Store raw payload hash blob in install plan.
We were using a custom sha256 pair in Omaha response, now that Omaha
has a standard hash_sha256 field in package, we should use that instead.
The difference is that hash_sha256 is encoded in hex instead of base64,
but the android payload property is still using base64, to be backward
compatible, we have to keep accepting base64 there, to avoid decoding
and then re-encoding to another encoding, we store the decoded raw hash.
Also removed the hash() related functions in HashCalculator, since it's
rarely used and the caller should encode it in whatever encoding they
want.
Also make use of RawHashOfBytes to simply code in a few places.
Bug: 36252799
Test: update_engine_unittests
Change-Id: Iaa02611b4c9cda3ead5de51e777e8caba6d99d93
(cherry picked from commit f14d51b6823522f6b2eb834f9e14d72c8363a3ad)
diff --git a/common/hash_calculator.cc b/common/hash_calculator.cc
index de6e0f9..ebfdb6e 100644
--- a/common/hash_calculator.cc
+++ b/common/hash_calculator.cc
@@ -20,7 +20,6 @@
#include <base/logging.h>
#include <base/posix/eintr_wrapper.h>
-#include <brillo/data_encoding.h>
#include "update_engine/common/utils.h"
@@ -37,7 +36,7 @@
// Mostly just passes the data through to OpenSSL's SHA256_Update()
bool HashCalculator::Update(const void* data, size_t length) {
TEST_AND_RETURN_FALSE(valid_);
- TEST_AND_RETURN_FALSE(hash_.empty());
+ TEST_AND_RETURN_FALSE(raw_hash_.empty());
static_assert(sizeof(size_t) <= sizeof(unsigned long), // NOLINT(runtime/int)
"length param may be truncated in SHA256_Update");
TEST_AND_RETURN_FALSE(SHA256_Update(&ctx_, data, length) == 1);
@@ -73,16 +72,11 @@
}
// Call Finalize() when all data has been passed in. This mostly just
-// calls OpenSSL's SHA256_Final() and then base64 encodes the hash.
+// calls OpenSSL's SHA256_Final().
bool HashCalculator::Finalize() {
- TEST_AND_RETURN_FALSE(hash_.empty());
TEST_AND_RETURN_FALSE(raw_hash_.empty());
raw_hash_.resize(SHA256_DIGEST_LENGTH);
TEST_AND_RETURN_FALSE(SHA256_Final(raw_hash_.data(), &ctx_) == 1);
-
- // Convert raw_hash_ to base64 encoding and store it in hash_.
- hash_ = brillo::data_encoding::Base64Encode(raw_hash_.data(),
- raw_hash_.size());
return true;
}
@@ -115,21 +109,6 @@
return res;
}
-string HashCalculator::HashOfBytes(const void* data, size_t length) {
- HashCalculator calc;
- calc.Update(data, length);
- calc.Finalize();
- return calc.hash();
-}
-
-string HashCalculator::HashOfString(const string& str) {
- return HashOfBytes(str.data(), str.size());
-}
-
-string HashCalculator::HashOfData(const brillo::Blob& data) {
- return HashOfBytes(data.data(), data.size());
-}
-
string HashCalculator::GetContext() const {
return string(reinterpret_cast<const char*>(&ctx_), sizeof(ctx_));
}
diff --git a/common/hash_calculator.h b/common/hash_calculator.h
index f749585..06d2cfb 100644
--- a/common/hash_calculator.h
+++ b/common/hash_calculator.h
@@ -27,11 +27,11 @@
#include <base/macros.h>
#include <brillo/secure_blob.h>
-// Omaha uses base64 encoded SHA-256 as the hash. This class provides a simple
-// wrapper around OpenSSL providing such a formatted hash of data passed in.
+// This class provides a simple wrapper around OpenSSL providing a hash of data
+// passed in.
// The methods of this class must be called in a very specific order: First the
// ctor (of course), then 0 or more calls to Update(), then Finalize(), then 0
-// or more calls to hash().
+// or more calls to raw_hash().
namespace chromeos_update_engine {
@@ -50,17 +50,10 @@
off_t UpdateFile(const std::string& name, off_t length);
// Call Finalize() when all data has been passed in. This method tells
- // OpenSSl that no more data will come in and base64 encodes the resulting
- // hash.
+ // OpenSSL that no more data will come in.
// Returns true on success.
bool Finalize();
- // Gets the hash. Finalize() must have been called.
- const std::string& hash() const {
- DCHECK(!hash_.empty()) << "Call Finalize() first";
- return hash_;
- }
-
const brillo::Blob& raw_hash() const {
DCHECK(!raw_hash_.empty()) << "Call Finalize() first";
return raw_hash_;
@@ -83,15 +76,9 @@
static off_t RawHashOfFile(const std::string& name, off_t length,
brillo::Blob* out_hash);
- // Used by tests
- static std::string HashOfBytes(const void* data, size_t length);
- static std::string HashOfString(const std::string& str);
- static std::string HashOfData(const brillo::Blob& data);
-
private:
- // If non-empty, the final base64 encoded hash and the raw hash. Will only be
- // set to non-empty when Finalize is called.
- std::string hash_;
+ // If non-empty, the final raw hash. Will only be set to non-empty when
+ // Finalize is called.
brillo::Blob raw_hash_;
// Init success
diff --git a/common/hash_calculator_unittest.cc b/common/hash_calculator_unittest.cc
index 436e6a7..233237b 100644
--- a/common/hash_calculator_unittest.cc
+++ b/common/hash_calculator_unittest.cc
@@ -22,6 +22,7 @@
#include <string>
#include <vector>
+#include <brillo/data_encoding.h>
#include <brillo/secure_blob.h>
#include <gtest/gtest.h>
@@ -33,9 +34,8 @@
namespace chromeos_update_engine {
// Generated by running this on a linux shell:
-// $ echo -n hi | openssl dgst -sha256 -binary | openssl base64
-static const char kExpectedHash[] =
- "j0NDRmSPa5bfid2pAcUXaxCm2Dlh3TwayItZstwyeqQ=";
+// $ echo -n hi | openssl dgst -sha256 -binary |
+// hexdump -v -e '" " 12/1 "0x%02x, " "\n"'
static const uint8_t kExpectedRawHash[] = {
0x8f, 0x43, 0x43, 0x46, 0x64, 0x8f, 0x6b, 0x96,
0xdf, 0x89, 0xdd, 0xa9, 0x01, 0xc5, 0x17, 0x6b,
@@ -52,7 +52,6 @@
HashCalculator calc;
calc.Update("hi", 2);
calc.Finalize();
- EXPECT_EQ(kExpectedHash, calc.hash());
brillo::Blob raw_hash(std::begin(kExpectedRawHash),
std::end(kExpectedRawHash));
EXPECT_TRUE(raw_hash == calc.raw_hash());
@@ -63,7 +62,6 @@
calc.Update("h", 1);
calc.Update("i", 1);
calc.Finalize();
- EXPECT_EQ(kExpectedHash, calc.hash());
brillo::Blob raw_hash(std::begin(kExpectedRawHash),
std::end(kExpectedRawHash));
EXPECT_TRUE(raw_hash == calc.raw_hash());
@@ -78,7 +76,6 @@
calc_next.SetContext(calc_context);
calc_next.Update("i", 1);
calc_next.Finalize();
- EXPECT_EQ(kExpectedHash, calc_next.hash());
brillo::Blob raw_hash(std::begin(kExpectedRawHash),
std::end(kExpectedRawHash));
EXPECT_TRUE(raw_hash == calc_next.raw_hash());
@@ -106,7 +103,8 @@
// echo -n $C
// let C=C+1
// done | openssl dgst -sha256 -binary | openssl base64
- EXPECT_EQ("NZf8k6SPBkYMvhaX8YgzuMgbkLP1XZ+neM8K5wcSsf8=", calc.hash());
+ EXPECT_EQ("NZf8k6SPBkYMvhaX8YgzuMgbkLP1XZ+neM8K5wcSsf8=",
+ brillo::data_encoding::Base64Encode(calc.raw_hash()));
}
TEST_F(HashCalculatorTest, UpdateFileSimpleTest) {
@@ -121,7 +119,6 @@
HashCalculator calc;
EXPECT_EQ(2, calc.UpdateFile(data_path, kLengths[i]));
EXPECT_TRUE(calc.Finalize());
- EXPECT_EQ(kExpectedHash, calc.hash());
brillo::Blob raw_hash(std::begin(kExpectedRawHash),
std::end(kExpectedRawHash));
EXPECT_TRUE(raw_hash == calc.raw_hash());
@@ -132,7 +129,8 @@
EXPECT_EQ(1, calc.UpdateFile(data_path, 1));
EXPECT_TRUE(calc.Finalize());
// echo -n h | openssl dgst -sha256 -binary | openssl base64
- EXPECT_EQ("qqlAJmTxpB9A67xSyZk+tmrrNmYClY/fqig7ceZNsSM=", calc.hash());
+ EXPECT_EQ("qqlAJmTxpB9A67xSyZk+tmrrNmYClY/fqig7ceZNsSM=",
+ brillo::data_encoding::Base64Encode(calc.raw_hash()));
}
TEST_F(HashCalculatorTest, RawHashOfFileSimpleTest) {
diff --git a/common/utils.cc b/common/utils.cc
index ea748c1..f528660 100644
--- a/common/utils.cc
+++ b/common/utils.cc
@@ -944,8 +944,16 @@
return str;
}
-string CalculateP2PFileId(const string& payload_hash, size_t payload_size) {
- string encoded_hash = brillo::data_encoding::Base64Encode(payload_hash);
+// The P2P file id should be the same for devices running new version and old
+// version so that they can share it with each other. The hash in the response
+// was base64 encoded, but now that we switched to use "hash_sha256" field which
+// is hex encoded, we have to convert them back to base64 for P2P. However, the
+// base64 encoded hash was base64 encoded here again historically for some
+// reason, so we keep the same behavior here.
+string CalculateP2PFileId(const brillo::Blob& payload_hash,
+ size_t payload_size) {
+ string encoded_hash = brillo::data_encoding::Base64Encode(
+ brillo::data_encoding::Base64Encode(payload_hash));
return base::StringPrintf("cros_update_size_%" PRIuS "_hash_%s",
payload_size,
encoded_hash.c_str());
diff --git a/common/utils.h b/common/utils.h
index 8cccc24..eaf2640 100644
--- a/common/utils.h
+++ b/common/utils.h
@@ -53,7 +53,7 @@
std::string StringVectorToString(const std::vector<std::string> &vec_str);
// Calculates the p2p file id from payload hash and size
-std::string CalculateP2PFileId(const std::string& payload_hash,
+std::string CalculateP2PFileId(const brillo::Blob& payload_hash,
size_t payload_size);
// Parse the firmware version from one line of output from the
