commit 771e1bd1ed58ef791ccc41a2b9d96e257403abec
author Andrew de los Reyes <adlr@chromium.org> Tue Aug 30 14:47:23 2011 -0700
committer Andrew de los Reyes <adlr@chromium.org> Thu Sep 01 09:34:02 2011 -0700
tree 4845a32f83ef7dc6bba5ad2d0476c24e1ca91d13
parent 2d12158ad728c7337a3314272f3e3438aeee3b18

Make public key verification check binding.

Until now, we've just warned on failure. This CL makes the update fail
if the check fails.

BUG=chromium-os:19872
TEST=unittests; tested on device

Change-Id: I485b2548849f46d2b802c478736671bb44a85aab
Reviewed-on: http://gerrit.chromium.org/gerrit/6998
Reviewed-by: Darin Petkov <petkov@chromium.org>
Tested-by: Andrew de los Reyes <adlr@chromium.org>

delta_performer.cc

diff --git a/delta_performer.cc b/delta_performer.cc
index 25ea99a..fa35ce8 100644
--- a/delta_performer.cc
+++ b/delta_performer.cc
@@ -583,22 +583,19 @@
   return true;
 }
 
-#define TEST_SET_TRUE_RET_TRUE(_ptr, _condition)                        \
-  do {                                                                  \
-    if (!(_condition)) {                                                \
-      LOG(ERROR) << "Non fatal public key verification: " << #_condition; \
-      if (_ptr) {                                                       \
-        *(_ptr) = true;                                                 \
-      }                                                                 \
-      return true;                                                      \
-    }                                                                   \
-  } while(0)
+#define TEST_AND_RETURN_VAL(_retval, _condition)                \
+  do {                                                          \
+    if (!(_condition)) {                                        \
+      LOG(ERROR) << "VerifyPayload failure: " << #_condition;   \
+      return _retval;                                           \
+    }                                                           \
+  } while (0);
 
-bool DeltaPerformer::VerifyPayload(
+
+ActionExitCode DeltaPerformer::VerifyPayload(
     const string& public_key_path,
     const std::string& update_check_response_hash,
-    const uint64_t update_check_response_size,
-    bool* signature_failed) {
+    const uint64_t update_check_response_size) {
   string key_path = public_key_path;
   if (key_path.empty()) {
     key_path = kUpdatePayloadPublicKeyPath;
@@ -607,47 +604,49 @@
 
   // Verifies the download hash.
   const string& download_hash_data = hash_calculator_.hash();
-  TEST_AND_RETURN_FALSE(!download_hash_data.empty());
-  TEST_AND_RETURN_FALSE(download_hash_data == update_check_response_hash);
+  TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadVerificationError,
+                      !download_hash_data.empty());
+  TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadVerificationError,
+                      download_hash_data == update_check_response_hash);
 
   // Verifies the download size.
-  TEST_AND_RETURN_FALSE(update_check_response_size ==
-                        manifest_metadata_size_ + buffer_offset_);
+  TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadVerificationError,
+                      update_check_response_size ==
+                      manifest_metadata_size_ + buffer_offset_);
 
   // Verifies the signed payload hash.
   if (!utils::FileExists(key_path.c_str())) {
     LOG(WARNING) << "Not verifying signed delta payload -- missing public key.";
-    return true;
+    return kActionCodeSuccess;
   }
-  TEST_SET_TRUE_RET_TRUE(signature_failed, !signatures_message_data_.empty());
+  TEST_AND_RETURN_VAL(kActionCodeSignedDeltaPayloadExpectedError,
+                      !signatures_message_data_.empty());
   vector<char> signed_hash_data;
-  TEST_SET_TRUE_RET_TRUE(signature_failed, PayloadSigner::VerifySignature(
-      signatures_message_data_,
-      key_path,
-      &signed_hash_data));
+  TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadPubKeyVerificationError,
+                      PayloadSigner::VerifySignature(
+                          signatures_message_data_,
+                          key_path,
+                          &signed_hash_data));
   OmahaHashCalculator signed_hasher;
-  TEST_SET_TRUE_RET_TRUE(signature_failed,
-                         signed_hasher.SetContext(signed_hash_context_));
-  TEST_SET_TRUE_RET_TRUE(signature_failed,
-                         signed_hasher.Finalize());
+  TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadPubKeyVerificationError,
+                      signed_hasher.SetContext(signed_hash_context_));
+  TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadPubKeyVerificationError,
+                      signed_hasher.Finalize());
   vector<char> hash_data = signed_hasher.raw_hash();
   PayloadSigner::PadRSA2048SHA256Hash(&hash_data);
-  TEST_SET_TRUE_RET_TRUE(signature_failed, !hash_data.empty());
+  TEST_AND_RETURN_VAL(kActionCodeDownloadPayloadPubKeyVerificationError,
+                      !hash_data.empty());
   if (hash_data != signed_hash_data) {
-    LOG(ERROR) << "Public key verificaion failed. This is non-fatal. "
+    LOG(ERROR) << "Public key verification failed, thus update failed. "
         "Attached Signature:";
     utils::HexDumpVector(signed_hash_data);
     LOG(ERROR) << "Computed Signature:";
     utils::HexDumpVector(hash_data);
-    if (signature_failed) {
-      *signature_failed = true;
-    }
+    return kActionCodeDownloadPayloadPubKeyVerificationError;
   }
-  return true;
+  return kActionCodeSuccess;
 }
 
-#undef TEST_SET_TRUE_RET_TRUE
-
 bool DeltaPerformer::GetNewPartitionInfo(uint64_t* kernel_size,
                                          vector<char>* kernel_hash,
                                          uint64_t* rootfs_size,