AU: detect failure when using public key verification

delta_performer.cc

Index: delta_performer.cc
diff --git a/delta_performer.cc b/delta_performer.cc
index 54a69fb132f234dbb57088df09086ba8b64a4ca8..e841be1624b754c632b4e1d4f44cd2e3c4116a19 100644
--- a/delta_performer.cc
+++ b/delta_performer.cc
@@ -569,10 +569,20 @@ bool DeltaPerformer::ExtractSignatureMessage(
   return true;
 }
 
+#define TEST_SET_TRUE_RET_TRUE(_var, _condition)                        \
+  do {                                                                  \
+    if (!(_condition)) {                                                \
+      LOG(ERROR) << "Non fatal public key verification: " << #_condition; \
+      (_var) = true;                                                    \
+      return true;                                                      \
+    }                                                                   \
+  } while(0)
+
 bool DeltaPerformer::VerifyPayload(
     const string& public_key_path,
     const std::string& update_check_response_hash,
-    const uint64_t update_check_response_size) {
+    const uint64_t update_check_response_size,
+    bool* signature_failed) {
   string key_path = public_key_path;
   if (key_path.empty()) {
     key_path = kUpdatePayloadPublicKeyPath;
@@ -593,21 +603,35 @@ bool DeltaPerformer::VerifyPayload(
     LOG(WARNING) << "Not verifying signed delta payload -- missing public key.";
     return true;
   }
-  TEST_AND_RETURN_FALSE(!signatures_message_data_.empty());
+  TEST_SET_TRUE_RET_TRUE(*signature_failed, !signatures_message_data_.empty());

[petkov, 2011/03/30 22:10:21]

This doesn't check for signature_failed != NULL? Either fix the code or update
the docstring in the .h to account for the fact that signature_failed can't be
NULL.

[adlr, 2011/03/30 22:30:06]

Fixed to accept NULL

   vector<char> signed_hash_data;
-  TEST_AND_RETURN_FALSE(PayloadSigner::VerifySignature(signatures_message_data_,
-                                                       key_path,
-                                                       &signed_hash_data));
+  TEST_SET_TRUE_RET_TRUE(*signature_failed, PayloadSigner::VerifySignature(
+      signatures_message_data_,
+      key_path,
+      &signed_hash_data));
   OmahaHashCalculator signed_hasher;
-  TEST_AND_RETURN_FALSE(signed_hasher.SetContext(signed_hash_context_));
-  TEST_AND_RETURN_FALSE(signed_hasher.Finalize());
+  TEST_SET_TRUE_RET_TRUE(*signature_failed,
+                         signed_hasher.SetContext(signed_hash_context_));
+  TEST_SET_TRUE_RET_TRUE(*signature_failed,
+                         signed_hasher.Finalize());
   vector<char> hash_data = signed_hasher.raw_hash();
   PayloadSigner::PadRSA2048SHA256Hash(&hash_data);
-  TEST_AND_RETURN_FALSE(!hash_data.empty());
-  TEST_AND_RETURN_FALSE(hash_data == signed_hash_data);
+  TEST_SET_TRUE_RET_TRUE(*signature_failed, !hash_data.empty());
+  if (hash_data != signed_hash_data) {
+    LOG(ERROR) << "Public key verificaion failed. This is non-fatal. "
+        "Attached Signature:";
+    utils::HexDumpVector(signed_hash_data);
+    LOG(ERROR) << "Computed Signature:";
+    utils::HexDumpVector(hash_data);
+    if (signature_failed) {
+      *signature_failed = true;
+    }
+  }
   return true;
 }
 
+#undef TEST_SET_TRUE_RET_TRUE
+
 bool DeltaPerformer::GetNewPartitionInfo(uint64_t* kernel_size,
                                          vector<char>* kernel_hash,
                                          uint64_t* rootfs_size,