AU: Verify delta payload signature and signed hash.
The signature and hash are verified only if the public key file exists.
This means that currently this feature is desabled until we install a public
key.
BUG=5663
TEST=unit tests, applied a signed delta update on the server
Change-Id: I5be72f7fde88400587f8aae0c7d5745c79fc4428
Review URL: http://codereview.chromium.org/3592008
diff --git a/delta_performer.h b/delta_performer.h
index cf75a67..82f4d90 100644
--- a/delta_performer.h
+++ b/delta_performer.h
@@ -6,9 +6,13 @@
#define CHROMEOS_PLATFORM_UPDATE_ENGINE_DELTA_PERFORMER_H__
#include <inttypes.h>
+
#include <vector>
+
#include <google/protobuf/repeated_field.h>
+
#include "update_engine/file_writer.h"
+#include "update_engine/omaha_hash_calculator.h"
#include "update_engine/update_metadata.pb.h"
namespace chromeos_update_engine {
@@ -25,7 +29,7 @@
next_operation_num_(0),
buffer_offset_(0),
block_size_(0) {}
-
+
// Opens the kernel. Should be called before or after Open(), but before
// Write(). The kernel file will be close()d when Close() is called.
bool OpenKernel(const char* kernel_path);
@@ -41,7 +45,15 @@
// Wrapper around close. Returns 0 on success or -errno on error.
// Closes both 'path' given to Open() and the kernel path.
int Close();
-
+
+ // Verifies the downloaded payload against the signed hash included in the
+ // payload and returns true on success, false on failure. This method should
+ // be called after closing the stream. Note this method returns true if the
+ // public key is unavailable; it returns false if the public key is available
+ // but the delta payload doesn't include a signature. If |public_key_path| is
+ // an empty string, uses the default public key path.
+ bool VerifyPayload(const std::string& public_key_path);
+
// Converts an ordered collection of Extent objects which contain data of
// length full_length to a comma-separated string. For each Extent, the
// string will have the start offset and then the length in bytes.
@@ -62,11 +74,11 @@
// to be able to perform a given install operation.
bool CanPerformInstallOperation(
const DeltaArchiveManifest_InstallOperation& operation);
-
+
// Returns true on success.
bool PerformInstallOperation(
const DeltaArchiveManifest_InstallOperation& operation);
-
+
// These perform a specific type of operation and return true on success.
bool PerformReplaceOperation(
const DeltaArchiveManifest_InstallOperation& operation,
@@ -78,18 +90,27 @@
const DeltaArchiveManifest_InstallOperation& operation,
bool is_kernel_partition);
+ // Returns true if the payload signature message has been extracted from
+ // |operation|, false otherwise.
+ bool ExtractSignatureMessage(
+ const DeltaArchiveManifest_InstallOperation& operation);
+
+ // Discard |count| bytes from the beginning of buffer_. If |do_hash| is true,
+ // updates the hash calculator with these bytes before discarding them.
+ void DiscardBufferHeadBytes(size_t count, bool do_hash);
+
// File descriptor of open device.
int fd_;
-
+
// File descriptor of the kernel device
int kernel_fd_;
-
+
std::string path_; // Path that fd_ refers to.
std::string kernel_path_; // Path that kernel_fd_ refers to.
-
+
DeltaArchiveManifest manifest_;
bool manifest_valid_;
-
+
// Index of the next operation to perform in the manifest.
int next_operation_num_;
@@ -100,10 +121,16 @@
std::vector<char> buffer_;
// Offset of buffer_ in the binary blobs section of the update.
uint64_t buffer_offset_;
-
+
// The block size (parsed from the manifest).
uint32_t block_size_;
-
+
+ // Calculate the payload hash to verify against the signed hash.
+ OmahaHashCalculator hash_calculator_;
+
+ // Signatures message blob extracted directly from the payload.
+ std::vector<char> signatures_message_data_;
+
DISALLOW_COPY_AND_ASSIGN(DeltaPerformer);
};