Store raw payload hash blob in install plan.
We were using a custom sha256 pair in Omaha response, now that Omaha
has a standard hash_sha256 field in package, we should use that instead.
The difference is that hash_sha256 is encoded in hex instead of base64,
but the android payload property is still using base64, to be backward
compatible, we have to keep accepting base64 there, to avoid decoding
and then re-encoding to another encoding, we store the decoded raw hash.
Also removed the hash() related functions in HashCalculator, since it's
rarely used and the caller should encode it in whatever encoding they
want.
Also make use of RawHashOfBytes to simply code in a few places.
Bug: 36252799
Test: update_engine_unittests
Change-Id: Iaa02611b4c9cda3ead5de51e777e8caba6d99d93
(cherry picked from commit f14d51b6823522f6b2eb834f9e14d72c8363a3ad)
diff --git a/payload_consumer/delta_performer.cc b/payload_consumer/delta_performer.cc
index e442441..21299d7 100644
--- a/payload_consumer/delta_performer.cc
+++ b/payload_consumer/delta_performer.cc
@@ -1361,14 +1361,13 @@
LOG(INFO) << "Verifying metadata hash signature using public key: "
<< path_to_public_key.value();
- HashCalculator metadata_hasher;
- metadata_hasher.Update(payload.data(), metadata_size_);
- if (!metadata_hasher.Finalize()) {
+ brillo::Blob calculated_metadata_hash;
+ if (!HashCalculator::RawHashOfBytes(
+ payload.data(), metadata_size_, &calculated_metadata_hash)) {
LOG(ERROR) << "Unable to compute actual hash of manifest";
return ErrorCode::kDownloadMetadataSignatureVerificationError;
}
- brillo::Blob calculated_metadata_hash = metadata_hasher.raw_hash();
PayloadVerifier::PadRSA2048SHA256Hash(&calculated_metadata_hash);
if (calculated_metadata_hash.empty()) {
LOG(ERROR) << "Computed actual hash of metadata is empty.";
@@ -1515,15 +1514,14 @@
(operation.data_sha256_hash().data() +
operation.data_sha256_hash().size()));
- HashCalculator operation_hasher;
- operation_hasher.Update(buffer_.data(), operation.data_length());
- if (!operation_hasher.Finalize()) {
+ brillo::Blob calculated_op_hash;
+ if (!HashCalculator::RawHashOfBytes(
+ buffer_.data(), operation.data_length(), &calculated_op_hash)) {
LOG(ERROR) << "Unable to compute actual hash of operation "
<< next_operation_num_;
return ErrorCode::kDownloadOperationHashVerificationError;
}
- brillo::Blob calculated_op_hash = operation_hasher.raw_hash();
if (calculated_op_hash != expected_op_hash) {
LOG(ERROR) << "Hash verification failed for operation "
<< next_operation_num_ << ". Expected hash = ";
@@ -1546,7 +1544,7 @@
} while (0);
ErrorCode DeltaPerformer::VerifyPayload(
- const string& update_check_response_hash,
+ const brillo::Blob& update_check_response_hash,
const uint64_t update_check_response_size) {
// See if we should use the public RSA key in the Omaha response.
@@ -1568,11 +1566,11 @@
buffer_offset_);
// Verifies the payload hash.
- const string& payload_hash_data = payload_hash_calculator_.hash();
TEST_AND_RETURN_VAL(ErrorCode::kDownloadPayloadVerificationError,
- !payload_hash_data.empty());
- TEST_AND_RETURN_VAL(ErrorCode::kPayloadHashMismatchError,
- payload_hash_data == update_check_response_hash);
+ !payload_hash_calculator_.raw_hash().empty());
+ TEST_AND_RETURN_VAL(
+ ErrorCode::kPayloadHashMismatchError,
+ payload_hash_calculator_.raw_hash() == update_check_response_hash);
// Verifies the signed payload hash.
if (!utils::FileExists(path_to_public_key.value().c_str())) {
diff --git a/payload_consumer/delta_performer.h b/payload_consumer/delta_performer.h
index 71d7178..7fe2cd2 100644
--- a/payload_consumer/delta_performer.h
+++ b/payload_consumer/delta_performer.h
@@ -113,13 +113,13 @@
bool IsManifestValid();
// Verifies the downloaded payload against the signed hash included in the
- // payload, against the update check hash (which is in base64 format) and
- // size using the public key and returns ErrorCode::kSuccess on success, an
- // error code on failure. This method should be called after closing the
- // stream. Note this method skips the signed hash check if the public key is
- // unavailable; it returns ErrorCode::kSignedDeltaPayloadExpectedError if the
- // public key is available but the delta payload doesn't include a signature.
- ErrorCode VerifyPayload(const std::string& update_check_response_hash,
+ // payload, against the update check hash and size using the public key and
+ // returns ErrorCode::kSuccess on success, an error code on failure.
+ // This method should be called after closing the stream. Note this method
+ // skips the signed hash check if the public key is unavailable; it returns
+ // ErrorCode::kSignedDeltaPayloadExpectedError if the public key is available
+ // but the delta payload doesn't include a signature.
+ ErrorCode VerifyPayload(const brillo::Blob& update_check_response_hash,
const uint64_t update_check_response_size);
// Converts an ordered collection of Extent objects which contain data of
diff --git a/payload_consumer/delta_performer_integration_test.cc b/payload_consumer/delta_performer_integration_test.cc
index afbb8dc..e87a907 100644
--- a/payload_consumer/delta_performer_integration_test.cc
+++ b/payload_consumer/delta_performer_integration_test.cc
@@ -854,11 +854,11 @@
int expected_times = (expected_result == ErrorCode::kSuccess) ? 1 : 0;
EXPECT_CALL(state->mock_delegate_, DownloadComplete()).Times(expected_times);
- LOG(INFO) << "Verifying payload for expected result "
- << expected_result;
- EXPECT_EQ(expected_result, performer->VerifyPayload(
- HashCalculator::HashOfData(state->delta),
- state->delta.size()));
+ LOG(INFO) << "Verifying payload for expected result " << expected_result;
+ brillo::Blob expected_hash;
+ HashCalculator::RawHashOfData(state->delta, &expected_hash);
+ EXPECT_EQ(expected_result,
+ performer->VerifyPayload(expected_hash, state->delta.size()));
LOG(INFO) << "Verified payload.";
if (expected_result != ErrorCode::kSuccess) {
diff --git a/payload_consumer/download_action.cc b/payload_consumer/download_action.cc
index 084848e..65ae1ab 100644
--- a/payload_consumer/download_action.cc
+++ b/payload_consumer/download_action.cc
@@ -23,7 +23,6 @@
#include <vector>
#include <base/files/file_path.h>
-#include <base/strings/stringprintf.h>
#include "update_engine/common/action_pipe.h"
#include "update_engine/common/boot_control_interface.h"
diff --git a/payload_consumer/download_action_unittest.cc b/payload_consumer/download_action_unittest.cc
index 5e9ef5c..4392b74 100644
--- a/payload_consumer/download_action_unittest.cc
+++ b/payload_consumer/download_action_unittest.cc
@@ -139,13 +139,13 @@
0, writer.Open(output_temp_file.path().c_str(), O_WRONLY | O_CREAT, 0));
writer.set_fail_write(fail_write);
- // We pull off the first byte from data and seek past it.
- string hash = HashCalculator::HashOfBytes(&data[1], data.size() - 1);
uint64_t size = data.size();
InstallPlan install_plan;
install_plan.payload_type = InstallPayloadType::kDelta;
install_plan.payload_size = size;
- install_plan.payload_hash = hash;
+ // We pull off the first byte from data and seek past it.
+ EXPECT_TRUE(HashCalculator::RawHashOfBytes(
+ &data[1], data.size() - 1, &install_plan.payload_hash));
install_plan.source_slot = 0;
install_plan.target_slot = 1;
// We mark both slots as bootable. Only the target slot should be unbootable
@@ -371,7 +371,7 @@
// takes ownership of passed in HttpFetcher
InstallPlan install_plan;
install_plan.payload_size = 1;
- install_plan.payload_hash = HashCalculator::HashOfString("x");
+ EXPECT_TRUE(HashCalculator::RawHashOfData({'x'}, &install_plan.payload_hash));
ObjectFeederAction<InstallPlan> feeder_action;
feeder_action.set_obj(install_plan);
MockPrefs prefs;
@@ -456,7 +456,7 @@
0, writer.Open(output_temp_file.path().c_str(), O_WRONLY | O_CREAT, 0));
InstallPlan install_plan;
install_plan.payload_size = data_.length();
- install_plan.payload_hash = "1234hash";
+ install_plan.payload_hash = {'1', '2', '3', '4', 'h', 'a', 's', 'h'};
ObjectFeederAction<InstallPlan> feeder_action;
feeder_action.set_obj(install_plan);
MockPrefs prefs;
@@ -569,7 +569,8 @@
// Prepare the file with existing data before starting to write to
// it via DownloadAction.
- string file_id = utils::CalculateP2PFileId("1234hash", data_.length());
+ string file_id = utils::CalculateP2PFileId(
+ {'1', '2', '3', '4', 'h', 'a', 's', 'h'}, data_.length());
ASSERT_TRUE(p2p_manager_->FileShare(file_id, data_.length()));
string existing_data;
for (unsigned int i = 0; i < 1000; i++)
@@ -606,7 +607,8 @@
// Prepare the file with all existing data before starting to write
// to it via DownloadAction.
- string file_id = utils::CalculateP2PFileId("1234hash", data_.length());
+ string file_id = utils::CalculateP2PFileId(
+ {'1', '2', '3', '4', 'h', 'a', 's', 'h'}, data_.length());
ASSERT_TRUE(p2p_manager_->FileShare(file_id, data_.length()));
string existing_data;
for (unsigned int i = 0; i < 1000; i++)
diff --git a/payload_consumer/filesystem_verifier_action.cc b/payload_consumer/filesystem_verifier_action.cc
index 5156f96..4f30582 100644
--- a/payload_consumer/filesystem_verifier_action.cc
+++ b/payload_consumer/filesystem_verifier_action.cc
@@ -34,16 +34,13 @@
#include "update_engine/payload_consumer/delta_performer.h"
#include "update_engine/payload_consumer/payload_constants.h"
+using brillo::data_encoding::Base64Encode;
using std::string;
namespace chromeos_update_engine {
namespace {
const off_t kReadFileBufferSize = 128 * 1024;
-
-string StringForHashBytes(const brillo::Blob& hash) {
- return brillo::data_encoding::Base64Encode(hash.data(), hash.size());
-}
} // namespace
void FilesystemVerifierAction::PerformAction() {
@@ -199,7 +196,8 @@
}
InstallPlan::Partition& partition =
install_plan_.partitions[partition_index_];
- LOG(INFO) << "Hash of " << partition.name << ": " << hasher_->hash();
+ LOG(INFO) << "Hash of " << partition.name << ": "
+ << Base64Encode(hasher_->raw_hash());
switch (verifier_step_) {
case VerifierStep::kVerifyTargetHash:
@@ -231,9 +229,9 @@
" means that the delta I've been given doesn't match my"
" existing system. The "
<< partition.name << " partition I have has hash: "
- << StringForHashBytes(hasher_->raw_hash())
+ << Base64Encode(hasher_->raw_hash())
<< " but the update expected me to have "
- << StringForHashBytes(partition.source_hash) << " .";
+ << Base64Encode(partition.source_hash) << " .";
LOG(INFO) << "To get the checksum of the " << partition.name
<< " partition run this command: dd if="
<< partition.source_path
diff --git a/payload_consumer/install_plan.cc b/payload_consumer/install_plan.cc
index b04da74..fff0ac2 100644
--- a/payload_consumer/install_plan.cc
+++ b/payload_consumer/install_plan.cc
@@ -18,6 +18,7 @@
#include <base/format_macros.h>
#include <base/logging.h>
+#include <base/strings/string_number_conversions.h>
#include <base/strings/stringprintf.h>
#include "update_engine/common/utils.h"
@@ -68,19 +69,17 @@
utils::ToString(partition.run_postinstall).c_str());
}
- LOG(INFO) << "InstallPlan: "
- << (is_resume ? "resume" : "new_update")
+ LOG(INFO) << "InstallPlan: " << (is_resume ? "resume" : "new_update")
<< ", payload type: " << InstallPayloadTypeToString(payload_type)
<< ", source_slot: " << BootControlInterface::SlotName(source_slot)
<< ", target_slot: " << BootControlInterface::SlotName(target_slot)
- << ", url: " << download_url
- << ", payload size: " << payload_size
- << ", payload hash: " << payload_hash
+ << ", url: " << download_url << ", payload size: " << payload_size
+ << ", payload hash: "
+ << base::HexEncode(payload_hash.data(), payload_hash.size())
<< ", metadata size: " << metadata_size
- << ", metadata signature: " << metadata_signature
- << partitions_str
- << ", hash_checks_mandatory: " << utils::ToString(
- hash_checks_mandatory)
+ << ", metadata signature: " << metadata_signature << partitions_str
+ << ", hash_checks_mandatory: "
+ << utils::ToString(hash_checks_mandatory)
<< ", powerwash_required: " << utils::ToString(powerwash_required);
}
diff --git a/payload_consumer/install_plan.h b/payload_consumer/install_plan.h
index 3f0005c..0e25cc3 100644
--- a/payload_consumer/install_plan.h
+++ b/payload_consumer/install_plan.h
@@ -57,7 +57,7 @@
std::string version; // version we are installing.
uint64_t payload_size{0}; // size of the payload
- std::string payload_hash; // SHA256 hash of the payload
+ brillo::Blob payload_hash; // SHA256 hash of the payload
uint64_t metadata_size{0}; // size of the metadata
std::string metadata_signature; // signature of the metadata