AU: Split applied update verification into a separate step.

delta_performer.h

 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROMEOS_PLATFORM_UPDATE_ENGINE_DELTA_PERFORMER_H__
 #define CHROMEOS_PLATFORM_UPDATE_ENGINE_DELTA_PERFORMER_H__
 
 #include <inttypes.h>
 
 #include <vector>
@@ skipping 16 matching lines @@
  public:
   DeltaPerformer(PrefsInterface* prefs)
       : prefs_(prefs),
         fd_(-1),
         kernel_fd_(-1),
         manifest_valid_(false),
         manifest_metadata_size_(0),
         next_operation_num_(0),
         buffer_offset_(0),
         last_updated_buffer_offset_(kuint64max),
-        block_size_(0),
-        current_kernel_hash_(NULL),
-        current_rootfs_hash_(NULL) {}
+        block_size_(0) {}
 
   // Opens the kernel. Should be called before or after Open(), but before
   // Write(). The kernel file will be close()d when Close() is called.
   bool OpenKernel(const char* kernel_path);
 
   // flags and mode ignored. Once Close()d, a DeltaPerformer can't be
   // Open()ed again.
   int Open(const char* path, int flags, mode_t mode);
 
   // Wrapper around write. Returns bytes written on success or
   // -errno on error.
   ssize_t Write(const void* bytes, size_t count);
 
   // Wrapper around close. Returns 0 on success or -errno on error.
   // Closes both 'path' given to Open() and the kernel path.
   int Close();
 
   // Verifies the downloaded payload against the signed hash included in the
   // payload as well as against the update check hash and size and returns true
   // on success, false on failure. This method should be called after closing
   // the stream. Note this method skips the signed hash check if the public key
   // is unavailable; it returns false if the public key is available but the
   // delta payload doesn't include a signature. If |public_key_path| is an empty
   // string, uses the default public key path.
   bool VerifyPayload(const std::string& public_key_path,
                      const std::string& update_check_response_hash,
                      const uint64_t update_check_response_size);
 
-  // Verifies that the generated update is correct based on the hashes sent by
-  // the server. Returns true on success, false otherwise.
-  bool VerifyAppliedUpdate(const std::string& path,
-                           const std::string& kernel_path);
+  // Reads from the update manifest the expected sizes and hashes of the target
+  // kernel and rootfs partitions. These values can be used for applied update
+  // hash verification. This method must be called after the update manifest has
+  // been parsed (e.g., after closing the stream). Returns true on success, and
+  // false on failure (e.g., when the values are not present in the update
+  // manifest).
+  bool GetNewPartitionInfo(uint64_t* kernel_size,
+                           std::vector<char>* kernel_hash,
+                           uint64_t* rootfs_size,
+                           std::vector<char>* rootfs_hash);
 
   // Converts an ordered collection of Extent objects which contain data of
   // length full_length to a comma-separated string. For each Extent, the
   // string will have the start offset and then the length in bytes.
   // The length value of the last extent in the string may be short, since
   // the full length of all extents in the string is capped to full_length.
   // Also, an extent starting at kSparseHole, appears as -1 in the string.
   // For example, if the Extents are {1, 1}, {4, 2}, {kSparseHole, 1},
   // {0, 1}, block_size is 4096, and full_length is 5 * block_size - 13,
   // the resulting string will be: "4096:4096,16384:8192,-1:4096,0:4083"
   static bool ExtentsToBsdiffPositionsString(
       const google::protobuf::RepeatedPtrField<Extent>& extents,
       uint64_t block_size,
       uint64_t full_length,
       std::string* positions_string);
 
   // Returns true if a previous update attempt can be continued based on the
   // persistent preferences and the new update check response hash.
   static bool CanResumeUpdate(PrefsInterface* prefs,
                               std::string update_check_response_hash);
 
   // Resets the persistent update progress state to indicate that an update
   // can't be resumed. Performs a quick update-in-progress reset if |quick| is
   // true, otherwise resets all progress-related update state. Returns true on
   // success, false otherwise.
   static bool ResetUpdateProgress(PrefsInterface* prefs, bool quick);
 
-  void set_current_kernel_hash(const std::vector<char>* hash) {
+  void set_current_kernel_hash(const std::vector<char>& hash) {
     current_kernel_hash_ = hash;
   }
 
-  void set_current_rootfs_hash(const std::vector<char>* hash) {
+  void set_current_rootfs_hash(const std::vector<char>& hash) {
     current_rootfs_hash_ = hash;
   }
 
  private:
   friend class DeltaPerformerTest;
   FRIEND_TEST(DeltaPerformerTest, IsIdempotentOperationTest);
 
   static bool IsIdempotentOperation(
       const DeltaArchiveManifest_InstallOperation& op);
 
@@ skipping 78 matching lines @@
   OmahaHashCalculator hash_calculator_;
 
   // Saves the signed hash context.
   std::string signed_hash_context_;
 
   // Signatures message blob extracted directly from the payload.
   std::vector<char> signatures_message_data_;
 
   // Hashes for the current partitions to be used for source partition
   // verification.
-  const std::vector<char>* current_kernel_hash_;
-  const std::vector<char>* current_rootfs_hash_;
+  std::vector<char> current_kernel_hash_;
+  std::vector<char> current_rootfs_hash_;
 
   DISALLOW_COPY_AND_ASSIGN(DeltaPerformer);
 };
 
 }  // namespace chromeos_update_engine
 
 #endif  // CHROMEOS_PLATFORM_UPDATE_ENGINE_DELTA_PERFORMER_H__