Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_update_engine / d60dc3929d21050730bb8a4ae16e3bb3f3a7e36e / . / payload_consumer / payload_metadata.h
blob: cc42253940acf3e735f12c202354fa88b766cfdf [file] [log] [blame]
Sen Jiang9c89e842018-02-02 13:51:21 -0800[diff] [blame]1//
2// Copyright (C) 2018 The Android Open Source Project
3//
4// Licensed under the Apache License, Version 2.0 (the "License");
5// you may not use this file except in compliance with the License.
6// You may obtain a copy of the License at
7//
8// http://www.apache.org/licenses/LICENSE-2.0
9//
10// Unless required by applicable law or agreed to in writing, software
11// distributed under the License is distributed on an "AS IS" BASIS,
12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13// See the License for the specific language governing permissions and
14// limitations under the License.
15//
16
17#ifndef UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_
18#define UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_
19
20#include <inttypes.h>
21
22#include <string>
23#include <vector>
24
Sen Jiang08c6da12019-01-07 18:28:56 -0800[diff] [blame]25#include <base/macros.h>
Sen Jiang9c89e842018-02-02 13:51:21 -0800[diff] [blame]26#include <brillo/secure_blob.h>
27
28#include "update_engine/common/error_code.h"
29#include "update_engine/common/platform_constants.h"
Tianjie Xu7a78d632019-10-08 16:32:39 -0700[diff] [blame]30#include "update_engine/payload_consumer/payload_verifier.h"
Sen Jiang9c89e842018-02-02 13:51:21 -0800[diff] [blame]31#include "update_engine/update_metadata.pb.h"
32
33namespace chromeos_update_engine {
34
35enum class MetadataParseResult {
36 kSuccess,
37 kError,
38 kInsufficientData,
39};
40
41// This class parses payload metadata and validate its signature.
42class PayloadMetadata {
43 public:
44 static const uint64_t kDeltaVersionOffset;
45 static const uint64_t kDeltaVersionSize;
46 static const uint64_t kDeltaManifestSizeOffset;
47 static const uint64_t kDeltaManifestSizeSize;
48 static const uint64_t kDeltaMetadataSignatureSizeSize;
49
50 PayloadMetadata() = default;
51
52 // Attempts to parse the update payload header starting from the beginning of
53 // |payload|. On success, returns kMetadataParseSuccess. Returns
54 // kMetadataParseInsufficientData if more data is needed to parse the complete
55 // metadata. Returns kMetadataParseError if the metadata can't be parsed given
56 // the payload.
57 MetadataParseResult ParsePayloadHeader(const brillo::Blob& payload,
Sen Jiang9c89e842018-02-02 13:51:21 -0800[diff] [blame]58 ErrorCode* error);
Sen Jiang44ac3ea2018-10-18 15:10:20 -0700[diff] [blame]59 // Simpler version of the above, returns true on success.
60 bool ParsePayloadHeader(const brillo::Blob& payload);
Sen Jiang9c89e842018-02-02 13:51:21 -0800[diff] [blame]61
62 // Given the |payload|, verifies that the signed hash of its metadata matches
63 // |metadata_signature| (if present) or the metadata signature in payload
64 // itself (if present). Returns ErrorCode::kSuccess on match or a suitable
65 // error code otherwise. This method must be called before any part of the
66 // metadata is parsed so that a man-in-the-middle attack on the SSL connection
67 // to the payload server doesn't exploit any vulnerability in the code that
68 // parses the protocol buffer.
Tianjie Xu7a78d632019-10-08 16:32:39 -0700[diff] [blame]69 ErrorCode ValidateMetadataSignature(
70 const brillo::Blob& payload,
71 const std::string& metadata_signature,
72 const PayloadVerifier& payload_verifier) const;
Sen Jiang9c89e842018-02-02 13:51:21 -0800[diff] [blame]73
74 // Returns the major payload version. If the version was not yet parsed,
75 // returns zero.
76 uint64_t GetMajorVersion() const { return major_payload_version_; }
77
78 // Returns the size of the payload metadata, which includes the payload header
79 // and the manifest. If the header was not yet parsed, returns zero.
80 uint64_t GetMetadataSize() const { return metadata_size_; }
81
82 // Returns the size of the payload metadata signature. If the header was not
83 // yet parsed, returns zero.
84 uint32_t GetMetadataSignatureSize() const { return metadata_signature_size_; }
85
86 // Set |*out_manifest| to the manifest in |payload|.
87 // Returns true on success.
88 bool GetManifest(const brillo::Blob& payload,
89 DeltaArchiveManifest* out_manifest) const;
90
Amin Hassani79821002019-05-06 17:40:49 -0700[diff] [blame]91 // Parses a payload file |payload_path| and prepares the metadata properties,
92 // manifest and metadata signatures. Can be used as an easy to use utility to
93 // get the payload information without manually the process.
94 bool ParsePayloadFile(const std::string& payload_path,
95 DeltaArchiveManifest* manifest,
96 Signatures* metadata_signatures);
Sen Jiang9c89e842018-02-02 13:51:21 -0800[diff] [blame]97
Sen Jiang9c89e842018-02-02 13:51:21 -0800[diff] [blame]98 private:
Amin Hassani822d4852020-03-10 01:50:42 +0000[diff] [blame]99 // Returns the byte offset at which the manifest protobuf begins in a payload.
100 uint64_t GetManifestOffset() const;
Sen Jiang9c89e842018-02-02 13:51:21 -0800[diff] [blame]101
Amin Hassani822d4852020-03-10 01:50:42 +0000[diff] [blame]102 // Returns the byte offset where the size of the metadata signature is stored
103 // in a payload.
104 uint64_t GetMetadataSignatureSizeOffset() const;
Sen Jiang9c89e842018-02-02 13:51:21 -0800[diff] [blame]105
106 uint64_t metadata_size_{0};
107 uint64_t manifest_size_{0};
108 uint32_t metadata_signature_size_{0};
109 uint64_t major_payload_version_{0};
110
111 DISALLOW_COPY_AND_ASSIGN(PayloadMetadata);
112};
113
114} // namespace chromeos_update_engine
115
116#endif // UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_