Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / 923d8faa6b341ce5e16a760749e98cc6703ca2fd^! / . / payload_generator / payload_signer.cc
commit923d8faa6b341ce5e16a760749e98cc6703ca2fd[log] [tgz]
authorAlex Deymo <deymo@chromium.org>Tue Jul 15 17:58:51 2014 -0700
committerchrome-internal-fetch <chrome-internal-fetch@google.com>Fri Jul 18 04:44:19 2014 +0000
treea58a0a8ee88308c33c77ff6cb4ab52f907f6b952
parent719bfff28b2bc76e2617b6e3907ceb967eaac1ef [diff] [blame]
update_engine: Split payload signing and verification.

Payloads are only signed on server-side code (delta_generator) and
verified on both sides and unittest. This removes the dependency of
payload_generator/ code from delta_performer.cc by spliting the
payload signing and verification in two files.

Currently, both files are still included on all the built files.

This patch also includes some minor linter fixes.

BUG=chromium:394184
TEST=FEATURES="test" emerge-link update_engine; sudo emerge update_engine

Change-Id: Ia4268257f4260902bc37612f429f44ba7e8f65fd
Reviewed-on: https://chromium-review.googlesource.com/208540
Tested-by: Alex Deymo <deymo@chromium.org>
Reviewed-by: Alex Vakulenko <avakulenko@chromium.org>
Commit-Queue: Alex Deymo <deymo@chromium.org>

diff --git a/payload_generator/payload_signer.cc b/payload_generator/payload_signer.cc
new file mode 100644
index 0000000..4bbb155
--- /dev/null
+++ b/payload_generator/payload_signer.cc

@@ -0,0 +1,331 @@
+// Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "update_engine/payload_generator/payload_signer.h"
+
+#include <base/logging.h>
+#include <base/strings/string_split.h>
+#include <base/strings/string_util.h>
+#include <openssl/pem.h>
+
+#include "update_engine/omaha_hash_calculator.h"
+#include "update_engine/payload_generator/delta_diff_generator.h"
+#include "update_engine/payload_verifier.h"
+#include "update_engine/subprocess.h"
+#include "update_engine/update_metadata.pb.h"
+#include "update_engine/utils.h"
+
+using std::string;
+using std::vector;
+
+namespace chromeos_update_engine {
+
+namespace {
+
+// Given raw |signatures|, packs them into a protobuf and serializes it into a
+// binary blob. Returns true on success, false otherwise.
+bool ConvertSignatureToProtobufBlob(const vector<vector<char> >& signatures,
+                                    vector<char>* out_signature_blob) {
+  // Pack it into a protobuf
+  Signatures out_message;
+  uint32_t version = kSignatureMessageOriginalVersion;
+  LOG_IF(WARNING, kSignatureMessageCurrentVersion -
+         kSignatureMessageOriginalVersion + 1 < signatures.size())
+      << "You may want to support clients in the range ["
+      << kSignatureMessageOriginalVersion << ", "
+      << kSignatureMessageCurrentVersion << "] inclusive, but you only "
+      << "provided " << signatures.size() << " signatures.";
+  for (vector<vector<char> >::const_iterator it = signatures.begin(),
+           e = signatures.end(); it != e; ++it) {
+    const vector<char>& signature = *it;
+    Signatures_Signature* sig_message = out_message.add_signatures();
+    sig_message->set_version(version++);
+    sig_message->set_data(signature.data(), signature.size());
+  }
+
+  // Serialize protobuf
+  string serialized;
+  TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized));
+  out_signature_blob->insert(out_signature_blob->end(),
+                             serialized.begin(),
+                             serialized.end());
+  LOG(INFO) << "Signature blob size: " << out_signature_blob->size();
+  return true;
+}
+
+// Given an unsigned payload under |payload_path| and the |signature_blob_size|
+// generates an updated payload that includes a dummy signature op in its
+// manifest. It populates |out_metadata_size| with the size of the final
+// manifest after adding the dummy signature operation, and
+// |out_signatures_offset| with the expected offset for the new blob. Returns
+// true on success, false otherwise.
+bool AddSignatureOpToPayload(const string& payload_path,
+                             uint64_t signature_blob_size,
+                             vector<char>* out_payload,
+                             uint64_t* out_metadata_size,
+                             uint64_t* out_signatures_offset) {
+  const int kProtobufOffset = 20;
+  const int kProtobufSizeOffset = 12;
+
+  // Loads the payload.
+  vector<char> payload;
+  DeltaArchiveManifest manifest;
+  uint64_t metadata_size;
+  TEST_AND_RETURN_FALSE(PayloadVerifier::LoadPayload(
+      payload_path, &payload, &manifest, &metadata_size));
+
+  // Is there already a signature op in place?
+  if (manifest.has_signatures_size()) {
+    // The signature op is tied to the size of the signature blob, but not it's
+    // contents. We don't allow the manifest to change if there is already an op
+    // present, because that might invalidate previously generated
+    // hashes/signatures.
+    if (manifest.signatures_size() != signature_blob_size) {
+      LOG(ERROR) << "Attempt to insert different signature sized blob. "
+                 << "(current:" << manifest.signatures_size()
+                 << "new:" << signature_blob_size << ")";
+      return false;
+    }
+
+    LOG(INFO) << "Matching signature sizes already present.";
+  } else {
+    // Updates the manifest to include the signature operation.
+    DeltaDiffGenerator::AddSignatureOp(payload.size() - metadata_size,
+                                       signature_blob_size,
+                                       &manifest);
+
+    // Updates the payload to include the new manifest.
+    string serialized_manifest;
+    TEST_AND_RETURN_FALSE(manifest.AppendToString(&serialized_manifest));
+    LOG(INFO) << "Updated protobuf size: " << serialized_manifest.size();
+    payload.erase(payload.begin() + kProtobufOffset,
+                  payload.begin() + metadata_size);
+    payload.insert(payload.begin() + kProtobufOffset,
+                   serialized_manifest.begin(),
+                   serialized_manifest.end());
+
+    // Updates the protobuf size.
+    uint64_t size_be = htobe64(serialized_manifest.size());
+    memcpy(&payload[kProtobufSizeOffset], &size_be, sizeof(size_be));
+    metadata_size = serialized_manifest.size() + kProtobufOffset;
+
+    LOG(INFO) << "Updated payload size: " << payload.size();
+    LOG(INFO) << "Updated metadata size: " << metadata_size;
+  }
+
+  out_payload->swap(payload);
+  *out_metadata_size = metadata_size;
+  *out_signatures_offset = metadata_size + manifest.signatures_offset();
+  LOG(INFO) << "Signature Blob Offset: " << *out_signatures_offset;
+  return true;
+}
+}  // namespace
+
+bool PayloadSigner::SignHash(const vector<char>& hash,
+                             const string& private_key_path,
+                             vector<char>* out_signature) {
+  LOG(INFO) << "Signing hash with private key: " << private_key_path;
+  string sig_path;
+  TEST_AND_RETURN_FALSE(
+      utils::MakeTempFile("signature.XXXXXX", &sig_path, NULL));
+  ScopedPathUnlinker sig_path_unlinker(sig_path);
+
+  string hash_path;
+  TEST_AND_RETURN_FALSE(
+      utils::MakeTempFile("hash.XXXXXX", &hash_path, NULL));
+  ScopedPathUnlinker hash_path_unlinker(hash_path);
+  // We expect unpadded SHA256 hash coming in
+  TEST_AND_RETURN_FALSE(hash.size() == 32);
+  vector<char> padded_hash(hash);
+  PayloadVerifier::PadRSA2048SHA256Hash(&padded_hash);
+  TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(),
+                                         padded_hash.data(),
+                                         padded_hash.size()));
+
+  // This runs on the server, so it's okay to cop out and call openssl
+  // executable rather than properly use the library
+  vector<string> cmd;
+  base::SplitString("openssl rsautl -raw -sign -inkey x -in x -out x",
+                    ' ',
+                    &cmd);
+  cmd[cmd.size() - 5] = private_key_path;
+  cmd[cmd.size() - 3] = hash_path;
+  cmd[cmd.size() - 1] = sig_path;
+
+  // When running unittests, we need to use the openssl version from the
+  // SYSROOT instead of the one on the $PATH (host).
+  cmd[0] = utils::GetPathOnBoard("openssl");
+
+  int return_code = 0;
+  TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code, NULL));
+  TEST_AND_RETURN_FALSE(return_code == 0);
+
+  vector<char> signature;
+  TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature));
+  out_signature->swap(signature);
+  return true;
+}
+
+bool PayloadSigner::SignPayload(const string& unsigned_payload_path,
+                                const vector<string>& private_key_paths,
+                                vector<char>* out_signature_blob) {
+  vector<char> hash_data;
+  TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfFile(
+      unsigned_payload_path, -1, &hash_data) ==
+                        utils::FileSize(unsigned_payload_path));
+
+  vector<vector<char> > signatures;
+  for (vector<string>::const_iterator it = private_key_paths.begin(),
+           e = private_key_paths.end(); it != e; ++it) {
+    vector<char> signature;
+    TEST_AND_RETURN_FALSE(SignHash(hash_data, *it, &signature));
+    signatures.push_back(signature);
+  }
+  TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures,
+                                                       out_signature_blob));
+  return true;
+}
+
+bool PayloadSigner::SignatureBlobLength(const vector<string>& private_key_paths,
+                                        uint64_t* out_length) {
+  DCHECK(out_length);
+
+  string x_path;
+  TEST_AND_RETURN_FALSE(
+      utils::MakeTempFile("signed_data.XXXXXX", &x_path, NULL));
+  ScopedPathUnlinker x_path_unlinker(x_path);
+  TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1));
+
+  vector<char> sig_blob;
+  TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path,
+                                                   private_key_paths,
+                                                   &sig_blob));
+  *out_length = sig_blob.size();
+  return true;
+}
+
+bool PayloadSigner::PrepPayloadForHashing(
+        const string& payload_path,
+        const vector<int>& signature_sizes,
+        vector<char>* payload_out,
+        uint64_t* metadata_size_out,
+        uint64_t* signatures_offset_out) {
+  // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
+
+  // Loads the payload and adds the signature op to it.
+  vector<vector<char> > signatures;
+  for (vector<int>::const_iterator it = signature_sizes.begin(),
+           e = signature_sizes.end(); it != e; ++it) {
+    vector<char> signature(*it, 0);
+    signatures.push_back(signature);
+  }
+  vector<char> signature_blob;
+  TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures,
+                                                       &signature_blob));
+  TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path,
+                                                signature_blob.size(),
+                                                payload_out,
+                                                metadata_size_out,
+                                                signatures_offset_out));
+
+  return true;
+}
+
+bool PayloadSigner::HashPayloadForSigning(const string& payload_path,
+                                          const vector<int>& signature_sizes,
+                                          vector<char>* out_hash_data) {
+  vector<char> payload;
+  uint64_t metadata_size;
+  uint64_t signatures_offset;
+
+  TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path,
+                                              signature_sizes,
+                                              &payload,
+                                              &metadata_size,
+                                              &signatures_offset));
+
+  // Calculates the hash on the updated payload. Note that we stop calculating
+  // before we reach the signature information.
+  TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(&payload[0],
+                                                            signatures_offset,
+                                                            out_hash_data));
+  return true;
+}
+
+bool PayloadSigner::HashMetadataForSigning(const string& payload_path,
+                                           const vector<int>& signature_sizes,
+                                           vector<char>* out_metadata_hash) {
+  vector<char> payload;
+  uint64_t metadata_size;
+  uint64_t signatures_offset;
+
+  TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path,
+                                              signature_sizes,
+                                              &payload,
+                                              &metadata_size,
+                                              &signatures_offset));
+
+  // Calculates the hash on the manifest.
+  TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(&payload[0],
+                                                            metadata_size,
+                                                            out_metadata_hash));
+  return true;
+}
+
+bool PayloadSigner::AddSignatureToPayload(
+    const string& payload_path,
+    const vector<vector<char> >& signatures,
+    const string& signed_payload_path,
+    uint64_t *out_metadata_size) {
+  // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
+
+  // Loads the payload and adds the signature op to it.
+  vector<char> signature_blob;
+  TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures,
+                                                       &signature_blob));
+  vector<char> payload;
+  uint64_t signatures_offset;
+  TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path,
+                                                signature_blob.size(),
+                                                &payload,
+                                                out_metadata_size,
+                                                &signatures_offset));
+  // Appends the signature blob to the end of the payload and writes the new
+  // payload.
+  LOG(INFO) << "Payload size before signatures: " << payload.size();
+  payload.resize(signatures_offset);
+  payload.insert(payload.begin() + signatures_offset,
+                 signature_blob.begin(),
+                 signature_blob.end());
+  LOG(INFO) << "Signed payload size: " << payload.size();
+  TEST_AND_RETURN_FALSE(utils::WriteFile(signed_payload_path.c_str(),
+                                         payload.data(),
+                                         payload.size()));
+  return true;
+}
+
+bool PayloadSigner::GetMetadataSignature(const char* const metadata,
+                                         size_t metadata_size,
+                                         const string& private_key_path,
+                                         string* out_signature) {
+  // Calculates the hash on the updated payload. Note that the payload includes
+  // the signature op but doesn't include the signature blob at the end.
+  vector<char> metadata_hash;
+  TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(metadata,
+                                                            metadata_size,
+                                                            &metadata_hash));
+
+  vector<char> signature;
+  TEST_AND_RETURN_FALSE(SignHash(metadata_hash,
+                                 private_key_path,
+                                 &signature));
+
+  TEST_AND_RETURN_FALSE(OmahaHashCalculator::Base64Encode(&signature[0],
+                                                          signature.size(),
+                                                          out_signature));
+  return true;
+}
+
+
+}  // namespace chromeos_update_engine