Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / bdfaaf0304bb1b49a1fc1252a6d2181830b404e1 / . / payload_signer.cc
blob: ef9791d0983ab5f6dc45cd4db774818defc662bf [file] [log] [blame]
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]1// Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "update_engine/payload_signer.h"
6
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]7#include <base/logging.h>
8#include <base/string_util.h>
9#include <openssl/pem.h>
10
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]11#include "update_engine/delta_diff_generator.h"
12#include "update_engine/delta_performer.h"
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]13#include "update_engine/omaha_hash_calculator.h"
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]14#include "update_engine/subprocess.h"
15#include "update_engine/update_metadata.pb.h"
16#include "update_engine/utils.h"
17
18using std::string;
19using std::vector;
20
21namespace chromeos_update_engine {
22
23const uint32_t kSignatureMessageVersion = 1;
24
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]25namespace {
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame^]26
27const char kRSA2048SHA256Padding[] = {
28 0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
29 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
30 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
31 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
32 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
33 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
34 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
35 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
36 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
37 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
38 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
39 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
40 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
41 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
42 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
43 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30,
44 0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
45 0x00, 0x04, 0x20
46};
47
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]48// Given a raw |signature|, packs it into a protobuf and serializes it into a
49// binary blob. Returns true on success, false otherwise.
50bool ConvertSignatureToProtobufBlob(const vector<char> signature,
51 vector<char>* out_signature_blob) {
52 // Pack it into a protobuf
53 Signatures out_message;
54 Signatures_Signature* sig_message = out_message.add_signatures();
55 sig_message->set_version(kSignatureMessageVersion);
56 sig_message->set_data(signature.data(), signature.size());
57
58 // Serialize protobuf
59 string serialized;
60 TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized));
61 out_signature_blob->insert(out_signature_blob->end(),
62 serialized.begin(),
63 serialized.end());
64 LOG(INFO) << "Signature blob size: " << out_signature_blob->size();
65 return true;
66}
67
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]68bool LoadPayload(const string& payload_path,
69 vector<char>* out_payload,
70 DeltaArchiveManifest* out_manifest,
71 uint64_t* out_metadata_size) {
72 vector<char> payload;
73 // Loads the payload and parses the manifest.
74 TEST_AND_RETURN_FALSE(utils::ReadFile(payload_path, &payload));
75 LOG(INFO) << "Payload size: " << payload.size();
76 TEST_AND_RETURN_FALSE(DeltaPerformer::ParsePayloadMetadata(
77 payload, out_manifest, out_metadata_size) ==
78 DeltaPerformer::kMetadataParseSuccess);
79 LOG(INFO) << "Metadata size: " << *out_metadata_size;
80 out_payload->swap(payload);
81 return true;
82}
83
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]84// Given an unsigned payload under |payload_path| and the |signature_blob_size|
85// generates an updated payload that includes a dummy signature op in its
86// manifest. Returns true on success, false otherwise.
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]87bool AddSignatureOpToPayload(const string& payload_path,
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]88 int signature_blob_size,
89 vector<char>* out_payload) {
90 const int kProtobufOffset = 20;
91 const int kProtobufSizeOffset = 12;
92
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]93 // Loads the payload.
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]94 vector<char> payload;
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]95 DeltaArchiveManifest manifest;
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]96 uint64_t metadata_size;
97 TEST_AND_RETURN_FALSE(LoadPayload(
98 payload_path, &payload, &manifest, &metadata_size));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]99 TEST_AND_RETURN_FALSE(!manifest.has_signatures_offset() &&
100 !manifest.has_signatures_size());
101
102 // Updates the manifest to include the signature operation.
103 DeltaDiffGenerator::AddSignatureOp(payload.size() - metadata_size,
104 signature_blob_size,
105 &manifest);
106
107 // Updates the payload to include the new manifest.
108 string serialized_manifest;
109 TEST_AND_RETURN_FALSE(manifest.AppendToString(&serialized_manifest));
110 LOG(INFO) << "Updated protobuf size: " << serialized_manifest.size();
111 payload.erase(payload.begin() + kProtobufOffset,
112 payload.begin() + metadata_size);
113 payload.insert(payload.begin() + kProtobufOffset,
114 serialized_manifest.begin(),
115 serialized_manifest.end());
116
117 // Updates the protobuf size.
118 uint64_t size_be = htobe64(serialized_manifest.size());
119 memcpy(&payload[kProtobufSizeOffset], &size_be, sizeof(size_be));
120 LOG(INFO) << "Updated payload size: " << payload.size();
121 out_payload->swap(payload);
122 return true;
123}
124} // namespace {}
125
126bool PayloadSigner::SignHash(const vector<char>& hash,
127 const string& private_key_path,
128 vector<char>* out_signature) {
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]129 string sig_path;
130 TEST_AND_RETURN_FALSE(
131 utils::MakeTempFile("/tmp/signature.XXXXXX", &sig_path, NULL));
132 ScopedPathUnlinker sig_path_unlinker(sig_path);
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]133
134 string hash_path;
135 TEST_AND_RETURN_FALSE(
136 utils::MakeTempFile("/tmp/hash.XXXXXX", &hash_path, NULL));
137 ScopedPathUnlinker hash_path_unlinker(hash_path);
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame^]138 // We expect unpadded SHA256 hash coming in
139 TEST_AND_RETURN_FALSE(hash.size() == 32);
140 vector<char> padded_hash(hash);
141 PadRSA2048SHA256Hash(&padded_hash);
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]142 TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(),
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame^]143 padded_hash.data(),
144 padded_hash.size()));
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]145
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]146 // This runs on the server, so it's okay to cop out and call openssl
147 // executable rather than properly use the library
148 vector<string> cmd;
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame^]149 SplitString("/usr/bin/openssl rsautl -raw -sign -inkey x -in x -out x",
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]150 ' ',
151 &cmd);
152 cmd[cmd.size() - 5] = private_key_path;
Andrew de los Reyes932bc4c2010-08-23 18:14:09 -0700[diff] [blame]153 cmd[cmd.size() - 3] = hash_path;
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]154 cmd[cmd.size() - 1] = sig_path;
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]155
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]156 int return_code = 0;
157 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code));
158 TEST_AND_RETURN_FALSE(return_code == 0);
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]159
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]160 vector<char> signature;
161 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature));
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]162 out_signature->swap(signature);
163 return true;
164}
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]165
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]166bool PayloadSigner::SignPayload(const string& unsigned_payload_path,
167 const string& private_key_path,
168 vector<char>* out_signature_blob) {
169 vector<char> hash_data;
170 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfFile(
171 unsigned_payload_path, -1, &hash_data) ==
172 utils::FileSize(unsigned_payload_path));
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]173
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]174 vector<char> signature;
175 TEST_AND_RETURN_FALSE(SignHash(hash_data, private_key_path, &signature));
176 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signature,
177 out_signature_blob));
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]178 return true;
179}
180
181bool PayloadSigner::SignatureBlobLength(
182 const string& private_key_path,
183 uint64_t* out_length) {
184 DCHECK(out_length);
Darin Petkovd22cb292010-09-29 10:02:29 -0700[diff] [blame]185
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]186 string x_path;
187 TEST_AND_RETURN_FALSE(
188 utils::MakeTempFile("/tmp/signed_data.XXXXXX", &x_path, NULL));
189 ScopedPathUnlinker x_path_unlinker(x_path);
190 TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1));
191
192 vector<char> sig_blob;
193 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path,
194 private_key_path,
195 &sig_blob));
196 *out_length = sig_blob.size();
197 return true;
198}
199
Darin Petkovd7061ab2010-10-06 14:37:09 -0700[diff] [blame]200bool PayloadSigner::VerifySignature(const std::vector<char>& signature_blob,
201 const std::string& public_key_path,
202 std::vector<char>* out_hash_data) {
203 TEST_AND_RETURN_FALSE(!public_key_path.empty());
204
205 Signatures signatures;
206 TEST_AND_RETURN_FALSE(signatures.ParseFromArray(&signature_blob[0],
207 signature_blob.size()));
208
209 // Finds a signature that matches the current version.
210 int sig_index = 0;
211 for (; sig_index < signatures.signatures_size(); sig_index++) {
212 const Signatures_Signature& signature = signatures.signatures(sig_index);
213 if (signature.has_version() &&
214 signature.version() == kSignatureMessageVersion) {
215 break;
216 }
217 }
218 TEST_AND_RETURN_FALSE(sig_index < signatures.signatures_size());
219
220 const Signatures_Signature& signature = signatures.signatures(sig_index);
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]221 const string& sig_data = signature.data();
Darin Petkovd7061ab2010-10-06 14:37:09 -0700[diff] [blame]222
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]223 // The code below executes the equivalent of:
224 //
225 // openssl rsautl -verify -pubin -inkey |public_key_path|
226 // -in |sig_data| -out |out_hash_data|
Darin Petkovd7061ab2010-10-06 14:37:09 -0700[diff] [blame]227
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]228 // Loads the public key.
229 FILE* fpubkey = fopen(public_key_path.c_str(), "rb");
230 TEST_AND_RETURN_FALSE(fpubkey != NULL);
231 char dummy_password[] = { ' ', 0 }; // Ensure no password is read from stdin.
232 RSA* rsa = PEM_read_RSA_PUBKEY(fpubkey, NULL, NULL, dummy_password);
233 fclose(fpubkey);
234 TEST_AND_RETURN_FALSE(rsa != NULL);
235 unsigned int keysize = RSA_size(rsa);
236 if (sig_data.size() > 2 * keysize) {
237 LOG(ERROR) << "Signature size is too big for public key size.";
238 RSA_free(rsa);
239 return false;
240 }
Darin Petkovd7061ab2010-10-06 14:37:09 -0700[diff] [blame]241
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]242 // Decrypts the signature.
243 vector<char> hash_data(keysize);
244 int decrypt_size = RSA_public_decrypt(
245 sig_data.size(),
246 reinterpret_cast<const unsigned char*>(sig_data.data()),
247 reinterpret_cast<unsigned char*>(hash_data.data()),
248 rsa,
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame^]249 RSA_NO_PADDING);
Darin Petkovb039d502010-12-03 09:08:04 -0800[diff] [blame]250 RSA_free(rsa);
251 TEST_AND_RETURN_FALSE(decrypt_size > 0 &&
252 decrypt_size <= static_cast<int>(hash_data.size()));
253 hash_data.resize(decrypt_size);
254 out_hash_data->swap(hash_data);
Darin Petkovd7061ab2010-10-06 14:37:09 -0700[diff] [blame]255 return true;
256}
257
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]258bool PayloadSigner::VerifySignedPayload(const std::string& payload_path,
259 const std::string& public_key_path) {
260 vector<char> payload;
261 DeltaArchiveManifest manifest;
262 uint64_t metadata_size;
263 TEST_AND_RETURN_FALSE(LoadPayload(
264 payload_path, &payload, &manifest, &metadata_size));
265 TEST_AND_RETURN_FALSE(manifest.has_signatures_offset() &&
266 manifest.has_signatures_size());
267 CHECK_EQ(payload.size(),
268 metadata_size + manifest.signatures_offset() +
269 manifest.signatures_size());
270 vector<char> signature_blob(
271 payload.begin() + metadata_size + manifest.signatures_offset(),
272 payload.end());
273 vector<char> signed_hash;
274 TEST_AND_RETURN_FALSE(VerifySignature(
275 signature_blob, public_key_path, &signed_hash));
276 TEST_AND_RETURN_FALSE(!signed_hash.empty());
277 vector<char> hash;
278 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(
279 payload.data(), metadata_size + manifest.signatures_offset(), &hash));
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame^]280 PadRSA2048SHA256Hash(&hash);
Darin Petkovadb3cef2011-01-13 16:16:08 -0800[diff] [blame]281 TEST_AND_RETURN_FALSE(hash == signed_hash);
282 return true;
283}
284
Darin Petkov9574f7e2011-01-13 10:48:12 -0800[diff] [blame]285bool PayloadSigner::HashPayloadForSigning(const std::string& payload_path,
286 int signature_size,
287 vector<char>* out_hash_data) {
288 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
289
290 // Loads the payload and adds the signature op to it.
291 vector<char> signature(signature_size, 0);
292 vector<char> signature_blob;
293 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signature,
294 &signature_blob));
295 vector<char> payload;
296 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path,
297 signature_blob.size(),
298 &payload));
299 // Calculates the hash on the updated payload. Note that the payload includes
300 // the signature op but doesn't include the signature blob at the end.
301 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfData(payload,
302 out_hash_data));
303 return true;
304}
305
306bool PayloadSigner::AddSignatureToPayload(const string& payload_path,
307 const vector<char>& signature,
308 const string& signed_payload_path) {
309 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory.
310
311 // Loads the payload and adds the signature op to it.
312 vector<char> signature_blob;
313 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signature,
314 &signature_blob));
315 vector<char> payload;
316 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path,
317 signature_blob.size(),
318 &payload));
319 // Appends the signature blob to the end of the payload and writes the new
320 // payload.
321 payload.insert(payload.end(), signature_blob.begin(), signature_blob.end());
322 LOG(INFO) << "Signed payload size: " << payload.size();
323 TEST_AND_RETURN_FALSE(utils::WriteFile(signed_payload_path.c_str(),
324 payload.data(),
325 payload.size()));
326 return true;
327}
328
Andrew de los Reyesbdfaaf02011-03-30 10:35:12 -0700[diff] [blame^]329bool PayloadSigner::PadRSA2048SHA256Hash(std::vector<char>* hash) {
330 TEST_AND_RETURN_FALSE(hash->size() == 32);
331 hash->insert(hash->begin(),
332 kRSA2048SHA256Padding,
333 kRSA2048SHA256Padding + sizeof(kRSA2048SHA256Padding));
334 TEST_AND_RETURN_FALSE(hash->size() == 256);
335 return true;
336}
337
Andrew de los Reyes0c440052010-08-20 11:25:54 -0700[diff] [blame]338} // namespace chromeos_update_engine