| Alex Deymo | 923d8fa | 2014-07-15 17:58:51 -0700 | [diff] [blame] | 1 | // Copyright 2014 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef UPDATE_ENGINE_PAYLOAD_VERIFIER_H_ |
| 6 | #define UPDATE_ENGINE_PAYLOAD_VERIFIER_H_ |
| 7 | |
| 8 | #include <string> |
| 9 | #include <vector> |
| 10 | |
| Ben Chan | 05735a1 | 2014-09-03 07:48:22 -0700 | [diff] [blame] | 11 | #include <base/macros.h> |
| 12 | |
| Alex Deymo | 923d8fa | 2014-07-15 17:58:51 -0700 | [diff] [blame] | 13 | #include "update_engine/update_metadata.pb.h" |
| 14 | |
| 15 | // This class encapsulates methods used for payload signature verification. |
| 16 | // See payload_generator/payload_signer.h for payload signing. |
| 17 | |
| 18 | namespace chromeos_update_engine { |
| 19 | |
| 20 | extern const uint32_t kSignatureMessageOriginalVersion; |
| 21 | extern const uint32_t kSignatureMessageCurrentVersion; |
| 22 | |
| 23 | class PayloadVerifier { |
| 24 | public: |
| 25 | // Returns false if the payload signature can't be verified. Returns true |
| 26 | // otherwise and sets |out_hash| to the signed payload hash. |
| 27 | static bool VerifySignature(const std::vector<char>& signature_blob, |
| 28 | const std::string& public_key_path, |
| 29 | std::vector<char>* out_hash_data); |
| 30 | |
| 31 | // Interprets signature_blob as a protocol buffer containing the Signatures |
| 32 | // message and decrypts the signature data using the public_key_path and |
| 33 | // stores the resultant raw hash data in out_hash_data. Returns true if |
| 34 | // everything is successful. False otherwise. It also takes the client_version |
| 35 | // and interprets the signature blob according to that version. |
| 36 | static bool VerifySignatureBlob(const std::vector<char>& signature_blob, |
| 37 | const std::string& public_key_path, |
| 38 | uint32_t client_version, |
| 39 | std::vector<char>* out_hash_data); |
| 40 | |
| 41 | // Decrypts sig_data with the given public_key_path and populates |
| 42 | // out_hash_data with the decoded raw hash. Returns true if successful, |
| 43 | // false otherwise. |
| 44 | static bool GetRawHashFromSignature(const std::vector<char>& sig_data, |
| 45 | const std::string& public_key_path, |
| 46 | std::vector<char>* out_hash_data); |
| 47 | |
| 48 | // Returns true if the payload in |payload_path| is signed and its hash can be |
| 49 | // verified using the public key in |public_key_path| with the signature |
| 50 | // of a given version in the signature blob. Returns false otherwise. |
| 51 | static bool VerifySignedPayload(const std::string& payload_path, |
| 52 | const std::string& public_key_path, |
| 53 | uint32_t client_key_check_version); |
| 54 | |
| 55 | // Pads a SHA256 hash so that it may be encrypted/signed with RSA2048 |
| 56 | // using the PKCS#1 v1.5 scheme. |
| 57 | // hash should be a pointer to vector of exactly 256 bits. The vector |
| 58 | // will be modified in place and will result in having a length of |
| 59 | // 2048 bits. Returns true on success, false otherwise. |
| 60 | static bool PadRSA2048SHA256Hash(std::vector<char>* hash); |
| 61 | |
| 62 | // Reads the payload from the given |payload_path| into the |out_payload| |
| 63 | // vector. It also parses the manifest protobuf in the payload and returns it |
| 64 | // in |out_manifest| along with the size of the entire metadata in |
| 65 | // |out_metadata_size|. |
| 66 | static bool LoadPayload(const std::string& payload_path, |
| 67 | std::vector<char>* out_payload, |
| 68 | DeltaArchiveManifest* out_manifest, |
| 69 | uint64_t* out_metadata_size); |
| 70 | |
| 71 | private: |
| 72 | // This should never be constructed |
| 73 | DISALLOW_IMPLICIT_CONSTRUCTORS(PayloadVerifier); |
| 74 | }; |
| 75 | |
| 76 | } // namespace chromeos_update_engine |
| 77 | |
| 78 | #endif // UPDATE_ENGINE_PAYLOAD_VERIFIER_H_ |