delta_performer.cc - Issue 6778029: AU: detect failure when using public key verification

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: delta_performer.cc

Issue 6778029: AU: detect failure when using public key verification (Closed) Base URL: http://git.chromium.org/git/update_engine.git@master

Patch Set: merge master Created 9 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: delta_performer.cc

diff --git a/delta_performer.cc b/delta_performer.cc

index 54a69fb132f234dbb57088df09086ba8b64a4ca8..b5d1cff9c0d2058f0af2b953613dc9a69186625e 100644

--- a/delta_performer.cc

+++ b/delta_performer.cc

@@ -569,10 +569,22 @@ bool DeltaPerformer::ExtractSignatureMessage(

return true;

}

+#define TEST_SET_TRUE_RET_TRUE(_ptr, _condition) \

+ do { \

+ if (!(_condition)) { \

+ LOG(ERROR) << "Non fatal public key verification: " << #_condition; \

+ if (_ptr) { \

+ *(_ptr) = true; \

+ } \

+ return true; \

+ } \

+ } while(0)

bool DeltaPerformer::VerifyPayload(

const string& public_key_path,

const std::string& update_check_response_hash,

- const uint64_t update_check_response_size) {

+ const uint64_t update_check_response_size,

+ bool* signature_failed) {

string key_path = public_key_path;

if (key_path.empty()) {

key_path = kUpdatePayloadPublicKeyPath;

@@ -593,21 +605,35 @@ bool DeltaPerformer::VerifyPayload(

LOG(WARNING) << "Not verifying signed delta payload -- missing public key.";

return true;

}

- TEST_AND_RETURN_FALSE(!signatures_message_data_.empty());

+ TEST_SET_TRUE_RET_TRUE(signature_failed, !signatures_message_data_.empty());

vector<char> signed_hash_data;

- TEST_AND_RETURN_FALSE(PayloadSigner::VerifySignature(signatures_message_data_,

- key_path,

- &signed_hash_data));

+ TEST_SET_TRUE_RET_TRUE(signature_failed, PayloadSigner::VerifySignature(

+ signatures_message_data_,

+ key_path,

+ &signed_hash_data));

OmahaHashCalculator signed_hasher;

- TEST_AND_RETURN_FALSE(signed_hasher.SetContext(signed_hash_context_));

- TEST_AND_RETURN_FALSE(signed_hasher.Finalize());

+ TEST_SET_TRUE_RET_TRUE(signature_failed,

+ signed_hasher.SetContext(signed_hash_context_));

+ TEST_SET_TRUE_RET_TRUE(signature_failed,

+ signed_hasher.Finalize());

vector<char> hash_data = signed_hasher.raw_hash();

PayloadSigner::PadRSA2048SHA256Hash(&hash_data);

- TEST_AND_RETURN_FALSE(!hash_data.empty());

- TEST_AND_RETURN_FALSE(hash_data == signed_hash_data);

+ TEST_SET_TRUE_RET_TRUE(signature_failed, !hash_data.empty());

+ if (hash_data != signed_hash_data) {

+ LOG(ERROR) << "Public key verificaion failed. This is non-fatal. "

+ "Attached Signature:";

+ utils::HexDumpVector(signed_hash_data);

+ LOG(ERROR) << "Computed Signature:";

+ utils::HexDumpVector(hash_data);

+ if (signature_failed) {

+ *signature_failed = true;

+ }

return true;

}

+#undef TEST_SET_TRUE_RET_TRUE

bool DeltaPerformer::GetNewPartitionInfo(uint64_t* kernel_size,

vector<char>* kernel_hash,

uint64_t* rootfs_size,

« no previous file with comments | « delta_performer.h ('k') | delta_performer_unittest.cc » ('j') | no next file with comments »