AU: DeltaPerformer performs the download size/hash check now.

delta_performer.cc

 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "update_engine/delta_performer.h"
 
 #include <endian.h>
 #include <errno.h>
 
 #include <algorithm>
@@ skipping 172 matching lines @@
     }
     // We have the full proto buffer in buffer_. Parse it.
     const int offset = strlen(kDeltaMagic) + kDeltaVersionLength +
         kDeltaProtobufLengthLength;
     if (!manifest_.ParseFromArray(&buffer_[offset], protobuf_length)) {
       LOG(ERROR) << "Unable to parse manifest in update file.";
       return -EINVAL;
     }
     // Remove protobuf and header info from buffer_, so buffer_ contains
     // just data blobs
-    size_t metadata_size = strlen(kDeltaMagic) + kDeltaVersionLength +
+    manifest_metadata_size_ = strlen(kDeltaMagic) + kDeltaVersionLength +
         kDeltaProtobufLengthLength + protobuf_length;
-    DiscardBufferHeadBytes(metadata_size,
-                           true);  // do_hash
+    DiscardBufferHeadBytes(manifest_metadata_size_);
     LOG_IF(WARNING, !prefs_->SetInt64(kPrefsManifestMetadataSize,
-                                      metadata_size))
+                                      manifest_metadata_size_))
         << "Unable to save the manifest metadata size.";
     manifest_valid_ = true;
     block_size_ = manifest_.block_size();
   }
   ssize_t total_operations = manifest_.install_operations_size() +
       manifest_.kernel_install_operations_size();
   while (next_operation_num_ < total_operations) {
     const DeltaArchiveManifest_InstallOperation &op =
         next_operation_num_ < manifest_.install_operations_size() ?
         manifest_.install_operations(next_operation_num_) :
@@ skipping 65 matching lines @@
   CHECK(operation.type() == \
         DeltaArchiveManifest_InstallOperation_Type_REPLACE || \
         operation.type() == \
         DeltaArchiveManifest_InstallOperation_Type_REPLACE_BZ);
 
   // Since we delete data off the beginning of the buffer as we use it,
   // the data we need should be exactly at the beginning of the buffer.
   CHECK_EQ(buffer_offset_, operation.data_offset());
   CHECK_GE(buffer_.size(), operation.data_length());
 
-  // Don't include the signature data blob in the hash.
-  bool do_hash = !ExtractSignatureMessage(operation);
+  // Extract the signature message if it's in this operation.
+  ExtractSignatureMessage(operation);
 
   DirectExtentWriter direct_writer;
   ZeroPadExtentWriter zero_pad_writer(&direct_writer);
   scoped_ptr<BzipExtentWriter> bzip_writer;
 
   // Since bzip decompression is optional, we have a variable writer that will
   // point to one of the ExtentWriter objects above.
   ExtentWriter* writer = NULL;
   if (operation.type() == DeltaArchiveManifest_InstallOperation_Type_REPLACE) {
     writer = &zero_pad_writer;
@@ skipping 12 matching lines @@
   }
 
   int fd = is_kernel_partition ? kernel_fd_ : fd_;
 
   TEST_AND_RETURN_FALSE(writer->Init(fd, extents, block_size_));
   TEST_AND_RETURN_FALSE(writer->Write(&buffer_[0], operation.data_length()));
   TEST_AND_RETURN_FALSE(writer->End());
 
   // Update buffer
   buffer_offset_ += operation.data_length();
-  DiscardBufferHeadBytes(operation.data_length(), do_hash);
+  DiscardBufferHeadBytes(operation.data_length());
   return true;
 }
 
 bool DeltaPerformer::PerformMoveOperation(
     const DeltaArchiveManifest_InstallOperation& operation,
     bool is_kernel_partition) {
   // Calculate buffer size. Note, this function doesn't do a sliding
   // window to copy in case the source and destination blocks overlap.
   // If we wanted to do a sliding window, we could program the server
   // to generate deltas that effectively did a sliding window.
@@ skipping 122 matching lines @@
         (last_extent.start_block() + last_extent.num_blocks()) * block_size_;
     const uint64_t begin_byte =
         end_byte - (block_size_ - operation.dst_length() % block_size_);
     vector<char> zeros(end_byte - begin_byte);
     TEST_AND_RETURN_FALSE(
         utils::PWriteAll(fd, &zeros[0], end_byte - begin_byte, begin_byte));
   }
 
   // Update buffer.
   buffer_offset_ += operation.data_length();
-  DiscardBufferHeadBytes(operation.data_length(),
-                         true);  // do_hash
+  DiscardBufferHeadBytes(operation.data_length());
   return true;
 }
 
 bool DeltaPerformer::ExtractSignatureMessage(
     const DeltaArchiveManifest_InstallOperation& operation) {
   if (operation.type() != DeltaArchiveManifest_InstallOperation_Type_REPLACE ||
       !manifest_.has_signatures_offset() ||
       manifest_.signatures_offset() != operation.data_offset()) {
     return false;
   }
   TEST_AND_RETURN_FALSE(manifest_.has_signatures_size() &&
                         manifest_.signatures_size() == operation.data_length());
   TEST_AND_RETURN_FALSE(signatures_message_data_.empty());
   TEST_AND_RETURN_FALSE(buffer_offset_ == manifest_.signatures_offset());
   TEST_AND_RETURN_FALSE(buffer_.size() >= manifest_.signatures_size());
   signatures_message_data_.insert(
       signatures_message_data_.begin(),
       buffer_.begin(),
       buffer_.begin() + manifest_.signatures_size());
+  // The hash of all data consumed so far should be verified against the signed
+  // hash.
+  signed_hash_context_ = hash_calculator_.GetContext();
+  LOG_IF(WARNING, !prefs_->SetString(kPrefsUpdateStateSignedSHA256Context,
+                                     signed_hash_context_))
+      << "Unable to store the signed hash context.";
   LOG(INFO) << "Extracted signature data of size "
             << manifest_.signatures_size() << " at "
             << manifest_.signatures_offset();
   return true;
 }
 
-bool DeltaPerformer::VerifyPayload(const string& public_key_path) {
+bool DeltaPerformer::VerifyPayload(
+    const string& public_key_path,
+    const std::string& update_check_response_hash,
+    const uint64_t update_check_response_size) {
   string key_path = public_key_path;
   if (key_path.empty()) {
     key_path = kUpdatePayloadPublicKeyPath;
   }
   LOG(INFO) << "Verifying delta payload. Public key path: " << key_path;
+
+  // Verifies the download hash.
+  const string& download_hash_data = hash_calculator_.hash();
+  TEST_AND_RETURN_FALSE(!download_hash_data.empty());
+  TEST_AND_RETURN_FALSE(download_hash_data == update_check_response_hash);
+
+  // Verifies the download size.
+  TEST_AND_RETURN_FALSE(update_check_response_size ==
+                        manifest_metadata_size_ + buffer_offset_);
+
+  // Verifies the signed payload hash.
   if (!utils::FileExists(key_path.c_str())) {
-    LOG(WARNING) << "Not verifying delta payload due to missing public key.";
+    LOG(WARNING) << "Not verifying signed delta payload -- missing public key.";
     return true;
   }
   TEST_AND_RETURN_FALSE(!signatures_message_data_.empty());
   vector<char> signed_hash_data;
   TEST_AND_RETURN_FALSE(PayloadSigner::VerifySignature(signatures_message_data_,
                                                        key_path,
                                                        &signed_hash_data));
-  const vector<char>& hash_data = hash_calculator_.raw_hash();
+  OmahaHashCalculator signed_hasher;
+  // TODO(petkov): Make sure signed_hash_context_ is loaded when resuming an
+  // update.
+  TEST_AND_RETURN_FALSE(signed_hasher.SetContext(signed_hash_context_));
+  TEST_AND_RETURN_FALSE(signed_hasher.Finalize());
+  const vector<char>& hash_data = signed_hasher.raw_hash();
   TEST_AND_RETURN_FALSE(!hash_data.empty());
-  return hash_data == signed_hash_data;
+  TEST_AND_RETURN_FALSE(hash_data == signed_hash_data);
+  return true;
 }
 
-void DeltaPerformer::DiscardBufferHeadBytes(size_t count, bool do_hash) {
-  if (do_hash) {
-    hash_calculator_.Update(&buffer_[0], count);
-  }
+void DeltaPerformer::DiscardBufferHeadBytes(size_t count) {
+  hash_calculator_.Update(&buffer_[0], count);
   buffer_.erase(buffer_.begin(), buffer_.begin() + count);
 }
 
 bool DeltaPerformer::CanResumeUpdate(PrefsInterface* prefs,
                                      string update_check_response_hash) {
   int64_t next_operation = kUpdateStateOperationInvalid;
   TEST_AND_RETURN_FALSE(prefs->GetInt64(kPrefsUpdateStateNextOperation,
                                         &next_operation) &&
                         next_operation != kUpdateStateOperationInvalid &&
                         next_operation > 0);
 
   string interrupted_hash;
   TEST_AND_RETURN_FALSE(prefs->GetString(kPrefsUpdateCheckResponseHash,
                                          &interrupted_hash) &&
                         !interrupted_hash.empty() &&
                         interrupted_hash == update_check_response_hash);
 
   // Sanity check the rest.
   int64_t next_data_offset = -1;
   TEST_AND_RETURN_FALSE(prefs->GetInt64(kPrefsUpdateStateNextDataOffset,
                                         &next_data_offset) &&
                         next_data_offset >= 0);
 
-  string signed_sha256_context;
+  string sha256_context;
   TEST_AND_RETURN_FALSE(
-      prefs->GetString(kPrefsUpdateStateSignedSHA256Context,
-                       &signed_sha256_context) &&
-      !signed_sha256_context.empty());
+      prefs->GetString(kPrefsUpdateStateSHA256Context, &sha256_context) &&
+      !sha256_context.empty());
 
   int64_t manifest_metadata_size = 0;
   TEST_AND_RETURN_FALSE(prefs->GetInt64(kPrefsManifestMetadataSize,
                                         &manifest_metadata_size) &&
                         manifest_metadata_size > 0);
 
   return true;
 }
 
 bool DeltaPerformer::ResetUpdateProgress(PrefsInterface* prefs) {
   TEST_AND_RETURN_FALSE(prefs->SetInt64(kPrefsUpdateStateNextOperation,
                                         kUpdateStateOperationInvalid));
   return true;
 }
 
 bool DeltaPerformer::CheckpointUpdateProgress() {
   // First reset the progress in case we die in the middle of the state update.
   ResetUpdateProgress(prefs_);
   if (last_updated_buffer_offset_ != buffer_offset_) {
     TEST_AND_RETURN_FALSE(
-        prefs_->SetString(kPrefsUpdateStateSignedSHA256Context,
+        prefs_->SetString(kPrefsUpdateStateSHA256Context,
                           hash_calculator_.GetContext()));
     TEST_AND_RETURN_FALSE(prefs_->SetInt64(kPrefsUpdateStateNextDataOffset,
                                            buffer_offset_));
     last_updated_buffer_offset_ = buffer_offset_;
   }
   TEST_AND_RETURN_FALSE(prefs_->SetInt64(kPrefsUpdateStateNextOperation,
                                          next_operation_num_));
   return true;
 }
 
 }  // namespace chromeos_update_engine