Merge "Create a wrapper class for update package"

am: ba9965199a Change-Id: I47c82792b37d0e720ab54876915c8aba288382c7
2019-03-11 13:13:57 -07:00 · 2019-03-11 13:13:57 -07:00 · d4f28312dc
commit d4f28312dc
parent c4c7abfb41 ba9965199a
9 changed files with 313 additions and 87 deletions
--- a/Android.bp
+++ b/Android.bp
@ -175,6 +175,7 @@ cc_library_static {
        "fsck_unshare_blocks.cpp",
        "fuse_sdcard_provider.cpp",
        "install.cpp",
+        "package.cpp",
        "recovery.cpp",
        "roots.cpp",
    ],
--- a/install.cpp
+++ b/install.cpp
@ -51,6 +51,7 @@
 #include "otautil/paths.h"
 #include "otautil/sysutil.h"
 #include "otautil/thermalutil.h"
+#include "package.h"
 #include "private/install.h"
 #include "roots.h"
 #include "ui.h"
@ -585,34 +586,29 @@ static int really_install_package(const std::string& path, bool* wipe_cache, boo
    }
  }

-  MemMapping map;
-  if (!map.MapFile(path)) {
-    LOG(ERROR) << "failed to map file";
+  auto package = Package::CreateMemoryPackage(
+      path, std::bind(&RecoveryUI::SetProgress, ui, std::placeholders::_1));
+  if (!package) {
    log_buffer->push_back(android::base::StringPrintf("error: %d", kMapFileFailure));
    return INSTALL_CORRUPT;
  }

  // Verify package.
-  if (!verify_package(map.addr, map.length)) {
+  if (!verify_package(package.get())) {
    log_buffer->push_back(android::base::StringPrintf("error: %d", kZipVerificationFailure));
    return INSTALL_CORRUPT;
  }

  // Try to open the package.
-  ZipArchiveHandle zip;
-  int err = OpenArchiveFromMemory(map.addr, map.length, path.c_str(), &zip);
-  if (err != 0) {
-    LOG(ERROR) << "Can't open " << path << " : " << ErrorCodeString(err);
+  ZipArchiveHandle zip = package->GetZipArchiveHandle();
+  if (!zip) {
    log_buffer->push_back(android::base::StringPrintf("error: %d", kZipOpenFailure));
-
-    CloseArchive(zip);
    return INSTALL_CORRUPT;
  }

  // Additionally verify the compatibility of the package.
  if (!verify_package_compatibility(zip)) {
    log_buffer->push_back(android::base::StringPrintf("error: %d", kPackageCompatibilityFailure));
-    CloseArchive(zip);
    return INSTALL_CORRUPT;
  }

@ -626,7 +622,6 @@ static int really_install_package(const std::string& path, bool* wipe_cache, boo
  ui->SetEnableReboot(true);
  ui->Print("\n");

-  CloseArchive(zip);
  return result;
 }

@ -705,7 +700,7 @@ int install_package(const std::string& path, bool* wipe_cache, bool needs_mount,
  return result;
 }

-bool verify_package(const unsigned char* package_data, size_t package_size) {
+bool verify_package(Package* package) {
  static constexpr const char* CERTIFICATE_ZIP_FILE = "/system/etc/security/otacerts.zip";
  std::vector<Certificate> loaded_keys = LoadKeysFromZipfile(CERTIFICATE_ZIP_FILE);
  if (loaded_keys.empty()) {
@ -717,8 +712,7 @@ bool verify_package(const unsigned char* package_data, size_t package_size) {
  // Verify package.
  ui->Print("Verifying update package...\n");
  auto t0 = std::chrono::system_clock::now();
-  int err = verify_file(package_data, package_size, loaded_keys,
-                        std::bind(&RecoveryUI::SetProgress, ui, std::placeholders::_1));
+  int err = verify_file(package, loaded_keys);
  std::chrono::duration<double> duration = std::chrono::system_clock::now() - t0;
  ui->Print("Update package verification took %.1f s (result %d).\n", duration.count(), err);
  if (err != VERIFY_SUCCESS) {
--- a/install.h
+++ b/install.h
@ -25,6 +25,8 @@

 #include <ziparchive/zip_archive.h>

+#include "package.h"
+
 enum InstallResult {
  INSTALL_SUCCESS,
  INSTALL_ERROR,
@ -46,9 +48,9 @@ enum class OtaType {
 int install_package(const std::string& package, bool* wipe_cache, bool needs_mount,
                    int retry_count);

-// Verify the package by ota keys. Return true if the package is verified successfully,
-// otherwise return false.
-bool verify_package(const unsigned char* package_data, size_t package_size);
+// Verifies the package by ota keys. Returns true if the package is verified successfully,
+// otherwise returns false.
+bool verify_package(Package* package);

 // Reads meta data file of the package; parses each line in the format "key=value"; and writes the
 // result to |metadata|. Return true if succeed, otherwise return false.
--- a/package.cpp
+++ b/package.cpp
@ -0,0 +1,154 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "package.h"
+
+#include <string.h>
+
+#include <android-base/logging.h>
+#include <android-base/stringprintf.h>
+#include <openssl/sha.h>
+
+#include "otautil/error_code.h"
+#include "otautil/sysutil.h"
+
+// This class wraps the package in memory, i.e. a memory mapped package, or a package loaded
+// to a string/vector.
+class MemoryPackage : public Package {
+ public:
+  // Constructs the class from a file. We will memory maps the file later.
+  MemoryPackage(const std::string& path, std::unique_ptr<MemMapping> map,
+                const std::function<void(float)>& set_progress);
+
+  // Constructs the class from the package bytes in |content|.
+  MemoryPackage(std::vector<uint8_t> content, const std::function<void(float)>& set_progress);
+
+  ~MemoryPackage() override;
+
+  // Memory maps the package file if necessary. Initializes the start address and size of the
+  // package.
+  uint64_t GetPackageSize() const override {
+    return package_size_;
+  }
+
+  bool ReadFullyAtOffset(uint8_t* buffer, uint64_t byte_count, uint64_t offset) override;
+
+  ZipArchiveHandle GetZipArchiveHandle() override;
+
+  bool UpdateHashAtOffset(const std::vector<HasherUpdateCallback>& hashers, uint64_t start,
+                          uint64_t length) override;
+
+ private:
+  const uint8_t* addr_;    // Start address of the package in memory.
+  uint64_t package_size_;  // Package size in bytes.
+
+  // The memory mapped package.
+  std::unique_ptr<MemMapping> map_;
+  // A copy of the package content, valid only if we create the class with the exact bytes of
+  // the package.
+  std::vector<uint8_t> package_content_;
+  // The physical path to the package, empty if we create the class with the package content.
+  std::string path_;
+
+  // The ZipArchiveHandle of the package.
+  ZipArchiveHandle zip_handle_;
+};
+
+// TODO(xunchang) Implement the PackageFromFd.
+
+void Package::SetProgress(float progress) {
+  if (set_progress_) {
+    set_progress_(progress);
+  }
+}
+
+std::unique_ptr<Package> Package::CreateMemoryPackage(
+    const std::string& path, const std::function<void(float)>& set_progress) {
+  std::unique_ptr<MemMapping> mmap = std::make_unique<MemMapping>();
+  if (!mmap->MapFile(path)) {
+    LOG(ERROR) << "failed to map file";
+    return nullptr;
+  }
+
+  return std::make_unique<MemoryPackage>(path, std::move(mmap), set_progress);
+}
+
+std::unique_ptr<Package> Package::CreateMemoryPackage(
+    std::vector<uint8_t> content, const std::function<void(float)>& set_progress) {
+  return std::make_unique<MemoryPackage>(std::move(content), set_progress);
+}
+
+MemoryPackage::MemoryPackage(const std::string& path, std::unique_ptr<MemMapping> map,
+                             const std::function<void(float)>& set_progress)
+    : map_(std::move(map)), path_(path), zip_handle_(nullptr) {
+  addr_ = map_->addr;
+  package_size_ = map_->length;
+  set_progress_ = set_progress;
+}
+
+MemoryPackage::MemoryPackage(std::vector<uint8_t> content,
+                             const std::function<void(float)>& set_progress)
+    : package_content_(std::move(content)), zip_handle_(nullptr) {
+  CHECK(!package_content_.empty());
+  addr_ = package_content_.data();
+  package_size_ = package_content_.size();
+  set_progress_ = set_progress;
+}
+
+MemoryPackage::~MemoryPackage() {
+  if (zip_handle_) {
+    CloseArchive(zip_handle_);
+  }
+}
+
+bool MemoryPackage::ReadFullyAtOffset(uint8_t* buffer, uint64_t byte_count, uint64_t offset) {
+  if (byte_count > package_size_ || offset > package_size_ - byte_count) {
+    LOG(ERROR) << "Out of bound read, offset: " << offset << ", size: " << byte_count
+               << ", total package_size: " << package_size_;
+    return false;
+  }
+  memcpy(buffer, addr_ + offset, byte_count);
+  return true;
+}
+
+bool MemoryPackage::UpdateHashAtOffset(const std::vector<HasherUpdateCallback>& hashers,
+                                       uint64_t start, uint64_t length) {
+  if (length > package_size_ || start > package_size_ - length) {
+    LOG(ERROR) << "Out of bound read, offset: " << start << ", size: " << length
+               << ", total package_size: " << package_size_;
+    return false;
+  }
+
+  for (const auto& hasher : hashers) {
+    hasher(addr_ + start, length);
+  }
+  return true;
+}
+
+ZipArchiveHandle MemoryPackage::GetZipArchiveHandle() {
+  if (zip_handle_) {
+    return zip_handle_;
+  }
+
+  if (auto err = OpenArchiveFromMemory(const_cast<uint8_t*>(addr_), package_size_, path_.c_str(),
+                                       &zip_handle_);
+      err != 0) {
+    LOG(ERROR) << "Can't open package" << path_ << " : " << ErrorCodeString(err);
+    return nullptr;
+  }
+
+  return zip_handle_;
+}
--- a/package.h
+++ b/package.h
@ -0,0 +1,52 @@
+/*
+ * Copyright (C) 2019 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <stdint.h>
+
+#include <functional>
+#include <map>
+#include <memory>
+#include <string>
+#include <vector>
+
+#include <ziparchive/zip_archive.h>
+
+#include "verifier.h"
+
+// This class serves as a wrapper for an OTA update package. It aims to provide the common
+// interface for both packages loaded in memory and packages read from fd.
+class Package : public VerifierInterface {
+ public:
+  virtual ~Package() = default;
+
+  // Opens the package as a zip file and returns the ZipArchiveHandle.
+  virtual ZipArchiveHandle GetZipArchiveHandle() = 0;
+
+  // Updates the progress in fraction during package verification.
+  void SetProgress(float progress) override;
+
+  static std::unique_ptr<Package> CreateMemoryPackage(
+      const std::string& path, const std::function<void(float)>& set_progress);
+
+  static std::unique_ptr<Package> CreateMemoryPackage(
+      std::vector<uint8_t> content, const std::function<void(float)>& set_progress);
+
+ protected:
+  // An optional function to update the progress.
+  std::function<void(float)> set_progress_;
+};
--- a/recovery.cpp
+++ b/recovery.cpp
@ -64,6 +64,7 @@
 #include "otautil/error_code.h"
 #include "otautil/paths.h"
 #include "otautil/sysutil.h"
+#include "package.h"
 #include "roots.h"
 #include "screen_ui.h"
 #include "ui.h"
@ -517,13 +518,15 @@ static std::string ReadWipePackage(size_t wipe_package_size) {
 // 1. verify the package.
 // 2. check metadata (ota-type, pre-device and serial number if having one).
 static bool CheckWipePackage(const std::string& wipe_package) {
-  if (!verify_package(reinterpret_cast<const unsigned char*>(wipe_package.data()),
-                      wipe_package.size())) {
+  auto package = Package::CreateMemoryPackage(
+      std::vector<uint8_t>(wipe_package.begin(), wipe_package.end()), nullptr);
+
+  if (!package || !verify_package(package.get())) {
    LOG(ERROR) << "Failed to verify package";
    return false;
  }

-  // Extract metadata
+  // TODO(xunchang) get zip archive from package.
  ZipArchiveHandle zip;
  if (auto err =
          OpenArchiveFromMemory(const_cast<void*>(static_cast<const void*>(&wipe_package[0])),
--- a/tests/component/verifier_test.cpp
+++ b/tests/component/verifier_test.cpp
@ -36,6 +36,7 @@

 #include "common/test_constants.h"
 #include "otautil/sysutil.h"
+#include "package.h"
 #include "verifier.h"

 using namespace std::string_literals;
@ -47,15 +48,22 @@ static void LoadKeyFromFile(const std::string& file_name, Certificate* cert) {
      std::vector<uint8_t>(testkey_string.begin(), testkey_string.end()), cert));
 }

+static void VerifyFile(const std::string& content, const std::vector<Certificate>& keys,
+                       int expected) {
+  auto package =
+      Package::CreateMemoryPackage(std::vector<uint8_t>(content.begin(), content.end()), nullptr);
+  ASSERT_NE(nullptr, package);
+
+  ASSERT_EQ(expected, verify_file(package.get(), keys));
+}
+
 static void VerifyPackageWithCertificates(const std::string& name,
                                          const std::vector<Certificate>& certs) {
-  std::string package = from_testdata_base(name);
-  MemMapping memmap;
-  if (!memmap.MapFile(package)) {
-    FAIL() << "Failed to mmap " << package << ": " << strerror(errno) << "\n";
-  }
+  std::string path = from_testdata_base(name);
+  auto package = Package::CreateMemoryPackage(path, nullptr);
+  ASSERT_NE(nullptr, package);

-  ASSERT_EQ(VERIFY_SUCCESS, verify_file(memmap.addr, memmap.length, certs));
+  ASSERT_EQ(VERIFY_SUCCESS, verify_file(package.get(), certs));
 }

 static void VerifyPackageWithSingleCertificate(const std::string& name, Certificate&& cert) {
@ -231,20 +239,19 @@ class VerifierTest : public testing::TestWithParam<std::vector<std::string>> {
 protected:
  void SetUp() override {
    std::vector<std::string> args = GetParam();
-    std::string package = from_testdata_base(args[0]);
-    if (!memmap.MapFile(package)) {
-      FAIL() << "Failed to mmap " << package << ": " << strerror(errno) << "\n";
-    }
+    std::string path = from_testdata_base(args[0]);
+    package_ = Package::CreateMemoryPackage(path, nullptr);
+    ASSERT_NE(nullptr, package_);

    for (auto it = ++args.cbegin(); it != args.cend(); ++it) {
      std::string public_key_file = from_testdata_base("testkey_" + *it + ".x509.pem");
-      certs.emplace_back(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
-      LoadKeyFromFile(public_key_file, &certs.back());
+      certs_.emplace_back(0, Certificate::KEY_TYPE_RSA, nullptr, nullptr);
+      LoadKeyFromFile(public_key_file, &certs_.back());
    }
  }

-  MemMapping memmap;
-  std::vector<Certificate> certs;
+  std::unique_ptr<Package> package_;
+  std::vector<Certificate> certs_;
 };

 class VerifierSuccessTest : public VerifierTest {
@ -264,9 +271,7 @@ TEST(VerifierTest, BadPackage_AlteredFooter) {

  // Alter the footer.
  package[package.size() - 5] = '\x05';
-  ASSERT_EQ(VERIFY_FAILURE,
-            verify_file(reinterpret_cast<const unsigned char*>(package.data()), package.size(),
-                        certs));
+  VerifyFile(package, certs, VERIFY_FAILURE);
 }

 TEST(VerifierTest, BadPackage_AlteredContent) {
@ -281,15 +286,11 @@ TEST(VerifierTest, BadPackage_AlteredContent) {
  // Alter the content.
  std::string altered1(package);
  altered1[50] += 1;
-  ASSERT_EQ(VERIFY_FAILURE,
-            verify_file(reinterpret_cast<const unsigned char*>(altered1.data()), altered1.size(),
-                        certs));
+  VerifyFile(altered1, certs, VERIFY_FAILURE);

  std::string altered2(package);
  altered2[10] += 1;
-  ASSERT_EQ(VERIFY_FAILURE,
-            verify_file(reinterpret_cast<const unsigned char*>(altered2.data()), altered2.size(),
-                        certs));
+  VerifyFile(altered2, certs, VERIFY_FAILURE);
 }

 TEST(VerifierTest, BadPackage_SignatureStartOutOfBounds) {
@ -299,16 +300,15 @@ TEST(VerifierTest, BadPackage_SignatureStartOutOfBounds) {

  // Signature start is 65535 (0xffff) while comment size is 0 (Bug: 31914369).
  std::string package = "\x50\x4b\x05\x06"s + std::string(12, '\0') + "\xff\xff\xff\xff\x00\x00"s;
-  ASSERT_EQ(VERIFY_FAILURE, verify_file(reinterpret_cast<const unsigned char*>(package.data()),
-                                        package.size(), certs));
+  VerifyFile(package, certs, VERIFY_FAILURE);
 }

 TEST_P(VerifierSuccessTest, VerifySucceed) {
-  ASSERT_EQ(verify_file(memmap.addr, memmap.length, certs, nullptr), VERIFY_SUCCESS);
+  ASSERT_EQ(VERIFY_SUCCESS, verify_file(package_.get(), certs_));
 }

 TEST_P(VerifierFailureTest, VerifyFailure) {
-  ASSERT_EQ(verify_file(memmap.addr, memmap.length, certs, nullptr), VERIFY_FAILURE);
+  ASSERT_EQ(VERIFY_FAILURE, verify_file(package_.get(), certs_));
 }

 INSTANTIATE_TEST_CASE_P(SingleKeySuccess, VerifierSuccessTest,
--- a/verifier.cpp
+++ b/verifier.cpp
@ -117,19 +117,9 @@ static bool read_pkcs7(const uint8_t* pkcs7_der, size_t pkcs7_der_len,
  return true;
 }

-/*
- * Looks for an RSA signature embedded in the .ZIP file comment given the path to the zip. Verifies
- * that it matches one of the given public keys. A callback function can be optionally provided for
- * posting the progress.
- *
- * Returns VERIFY_SUCCESS or VERIFY_FAILURE (if any error is encountered or no key matches the
- * signature).
- */
-int verify_file(const unsigned char* addr, size_t length, const std::vector<Certificate>& keys,
-                const std::function<void(float)>& set_progress) {
-  if (set_progress) {
-    set_progress(0.0);
-  }
+int verify_file(VerifierInterface* package, const std::vector<Certificate>& keys) {
+  CHECK(package);
+  package->SetProgress(0.0);

  // An archive with a whole-file signature will end in six bytes:
  //
@ -140,13 +130,18 @@ int verify_file(const unsigned char* addr, size_t length, const std::vector<Cert
  // the whole comment.

 #define FOOTER_SIZE 6
+  uint64_t length = package->GetPackageSize();

  if (length < FOOTER_SIZE) {
    LOG(ERROR) << "not big enough to contain footer";
    return VERIFY_FAILURE;
  }

-  const unsigned char* footer = addr + length - FOOTER_SIZE;
+  uint8_t footer[FOOTER_SIZE];
+  if (!package->ReadFullyAtOffset(footer, FOOTER_SIZE, length - FOOTER_SIZE)) {
+    LOG(ERROR) << "Failed to read footer";
+    return VERIFY_FAILURE;
+  }

  if (footer[2] != 0xff || footer[3] != 0xff) {
    LOG(ERROR) << "footer is wrong";
@ -182,9 +177,13 @@ int verify_file(const unsigned char* addr, size_t length, const std::vector<Cert
  // Determine how much of the file is covered by the signature. This is everything except the
  // signature data and length, which includes all of the EOCD except for the comment length field
  // (2 bytes) and the comment data.
-  size_t signed_len = length - eocd_size + EOCD_HEADER_SIZE - 2;
+  uint64_t signed_len = length - eocd_size + EOCD_HEADER_SIZE - 2;

-  const unsigned char* eocd = addr + length - eocd_size;
+  uint8_t eocd[eocd_size];
+  if (!package->ReadFullyAtOffset(eocd, eocd_size, length - eocd_size)) {
+    LOG(ERROR) << "Failed to read EOCD of " << eocd_size << " bytes";
+    return VERIFY_FAILURE;
+  }

  // If this is really is the EOCD record, it will begin with the magic number $50 $4b $05 $06.
  if (eocd[0] != 0x50 || eocd[1] != 0x4b || eocd[2] != 0x05 || eocd[3] != 0x06) {
@ -216,24 +215,29 @@ int verify_file(const unsigned char* addr, size_t length, const std::vector<Cert
  SHA1_Init(&sha1_ctx);
  SHA256_Init(&sha256_ctx);

+  std::vector<HasherUpdateCallback> hashers;
+  if (need_sha1) {
+    hashers.emplace_back(
+        std::bind(&SHA1_Update, &sha1_ctx, std::placeholders::_1, std::placeholders::_2));
+  }
+  if (need_sha256) {
+    hashers.emplace_back(
+        std::bind(&SHA256_Update, &sha256_ctx, std::placeholders::_1, std::placeholders::_2));
+  }
+
  double frac = -1.0;
-  size_t so_far = 0;
+  uint64_t so_far = 0;
  while (so_far < signed_len) {
-    // On a Nexus 5X, experiment showed 16MiB beat 1MiB by 6% faster for a
-    // 1196MiB full OTA and 60% for an 89MiB incremental OTA.
-    // http://b/28135231.
-    size_t size = std::min(signed_len - so_far, 16 * MiB);
+    // On a Nexus 5X, experiment showed 16MiB beat 1MiB by 6% faster for a 1196MiB full OTA and
+    // 60% for an 89MiB incremental OTA. http://b/28135231.
+    uint64_t read_size = std::min<uint64_t>(signed_len - so_far, 16 * MiB);
+    package->UpdateHashAtOffset(hashers, so_far, read_size);
+    so_far += read_size;

-    if (need_sha1) SHA1_Update(&sha1_ctx, addr + so_far, size);
-    if (need_sha256) SHA256_Update(&sha256_ctx, addr + so_far, size);
-    so_far += size;
-
-    if (set_progress) {
-      double f = so_far / (double)signed_len;
-      if (f > frac + 0.02 || size == so_far) {
-        set_progress(f);
-        frac = f;
-      }
+    double f = so_far / static_cast<double>(signed_len);
+    if (f > frac + 0.02 || read_size == so_far) {
+      package->SetProgress(f);
+      frac = f;
    }
  }

--- a/verifier.h
+++ b/verifier.h
@ -27,6 +27,8 @@
 #include <openssl/rsa.h>
 #include <openssl/sha.h>

+using HasherUpdateCallback = std::function<void(const uint8_t* addr, uint64_t size)>;
+
 struct RSADeleter {
  void operator()(RSA* rsa) const {
    RSA_free(rsa);
@ -61,14 +63,28 @@ struct Certificate {
    std::unique_ptr<EC_KEY, ECKEYDeleter> ec;
 };

-/*
- * 'addr' and 'length' define an update package file that has been loaded (or mmap'ed, or
- * whatever) into memory. Verifies that the file is signed and the signature matches one of the
- * given keys. It optionally accepts a callback function for posting the progress to. Returns one
- * of the constants of VERIFY_SUCCESS and VERIFY_FAILURE.
- */
-int verify_file(const unsigned char* addr, size_t length, const std::vector<Certificate>& keys,
-                const std::function<void(float)>& set_progress = nullptr);
+class VerifierInterface {
+ public:
+  virtual ~VerifierInterface() = default;
+
+  // Returns the package size in bytes.
+  virtual uint64_t GetPackageSize() const = 0;
+
+  // Reads |byte_count| data starting from |offset|, and puts the result in |buffer|.
+  virtual bool ReadFullyAtOffset(uint8_t* buffer, uint64_t byte_count, uint64_t offset) = 0;
+
+  // Updates the hash contexts for |length| bytes data starting from |start|.
+  virtual bool UpdateHashAtOffset(const std::vector<HasherUpdateCallback>& hashers, uint64_t start,
+                                  uint64_t length) = 0;
+
+  // Updates the progress in fraction during package verification.
+  virtual void SetProgress(float progress) = 0;
+};
+
+//  Looks for an RSA signature embedded in the .ZIP file comment given the path to the zip.
+//  Verifies that it matches one of the given public keys. Returns VERIFY_SUCCESS or
+//  VERIFY_FAILURE (if any error is encountered or no key matches the signature).
+int verify_file(VerifierInterface* package, const std::vector<Certificate>& keys);

 // Checks that the RSA key has a modulus of 2048 bits long, and public exponent is 3 or 65537.
 bool CheckRSAKey(const std::unique_ptr<RSA, RSADeleter>& rsa);