Blame - payload_consumer/payload_metadata.cc - android_system_update_engine

blob: fe2df0a9d05fe2c0634518ff9307f9f192001536 [file] [log] [blame]

Sen Jiang	9c89e84	2018-02-02 13:51:21 -0800	[diff] [blame]	1	//
				2	// Copyright (C) 2018 The Android Open Source Project
				3	//
				4	// Licensed under the Apache License, Version 2.0 (the "License");
				5	// you may not use this file except in compliance with the License.
				6	// You may obtain a copy of the License at
				7	//
				8	// http://www.apache.org/licenses/LICENSE-2.0
				9	//
				10	// Unless required by applicable law or agreed to in writing, software
				11	// distributed under the License is distributed on an "AS IS" BASIS,
				12	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	// See the License for the specific language governing permissions and
				14	// limitations under the License.
				15	//
				16
				17	#include "update_engine/payload_consumer/payload_metadata.h"
				18
				19	#include <endian.h>
				20
				21	#include <brillo/data_encoding.h>
				22
				23	#include "update_engine/common/hash_calculator.h"
				24	#include "update_engine/common/utils.h"
				25	#include "update_engine/payload_consumer/payload_constants.h"
				26	#include "update_engine/payload_consumer/payload_verifier.h"
				27
				28	namespace chromeos_update_engine {
				29
				30	const uint64_t PayloadMetadata::kDeltaVersionOffset = sizeof(kDeltaMagic);
				31	const uint64_t PayloadMetadata::kDeltaVersionSize = 8;
				32	const uint64_t PayloadMetadata::kDeltaManifestSizeOffset =
				33	kDeltaVersionOffset + kDeltaVersionSize;
				34	const uint64_t PayloadMetadata::kDeltaManifestSizeSize = 8;
				35	const uint64_t PayloadMetadata::kDeltaMetadataSignatureSizeSize = 4;
				36
				37	bool PayloadMetadata::GetMetadataSignatureSizeOffset(
				38	uint64_t* out_offset) const {
				39	if (GetMajorVersion() == kBrilloMajorPayloadVersion) {
				40	*out_offset = kDeltaManifestSizeOffset + kDeltaManifestSizeSize;
				41	return true;
				42	}
				43	return false;
				44	}
				45
				46	bool PayloadMetadata::GetManifestOffset(uint64_t* out_offset) const {
				47	// Actual manifest begins right after the manifest size field or
				48	// metadata signature size field if major version >= 2.
				49	if (major_payload_version_ == kChromeOSMajorPayloadVersion) {
				50	*out_offset = kDeltaManifestSizeOffset + kDeltaManifestSizeSize;
				51	return true;
				52	}
				53	if (major_payload_version_ == kBrilloMajorPayloadVersion) {
				54	*out_offset = kDeltaManifestSizeOffset + kDeltaManifestSizeSize +
				55	kDeltaMetadataSignatureSizeSize;
				56	return true;
				57	}
				58	LOG(ERROR) << "Unknown major payload version: " << major_payload_version_;
				59	return false;
				60	}
				61
				62	MetadataParseResult PayloadMetadata::ParsePayloadHeader(
				63	const brillo::Blob& payload,
				64	uint64_t supported_major_version,
				65	ErrorCode* error) {
				66	uint64_t manifest_offset;
				67	// Ensure we have data to cover the major payload version.
				68	if (payload.size() < kDeltaManifestSizeOffset)
				69	return MetadataParseResult::kInsufficientData;
				70
				71	// Validate the magic string.
				72	if (memcmp(payload.data(), kDeltaMagic, sizeof(kDeltaMagic)) != 0) {
				73	LOG(ERROR) << "Bad payload format -- invalid delta magic.";
				74	*error = ErrorCode::kDownloadInvalidMetadataMagicString;
				75	return MetadataParseResult::kError;
				76	}
				77
				78	// Extract the payload version from the metadata.
				79	static_assert(sizeof(major_payload_version_) == kDeltaVersionSize,
				80	"Major payload version size mismatch");
				81	memcpy(&major_payload_version_,
				82	&payload[kDeltaVersionOffset],
				83	kDeltaVersionSize);
				84	// Switch big endian to host.
				85	major_payload_version_ = be64toh(major_payload_version_);
				86
				87	if (major_payload_version_ != supported_major_version &&
				88	major_payload_version_ != kChromeOSMajorPayloadVersion) {
				89	LOG(ERROR) << "Bad payload format -- unsupported payload version: "
				90	<< major_payload_version_;
				91	*error = ErrorCode::kUnsupportedMajorPayloadVersion;
				92	return MetadataParseResult::kError;
				93	}
				94
				95	// Get the manifest offset now that we have payload version.
				96	if (!GetManifestOffset(&manifest_offset)) {
				97	*error = ErrorCode::kUnsupportedMajorPayloadVersion;
				98	return MetadataParseResult::kError;
				99	}
				100	// Check again with the manifest offset.
				101	if (payload.size() < manifest_offset)
				102	return MetadataParseResult::kInsufficientData;
				103
				104	// Next, parse the manifest size.
				105	static_assert(sizeof(manifest_size_) == kDeltaManifestSizeSize,
				106	"manifest_size size mismatch");
				107	memcpy(&manifest_size_,
				108	&payload[kDeltaManifestSizeOffset],
				109	kDeltaManifestSizeSize);
				110	manifest_size_ = be64toh(manifest_size_); // switch big endian to host
				111
				112	if (GetMajorVersion() == kBrilloMajorPayloadVersion) {
				113	// Parse the metadata signature size.
				114	static_assert(
				115	sizeof(metadata_signature_size_) == kDeltaMetadataSignatureSizeSize,
				116	"metadata_signature_size size mismatch");
				117	uint64_t metadata_signature_size_offset;
				118	if (!GetMetadataSignatureSizeOffset(&metadata_signature_size_offset)) {
				119	*error = ErrorCode::kError;
				120	return MetadataParseResult::kError;
				121	}
				122	memcpy(&metadata_signature_size_,
				123	&payload[metadata_signature_size_offset],
				124	kDeltaMetadataSignatureSizeSize);
				125	metadata_signature_size_ = be32toh(metadata_signature_size_);
				126	}
				127	metadata_size_ = manifest_offset + manifest_size_;
				128	return MetadataParseResult::kSuccess;
				129	}
				130
				131	bool PayloadMetadata::GetManifest(const brillo::Blob& payload,
				132	DeltaArchiveManifest* out_manifest) const {
				133	uint64_t manifest_offset;
				134	if (!GetManifestOffset(&manifest_offset))
				135	return false;
				136	CHECK_GE(payload.size(), manifest_offset + manifest_size_);
				137	return out_manifest->ParseFromArray(&payload[manifest_offset],
				138	manifest_size_);
				139	}
				140
				141	ErrorCode PayloadMetadata::ValidateMetadataSignature(
				142	const brillo::Blob& payload,
				143	std::string metadata_signature,
				144	base::FilePath path_to_public_key) const {
				145	if (payload.size() < metadata_size_ + metadata_signature_size_)
				146	return ErrorCode::kDownloadMetadataSignatureError;
				147
				148	brillo::Blob metadata_signature_blob, metadata_signature_protobuf_blob;
				149	if (!metadata_signature.empty()) {
				150	// Convert base64-encoded signature to raw bytes.
				151	if (!brillo::data_encoding::Base64Decode(metadata_signature,
				152	&metadata_signature_blob)) {
				153	LOG(ERROR) << "Unable to decode base64 metadata signature: "
				154	<< metadata_signature;
				155	return ErrorCode::kDownloadMetadataSignatureError;
				156	}
				157	} else if (major_payload_version_ == kBrilloMajorPayloadVersion) {
				158	metadata_signature_protobuf_blob.assign(
				159	payload.begin() + metadata_size_,
				160	payload.begin() + metadata_size_ + metadata_signature_size_);
				161	}
				162
				163	if (metadata_signature_blob.empty() &&
				164	metadata_signature_protobuf_blob.empty()) {
				165	LOG(ERROR) << "Missing mandatory metadata signature in both Omaha "
				166	<< "response and payload.";
				167	return ErrorCode::kDownloadMetadataSignatureMissingError;
				168	}
				169
				170	LOG(INFO) << "Verifying metadata hash signature using public key: "
				171	<< path_to_public_key.value();
				172
				173	brillo::Blob calculated_metadata_hash;
				174	if (!HashCalculator::RawHashOfBytes(
				175	payload.data(), metadata_size_, &calculated_metadata_hash)) {
				176	LOG(ERROR) << "Unable to compute actual hash of manifest";
				177	return ErrorCode::kDownloadMetadataSignatureVerificationError;
				178	}
				179
				180	PayloadVerifier::PadRSA2048SHA256Hash(&calculated_metadata_hash);
				181	if (calculated_metadata_hash.empty()) {
				182	LOG(ERROR) << "Computed actual hash of metadata is empty.";
				183	return ErrorCode::kDownloadMetadataSignatureVerificationError;
				184	}
				185
				186	if (!metadata_signature_blob.empty()) {
				187	brillo::Blob expected_metadata_hash;
				188	if (!PayloadVerifier::GetRawHashFromSignature(metadata_signature_blob,
				189	path_to_public_key.value(),
				190	&expected_metadata_hash)) {
				191	LOG(ERROR) << "Unable to compute expected hash from metadata signature";
				192	return ErrorCode::kDownloadMetadataSignatureError;
				193	}
				194	if (calculated_metadata_hash != expected_metadata_hash) {
				195	LOG(ERROR) << "Manifest hash verification failed. Expected hash = ";
				196	utils::HexDumpVector(expected_metadata_hash);
				197	LOG(ERROR) << "Calculated hash = ";
				198	utils::HexDumpVector(calculated_metadata_hash);
				199	return ErrorCode::kDownloadMetadataSignatureMismatch;
				200	}
				201	} else {
				202	if (!PayloadVerifier::VerifySignature(metadata_signature_protobuf_blob,
				203	path_to_public_key.value(),
				204	calculated_metadata_hash)) {
				205	LOG(ERROR) << "Manifest hash verification failed.";
				206	return ErrorCode::kDownloadMetadataSignatureMismatch;
				207	}
				208	}
				209
				210	// The autoupdate_CatchBadSignatures test checks for this string in
				211	// log-files. Keep in sync.
				212	LOG(INFO) << "Metadata hash signature matches value in Omaha response.";
				213	return ErrorCode::kSuccess;
				214	}
				215
				216	} // namespace chromeos_update_engine