Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / 85d02b7a8593f662818b3fe5f31281c443574654 / . / payload_signer.cc
blob: c27e3bcf1c95a36cf9e0217b0f2af6d08c8e55b4 [file] [log] [blame]
Darin Petkov85d02b72011-05-17 13:25:51 -0700[diff] [blame^]1// Copyright (c) 2011 The Chromium OS Authors. All rights reserved.
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "update_engine/payload_signer.h"
6
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]7#include <base/logging.h>
Chris Masoned903c3b2011-05-12 15:35:46 -0700[diff] [blame]8#include <base/string_split.h>
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]9#include <base/string_util.h>
10#include <openssl/pem.h>
11
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]12#include "update_engine/delta_diff_generator.h"
13#include "update_engine/delta_performer.h"
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]14#include "update_engine/omaha_hash_calculator.h"
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]15#include "update_engine/subprocess.h"
16#include "update_engine/update_metadata.pb.h"
17#include "update_engine/utils.h"
18
19using std::string;
20using std::vector;
21
22namespace chromeos_update_engine {
23
24const uint32_t kSignatureMessageVersion = 1;
25
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]26namespace {
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame]27
28const char kRSA2048SHA256Padding[] = {
29 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
30 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
31 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
32 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
33 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
34 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
35 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
36 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
37 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
38 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
39 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
40 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
41 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
42 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
43 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
44 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30,
45 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
46 0x00, 0x04, 0x20
47};
48
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]49// Given a raw |signature|, packs it into a protobuf and serializes it into a
50// binary blob. Returns true on success, false otherwise.
51bool ConvertSignatureToProtobufBlob(const vector<char> signature,
52 vector<char>* out_signature_blob) {
53 // Pack it into a protobuf
54 Signatures out_message;
55 Signatures_Signature* sig_message = out_message.add_signatures();
56 sig_message->set_version(kSignatureMessageVersion);
57 sig_message->set_data(signature.data(), signature.size());
58
59 // Serialize protobuf
60 string serialized;
61 TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized));
62 out_signature_blob->insert(out_signature_blob->end(),
63 serialized.begin(),
64 serialized.end());
65 LOG(INFO) << "Signature blob size: " << out_signature_blob->size();
66 return true;
67}
68
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]69bool LoadPayload(const string& payload_path,
70 vector<char>* out_payload,
71 DeltaArchiveManifest* out_manifest,
72 uint64_t* out_metadata_size) {
73 vector<char> payload;
74 // Loads the payload and parses the manifest.
75 TEST_AND_RETURN_FALSE(utils::ReadFile(payload_path, &payload));
76 LOG(INFO) << "Payload size: " << payload.size();
77 TEST_AND_RETURN_FALSE(DeltaPerformer::ParsePayloadMetadata(
78 payload, out_manifest, out_metadata_size) ==
79 DeltaPerformer::kMetadataParseSuccess);
80 LOG(INFO) << "Metadata size: " << *out_metadata_size;
81 out_payload->swap(payload);
82 return true;
83}
84
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]85// Given an unsigned payload under |payload_path| and the |signature_blob_size|
86// generates an updated payload that includes a dummy signature op in its
87// manifest. Returns true on success, false otherwise.
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]88bool AddSignatureOpToPayload(const string& payload_path,
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]89 int signature_blob_size,
90 vector<char>* out_payload) {
91 const int kProtobufOffset = 20;
92 const int kProtobufSizeOffset = 12;
93
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]94 // Loads the payload.
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]95 vector<char> payload;
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]96 DeltaArchiveManifest manifest;
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]97 uint64_t metadata_size;
98 TEST_AND_RETURN_FALSE(LoadPayload(
99 payload_path, &payload, &manifest, &metadata_size));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]100 TEST_AND_RETURN_FALSE(!manifest.has_signatures_offset() &&
101 !manifest.has_signatures_size());
102
103 // Updates the manifest to include the signature operation.
104 DeltaDiffGenerator::AddSignatureOp(payload.size() - metadata_size,
105 signature_blob_size,
106 &manifest);
107
108 // Updates the payload to include the new manifest.
109 string serialized_manifest;
110 TEST_AND_RETURN_FALSE(manifest.AppendToString(&serialized_manifest));
111 LOG(INFO) << "Updated protobuf size: " << serialized_manifest.size();
112 payload.erase(payload.begin() + kProtobufOffset,
113 payload.begin() + metadata_size);
114 payload.insert(payload.begin() + kProtobufOffset,
115 serialized_manifest.begin(),
116 serialized_manifest.end());
117
118 // Updates the protobuf size.
119 uint64_t size_be = htobe64(serialized_manifest.size());
120 memcpy(&payload[kProtobufSizeOffset], &size_be, sizeof(size_be));
121 LOG(INFO) << "Updated payload size: " << payload.size();
122 out_payload->swap(payload);
123 return true;
124}
125} // namespace {}
126
127bool PayloadSigner::SignHash(const vector<char>& hash,
128 const string& private_key_path,
129 vector<char>* out_signature) {
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]130 string sig_path;
131 TEST_AND_RETURN_FALSE(
132 utils::MakeTempFile("/tmp/signature.XXXXXX", &sig_path, NULL));
133 ScopedPathUnlinker sig_path_unlinker(sig_path);
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]134
135 string hash_path;
136 TEST_AND_RETURN_FALSE(
137 utils::MakeTempFile("/tmp/hash.XXXXXX", &hash_path, NULL));
138 ScopedPathUnlinker hash_path_unlinker(hash_path);
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame]139 // We expect unpadded SHA256 hash coming in
140 TEST_AND_RETURN_FALSE(hash.size() == 32);
141 vector<char> padded_hash(hash);
142 PadRSA2048SHA256Hash(&padded_hash);
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]143 TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(),
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame]144 padded_hash.data(),
145 padded_hash.size()));
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]146
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]147 // This runs on the server, so it's okay to cop out and call openssl
148 // executable rather than properly use the library
149 vector<string> cmd;
Chris Masoned903c3b2011-05-12 15:35:46 -0700[diff] [blame]150 base::SplitString("/usr/bin/openssl rsautl -raw -sign -inkey x -in x -out x",
151 ' ',
152 &cmd);
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]153 cmd[cmd.size() - 5] = private_key_path;
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]154 cmd[cmd.size() - 3] = hash_path;
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]155 cmd[cmd.size() - 1] = sig_path;
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]156
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]157 int return_code = 0;
Darin Petkov85d02b72011-05-17 13:25:51 -0700[diff] [blame^]158 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code, NULL));
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]159 TEST_AND_RETURN_FALSE(return_code == 0);
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]160
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]161 vector<char> signature;
162 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]163 out_signature->swap(signature);
164 return true;
165}
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]166
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]167bool PayloadSigner::SignPayload(const string& unsigned_payload_path,
168 const string& private_key_path,
169 vector<char>* out_signature_blob) {
170 vector<char> hash_data;
171 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfFile(
172 unsigned_payload_path, -1, &hash_data) ==
173 utils::FileSize(unsigned_payload_path));
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]174
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]175 vector<char> signature;
176 TEST_AND_RETURN_FALSE(SignHash(hash_data, private_key_path, &signature));
177 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signature,
178 out_signature_blob));
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]179 return true;
180}
181
182bool PayloadSigner::SignatureBlobLength(
183 const string& private_key_path,
184 uint64_t* out_length) {
185 DCHECK(out_length);
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]186
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]187 string x_path;
188 TEST_AND_RETURN_FALSE(
189 utils::MakeTempFile("/tmp/signed_data.XXXXXX", &x_path, NULL));
190 ScopedPathUnlinker x_path_unlinker(x_path);
191 TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1));
192
193 vector<char> sig_blob;
194 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path,
195 private_key_path,
196 &sig_blob));
197 *out_length = sig_blob.size();
198 return true;
199}
200
Darin Petkovd7061ab2010-10-06 14:37:09 -0700[diff] [blame]201bool PayloadSigner::VerifySignature(const std::vector<char>& signature_blob,
202 const std::string& public_key_path,
203 std::vector<char>* out_hash_data) {
204 TEST_AND_RETURN_FALSE(!public_key_path.empty());
205
206 Signatures signatures;
207 TEST_AND_RETURN_FALSE(signatures.ParseFromArray(&signature_blob[0],
208 signature_blob.size()));
209
210 // Finds a signature that matches the current version.
211 int sig_index = 0;
212 for (; sig_index < signatures.signatures_size(); sig_index++) {
213 const Signatures_Signature& signature = signatures.signatures(sig_index);
214 if (signature.has_version() &&
215 signature.version() == kSignatureMessageVersion) {
216 break;
217 }
218 }
219 TEST_AND_RETURN_FALSE(sig_index < signatures.signatures_size());
220
221 const Signatures_Signature& signature = signatures.signatures(sig_index);
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]222 const string& sig_data = signature.data();
Darin Petkovd7061ab2010-10-06 14:37:09 -0700[diff] [blame]223
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]224 // The code below executes the equivalent of:
225 //
226 // openssl rsautl -verify -pubin -inkey |public_key_path|
227 // -in |sig_data| -out |out_hash_data|
Darin Petkovd7061ab2010-10-06 14:37:09 -0700[diff] [blame]228
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]229 // Loads the public key.
230 FILE* fpubkey = fopen(public_key_path.c_str(), "rb");
231 TEST_AND_RETURN_FALSE(fpubkey != NULL);
232 char dummy_password[] = { ' ', 0 }; // Ensure no password is read from stdin.
233 RSA* rsa = PEM_read_RSA_PUBKEY(fpubkey, NULL, NULL, dummy_password);
234 fclose(fpubkey);
235 TEST_AND_RETURN_FALSE(rsa != NULL);
236 unsigned int keysize = RSA_size(rsa);
237 if (sig_data.size() > 2 * keysize) {
238 LOG(ERROR) << "Signature size is too big for public key size.";
239 RSA_free(rsa);
240 return false;
241 }
Darin Petkovd7061ab2010-10-06 14:37:09 -0700[diff] [blame]242
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]243 // Decrypts the signature.
244 vector<char> hash_data(keysize);
245 int decrypt_size = RSA_public_decrypt(
246 sig_data.size(),
247 reinterpret_cast<const unsigned char*>(sig_data.data()),
248 reinterpret_cast<unsigned char*>(hash_data.data()),
249 rsa,
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame]250 RSA_NO_PADDING);
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]251 RSA_free(rsa);
252 TEST_AND_RETURN_FALSE(decrypt_size > 0 &&
253 decrypt_size <= static_cast<int>(hash_data.size()));
254 hash_data.resize(decrypt_size);
255 out_hash_data->swap(hash_data);
Darin Petkovd7061ab2010-10-06 14:37:09 -0700[diff] [blame]256 return true;
257}
258
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]259bool PayloadSigner::VerifySignedPayload(const std::string& payload_path,
260 const std::string& public_key_path) {
261 vector<char> payload;
262 DeltaArchiveManifest manifest;
263 uint64_t metadata_size;
264 TEST_AND_RETURN_FALSE(LoadPayload(
265 payload_path, &payload, &manifest, &metadata_size));
266 TEST_AND_RETURN_FALSE(manifest.has_signatures_offset() &&
267 manifest.has_signatures_size());
268 CHECK_EQ(payload.size(),
269 metadata_size + manifest.signatures_offset() +
270 manifest.signatures_size());
271 vector<char> signature_blob(
272 payload.begin() + metadata_size + manifest.signatures_offset(),
273 payload.end());
274 vector<char> signed_hash;
275 TEST_AND_RETURN_FALSE(VerifySignature(
276 signature_blob, public_key_path, &signed_hash));
277 TEST_AND_RETURN_FALSE(!signed_hash.empty());
278 vector<char> hash;
279 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(
280 payload.data(), metadata_size + manifest.signatures_offset(), &hash));
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame]281 PadRSA2048SHA256Hash(&hash);
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]282 TEST_AND_RETURN_FALSE(hash == signed_hash);
283 return true;
284}
285
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]286bool PayloadSigner::HashPayloadForSigning(const std::string& payload_path,
287 int signature_size,
288 vector<char>* out_hash_data) {
289 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
290
291 // Loads the payload and adds the signature op to it.
292 vector<char> signature(signature_size, 0);
293 vector<char> signature_blob;
294 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signature,
295 &signature_blob));
296 vector<char> payload;
297 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path,
298 signature_blob.size(),
299 &payload));
300 // Calculates the hash on the updated payload. Note that the payload includes
301 // the signature op but doesn't include the signature blob at the end.
302 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfData(payload,
303 out_hash_data));
304 return true;
305}
306
307bool PayloadSigner::AddSignatureToPayload(const string& payload_path,
308 const vector<char>& signature,
309 const string& signed_payload_path) {
310 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
311
312 // Loads the payload and adds the signature op to it.
313 vector<char> signature_blob;
314 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signature,
315 &signature_blob));
316 vector<char> payload;
317 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path,
318 signature_blob.size(),
319 &payload));
320 // Appends the signature blob to the end of the payload and writes the new
321 // payload.
322 payload.insert(payload.end(), signature_blob.begin(), signature_blob.end());
323 LOG(INFO) << "Signed payload size: " << payload.size();
324 TEST_AND_RETURN_FALSE(utils::WriteFile(signed_payload_path.c_str(),
325 payload.data(),
326 payload.size()));
327 return true;
328}
329
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame]330bool PayloadSigner::PadRSA2048SHA256Hash(std::vector<char>* hash) {
331 TEST_AND_RETURN_FALSE(hash->size() == 32);
332 hash->insert(hash->begin(),
333 kRSA2048SHA256Padding,
334 kRSA2048SHA256Padding + sizeof(kRSA2048SHA256Padding));
335 TEST_AND_RETURN_FALSE(hash->size() == 256);
336 return true;
337}
338
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]339} // namespace chromeos_update_engine