Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / 771e1bd1ed58ef791ccc41a2b9d96e257403abec^! / . / delta_performer.h
commit771e1bd1ed58ef791ccc41a2b9d96e257403abec[log] [tgz]
authorAndrew de los Reyes <adlr@chromium.org>Tue Aug 30 14:47:23 2011 -0700
committerAndrew de los Reyes <adlr@chromium.org>Thu Sep 01 09:34:02 2011 -0700
tree4845a32f83ef7dc6bba5ad2d0476c24e1ca91d13
parent2d12158ad728c7337a3314272f3e3438aeee3b18 [diff] [blame]
Make public key verification check binding.

Until now, we've just warned on failure. This CL makes the update fail
if the check fails.

BUG=chromium-os:19872
TEST=unittests; tested on device

Change-Id: I485b2548849f46d2b802c478736671bb44a85aab
Reviewed-on: http://gerrit.chromium.org/gerrit/6998
Reviewed-by: Darin Petkov <petkov@chromium.org>
Tested-by: Andrew de los Reyes <adlr@chromium.org>

diff --git a/delta_performer.h b/delta_performer.h
index a80e180..5c1f3ab 100644
--- a/delta_performer.h
+++ b/delta_performer.h

@@ -61,18 +61,16 @@
   int Close();
 
   // Verifies the downloaded payload against the signed hash included in the
-  // payload as well as against the update check hash and size and returns true
-  // on success, false on failure. This method should be called after closing
-  // the stream. Note this method skips the signed hash check if the public key
-  // is unavailable; it returns false if the public key is available but the
-  // delta payload doesn't include a signature. If |public_key_path| is an empty
-  // string, uses the default public key path.
-  // If the signature check fails, *signature_failed will be set to true (if
-  // it's non-NULL); this will not cause the method to fail.
-  bool VerifyPayload(const std::string& public_key_path,
-                     const std::string& update_check_response_hash,
-                     const uint64_t update_check_response_size,
-                     bool* signature_failed);
+  // payload, against the update check hash and size, and against the public
+  // key and returns kActionCodeSuccess on success, an error code on failure.
+  // This method should be called after closing the stream. Note this method
+  // skips the signed hash check if the public key is unavailable; it returns
+  // kActionCodeSignedDeltaPayloadExpectedError if the public key
+  // is available but the delta payload doesn't include a signature. If
+  // |public_key_path| is an empty string, uses the default public key path.
+  ActionExitCode VerifyPayload(const std::string& public_key_path,
+                               const std::string& update_check_response_hash,
+                               const uint64_t update_check_response_size);
 
   // Reads from the update manifest the expected sizes and hashes of the target
   // kernel and rootfs partitions. These values can be used for applied update