AU: Support signed payload verification through the delta generator.

payload_signer.cc

 // Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "update_engine/payload_signer.h"
 
 #include <base/logging.h>
 #include <base/string_util.h>
 #include <openssl/pem.h>
 
@@ skipping 25 matching lines @@
   // Serialize protobuf
   string serialized;
   TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized));
   out_signature_blob->insert(out_signature_blob->end(),
                              serialized.begin(),
                              serialized.end());
   LOG(INFO) << "Signature blob size: " << out_signature_blob->size();
   return true;
 }
 
+bool LoadPayload(const string& payload_path,
+                 vector<char>* out_payload,
+                 DeltaArchiveManifest* out_manifest,
+                 uint64_t* out_metadata_size) {
+  vector<char> payload;
+  // Loads the payload and parses the manifest.
+  TEST_AND_RETURN_FALSE(utils::ReadFile(payload_path, &payload));
+  LOG(INFO) << "Payload size: " << payload.size();
+  TEST_AND_RETURN_FALSE(DeltaPerformer::ParsePayloadMetadata(
+      payload, out_manifest, out_metadata_size) ==
+                        DeltaPerformer::kMetadataParseSuccess);
+  LOG(INFO) << "Metadata size: " << *out_metadata_size;
+  out_payload->swap(payload);
+  return true;
+}
+
 // Given an unsigned payload under |payload_path| and the |signature_blob_size|
 // generates an updated payload that includes a dummy signature op in its
 // manifest. Returns true on success, false otherwise.
-bool AddSignatureOpToPayload(const std::string& payload_path,
+bool AddSignatureOpToPayload(const string& payload_path,
                              int signature_blob_size,
                              vector<char>* out_payload) {
   const int kProtobufOffset = 20;
   const int kProtobufSizeOffset = 12;
 
+  // Loads the payload.
   vector<char> payload;
-  // Loads the payload and parses the manifest.
-  TEST_AND_RETURN_FALSE(utils::ReadFile(payload_path, &payload));
-  LOG(INFO) << "Original payload size: " << payload.size();
+  DeltaArchiveManifest manifest;
   uint64_t metadata_size;
-  DeltaArchiveManifest manifest;
-  TEST_AND_RETURN_FALSE(DeltaPerformer::ParsePayloadMetadata(
-      payload, &manifest, &metadata_size) ==
-                        DeltaPerformer::kMetadataParseSuccess);
-  LOG(INFO) << "Metadata size: " << metadata_size;
+  TEST_AND_RETURN_FALSE(LoadPayload(
+      payload_path, &payload, &manifest, &metadata_size));
   TEST_AND_RETURN_FALSE(!manifest.has_signatures_offset() &&
                         !manifest.has_signatures_size());
 
   // Updates the manifest to include the signature operation.
   DeltaDiffGenerator::AddSignatureOp(payload.size() - metadata_size,
                                      signature_blob_size,
                                      &manifest);
 
   // Updates the payload to include the new manifest.
   string serialized_manifest;
@@ skipping 135 matching lines @@
       rsa,
       RSA_PKCS1_PADDING);
   RSA_free(rsa);
   TEST_AND_RETURN_FALSE(decrypt_size > 0 &&
                         decrypt_size <= static_cast<int>(hash_data.size()));
   hash_data.resize(decrypt_size);
   out_hash_data->swap(hash_data);
   return true;
 }
 
+bool PayloadSigner::VerifySignedPayload(const std::string& payload_path,
+                                        const std::string& public_key_path) {
+  vector<char> payload;
+  DeltaArchiveManifest manifest;
+  uint64_t metadata_size;
+  TEST_AND_RETURN_FALSE(LoadPayload(
+      payload_path, &payload, &manifest, &metadata_size));
+  TEST_AND_RETURN_FALSE(manifest.has_signatures_offset() &&
+                        manifest.has_signatures_size());
+  CHECK_EQ(payload.size(),
+           metadata_size + manifest.signatures_offset() +
+           manifest.signatures_size());
+  vector<char> signature_blob(
+      payload.begin() + metadata_size + manifest.signatures_offset(),
+      payload.end());
+  vector<char> signed_hash;
+  TEST_AND_RETURN_FALSE(VerifySignature(
+      signature_blob, public_key_path, &signed_hash));
+  TEST_AND_RETURN_FALSE(!signed_hash.empty());
+  vector<char> hash;
+  TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(
+      payload.data(), metadata_size + manifest.signatures_offset(), &hash));
+  TEST_AND_RETURN_FALSE(hash == signed_hash);
+  return true;
+}
+
 bool PayloadSigner::HashPayloadForSigning(const std::string& payload_path,
                                           int signature_size,
                                           vector<char>* out_hash_data) {
   // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
 
   // Loads the payload and adds the signature op to it.
   vector<char> signature(signature_size, 0);
   vector<char> signature_blob;
   TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signature,
                                                        &signature_blob));
@@ skipping 25 matching lines @@
   // payload.
   payload.insert(payload.end(), signature_blob.begin(), signature_blob.end());
   LOG(INFO) << "Signed payload size: " << payload.size();
   TEST_AND_RETURN_FALSE(utils::WriteFile(signed_payload_path.c_str(),
                                          payload.data(),
                                          payload.size()));
   return true;
 }
 
 }  // namespace chromeos_update_engine