Commit dd488730 authored by Kathleen Brade's avatar Kathleen Brade Committed by Georg Koppen
Browse files

Bug 19121: reinstate the update.xml hash check

Revert most changes from Mozilla Bug 1373267 "Remove hashFunction and
hashValue attributes from nsIUpdatePatch and code related to these
attributes." Changes to the tests were not reverted; the tests have
been changed significantly and we do not run automated updater tests
for Tor Browser at this time.

Also partial revert of commit f1241db6.

Revert the nsUpdateService.js changes from Mozilla Bug 862173 "don't
verify mar file hash when using mar signing to verify the mar file
(lessens main thread I/O)."

Changes to the tests were not reverted; the tests have been changed
significantly and we do not run automated updater tests for
Tor Browser at this time.

We kept the addition to the AppConstants API in case other JS code
references it in the future.
parent 4e498a78
......@@ -212,6 +212,13 @@ this.AppConstants = Object.freeze({
false,
#endif
MOZ_VERIFY_MAR_SIGNATURE:
#ifdef MOZ_VERIFY_MAR_SIGNATURE
true,
#else
false,
#endif
MOZ_MAINTENANCE_SERVICE:
#ifdef MOZ_MAINTENANCE_SERVICE
true,
......
......@@ -742,6 +742,20 @@ function LOG(string) {
}
}
/**
* Convert a string containing binary values to hex.
*/
function binaryToHex(input) {
var result = "";
for (var i = 0; i < input.length; ++i) {
var hex = input.charCodeAt(i).toString(16);
if (hex.length == 1)
hex = "0" + hex;
result += hex;
}
return result;
}
/**
* Gets the specified directory at the specified hierarchy under the
* update root directory and creates it if it doesn't exist.
......@@ -1534,6 +1548,8 @@ function UpdatePatch(patch) {
}
break;
case "finalURL":
case "hashFunction":
case "hashValue":
case "state":
case "type":
case "URL":
......@@ -1553,6 +1569,8 @@ UpdatePatch.prototype = {
// over writing nsIUpdatePatch attributes.
_attrNames: [
"errorCode",
"hashFunction",
"hashValue",
"finalURL",
"selected",
"size",
......@@ -1566,6 +1584,8 @@ UpdatePatch.prototype = {
*/
serialize: function UpdatePatch_serialize(updates) {
var patch = updates.createElementNS(URI_UPDATE_NS, "patch");
patch.setAttribute("hashFunction", this.hashFunction);
patch.setAttribute("hashValue", this.hashValue);
patch.setAttribute("size", this.size);
patch.setAttribute("type", this.type);
patch.setAttribute("URL", this.URL);
......@@ -4301,7 +4321,42 @@ Downloader.prototype = {
}
LOG("Downloader:_verifyDownload downloaded size == expected size.");
return true;
let fileStream = Cc["@mozilla.org/network/file-input-stream;1"].
createInstance(Ci.nsIFileInputStream);
fileStream.init(destination, FileUtils.MODE_RDONLY, FileUtils.PERMS_FILE, 0);
let digest;
try {
let hash = Cc["@mozilla.org/security/hash;1"].
createInstance(Ci.nsICryptoHash);
var hashFunction = Ci.nsICryptoHash[this._patch.hashFunction.toUpperCase()];
if (hashFunction == undefined) {
throw Cr.NS_ERROR_UNEXPECTED;
}
hash.init(hashFunction);
hash.updateFromStream(fileStream, -1);
// NOTE: For now, we assume that the format of _patch.hashValue is hex
// encoded binary (such as what is typically output by programs like
// sha1sum). In the future, this may change to base64 depending on how
// we choose to compute these hashes.
digest = binaryToHex(hash.finish(false));
} catch (e) {
LOG("Downloader:_verifyDownload - failed to compute hash of the " +
"downloaded update archive");
digest = "";
}
fileStream.close();
if (digest == this._patch.hashValue.toLowerCase()) {
LOG("Downloader:_verifyDownload hashes match.");
return true;
}
LOG("Downloader:_verifyDownload hashes do not match. ");
AUSTLMY.pingDownloadCode(this.isCompleteUpdate,
AUSTLMY.DWNLD_ERR_VERIFY_NO_HASH_MATCH);
return false;
},
/**
......@@ -4875,6 +4930,9 @@ Downloader.prototype = {
" is higher than patch size: " +
this._patch.size
);
// It's important that we use a different code than
// NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference
// between a hash error and a wrong download error.
AUSTLMY.pingDownloadCode(
this.isCompleteUpdate,
AUSTLMY.DWNLD_ERR_PATCH_SIZE_LARGER
......@@ -4893,6 +4951,9 @@ Downloader.prototype = {
" is not equal to expected patch size: " +
this._patch.size
);
// It's important that we use a different code than
// NS_ERROR_CORRUPTED_CONTENT so that tests can verify the difference
// between a hash error and a wrong download error.
AUSTLMY.pingDownloadCode(
this.isCompleteUpdate,
AUSTLMY.DWNLD_ERR_PATCH_SIZE_NOT_EQUAL
......
......@@ -180,6 +180,7 @@ var AUSTLMY = {
DWNLD_ERR_VERIFY_NO_REQUEST: 13,
DWNLD_ERR_VERIFY_PATCH_SIZE_NOT_EQUAL: 14,
DWNLD_ERR_WRITE_FAILURE: 15,
DWNLD_ERR_VERIFY_NO_HASH_MATCH: 16,
// Temporary failure code to see if there are failures without an update phase
DWNLD_UNKNOWN_PHASE_ERR_WRITE_FAILURE: 40,
......
......@@ -39,6 +39,17 @@ interface nsIUpdatePatch : nsISupports
*/
attribute AString finalURL;
/**
* The hash function to use when determining this file's integrity
*/
attribute AString hashFunction;
/**
* The value of the hash function named above that should be computed if
* this file is not corrupt.
*/
attribute AString hashValue;
/**
* The size of this file, in bytes.
*/
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment