xref: /aosp_15_r20/system/update_engine/payload_consumer/delta_performer_integration_test.cc (revision 5a9231315b4521097b8dc3750bc806fcafe0c72f)

//
// Copyright (C) 2012 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//

#include "update_engine/payload_consumer/delta_performer.h"

#include <sys/mount.h>

#include <algorithm>
#include <list>
#include <string>
#include <vector>

#include <base/files/file_path.h>
#include <base/files/file_util.h>
#include <android-base/stringprintf.h>
#include <gmock/gmock-matchers.h>
#include <google/protobuf/repeated_field.h>
#include <gtest/gtest.h>
#include <openssl/pem.h>

#include "update_engine/common/constants.h"
#include "update_engine/common/fake_boot_control.h"
#include "update_engine/common/fake_hardware.h"
#include "update_engine/common/fake_prefs.h"
#include "update_engine/common/mock_download_action.h"
#include "update_engine/common/mock_prefs.h"
#include "update_engine/common/test_utils.h"
#include "update_engine/common/testing_constants.h"
#include "update_engine/common/utils.h"
#include "update_engine/payload_consumer/install_plan.h"
#include "update_engine/payload_consumer/payload_constants.h"
#include "update_engine/payload_consumer/payload_metadata.h"
#include "update_engine/payload_generator/delta_diff_generator.h"
#include "update_engine/payload_generator/payload_signer.h"
#include "update_engine/update_metadata.pb.h"

namespace chromeos_update_engine {

using std::list;
using std::string;
using std::unique_ptr;
using std::vector;
using test_utils::GetBuildArtifactsPath;
using test_utils::kRandomString;
using test_utils::ScopedLoopMounter;
using test_utils::System;
using testing::_;
using testing::IsEmpty;
using testing::NiceMock;
using testing::Not;
using testing::Return;

static const uint32_t kDefaultKernelSize = 4096;  // Something small for a test
// clang-format off
static const uint8_t kNewData[] = {'T', 'h', 'i', 's', ' ', 'i', 's', ' ',
                                   'n', 'e', 'w', ' ', 'd', 'a', 't', 'a', '.'};
// clang-format on

namespace {
struct DeltaState {
  unique_ptr<ScopedTempFile> a_img;
  unique_ptr<ScopedTempFile> b_img;
  unique_ptr<ScopedTempFile> result_img;
  size_t image_size;

  unique_ptr<ScopedTempFile> delta_file;
  // The in-memory copy of delta file.
  brillo::Blob delta;
  uint64_t metadata_size;
  uint32_t metadata_signature_size;

  unique_ptr<ScopedTempFile> old_kernel;
  brillo::Blob old_kernel_data;

  unique_ptr<ScopedTempFile> new_kernel;
  brillo::Blob new_kernel_data;

  unique_ptr<ScopedTempFile> result_kernel;
  brillo::Blob result_kernel_data;
  size_t kernel_size;

  // The InstallPlan referenced by the DeltaPerformer. This needs to outlive
  // the DeltaPerformer.
  InstallPlan install_plan;

  // Mock and fake instances used by the delta performer.
  FakeBootControl fake_boot_control_;
  FakeHardware fake_hardware_;
  MockDownloadActionDelegate mock_delegate_;
};

enum SignatureTest {
  kSignatureNone,                  // No payload signing.
  kSignatureGenerator,             // Sign the payload at generation time.
  kSignatureGenerated,             // Sign the payload after it's generated.
  kSignatureGeneratedPlaceholder,  // Insert placeholder signatures, then real.
  kSignatureGeneratedPlaceholderMismatch,  // Insert a wrong sized placeholder.
  kSignatureGeneratedShell,  // Sign the generated payload through shell cmds.
  kSignatureGeneratedShellECKey,      // Sign with a EC key through shell cmds.
  kSignatureGeneratedShellBadKey,     // Sign with a bad key through shell cmds.
  kSignatureGeneratedShellRotateCl1,  // Rotate key, test client v1
  kSignatureGeneratedShellRotateCl2,  // Rotate key, test client v2
};

enum OperationHashTest {
  kInvalidOperationData,
  kValidOperationData,
};

}  // namespace

class DeltaPerformerIntegrationTest : public ::testing::Test {
 public:
  void RunManifestValidation(const DeltaArchiveManifest& manifest,
                             uint64_t major_version,
                             ErrorCode expected) {
    FakePrefs prefs;
    InstallPlan::Payload payload;
    InstallPlan install_plan;
    DeltaPerformer performer{&prefs,
                             nullptr,
                             &fake_hardware_,
                             nullptr,
                             &install_plan,
                             &payload,
                             false /* interactive*/};
    // Delta performer will treat manifest as kDelta payload
    // if it's a partial update.
    payload.type = manifest.partial_update() ? InstallPayloadType::kDelta
                                             : InstallPayloadType::kFull;

    // The Manifest we are validating.
    performer.manifest_.CopyFrom(manifest);
    performer.major_payload_version_ = major_version;

    ASSERT_EQ(expected, performer.ValidateManifest());
  }
  void AddPartition(DeltaArchiveManifest* manifest,
                    string name,
                    int timestamp) {
    auto& partition = *manifest->add_partitions();
    partition.set_version(std::to_string(timestamp));
    partition.set_partition_name(name);
  }
  FakeHardware fake_hardware_;
};

static void CompareFilesByBlock(const string& a_file,
                                const string& b_file,
                                size_t image_size) {
  ASSERT_EQ(0U, image_size % kBlockSize);

  brillo::Blob a_data, b_data;
  ASSERT_TRUE(utils::ReadFile(a_file, &a_data)) << "file failed: " << a_file;
  ASSERT_TRUE(utils::ReadFile(b_file, &b_data)) << "file failed: " << b_file;

  EXPECT_GE(a_data.size(), image_size);
  EXPECT_GE(b_data.size(), image_size);
  for (size_t i = 0; i < image_size; i += kBlockSize) {
    ASSERT_EQ(0U, i % kBlockSize);
    brillo::Blob a_sub(&a_data[i], &a_data[i + kBlockSize]);
    brillo::Blob b_sub(&b_data[i], &b_data[i + kBlockSize]);
    ASSERT_EQ(a_sub, b_sub) << "Block " << (i / kBlockSize) << " differs";
  }
  if (::testing::Test::HasNonfatalFailure()) {
    LOG(INFO) << "Compared filesystems with size " << image_size
              << ", partition A " << a_file << " size: " << a_data.size()
              << ", partition B " << b_file << " size: " << b_data.size();
  }
}

static bool WriteSparseFile(const string& path, off_t size) {
  int fd = open(path.c_str(), O_CREAT | O_TRUNC | O_WRONLY, 0644);
  TEST_AND_RETURN_FALSE_ERRNO(fd >= 0);
  ScopedFdCloser fd_closer(&fd);
  off_t rc = lseek(fd, size + 1, SEEK_SET);
  TEST_AND_RETURN_FALSE_ERRNO(rc != static_cast<off_t>(-1));
  int return_code = ftruncate(fd, size);
  TEST_AND_RETURN_FALSE_ERRNO(return_code == 0);
  return true;
}

static bool WriteByteAtOffset(const string& path, off_t offset) {
  int fd = open(path.c_str(), O_CREAT | O_WRONLY, 0644);
  TEST_AND_RETURN_FALSE_ERRNO(fd >= 0);
  ScopedFdCloser fd_closer(&fd);
  return utils::PWriteAll(fd, "\0", 1, offset);
}

static bool InsertSignaturePlaceholder(size_t signature_size,
                                       const string& payload_path,
                                       uint64_t* out_metadata_size) {
  vector<brillo::Blob> signatures;
  signatures.push_back(brillo::Blob(signature_size, 0));

  return PayloadSigner::AddSignatureToPayload(payload_path,
                                              {signature_size},
                                              signatures,
                                              {},
                                              payload_path,
                                              out_metadata_size);
}

static void SignGeneratedPayload(const string& payload_path,
                                 uint64_t* out_metadata_size) {
  string private_key_path = GetBuildArtifactsPath(kUnittestPrivateKeyPath);
  size_t signature_size{};
  ASSERT_TRUE(PayloadSigner::GetMaximumSignatureSize(private_key_path,
                                                     &signature_size));
  brillo::Blob metadata_hash, payload_hash;
  ASSERT_TRUE(PayloadSigner::HashPayloadForSigning(
      payload_path, {signature_size}, &payload_hash, &metadata_hash));
  brillo::Blob metadata_signature, payload_signature;
  ASSERT_TRUE(PayloadSigner::SignHash(
      payload_hash, private_key_path, &payload_signature));
  ASSERT_TRUE(PayloadSigner::SignHash(
      metadata_hash, private_key_path, &metadata_signature));
  ASSERT_TRUE(PayloadSigner::AddSignatureToPayload(payload_path,
                                                   {signature_size},
                                                   {payload_signature},
                                                   {metadata_signature},
                                                   payload_path,
                                                   out_metadata_size));
  ASSERT_TRUE(PayloadSigner::VerifySignedPayload(
      payload_path, GetBuildArtifactsPath(kUnittestPublicKeyPath)));
}

static void SignGeneratedShellPayloadWithKeys(
    const string& payload_path,
    const vector<string>& private_key_paths,
    const string& public_key_path,
    bool verification_success) {
  vector<string> signature_size_strings;
  for (const auto& key_path : private_key_paths) {
    size_t signature_size{};
    ASSERT_TRUE(
        PayloadSigner::GetMaximumSignatureSize(key_path, &signature_size));
    signature_size_strings.push_back(
        android::base::StringPrintf("%zu", signature_size));
  }
  string signature_size_string =
      android::base::Join(signature_size_strings, ":");

  ScopedTempFile hash_file("hash.XXXXXX"), metadata_hash_file("hash.XXXXXX");
  string delta_generator_path = GetBuildArtifactsPath("delta_generator");
  ASSERT_EQ(0,
            System(android::base::StringPrintf(
                "%s -in_file=%s -signature_size=%s -out_hash_file=%s "
                "-out_metadata_hash_file=%s",
                delta_generator_path.c_str(),
                payload_path.c_str(),
                signature_size_string.c_str(),
                hash_file.path().c_str(),
                metadata_hash_file.path().c_str())));

  // Sign the hash with all private keys.
  list<ScopedTempFile> sig_files, metadata_sig_files;
  vector<string> sig_file_paths, metadata_sig_file_paths;
  for (const auto& key_path : private_key_paths) {
    brillo::Blob hash, signature;
    ASSERT_TRUE(utils::ReadFile(hash_file.path(), &hash));
    ASSERT_TRUE(PayloadSigner::SignHash(hash, key_path, &signature));

    sig_files.emplace_back("signature.XXXXXX");
    ASSERT_TRUE(
        test_utils::WriteFileVector(sig_files.back().path(), signature));
    sig_file_paths.push_back(sig_files.back().path());

    brillo::Blob metadata_hash, metadata_signature;
    ASSERT_TRUE(utils::ReadFile(metadata_hash_file.path(), &metadata_hash));
    ASSERT_TRUE(
        PayloadSigner::SignHash(metadata_hash, key_path, &metadata_signature));

    metadata_sig_files.emplace_back("metadata_signature.XXXXXX");
    ASSERT_TRUE(test_utils::WriteFileVector(metadata_sig_files.back().path(),
                                            metadata_signature));
    metadata_sig_file_paths.push_back(metadata_sig_files.back().path());
  }
  string sig_files_string = android::base::Join(sig_file_paths, ":");
  string metadata_sig_files_string =
      android::base::Join(metadata_sig_file_paths, ":");

  // Add the signature to the payload.
  ASSERT_EQ(
      0,
      System(android::base::StringPrintf("%s --signature_size=%s -in_file=%s "
                                         "-payload_signature_file=%s "
                                         "-metadata_signature_file=%s "
                                         "-out_file=%s",
                                         delta_generator_path.c_str(),
                                         signature_size_string.c_str(),
                                         payload_path.c_str(),
                                         sig_files_string.c_str(),
                                         metadata_sig_files_string.c_str(),
                                         payload_path.c_str())));

  int verify_result =
      System(android::base::StringPrintf("%s -in_file=%s -public_key=%s",
                                         delta_generator_path.c_str(),
                                         payload_path.c_str(),
                                         public_key_path.c_str()));

  if (verification_success) {
    ASSERT_EQ(0, verify_result);
  } else {
    ASSERT_NE(0, verify_result);
  }
}

static void SignGeneratedShellPayload(SignatureTest signature_test,
                                      const string& payload_path) {
  vector<SignatureTest> supported_test = {
      kSignatureGeneratedShell,
      kSignatureGeneratedShellBadKey,
      kSignatureGeneratedShellECKey,
      kSignatureGeneratedShellRotateCl1,
      kSignatureGeneratedShellRotateCl2,
  };
  ASSERT_TRUE(std::find(supported_test.begin(),
                        supported_test.end(),
                        signature_test) != supported_test.end());

  string private_key_path;
  if (signature_test == kSignatureGeneratedShellBadKey) {
    ASSERT_TRUE(utils::MakeTempFile("key.XXXXXX", &private_key_path, nullptr));
  } else if (signature_test == kSignatureGeneratedShellECKey) {
    private_key_path = GetBuildArtifactsPath(kUnittestPrivateKeyECPath);
  } else {
    private_key_path = GetBuildArtifactsPath(kUnittestPrivateKeyPath);
  }
  ScopedPathUnlinker key_unlinker(private_key_path);
  key_unlinker.set_should_remove(signature_test ==
                                 kSignatureGeneratedShellBadKey);

  // Generates a new private key that will not match the public key.
  if (signature_test == kSignatureGeneratedShellBadKey) {
    LOG(INFO) << "Generating a mismatched private key.";
    // The code below executes the equivalent of:
    // openssl genrsa -out <private_key_path> 2048
    RSA* rsa = RSA_new();
    BIGNUM* e = BN_new();
    ASSERT_EQ(1, BN_set_word(e, RSA_F4));
    ASSERT_EQ(1, RSA_generate_key_ex(rsa, 2048, e, nullptr));
    BN_free(e);
    FILE* fprikey = fopen(private_key_path.c_str(), "w");
    EXPECT_NE(nullptr, fprikey);
    ASSERT_EQ(1,
              PEM_write_RSAPrivateKey(
                  fprikey, rsa, nullptr, nullptr, 0, nullptr, nullptr));
    fclose(fprikey);
    RSA_free(rsa);
  }

  vector<string> private_key_paths = {private_key_path};
  if (signature_test == kSignatureGeneratedShellRotateCl1 ||
      signature_test == kSignatureGeneratedShellRotateCl2) {
    private_key_paths.push_back(
        GetBuildArtifactsPath(kUnittestPrivateKey2Path));
  }

  string public_key;
  if (signature_test == kSignatureGeneratedShellRotateCl2) {
    public_key = GetBuildArtifactsPath(kUnittestPublicKey2Path);
  } else if (signature_test == kSignatureGeneratedShellECKey) {
    public_key = GetBuildArtifactsPath(kUnittestPublicKeyECPath);
  } else {
    public_key = GetBuildArtifactsPath(kUnittestPublicKeyPath);
  }

  bool verification_success = signature_test != kSignatureGeneratedShellBadKey;
  SignGeneratedShellPayloadWithKeys(
      payload_path, private_key_paths, public_key, verification_success);
}

static void GenerateDeltaFile(bool full_kernel,
                              bool full_rootfs,
                              ssize_t chunk_size,
                              SignatureTest signature_test,
                              DeltaState* state,
                              uint32_t minor_version) {
  state->a_img.reset(new ScopedTempFile("a_img.XXXXXX"));
  state->b_img.reset(new ScopedTempFile("b_img.XXXXXX"));

  // result_img is used in minor version 2. Instead of applying the update
  // in-place on A, we apply it to a new image, result_img.
  state->result_img.reset(new ScopedTempFile("result_img.XXXXXX"));

  ASSERT_TRUE(
      base::CopyFile(GetBuildArtifactsPath().Append("gen/disk_ext2_4k.img"),
                     base::FilePath(state->a_img->path())));

  state->image_size = utils::FileSize(state->a_img->path());

  // Make some changes to the A image.
  {
    string a_mnt;
    ScopedLoopMounter b_mounter(state->a_img->path(), &a_mnt, 0);

    brillo::Blob hardtocompress;
    while (hardtocompress.size() < 3 * kBlockSize) {
      hardtocompress.insert(hardtocompress.end(),
                            std::begin(kRandomString),
                            std::end(kRandomString));
    }
    ASSERT_TRUE(utils::WriteFile(
        android::base::StringPrintf("%s/hardtocompress", a_mnt.c_str()).c_str(),
        hardtocompress.data(),
        hardtocompress.size()));

    brillo::Blob zeros(16 * 1024, 0);
    ASSERT_EQ(static_cast<int>(zeros.size()),
              base::WriteFile(base::FilePath(android::base::StringPrintf(
                                  "%s/move-to-sparse", a_mnt.c_str())),
                              reinterpret_cast<const char*>(zeros.data()),
                              zeros.size()));

    ASSERT_TRUE(WriteSparseFile(
        android::base::StringPrintf("%s/move-from-sparse", a_mnt.c_str()),
        16 * 1024));

    ASSERT_TRUE(WriteByteAtOffset(
        android::base::StringPrintf("%s/move-semi-sparse", a_mnt.c_str()),
        4096));

    // Write 1 MiB of 0xff to try to catch the case where writing a bsdiff
    // patch fails to zero out the final block.
    brillo::Blob ones(1024 * 1024, 0xff);
    ASSERT_TRUE(utils::WriteFile(
        android::base::StringPrintf("%s/ones", a_mnt.c_str()).c_str(),
        ones.data(),
        ones.size()));
  }

  // Create a result image with image_size bytes of garbage.
  brillo::Blob ones(state->image_size, 0xff);
  ASSERT_TRUE(utils::WriteFile(
      state->result_img->path().c_str(), ones.data(), ones.size()));
  ASSERT_EQ(utils::FileSize(state->a_img->path()),
            utils::FileSize(state->result_img->path()));

  ASSERT_TRUE(
      base::CopyFile(GetBuildArtifactsPath().Append("gen/disk_ext2_4k.img"),
                     base::FilePath(state->b_img->path())));
  {
    // Make some changes to the B image.
    string b_mnt;
    ScopedLoopMounter b_mounter(state->b_img->path(), &b_mnt, 0);
    base::FilePath mnt_path(b_mnt);

    ASSERT_TRUE(base::CopyFile(mnt_path.Append("regular-small"),
                               mnt_path.Append("regular-small2")));
#if BASE_VER < 800000
    ASSERT_TRUE(base::DeleteFile(mnt_path.Append("regular-small"), false));
#else
    ASSERT_TRUE(base::DeleteFile(mnt_path.Append("regular-small")));
#endif
    ASSERT_TRUE(base::Move(mnt_path.Append("regular-small2"),
                           mnt_path.Append("regular-small")));
    ASSERT_TRUE(
        test_utils::WriteFileString(mnt_path.Append("foo").value(), "foo"));
    ASSERT_EQ(0, base::WriteFile(mnt_path.Append("emptyfile"), "", 0));

    ASSERT_TRUE(
        WriteSparseFile(mnt_path.Append("fullsparse").value(), 1024 * 1024));
    ASSERT_TRUE(
        WriteSparseFile(mnt_path.Append("move-to-sparse").value(), 16 * 1024));

    brillo::Blob zeros(16 * 1024, 0);
    ASSERT_EQ(static_cast<int>(zeros.size()),
              base::WriteFile(mnt_path.Append("move-from-sparse"),
                              reinterpret_cast<const char*>(zeros.data()),
                              zeros.size()));

    ASSERT_TRUE(
        WriteByteAtOffset(mnt_path.Append("move-semi-sparse").value(), 4096));
    ASSERT_TRUE(WriteByteAtOffset(mnt_path.Append("partsparse").value(), 4096));

    ASSERT_TRUE(
        base::CopyFile(mnt_path.Append("regular-16k"), mnt_path.Append("tmp")));
    ASSERT_TRUE(base::Move(mnt_path.Append("tmp"),
                           mnt_path.Append("link-hard-regular-16k")));

#if BASE_VER < 800000
    ASSERT_TRUE(base::DeleteFile(mnt_path.Append("link-short_symlink"), false));
#else
    ASSERT_TRUE(base::DeleteFile(mnt_path.Append("link-short_symlink")));
#endif
    ASSERT_TRUE(test_utils::WriteFileString(
        mnt_path.Append("link-short_symlink").value(), "foobar"));

    brillo::Blob hardtocompress;
    while (hardtocompress.size() < 3 * kBlockSize) {
      hardtocompress.insert(hardtocompress.end(),
                            std::begin(kRandomString),
                            std::end(kRandomString));
    }
    ASSERT_TRUE(utils::WriteFile(
        android::base::StringPrintf("%s/hardtocompress", b_mnt.c_str()).c_str(),
        hardtocompress.data(),
        hardtocompress.size()));
  }

  state->old_kernel.reset(new ScopedTempFile("old_kernel.XXXXXX"));
  state->new_kernel.reset(new ScopedTempFile("new_kernel.XXXXXX"));
  state->result_kernel.reset(new ScopedTempFile("result_kernel.XXXXXX"));
  state->kernel_size = kDefaultKernelSize;
  state->old_kernel_data.resize(kDefaultKernelSize);
  state->new_kernel_data.resize(state->old_kernel_data.size());
  state->result_kernel_data.resize(state->old_kernel_data.size());
  test_utils::FillWithData(&state->old_kernel_data);
  test_utils::FillWithData(&state->new_kernel_data);
  test_utils::FillWithData(&state->result_kernel_data);

  // change the new kernel data
  std::copy(
      std::begin(kNewData), std::end(kNewData), state->new_kernel_data.begin());

  // Write kernels to disk
  ASSERT_TRUE(utils::WriteFile(state->old_kernel->path().c_str(),
                               state->old_kernel_data.data(),
                               state->old_kernel_data.size()));
  ASSERT_TRUE(utils::WriteFile(state->new_kernel->path().c_str(),
                               state->new_kernel_data.data(),
                               state->new_kernel_data.size()));
  ASSERT_TRUE(utils::WriteFile(state->result_kernel->path().c_str(),
                               state->result_kernel_data.data(),
                               state->result_kernel_data.size()));

  state->delta_file.reset(new ScopedTempFile("delta.XXXXXX"));
  {
    const string private_key =
        signature_test == kSignatureGenerator
            ? GetBuildArtifactsPath(kUnittestPrivateKeyPath)
            : "";

    PayloadGenerationConfig payload_config;
    payload_config.is_delta = !full_rootfs;
    payload_config.hard_chunk_size = chunk_size;
    payload_config.rootfs_partition_size = kRootFSPartitionSize;
    payload_config.version.major = kBrilloMajorPayloadVersion;
    payload_config.version.minor = minor_version;
    if (!full_rootfs) {
      payload_config.source.partitions.emplace_back(kPartitionNameRoot);
      payload_config.source.partitions.emplace_back(kPartitionNameKernel);
      payload_config.source.partitions.front().path = state->a_img->path();
      if (!full_kernel)
        payload_config.source.partitions.back().path =
            state->old_kernel->path();
      ASSERT_TRUE(payload_config.source.LoadImageSize());
      for (PartitionConfig& part : payload_config.source.partitions)
        ASSERT_TRUE(part.OpenFilesystem());
    } else {
      if (payload_config.hard_chunk_size == -1)
        // Use 1 MiB chunk size for the full unittests.
        payload_config.hard_chunk_size = 1024 * 1024;
    }
    payload_config.target.partitions.emplace_back(kPartitionNameRoot);
    payload_config.target.partitions.back().path = state->b_img->path();
    payload_config.target.partitions.emplace_back(kPartitionNameKernel);
    payload_config.target.partitions.back().path = state->new_kernel->path();
    ASSERT_TRUE(payload_config.target.LoadImageSize());
    for (PartitionConfig& part : payload_config.target.partitions)
      ASSERT_TRUE(part.OpenFilesystem());

    ASSERT_TRUE(payload_config.Validate());
    ASSERT_TRUE(GenerateUpdatePayloadFile(payload_config,
                                          state->delta_file->path(),
                                          private_key,
                                          &state->metadata_size));
  }
  // Extend the "partitions" holding the file system a bit.
  ASSERT_EQ(0,
            HANDLE_EINTR(truncate(state->a_img->path().c_str(),
                                  state->image_size + 1024 * 1024)));
  ASSERT_EQ(static_cast<off_t>(state->image_size + 1024 * 1024),
            utils::FileSize(state->a_img->path()));
  ASSERT_EQ(0,
            HANDLE_EINTR(truncate(state->b_img->path().c_str(),
                                  state->image_size + 1024 * 1024)));
  ASSERT_EQ(static_cast<off_t>(state->image_size + 1024 * 1024),
            utils::FileSize(state->b_img->path()));

  if (signature_test == kSignatureGeneratedPlaceholder ||
      signature_test == kSignatureGeneratedPlaceholderMismatch) {
    size_t signature_size{};
    ASSERT_TRUE(PayloadSigner::GetMaximumSignatureSize(
        GetBuildArtifactsPath(kUnittestPrivateKeyPath), &signature_size));
    LOG(INFO) << "Inserting placeholder signature.";
    ASSERT_TRUE(InsertSignaturePlaceholder(
        signature_size, state->delta_file->path(), &state->metadata_size));

    if (signature_test == kSignatureGeneratedPlaceholderMismatch) {
      signature_size -= 1;
      LOG(INFO) << "Inserting mismatched placeholder signature.";
      ASSERT_TRUE(InsertSignaturePlaceholder(
          signature_size, state->delta_file->path(), &state->metadata_size));
      return;
    }
  }

  if (signature_test == kSignatureGenerated ||
      signature_test == kSignatureGeneratedPlaceholder ||
      signature_test == kSignatureGeneratedPlaceholderMismatch) {
    // Generate the signed payload and update the metadata size in state to
    // reflect the new size after adding the signature operation to the
    // manifest.
    LOG(INFO) << "Signing payload.";
    SignGeneratedPayload(state->delta_file->path(), &state->metadata_size);
  } else if (signature_test == kSignatureGeneratedShell ||
             signature_test == kSignatureGeneratedShellECKey ||
             signature_test == kSignatureGeneratedShellBadKey ||
             signature_test == kSignatureGeneratedShellRotateCl1 ||
             signature_test == kSignatureGeneratedShellRotateCl2) {
    SignGeneratedShellPayload(signature_test, state->delta_file->path());
  }
}

static void ApplyDeltaFile(bool full_kernel,
                           bool full_rootfs,
                           SignatureTest signature_test,
                           DeltaState* state,
                           bool hash_checks_mandatory,
                           OperationHashTest op_hash_test,
                           DeltaPerformer** performer,
                           uint32_t minor_version) {
  // Check the metadata.
  {
    ASSERT_TRUE(utils::ReadFile(state->delta_file->path(), &state->delta));
    PayloadMetadata payload_metadata;
    ASSERT_TRUE(payload_metadata.ParsePayloadHeader(state->delta));
    state->metadata_size = payload_metadata.GetMetadataSize();
    LOG(INFO) << "Metadata size: " << state->metadata_size;
    LOG(INFO) << "Payload size: " << state->delta.size();
    state->metadata_signature_size =
        payload_metadata.GetMetadataSignatureSize();
    LOG(INFO) << "Metadata signature size: " << state->metadata_signature_size;

    DeltaArchiveManifest manifest;
    ASSERT_TRUE(payload_metadata.GetManifest(state->delta, &manifest));
    if (signature_test == kSignatureNone) {
      ASSERT_FALSE(manifest.has_signatures_offset());
      ASSERT_FALSE(manifest.has_signatures_size());
    } else {
      ASSERT_TRUE(manifest.has_signatures_offset());
      ASSERT_TRUE(manifest.has_signatures_size());
      Signatures sigs_message;
      ASSERT_TRUE(sigs_message.ParseFromArray(
          &state->delta[state->metadata_size + state->metadata_signature_size +
                        manifest.signatures_offset()],
          manifest.signatures_size()));
      if (signature_test == kSignatureGeneratedShellRotateCl1 ||
          signature_test == kSignatureGeneratedShellRotateCl2)
        ASSERT_EQ(2, sigs_message.signatures_size());
      else
        ASSERT_EQ(1, sigs_message.signatures_size());
      const Signatures::Signature& signature = sigs_message.signatures(0);

      vector<string> key_paths{GetBuildArtifactsPath(kUnittestPrivateKeyPath)};
      if (signature_test == kSignatureGeneratedShellECKey) {
        key_paths = {GetBuildArtifactsPath(kUnittestPrivateKeyECPath)};
      } else if (signature_test == kSignatureGeneratedShellRotateCl1 ||
                 signature_test == kSignatureGeneratedShellRotateCl2) {
        key_paths.push_back(GetBuildArtifactsPath(kUnittestPrivateKey2Path));
      }
      uint64_t expected_sig_data_length = 0;
      ASSERT_TRUE(PayloadSigner::SignatureBlobLength(
          key_paths, &expected_sig_data_length));
      ASSERT_EQ(expected_sig_data_length, manifest.signatures_size());
      ASSERT_FALSE(signature.data().empty());
    }

    // TODO(ahassani): Make |DeltaState| into a partition list kind of struct
    // instead of hardcoded kernel/rootfs so its cleaner and we can make the
    // following code into a helper function instead.
    const auto& kernel_part = *std::find_if(
        manifest.partitions().begin(),
        manifest.partitions().end(),
        [](const PartitionUpdate& partition) {
          return partition.partition_name() == kPartitionNameKernel;
        });
    if (full_kernel) {
      ASSERT_FALSE(kernel_part.has_old_partition_info());
    } else {
      ASSERT_EQ(state->old_kernel_data.size(),
                kernel_part.old_partition_info().size());
      ASSERT_FALSE(kernel_part.old_partition_info().hash().empty());
    }
    ASSERT_EQ(state->new_kernel_data.size(),
              kernel_part.new_partition_info().size());
    ASSERT_FALSE(kernel_part.new_partition_info().hash().empty());

    const auto& rootfs_part =
        *std::find_if(manifest.partitions().begin(),
                      manifest.partitions().end(),
                      [](const PartitionUpdate& partition) {
                        return partition.partition_name() == kPartitionNameRoot;
                      });
    if (full_rootfs) {
      ASSERT_FALSE(rootfs_part.has_old_partition_info());
    } else {
      ASSERT_FALSE(rootfs_part.old_partition_info().hash().empty());
    }
    ASSERT_FALSE(rootfs_part.new_partition_info().hash().empty());
  }

  NiceMock<MockPrefs> prefs;
  ON_CALL(prefs, SetInt64(kPrefsManifestMetadataSize, -1))
      .WillByDefault(Return(true));
  ON_CALL(prefs, SetInt64(kPrefsUpdateCheckResponseHash, -1))
      .WillByDefault(Return(true));
  ON_CALL(prefs, GetString(kPrefsUpdateCheckResponseHash, _))
      .WillByDefault(Return(true));
  ON_CALL(prefs, GetString(kPrefsDynamicPartitionMetadataUpdated, _))
      .WillByDefault(Return(true));

  // Set default expectation to ignore uninteresting calls to
  // SetString/SetInt64. When starting an update delta_performer might reset
  // update checkpoints, which results in a lot of calls with empty string or
  // integer -1. Ignore these.
  EXPECT_CALL(prefs, SetString(_, IsEmpty())).WillRepeatedly(Return(true));
  EXPECT_CALL(prefs, SetInt64(_, -1)).WillRepeatedly(Return(true));
  EXPECT_CALL(prefs, SetInt64(_, 0)).WillRepeatedly(Return(true));

  EXPECT_CALL(prefs, SetInt64(kPrefsManifestMetadataSize, state->metadata_size))
      .WillOnce(Return(true));
  EXPECT_CALL(
      prefs,
      SetInt64(kPrefsManifestSignatureSize, state->metadata_signature_size))
      .WillOnce(Return(true));
  EXPECT_CALL(prefs, SetInt64(kPrefsUpdateStateNextOperation, _))
      .WillRepeatedly(Return(true));
  EXPECT_CALL(prefs, GetInt64(kPrefsUpdateStateNextOperation, _))
      .WillOnce(Return(false));
  EXPECT_CALL(prefs, SetInt64(kPrefsUpdateStateNextDataOffset, _))
      .WillRepeatedly(Return(true));
  EXPECT_CALL(prefs, SetInt64(kPrefsUpdateStateNextDataLength, _))
      .WillRepeatedly(Return(true));
  EXPECT_CALL(prefs, SetString(kPrefsUpdateStateSHA256Context, _))
      .WillRepeatedly(Return(true));
  EXPECT_CALL(prefs, SetString(kPrefsUpdateStateSignedSHA256Context, _))
      .WillRepeatedly(Return(true));
  EXPECT_CALL(prefs, SetString(kPrefsDynamicPartitionMetadataUpdated, _))
      .WillRepeatedly(Return(true));
  EXPECT_CALL(prefs,
              SetString(kPrefsManifestBytes,
                        testing::SizeIs(state->metadata_signature_size +
                                        state->metadata_size)))
      .WillRepeatedly(Return(true));
  if (op_hash_test == kValidOperationData && signature_test != kSignatureNone) {
    EXPECT_CALL(prefs,
                SetString(kPrefsUpdateStateSignatureBlob, Not(IsEmpty())))
        .WillRepeatedly(Return(true));
  }

  EXPECT_CALL(state->mock_delegate_, ShouldCancel(_))
      .WillRepeatedly(Return(false));

  // Update the A image in place.
  InstallPlan* install_plan = &state->install_plan;
  install_plan->hash_checks_mandatory = hash_checks_mandatory;
  install_plan->payloads = {{.size = state->delta.size(),
                             .metadata_size = state->metadata_size,
                             .type = (full_kernel && full_rootfs)
                                         ? InstallPayloadType::kFull
                                         : InstallPayloadType::kDelta}};
  install_plan->source_slot = 0;
  install_plan->target_slot = 1;

  InstallPlan::Partition root_part;
  root_part.name = kPartitionNameRoot;

  InstallPlan::Partition kernel_part;
  kernel_part.name = kPartitionNameKernel;

  LOG(INFO) << "Setting payload metadata size in Omaha  = "
            << state->metadata_size;
  ASSERT_TRUE(PayloadSigner::GetMetadataSignature(
      state->delta.data(),
      state->metadata_size,
      (signature_test == kSignatureGeneratedShellECKey)
          ? GetBuildArtifactsPath(kUnittestPrivateKeyECPath)
          : GetBuildArtifactsPath(kUnittestPrivateKeyPath),
      &install_plan->payloads[0].metadata_signature));
  ASSERT_FALSE(install_plan->payloads[0].metadata_signature.empty());

  *performer = new DeltaPerformer(&prefs,
                                  &state->fake_boot_control_,
                                  &state->fake_hardware_,
                                  &state->mock_delegate_,
                                  install_plan,
                                  &install_plan->payloads[0],
                                  false /* interactive */,
                                  "");
  string public_key_path = signature_test == kSignatureGeneratedShellECKey
                               ? GetBuildArtifactsPath(kUnittestPublicKeyECPath)
                               : GetBuildArtifactsPath(kUnittestPublicKeyPath);
  ASSERT_TRUE(utils::FileExists(public_key_path.c_str()));
  (*performer)->set_public_key_path(public_key_path);

  ASSERT_EQ(
      static_cast<off_t>(state->image_size),
      HashCalculator::RawHashOfFile(
          state->a_img->path(), state->image_size, &root_part.source_hash));
  ASSERT_TRUE(HashCalculator::RawHashOfData(state->old_kernel_data,
                                            &kernel_part.source_hash));

  // The partitions should be empty before DeltaPerformer.
  install_plan->partitions.clear();

  state->fake_boot_control_.SetPartitionDevice(
      kPartitionNameRoot, install_plan->source_slot, state->a_img->path());
  state->fake_boot_control_.SetPartitionDevice(kPartitionNameKernel,
                                               install_plan->source_slot,
                                               state->old_kernel->path());
  state->fake_boot_control_.SetPartitionDevice(
      kPartitionNameRoot, install_plan->target_slot, state->result_img->path());
  state->fake_boot_control_.SetPartitionDevice(kPartitionNameKernel,
                                               install_plan->target_slot,
                                               state->result_kernel->path());

  ErrorCode expected_error{}, actual_error{};
  bool continue_writing{};
  switch (op_hash_test) {
    case kInvalidOperationData: {
      // Muck with some random offset post the metadata size so that
      // some operation hash will result in a mismatch.
      int some_offset = state->metadata_size + 300;
      LOG(INFO) << "Tampered value at offset: " << some_offset;
      state->delta[some_offset]++;
      expected_error = ErrorCode::kDownloadOperationHashMismatch;
      continue_writing = false;
      break;
    }

    case kValidOperationData:
    default:
      // no change.
      expected_error = ErrorCode::kSuccess;
      continue_writing = true;
      break;
  }

  // Write at some number of bytes per operation. Arbitrarily chose 5.
  const size_t kBytesPerWrite = 5;
  for (size_t i = 0; i < state->delta.size(); i += kBytesPerWrite) {
    size_t count = std::min(state->delta.size() - i, kBytesPerWrite);
    bool write_succeeded =
        ((*performer)->Write(&state->delta[i], count, &actual_error));
    // Normally write_succeeded should be true every time and
    // actual_error should be ErrorCode::kSuccess. If so, continue the loop.
    // But if we seeded an operation hash error above, then write_succeeded
    // will be false. The failure may happen at any operation n. So, all
    // Writes until n-1 should succeed and the nth operation will fail with
    // actual_error. In this case, we should bail out of the loop because
    // we cannot proceed applying the delta.
    if (!write_succeeded) {
      LOG(INFO) << "Write failed. Checking if it failed with expected error";
      ASSERT_EQ(expected_error, actual_error);
      if (!continue_writing) {
        LOG(INFO) << "Cannot continue writing. Bailing out.";
        break;
      }
    }

    ASSERT_EQ(ErrorCode::kSuccess, actual_error);
  }

  // If we had continued all the way through, Close should succeed.
  // Otherwise, it should fail. Check appropriately.
  bool close_result = (*performer)->Close();
  if (continue_writing)
    ASSERT_EQ(0, close_result);
  else
    ASSERT_LE(0, close_result);
}

void VerifyPayloadResult(DeltaPerformer* performer,
                         DeltaState* state,
                         ErrorCode expected_result,
                         uint32_t minor_version) {
  if (!performer) {
    ASSERT_TRUE(!"Skipping payload verification since performer is null.");
    return;
  }

  LOG(INFO) << "Verifying payload for expected result " << expected_result;
  brillo::Blob expected_hash;
  HashCalculator::RawHashOfData(state->delta, &expected_hash);
  ASSERT_EQ(expected_result,
            performer->VerifyPayload(expected_hash, state->delta.size()));
  LOG(INFO) << "Verified payload.";

  if (expected_result != ErrorCode::kSuccess) {
    // no need to verify new partition if VerifyPayload failed.
    return;
  }
  ASSERT_NO_FATAL_FAILURE(CompareFilesByBlock(state->result_kernel->path(),
                                              state->new_kernel->path(),
                                              state->kernel_size));
  ASSERT_NO_FATAL_FAILURE(CompareFilesByBlock(
      state->result_img->path(), state->b_img->path(), state->image_size));

  brillo::Blob updated_kernel_partition;
  ASSERT_TRUE(
      utils::ReadFile(state->result_kernel->path(), &updated_kernel_partition));
  ASSERT_GE(updated_kernel_partition.size(), std::size(kNewData));
  ASSERT_TRUE(std::equal(std::begin(kNewData),
                         std::end(kNewData),
                         updated_kernel_partition.begin()));

  const auto& partitions = state->install_plan.partitions;
  ASSERT_EQ(2U, partitions.size());
  ASSERT_EQ(kPartitionNameRoot, partitions[0].name);
  ASSERT_EQ(kPartitionNameKernel, partitions[1].name);

  ASSERT_EQ(kDefaultKernelSize, partitions[1].target_size);
  brillo::Blob expected_new_kernel_hash;
  ASSERT_TRUE(HashCalculator::RawHashOfData(state->new_kernel_data,
                                            &expected_new_kernel_hash));
  ASSERT_EQ(expected_new_kernel_hash, partitions[1].target_hash);

  ASSERT_EQ(state->image_size, partitions[0].target_size);
  brillo::Blob expected_new_rootfs_hash;
  ASSERT_EQ(
      static_cast<off_t>(state->image_size),
      HashCalculator::RawHashOfFile(
          state->b_img->path(), state->image_size, &expected_new_rootfs_hash));
  ASSERT_EQ(expected_new_rootfs_hash, partitions[0].target_hash);
}

void VerifyPayload(DeltaPerformer* performer,
                   DeltaState* state,
                   SignatureTest signature_test,
                   uint32_t minor_version) {
  ErrorCode expected_result = ErrorCode::kSuccess;
  switch (signature_test) {
    case kSignatureNone:
      expected_result = ErrorCode::kSignedDeltaPayloadExpectedError;
      break;
    case kSignatureGeneratedShellBadKey:
      expected_result = ErrorCode::kDownloadPayloadPubKeyVerificationError;
      break;
    default:
      break;  // appease gcc
  }

  ASSERT_NO_FATAL_FAILURE(
      VerifyPayloadResult(performer, state, expected_result, minor_version));
}

void DoSmallImageTest(bool full_kernel,
                      bool full_rootfs,
                      ssize_t chunk_size,
                      SignatureTest signature_test,
                      bool hash_checks_mandatory,
                      uint32_t minor_version) {
  DeltaState state;
  DeltaPerformer* performer = nullptr;
  ASSERT_NO_FATAL_FAILURE(GenerateDeltaFile(full_kernel,
                                            full_rootfs,
                                            chunk_size,
                                            signature_test,
                                            &state,
                                            minor_version));

  ASSERT_NO_FATAL_FAILURE(ApplyDeltaFile(full_kernel,
                                         full_rootfs,
                                         signature_test,
                                         &state,
                                         hash_checks_mandatory,
                                         kValidOperationData,
                                         &performer,
                                         minor_version));
  ASSERT_NO_FATAL_FAILURE(
      VerifyPayload(performer, &state, signature_test, minor_version));
  delete performer;
}

void DoOperationHashMismatchTest(OperationHashTest op_hash_test,
                                 bool hash_checks_mandatory) {
  DeltaState state;
  uint64_t minor_version = kFullPayloadMinorVersion;
  GenerateDeltaFile(true, true, -1, kSignatureGenerated, &state, minor_version);
  DeltaPerformer* performer = nullptr;
  ASSERT_NO_FATAL_FAILURE(ApplyDeltaFile(true,
                                         true,
                                         kSignatureGenerated,
                                         &state,
                                         hash_checks_mandatory,
                                         op_hash_test,
                                         &performer,
                                         minor_version));
  delete performer;
}

TEST_F(DeltaPerformerIntegrationTest, RunAsRootSmallImageTest) {
  DoSmallImageTest(
      false, false, -1, kSignatureGenerator, false, kSourceMinorPayloadVersion);
}

TEST_F(DeltaPerformerIntegrationTest,
       RunAsRootSmallImageSignaturePlaceholderTest) {
  DoSmallImageTest(false,
                   false,
                   -1,
                   kSignatureGeneratedPlaceholder,
                   false,
                   kSourceMinorPayloadVersion);
}

TEST_F(DeltaPerformerIntegrationTest,
       RunAsRootSmallImageSignaturePlaceholderMismatchTest) {
  DeltaState state;
  GenerateDeltaFile(false,
                    false,
                    -1,
                    kSignatureGeneratedPlaceholderMismatch,
                    &state,
                    kSourceMinorPayloadVersion);
}

TEST_F(DeltaPerformerIntegrationTest, RunAsRootSmallImageChunksTest) {
  DoSmallImageTest(false,
                   false,
                   kBlockSize,
                   kSignatureGenerator,
                   false,
                   kSourceMinorPayloadVersion);
}

TEST_F(DeltaPerformerIntegrationTest, RunAsRootFullKernelSmallImageTest) {
  DoSmallImageTest(
      true, false, -1, kSignatureGenerator, false, kSourceMinorPayloadVersion);
}

TEST_F(DeltaPerformerIntegrationTest, RunAsRootFullSmallImageTest) {
  DoSmallImageTest(
      true, true, -1, kSignatureGenerator, true, kFullPayloadMinorVersion);
}

TEST_F(DeltaPerformerIntegrationTest, RunAsRootSmallImageSignNoneTest) {
  DoSmallImageTest(
      false, false, -1, kSignatureNone, false, kSourceMinorPayloadVersion);
}

TEST_F(DeltaPerformerIntegrationTest, RunAsRootSmallImageSignGeneratedTest) {
  DoSmallImageTest(
      false, false, -1, kSignatureGenerated, true, kSourceMinorPayloadVersion);
}

TEST_F(DeltaPerformerIntegrationTest,
       RunAsRootSmallImageSignGeneratedShellTest) {
  DoSmallImageTest(false,
                   false,
                   -1,
                   kSignatureGeneratedShell,
                   false,
                   kSourceMinorPayloadVersion);
}

TEST_F(DeltaPerformerIntegrationTest,
       RunAsRootSmallImageSignGeneratedShellECKeyTest) {
  DoSmallImageTest(false,
                   false,
                   -1,
                   kSignatureGeneratedShellECKey,
                   false,
                   kSourceMinorPayloadVersion);
}

TEST_F(DeltaPerformerIntegrationTest,
       RunAsRootSmallImageSignGeneratedShellBadKeyTest) {
  DoSmallImageTest(false,
                   false,
                   -1,
                   kSignatureGeneratedShellBadKey,
                   false,
                   kSourceMinorPayloadVersion);
}

TEST_F(DeltaPerformerIntegrationTest,
       RunAsRootSmallImageSignGeneratedShellRotateCl1Test) {
  DoSmallImageTest(false,
                   false,
                   -1,
                   kSignatureGeneratedShellRotateCl1,
                   false,
                   kSourceMinorPayloadVersion);
}

TEST_F(DeltaPerformerIntegrationTest,
       RunAsRootSmallImageSignGeneratedShellRotateCl2Test) {
  DoSmallImageTest(false,
                   false,
                   -1,
                   kSignatureGeneratedShellRotateCl2,
                   false,
                   kSourceMinorPayloadVersion);
}

TEST_F(DeltaPerformerIntegrationTest, RunAsRootSmallImageSourceOpsTest) {
  DoSmallImageTest(
      false, false, -1, kSignatureGenerator, false, kSourceMinorPayloadVersion);
}

TEST_F(DeltaPerformerIntegrationTest,
       RunAsRootMandatoryOperationHashMismatchTest) {
  DoOperationHashMismatchTest(kInvalidOperationData, true);
}

TEST_F(DeltaPerformerIntegrationTest, ValidatePerPartitionTimestampSuccess) {
  // The Manifest we are validating.
  DeltaArchiveManifest manifest;

  fake_hardware_.SetVersion("system", "5");
  fake_hardware_.SetVersion("product", "99");
  fake_hardware_.SetBuildTimestamp(1);

  manifest.set_minor_version(kFullPayloadMinorVersion);
  manifest.set_max_timestamp(2);
  AddPartition(&manifest, "system", 10);
  AddPartition(&manifest, "product", 100);

  RunManifestValidation(
      manifest, kMaxSupportedMajorPayloadVersion, ErrorCode::kSuccess);
}

TEST_F(DeltaPerformerIntegrationTest, ValidatePerPartitionTimestampFailure) {
  // The Manifest we are validating.
  DeltaArchiveManifest manifest;

  fake_hardware_.SetVersion("system", "5");
  fake_hardware_.SetVersion("product", "99");
  fake_hardware_.SetBuildTimestamp(1);

  manifest.set_minor_version(kFullPayloadMinorVersion);
  manifest.set_max_timestamp(2);
  AddPartition(&manifest, "system", 10);
  AddPartition(&manifest, "product", 98);

  RunManifestValidation(manifest,
                        kMaxSupportedMajorPayloadVersion,
                        ErrorCode::kPayloadTimestampError);
}

TEST_F(DeltaPerformerIntegrationTest,
       ValidatePerPartitionTimestampMissingTimestamp) {
  // The Manifest we are validating.
  DeltaArchiveManifest manifest;

  fake_hardware_.SetVersion("system", "5");
  fake_hardware_.SetVersion("product", "99");
  fake_hardware_.SetBuildTimestamp(1);

  manifest.set_minor_version(kFullPayloadMinorVersion);
  manifest.set_max_timestamp(2);
  AddPartition(&manifest, "system", 10);
  {
    auto& partition = *manifest.add_partitions();
    // For complete updates, missing timestamp should not trigger
    // timestamp error.
    partition.set_partition_name("product");
  }

  RunManifestValidation(
      manifest, kMaxSupportedMajorPayloadVersion, ErrorCode::kSuccess);
}

TEST_F(DeltaPerformerIntegrationTest,
       ValidatePerPartitionTimestampPartialUpdatePass) {
  fake_hardware_.SetVersion("system", "5");
  fake_hardware_.SetVersion("product", "99");

  DeltaArchiveManifest manifest;
  manifest.set_minor_version(kPartialUpdateMinorPayloadVersion);
  manifest.set_partial_update(true);
  AddPartition(&manifest, "product", 100);
  RunManifestValidation(
      manifest, kMaxSupportedMajorPayloadVersion, ErrorCode::kSuccess);
}

TEST_F(DeltaPerformerIntegrationTest,
       ValidatePerPartitionTimestampPartialUpdateDowngrade) {
  fake_hardware_.SetVersion("system", "5");
  fake_hardware_.SetVersion("product", "99");

  DeltaArchiveManifest manifest;
  manifest.set_minor_version(kPartialUpdateMinorPayloadVersion);
  manifest.set_partial_update(true);
  AddPartition(&manifest, "product", 98);
  RunManifestValidation(manifest,
                        kMaxSupportedMajorPayloadVersion,
                        ErrorCode::kPayloadTimestampError);
}

TEST_F(DeltaPerformerIntegrationTest,
       ValidatePerPartitionTimestampPartialUpdateMissingVersion) {
  fake_hardware_.SetVersion("system", "5");
  fake_hardware_.SetVersion("product", "99");

  DeltaArchiveManifest manifest;
  manifest.set_minor_version(kPartialUpdateMinorPayloadVersion);
  manifest.set_partial_update(true);
  {
    auto& partition = *manifest.add_partitions();
    // For partial updates, missing timestamp should trigger an error
    partition.set_partition_name("product");
    // has_version() == false.
  }
  RunManifestValidation(manifest,
                        kMaxSupportedMajorPayloadVersion,
                        ErrorCode::kDownloadManifestParseError);
}

TEST_F(DeltaPerformerIntegrationTest,
       ValidatePerPartitionTimestampPartialUpdateEmptyVersion) {
  fake_hardware_.SetVersion("system", "5");
  fake_hardware_.SetVersion("product", "99");

  DeltaArchiveManifest manifest;
  manifest.set_minor_version(kPartialUpdateMinorPayloadVersion);
  manifest.set_partial_update(true);
  {
    auto& partition = *manifest.add_partitions();
    // For partial updates, invalid timestamp should trigger an error
    partition.set_partition_name("product");
    partition.set_version("something");
  }
  RunManifestValidation(manifest,
                        kMaxSupportedMajorPayloadVersion,
                        ErrorCode::kDownloadManifestParseError);
}

}  // namespace chromeos_update_engine