Generate and validate per-operation hashes
As part of securing the HTTP-based updates, we want to add a SHA256 hash
of the data blob for each operation so that they can't be tampered with
by a man in the middle. This CL adds support for generating and
including such hashes for each operation in the payload as well as
validating them in update_engine, if present.
BUG=chromium-os:34298
TEST=Tested on ZGB to make sure existing functionality works fine.
Existing unit tests cover all the new code paths.
Change-Id: Ie42ed1930a66ceaf183f36ce3af0dea719e44237
Reviewed-on: https://gerrit.chromium.org/gerrit/33389
Reviewed-by: Don Garrett <dgarrett@chromium.org>
Commit-Ready: Jay Srinivasan <jaysri@chromium.org>
Tested-by: Jay Srinivasan <jaysri@chromium.org>
diff --git a/delta_diff_generator.h b/delta_diff_generator.h
index b646545..f4717e7 100644
--- a/delta_diff_generator.h
+++ b/delta_diff_generator.h
@@ -170,6 +170,15 @@
const std::string& data_blobs_path,
const std::string& new_data_blobs_path);
+ // Computes a SHA256 hash of the given buf and sets the hash value in the
+ // operation so that update_engine could verify. This hash should be set
+ // for all operations that have a non-zero data blob. One exception is the
+ // dummy operation for signature blob because the contents of the signature
+ // blob will not be available at payload creation time. So, update_engine will
+ // gracefully ignore the dummy signature operation.
+ static bool AddOperationHash(DeltaArchiveManifest_InstallOperation* op,
+ const std::vector<char>& buf);
+
// Handles allocation of temp blocks to a cut edge by converting the
// dest node to a full op. This removes the need for temp blocks, but
// comes at the cost of a worse compression ratio.