense-in-depth
against a SSL attack. This CL adds the required verification logic in
update_engine, if such a manifest signature is present in the Omaha
response.
Until the delta generator is modified in a subsequent check-in to update
the manifest and payload with the required signature, none of this new
code will have any effect.
The delta generator change to populate non-zero values for these new
fields will follow in subsequent CLs.
BUG=chromium-os:33602
TEST=Tested on ZGB to make sure existing functionality works fine.
Added new unit tests.
Change-Id: I2d8b09c23faf87049893b1dee97a34e1f300aded
Reviewed-on: https://gerrit.chromium.org/gerrit/32844
Commit-Ready: Jay Srinivasan <jaysri@chromium.org>
Reviewed-by: Jay Srinivasan <jaysri@chromium.org>
Tested-by: Jay Srinivasan <jaysri@chromium.org>
diff --git a/install_plan.h b/install_plan.h
index 2418aab..67662b4 100644
--- a/install_plan.h
+++ b/install_plan.h
@@ -18,26 +18,33 @@
struct InstallPlan {
InstallPlan(bool is_resume,
const std::string& url,
- uint64_t size,
- const std::string& hash,
+ uint64_t payload_size,
+ const std::string& payload_hash,
+ uint64_t manifest_size,
+ const std::string& manifest_signature,
const std::string& install_path,
const std::string& kernel_install_path)
: is_resume(is_resume),
download_url(url),
- size(size),
- download_hash(hash),
+ payload_size(payload_size),
+ payload_hash(payload_hash),
+ manifest_size(manifest_size),
+ manifest_signature(manifest_signature),
install_path(install_path),
kernel_install_path(kernel_install_path),
kernel_size(0),
rootfs_size(0) {}
- InstallPlan() : is_resume(false), size(0) {}
+ InstallPlan() : is_resume(false), payload_size(0), manifest_size(0) {}
bool is_resume;
std::string download_url; // url to download from
- uint64_t size; // size of the download url's data
- std::string download_hash; // hash of the data at the url
- std::string install_path; // path to install device
- std::string kernel_install_path; // path to kernel install device
+
+ uint64_t payload_size; // size of the payload
+ std::string payload_hash ; // SHA256 hash of the payload
+ uint64_t manifest_size; // size of the manifest
+ std::string manifest_signature; // signature of the manifest
+ std::string install_path; // path to install device
+ std::string kernel_install_path; // path to kernel install device
// The fields below are used for kernel and rootfs verification. The flow is:
//
@@ -58,8 +65,10 @@
bool operator==(const InstallPlan& that) const {
return ((is_resume == that.is_resume) &&
(download_url == that.download_url) &&
- (size == that.size) &&
- (download_hash == that.download_hash) &&
+ (payload_size == that.payload_size) &&
+ (payload_hash == that.payload_hash) &&
+ (manifest_size == that.manifest_size) &&
+ (manifest_signature == that.manifest_signature) &&
(install_path == that.install_path) &&
(kernel_install_path == that.kernel_install_path));
}
@@ -70,8 +79,10 @@
LOG(INFO) << "InstallPlan: "
<< (is_resume ? ", resume" : ", new_update")
<< ", url: " << download_url
- << ", size: " << size
- << ", hash: " << download_hash
+ << ", payload size: " << payload_size
+ << ", payload hash: " << payload_hash
+ << ", manifest size: " << manifest_size
+ << ", manifest signature: " << manifest_signature
<< ", install_path: " << install_path
<< ", kernel_install_path: " << kernel_install_path;
}