Make hash checks mandatory for HTTP downloads.
Currently we've made all the checks for metadata size, metadata signature
and operation hashes as optional. While they are still optional if we use
HTTPS for downloading the payload, we want to make them mandatory in case
of HTTP, so as to support HTTP downloads.
In this CL, we make these checks mandatory if the Omaha response has a
HTTP URL. This will not affect any scenarios of our test team because they
always use HTTPS URLs for payload URLs. But this would break the dev tools
and our hardware test lab scenarios because they use HTTP URLs and do not
generate the required manifest signature yet. So we waive this requirement
for dev/test images even though they use HTTP.
This CL will not have any effect until we decide to add a HTTP rule in
Omaha, which serves as a safety knob till we are confident with our
testing.
BUG=chromium-os:36808
TEST=Existing unit tests pass. Added new unit tests for most new code.
TEST=Ran manual tests on ZGB for every type of hash failure for HTTP.
TEST=Tested image_to_live to make sure hash checks are waived as expected.
Change-Id: I8c4408e3052635ccf4bee0c848781733c1f8e984
Reviewed-on: https://gerrit.chromium.org/gerrit/39293
Reviewed-by: Gaurav Shah <gauravsh@chromium.org>
Commit-Ready: Jay Srinivasan <jaysri@chromium.org>
Reviewed-by: Jay Srinivasan <jaysri@chromium.org>
Tested-by: Jay Srinivasan <jaysri@chromium.org>
diff --git a/payload_signer.cc b/payload_signer.cc
index b75f393..ff60949 100644
--- a/payload_signer.cc
+++ b/payload_signer.cc
@@ -80,10 +80,13 @@
// Given an unsigned payload under |payload_path| and the |signature_blob_size|
// generates an updated payload that includes a dummy signature op in its
-// manifest. Returns true on success, false otherwise.
+// manifest. It populates |out_metadata_size| with the size of the final
+// manifest after adding the dummy signature operation. Returns true on
+// success, false otherwise.
bool AddSignatureOpToPayload(const string& payload_path,
int signature_blob_size,
- vector<char>* out_payload) {
+ vector<char>* out_payload,
+ uint64_t* out_metadata_size) {
const int kProtobufOffset = 20;
const int kProtobufSizeOffset = 12;
@@ -116,6 +119,7 @@
memcpy(&payload[kProtobufSizeOffset], &size_be, sizeof(size_be));
LOG(INFO) << "Updated payload size: " << payload.size();
out_payload->swap(payload);
+ *out_metadata_size = serialized_manifest.size() + kProtobufOffset;
return true;
}
} // namespace {}
@@ -344,9 +348,11 @@
TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures,
&signature_blob));
vector<char> payload;
+ uint64_t final_metadata_size;
TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path,
signature_blob.size(),
- &payload));
+ &payload,
+ &final_metadata_size));
// Calculates the hash on the updated payload. Note that the payload includes
// the signature op but doesn't include the signature blob at the end.
TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfData(payload,
@@ -373,7 +379,8 @@
bool PayloadSigner::AddSignatureToPayload(
const string& payload_path,
const vector<vector<char> >& signatures,
- const string& signed_payload_path) {
+ const string& signed_payload_path,
+ uint64_t *out_metadata_size) {
// TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
// Loads the payload and adds the signature op to it.
@@ -383,7 +390,8 @@
vector<char> payload;
TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path,
signature_blob.size(),
- &payload));
+ &payload,
+ out_metadata_size));
// Appends the signature blob to the end of the payload and writes the new
// payload.
payload.insert(payload.end(), signature_blob.begin(), signature_blob.end());