Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / e331f5a9cb761d0f656872a8639e650ac7da7493^! / .
commite331f5a9cb761d0f656872a8639e650ac7da7493[log] [tgz]
authorAmin Hassani <ahassani@chromium.org>Tue Oct 06 15:53:29 2020 -0700
committerCommit Bot <commit-bot@chromium.org>Thu Oct 08 00:18:16 2020 +0000
tree38d4b9da8920abe1ffcd1743f55636506890cbb2
parent7d192200b897a9d65912e270691e5a3c8a8ff1a7 [diff]
update_engine: Verify payload hash before its signature

The test images don't have public key nor they are signed, so some of
the autotests have been failing because they can't verify the rejection
behavior of mismatched update payload hash. So we need to check for the
hash before checking for the signature.

BUG=b:170254160
TEST=test_that chromeos6-row4-rack9-host19.cros autoupdate_OmahaResponse.bad_sha256.full

Change-Id: Ice4f9d827fb913e6eec55c922163cba0de98ebb9
Reviewed-on: https://chromium-review.googlesource.com/c/aosp/platform/system/update_engine/+/2454830
Tested-by: Amin Hassani <ahassani@chromium.org>
Reviewed-by: Tianjie Xu <xunchang@google.com>
Reviewed-by: Jae Hoon Kim <kimjae@chromium.org>
Reviewed-by: Amin Hassani <ahassani@chromium.org>
Commit-Queue: Amin Hassani <ahassani@chromium.org>

diff --git a/payload_consumer/delta_performer.cc b/payload_consumer/delta_performer.cc
index 08eba02..d2ed24a 100644
--- a/payload_consumer/delta_performer.cc
+++ b/payload_consumer/delta_performer.cc

@@ -1802,6 +1802,13 @@
     return ErrorCode::kPayloadSizeMismatchError;
   }
 
+  // Verifies the payload hash.
+  TEST_AND_RETURN_VAL(ErrorCode::kDownloadPayloadVerificationError,
+                      !payload_hash_calculator_.raw_hash().empty());
+  TEST_AND_RETURN_VAL(
+      ErrorCode::kPayloadHashMismatchError,
+      payload_hash_calculator_.raw_hash() == update_check_response_hash);
+
   auto [payload_verifier, perform_verification] = CreatePayloadVerifier();
   if (!perform_verification) {
     LOG(WARNING) << "Not verifying signed delta payload -- missing public key.";
@@ -1812,13 +1819,6 @@
     return ErrorCode::kDownloadPayloadPubKeyVerificationError;
   }
 
-  // Verifies the payload hash.
-  TEST_AND_RETURN_VAL(ErrorCode::kDownloadPayloadVerificationError,
-                      !payload_hash_calculator_.raw_hash().empty());
-  TEST_AND_RETURN_VAL(
-      ErrorCode::kPayloadHashMismatchError,
-      payload_hash_calculator_.raw_hash() == update_check_response_hash);
-
   TEST_AND_RETURN_VAL(ErrorCode::kSignedDeltaPayloadExpectedError,
                       !signatures_message_data_.empty());
   brillo::Blob hash_data = signed_hash_calculator_.raw_hash();