Google Git
Sign in
chromium / aosp / platform / system / update_engine / refs/heads/stabilize-13505.73.B^! / .
commit663bc3f3642fedc131c788a814f40c39d2a45076[log] [tgz]
authorAmin Hassani <[email protected]>Tue Oct 06 22:53:29 2020
committerCommit Bot <[email protected]>Fri Oct 09 20:37:33 2020
tree38d4b9da8920abe1ffcd1743f55636506890cbb2
parent7d192200b897a9d65912e270691e5a3c8a8ff1a7 [diff]
update_engine: Verify payload hash before its signature

The test images don't have public key nor they are signed, so some of
the autotests have been failing because they can't verify the rejection
behavior of mismatched update payload hash. So we need to check for the
hash before checking for the signature.

BUG=b:170254160
TEST=test_that chromeos6-row4-rack9-host19.cros autoupdate_OmahaResponse.bad_sha256.full

Change-Id: Ice4f9d827fb913e6eec55c922163cba0de98ebb9
Reviewed-on: https://chromium-review.googlesource.com/c/aosp/platform/system/update_engine/+/2454830
Tested-by: Amin Hassani <[email protected]>
Reviewed-by: Tianjie Xu <[email protected]>
Reviewed-by: Jae Hoon Kim <[email protected]>
Reviewed-by: Amin Hassani <[email protected]>
Commit-Queue: Amin Hassani <[email protected]>
(cherry picked from commit e331f5a9cb761d0f656872a8639e650ac7da7493)
Reviewed-on: https://chromium-review.googlesource.com/c/aosp/platform/system/update_engine/+/2462058

diff --git a/payload_consumer/delta_performer.cc b/payload_consumer/delta_performer.cc
index 08eba02..d2ed24a 100644
--- a/payload_consumer/delta_performer.cc
+++ b/payload_consumer/delta_performer.cc

@@ -1802,6 +1802,13 @@
     return ErrorCode::kPayloadSizeMismatchError;
   }
 
+  // Verifies the payload hash.
+  TEST_AND_RETURN_VAL(ErrorCode::kDownloadPayloadVerificationError,
+                      !payload_hash_calculator_.raw_hash().empty());
+  TEST_AND_RETURN_VAL(
+      ErrorCode::kPayloadHashMismatchError,
+      payload_hash_calculator_.raw_hash() == update_check_response_hash);
+
   auto [payload_verifier, perform_verification] = CreatePayloadVerifier();
   if (!perform_verification) {
     LOG(WARNING) << "Not verifying signed delta payload -- missing public key.";
@@ -1812,13 +1819,6 @@
     return ErrorCode::kDownloadPayloadPubKeyVerificationError;
   }
 
-  // Verifies the payload hash.
-  TEST_AND_RETURN_VAL(ErrorCode::kDownloadPayloadVerificationError,
-                      !payload_hash_calculator_.raw_hash().empty());
-  TEST_AND_RETURN_VAL(
-      ErrorCode::kPayloadHashMismatchError,
-      payload_hash_calculator_.raw_hash() == update_check_response_hash);
-
   TEST_AND_RETURN_VAL(ErrorCode::kSignedDeltaPayloadExpectedError,
                       !signatures_message_data_.empty());
   brillo::Blob hash_data = signed_hash_calculator_.raw_hash();