Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / cda3c034bc46a4040dcd31a3a512ffd56dfe28c2 / . / payload_consumer / payload_verifier.h
blob: af8e05fd902e9e96b791b93a86343d59410af3c2 [file] [log] [blame]
Alex Deymoaea4c1c2015-08-19 20:24:43 -0700[diff] [blame]1//
2// Copyright (C) 2014 The Android Open Source Project
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15//
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]16
Alex Deymo39910dc2015-11-09 17:04:30 -0800[diff] [blame]17#ifndef UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_VERIFIER_H_
18#define UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_VERIFIER_H_
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]19
20#include <string>
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]21
Ben Chan05735a12014-09-03 07:48:22 -0700[diff] [blame]22#include <base/macros.h>
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]23#include <brillo/secure_blob.h>
Ben Chan05735a12014-09-03 07:48:22 -0700[diff] [blame]24
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]25#include "update_engine/update_metadata.pb.h"
26
27// This class encapsulates methods used for payload signature verification.
28// See payload_generator/payload_signer.h for payload signing.
29
30namespace chromeos_update_engine {
31
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]32class PayloadVerifier {
33 public:
Sen Jiang9b2f1782019-01-24 14:27:50 -0800[diff] [blame]34 // Interprets |signature_proto| as a protocol buffer containing the Signatures
Sen Jiang08c6da12019-01-07 18:28:56 -0800[diff] [blame]35 // message and decrypts each signature data using the |pem_public_key|.
36 // |pem_public_key| should be a PEM format RSA public key data.
xunchangcda3c032019-03-26 15:41:14 -0700[diff] [blame^]37 // Pads the 32 bytes |sha256_hash_data| to 256 or 512 bytes according to the
38 // PKCS#1 v1.5 standard; and returns whether *any* of the decrypted hashes
39 // matches the padded hash data. In case of any error parsing the signatures
40 // or the public key, returns false.
Sen Jiang9b2f1782019-01-24 14:27:50 -0800[diff] [blame]41 static bool VerifySignature(const std::string& signature_proto,
Sen Jiang08c6da12019-01-07 18:28:56 -0800[diff] [blame]42 const std::string& pem_public_key,
xunchangcda3c032019-03-26 15:41:14 -0700[diff] [blame^]43 const brillo::Blob& sha256_hash_data);
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]44
Sen Jiang08c6da12019-01-07 18:28:56 -0800[diff] [blame]45 // Decrypts |sig_data| with the given |pem_public_key| and populates
46 // |out_hash_data| with the decoded raw hash. |pem_public_key| should be a PEM
47 // format RSA public key data. Returns true if successful, false otherwise.
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]48 static bool GetRawHashFromSignature(const brillo::Blob& sig_data,
Sen Jiang08c6da12019-01-07 18:28:56 -0800[diff] [blame]49 const std::string& pem_public_key,
Alex Vakulenko3f39d5c2015-10-13 09:27:13 -0700[diff] [blame]50 brillo::Blob* out_hash_data);
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]51
xunchangcda3c032019-03-26 15:41:14 -0700[diff] [blame^]52 // Pads a SHA256 hash so that it may be encrypted/signed with RSA2048 or
53 // RSA4096 using the PKCS#1 v1.5 scheme.
54 // hash should be a pointer to vector of exactly 256 bits. |rsa_size| must be
55 // one of 256 or 512 bytes. The vector will be modified in place and will
56 // result in having a length of 2048 or 4096 bits, depending on the rsa size.
57 // Returns true on success, false otherwise.
58 static bool PadRSASHA256Hash(brillo::Blob* hash, size_t rsa_size);
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]59
Alex Deymo923d8fa2014-07-15 17:58:51 -0700[diff] [blame]60 private:
61 // This should never be constructed
62 DISALLOW_IMPLICIT_CONSTRUCTORS(PayloadVerifier);
63};
64
65} // namespace chromeos_update_engine
66
Alex Deymo39910dc2015-11-09 17:04:30 -0800[diff] [blame]67#endif // UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_VERIFIER_H_