Make public key verification check binding.
Until now, we've just warned on failure. This CL makes the update fail
if the check fails.
BUG=chromium-os:19872
TEST=unittests; tested on device
Change-Id: I485b2548849f46d2b802c478736671bb44a85aab
Reviewed-on: http://gerrit.chromium.org/gerrit/6998
Reviewed-by: Darin Petkov <petkov@chromium.org>
Tested-by: Andrew de los Reyes <adlr@chromium.org>
diff --git a/delta_performer.cc b/delta_performer.cc
index 25ea99a..fa35ce8 100644
--- a/delta_performer.cc
+++ b/delta_performer.cc
@@ -583,22 +583,19 @@
return true;
}
-#define TEST_SET_TRUE_RET_TRUE(_ptr, _condition) \
- do { \
- if (!(_condition)) { \
- LOG(ERROR) << "Non fatal public key verification: " << #_condition; \
- if (_ptr) { \
- *(_ptr) = true; \
- } \
- return true; \
- } \
- } while(0)
+#define TEST_AND_RETURN_VAL(_retval, _condition) \
+ do { \
+ if (!(_condition)) { \
+ LOG(ERROR) << "VerifyPayload failure: " << #_condition; \
+ return _retval; \
+ } \
+ } while (0);
-bool DeltaPerformer::VerifyPayload(
+
+ActionExitCode DeltaPerformer::VerifyPayload(
const string& public_key_path,
const std::string& update_check_response_hash,
- const uint64_t update_check_response_size,
- bool* signature_failed) {
+ const uint64_t update_check_response_size) {
string key_path = public_key_path;
if (key_path.empty()) {
key_path = kUpdatePayloadPublicKeyPath;
@@ -607,47 +604,49 @@
// Verifies the download hash.
const string& download_hash_data = hash_calculator_.hash();
- TEST_AND_RETURN_FALSE(!download_hash_data.empty());
- TEST_AND_RETURN_FALSE(download_hash_data == update_check_response_hash);
+ TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadVerificationError,
+ !download_hash_data.empty());
+ TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadVerificationError,
+ download_hash_data == update_check_response_hash);
// Verifies the download size.
- TEST_AND_RETURN_FALSE(update_check_response_size ==
- manifest_metadata_size_ + buffer_offset_);
+ TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadVerificationError,
+ update_check_response_size ==
+ manifest_metadata_size_ + buffer_offset_);
// Verifies the signed payload hash.
if (!utils::FileExists(key_path.c_str())) {
LOG(WARNING) << "Not verifying signed delta payload -- missing public key.";
- return true;
+ return kActionCodeSuccess;
}
- TEST_SET_TRUE_RET_TRUE(signature_failed, !signatures_message_data_.empty());
+ TEST_AND_RETURN_VAL(kActionCodeSignedDeltaPayloadExpectedError,
+ !signatures_message_data_.empty());
vector<char> signed_hash_data;
- TEST_SET_TRUE_RET_TRUE(signature_failed, PayloadSigner::VerifySignature(
- signatures_message_data_,
- key_path,
- &signed_hash_data));
+ TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadPubKeyVerificationError,
+ PayloadSigner::VerifySignature(
+ signatures_message_data_,
+ key_path,
+ &signed_hash_data));
OmahaHashCalculator signed_hasher;
- TEST_SET_TRUE_RET_TRUE(signature_failed,
- signed_hasher.SetContext(signed_hash_context_));
- TEST_SET_TRUE_RET_TRUE(signature_failed,
- signed_hasher.Finalize());
+ TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadPubKeyVerificationError,
+ signed_hasher.SetContext(signed_hash_context_));
+ TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadPubKeyVerificationError,
+ signed_hasher.Finalize());
vector<char> hash_data = signed_hasher.raw_hash();
PayloadSigner::PadRSA2048SHA256Hash(&hash_data);
- TEST_SET_TRUE_RET_TRUE(signature_failed, !hash_data.empty());
+ TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadPubKeyVerificationError,
+ !hash_data.empty());
if (hash_data != signed_hash_data) {
- LOG(ERROR) << "Public key verificaion failed. This is non-fatal. "
+ LOG(ERROR) << "Public key verification failed, thus update failed. "
"Attached Signature:";
utils::HexDumpVector(signed_hash_data);
LOG(ERROR) << "Computed Signature:";
utils::HexDumpVector(hash_data);
- if (signature_failed) {
- *signature_failed = true;
- }
+ return kActionCodeDownloadPayloadPubKeyVerificationError;
}
- return true;
+ return kActionCodeSuccess;
}
-#undef TEST_SET_TRUE_RET_TRUE
-
bool DeltaPerformer::GetNewPartitionInfo(uint64_t* kernel_size,
vector<char>* kernel_hash,
uint64_t* rootfs_size,