AU: Verify delta payload signature and signed hash.

delta_performer.h

Index: delta_performer.h
diff --git a/delta_performer.h b/delta_performer.h
index cf75a67fe882444c229d2a7f470bc11094425701..82f4d90623cfa8087625139702f277a312dd0c17 100644
--- a/delta_performer.h
+++ b/delta_performer.h
@@ -6,9 +6,13 @@
 #define CHROMEOS_PLATFORM_UPDATE_ENGINE_DELTA_PERFORMER_H__
 
 #include <inttypes.h>
+
 #include <vector>
+
 #include <google/protobuf/repeated_field.h>
+
 #include "update_engine/file_writer.h"
+#include "update_engine/omaha_hash_calculator.h"
 #include "update_engine/update_metadata.pb.h"
 
 namespace chromeos_update_engine {
@@ -25,7 +29,7 @@ class DeltaPerformer : public FileWriter {
         next_operation_num_(0),
         buffer_offset_(0),
         block_size_(0) {}
-  
+
   // Opens the kernel. Should be called before or after Open(), but before
   // Write(). The kernel file will be close()d when Close() is called.
   bool OpenKernel(const char* kernel_path);
@@ -41,7 +45,15 @@ class DeltaPerformer : public FileWriter {
   // Wrapper around close. Returns 0 on success or -errno on error.
   // Closes both 'path' given to Open() and the kernel path.
   int Close();
-  
+
+  // Verifies the downloaded payload against the signed hash included in the
+  // payload and returns true on success, false on failure. This method should
+  // be called after closing the stream. Note this method returns true if the
+  // public key is unavailable; it returns false if the public key is available
+  // but the delta payload doesn't include a signature. If |public_key_path| is
+  // an empty string, uses the default public key path.
+  bool VerifyPayload(const std::string& public_key_path);
+
   // Converts an ordered collection of Extent objects which contain data of
   // length full_length to a comma-separated string. For each Extent, the
   // string will have the start offset and then the length in bytes.
@@ -62,11 +74,11 @@ class DeltaPerformer : public FileWriter {
   // to be able to perform a given install operation.
   bool CanPerformInstallOperation(
       const DeltaArchiveManifest_InstallOperation& operation);
-  
+
   // Returns true on success.
   bool PerformInstallOperation(
       const DeltaArchiveManifest_InstallOperation& operation);
-  
+
   // These perform a specific type of operation and return true on success.
   bool PerformReplaceOperation(
       const DeltaArchiveManifest_InstallOperation& operation,
@@ -78,18 +90,27 @@ class DeltaPerformer : public FileWriter {
       const DeltaArchiveManifest_InstallOperation& operation,
       bool is_kernel_partition);
 
+  // Returns true if the payload signature message has been extracted from
+  // |operation|, false otherwise.
+  bool ExtractSignatureMessage(
+      const DeltaArchiveManifest_InstallOperation& operation);
+
+  // Discard |count| bytes from the beginning of buffer_. If |do_hash| is true,
+  // updates the hash calculator with these bytes before discarding them.
+  void DiscardBufferHeadBytes(size_t count, bool do_hash);
+
   // File descriptor of open device.
   int fd_;
-  
+
   // File descriptor of the kernel device
   int kernel_fd_;
-  
+
   std::string path_;  // Path that fd_ refers to.
   std::string kernel_path_;  // Path that kernel_fd_ refers to.
-  
+
   DeltaArchiveManifest manifest_;
   bool manifest_valid_;
-  
+
   // Index of the next operation to perform in the manifest.
   int next_operation_num_;
 
@@ -100,10 +121,16 @@ class DeltaPerformer : public FileWriter {
   std::vector<char> buffer_;
   // Offset of buffer_ in the binary blobs section of the update.
   uint64_t buffer_offset_;
-  
+
   // The block size (parsed from the manifest).
   uint32_t block_size_;
-  
+
+  // Calculate the payload hash to verify against the signed hash.
+  OmahaHashCalculator hash_calculator_;
+
+  // Signatures message blob extracted directly from the payload.
+  std::vector<char> signatures_message_data_;
+
   DISALLOW_COPY_AND_ASSIGN(DeltaPerformer);
 };