AU: Verify source rootfs/kernel hashes before applying delta.

delta_performer.h

 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROMEOS_PLATFORM_UPDATE_ENGINE_DELTA_PERFORMER_H__
 #define CHROMEOS_PLATFORM_UPDATE_ENGINE_DELTA_PERFORMER_H__
 
 #include <inttypes.h>
 
 #include <vector>
@@ skipping 16 matching lines @@
  public:
   DeltaPerformer(PrefsInterface* prefs)
       : prefs_(prefs),
         fd_(-1),
         kernel_fd_(-1),
         manifest_valid_(false),
         manifest_metadata_size_(0),
         next_operation_num_(0),
         buffer_offset_(0),
         last_updated_buffer_offset_(kuint64max),
-        block_size_(0) {}
+        block_size_(0),
+        current_kernel_hash_(NULL),
+        current_rootfs_hash_(NULL) {}
 
   // Opens the kernel. Should be called before or after Open(), but before
   // Write(). The kernel file will be close()d when Close() is called.
   bool OpenKernel(const char* kernel_path);
 
   // flags and mode ignored. Once Close()d, a DeltaPerformer can't be
   // Open()ed again.
   int Open(const char* path, int flags, mode_t mode);
 
   // Wrapper around write. Returns bytes written on success or
@@ skipping 39 matching lines @@
   // persistent preferences and the new update check response hash.
   static bool CanResumeUpdate(PrefsInterface* prefs,
                               std::string update_check_response_hash);
 
   // Resets the persistent update progress state to indicate that an update
   // can't be resumed. Performs a quick update-in-progress reset if |quick| is
   // true, otherwise resets all progress-related update state. Returns true on
   // success, false otherwise.
   static bool ResetUpdateProgress(PrefsInterface* prefs, bool quick);
 
+  void set_current_kernel_hash(const std::vector<char>* hash) {
+    current_kernel_hash_ = hash;
+  }
+
+  void set_current_rootfs_hash(const std::vector<char>* hash) {
+    current_rootfs_hash_ = hash;
+  }
+
  private:
   friend class DeltaPerformerTest;
   FRIEND_TEST(DeltaPerformerTest, IsIdempotentOperationTest);
 
   static bool IsIdempotentOperation(
       const DeltaArchiveManifest_InstallOperation& op);
 
+  // Verifies that the expected source partition hashes (if present) match the
+  // hashes for the current partitions. Returns true if there're no expected
+  // hashes in the payload (e.g., if it's a new-style full update) or if the
+  // hashes match; returns false otherwise.
+  bool VerifySourcePartitions();
+
   // Returns true if enough of the delta file has been passed via Write()
   // to be able to perform a given install operation.
   bool CanPerformInstallOperation(
       const DeltaArchiveManifest_InstallOperation& operation);
 
   // Returns true on success.
   bool PerformInstallOperation(
       const DeltaArchiveManifest_InstallOperation& operation);
 
   // These perform a specific type of operation and return true on success.
@@ skipping 60 matching lines @@
 
   // Calculates the payload hash.
   OmahaHashCalculator hash_calculator_;
 
   // Saves the signed hash context.
   std::string signed_hash_context_;
 
   // Signatures message blob extracted directly from the payload.
   std::vector<char> signatures_message_data_;
 
+  // Hashes for the current partitions to be used for source partition
+  // verification.
+  const std::vector<char>* current_kernel_hash_;
+  const std::vector<char>* current_rootfs_hash_;
+
   DISALLOW_COPY_AND_ASSIGN(DeltaPerformer);
 };
 
 }  // namespace chromeos_update_engine
 
 #endif  // CHROMEOS_PLATFORM_UPDATE_ENGINE_DELTA_PERFORMER_H__