payload_signer.cc revision b552a68af39efa42d462a9272d3dc47eb39c6db8
1// 2// Copyright (C) 2011 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15// 16 17#include "update_engine/payload_generator/payload_signer.h" 18 19#include <endian.h> 20 21#include <base/logging.h> 22#include <base/strings/string_split.h> 23#include <base/strings/string_util.h> 24#include <chromeos/data_encoding.h> 25#include <openssl/pem.h> 26 27#include "update_engine/omaha_hash_calculator.h" 28#include "update_engine/payload_generator/payload_file.h" 29#include "update_engine/payload_verifier.h" 30#include "update_engine/subprocess.h" 31#include "update_engine/update_metadata.pb.h" 32#include "update_engine/utils.h" 33 34using std::string; 35using std::vector; 36 37namespace chromeos_update_engine { 38 39namespace { 40 41// The payload verifier will check all the signatures included in the payload 42// regardless of the version field. Old version of the verifier require the 43// version field to be included and be 1. 44const uint32_t kSignatureMessageLegacyVersion = 1; 45 46// Given raw |signatures|, packs them into a protobuf and serializes it into a 47// binary blob. Returns true on success, false otherwise. 48bool ConvertSignatureToProtobufBlob(const vector<chromeos::Blob>& signatures, 49 chromeos::Blob* out_signature_blob) { 50 // Pack it into a protobuf 51 Signatures out_message; 52 for (const chromeos::Blob& signature : signatures) { 53 Signatures_Signature* sig_message = out_message.add_signatures(); 54 // Set all the signatures with the same version number. 55 sig_message->set_version(kSignatureMessageLegacyVersion); 56 sig_message->set_data(signature.data(), signature.size()); 57 } 58 59 // Serialize protobuf 60 string serialized; 61 TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized)); 62 out_signature_blob->insert(out_signature_blob->end(), 63 serialized.begin(), 64 serialized.end()); 65 LOG(INFO) << "Signature blob size: " << out_signature_blob->size(); 66 return true; 67} 68 69// Given an unsigned payload under |payload_path| and the |signature_blob_size| 70// generates an updated payload that includes a dummy signature op in its 71// manifest. It populates |out_metadata_size| with the size of the final 72// manifest after adding the dummy signature operation, and 73// |out_signatures_offset| with the expected offset for the new blob. Returns 74// true on success, false otherwise. 75bool AddSignatureOpToPayload(const string& payload_path, 76 uint64_t signature_blob_size, 77 chromeos::Blob* out_payload, 78 uint64_t* out_metadata_size, 79 uint64_t* out_signatures_offset) { 80 const int kProtobufOffset = 20; 81 const int kProtobufSizeOffset = 12; 82 83 // Loads the payload. 84 chromeos::Blob payload; 85 DeltaArchiveManifest manifest; 86 uint64_t metadata_size; 87 TEST_AND_RETURN_FALSE(PayloadVerifier::LoadPayload( 88 payload_path, &payload, &manifest, &metadata_size)); 89 90 // Is there already a signature op in place? 91 if (manifest.has_signatures_size()) { 92 // The signature op is tied to the size of the signature blob, but not it's 93 // contents. We don't allow the manifest to change if there is already an op 94 // present, because that might invalidate previously generated 95 // hashes/signatures. 96 if (manifest.signatures_size() != signature_blob_size) { 97 LOG(ERROR) << "Attempt to insert different signature sized blob. " 98 << "(current:" << manifest.signatures_size() 99 << "new:" << signature_blob_size << ")"; 100 return false; 101 } 102 103 LOG(INFO) << "Matching signature sizes already present."; 104 } else { 105 // Updates the manifest to include the signature operation. 106 AddSignatureOp(payload.size() - metadata_size, 107 signature_blob_size, 108 &manifest); 109 110 // Updates the payload to include the new manifest. 111 string serialized_manifest; 112 TEST_AND_RETURN_FALSE(manifest.AppendToString(&serialized_manifest)); 113 LOG(INFO) << "Updated protobuf size: " << serialized_manifest.size(); 114 payload.erase(payload.begin() + kProtobufOffset, 115 payload.begin() + metadata_size); 116 payload.insert(payload.begin() + kProtobufOffset, 117 serialized_manifest.begin(), 118 serialized_manifest.end()); 119 120 // Updates the protobuf size. 121 uint64_t size_be = htobe64(serialized_manifest.size()); 122 memcpy(&payload[kProtobufSizeOffset], &size_be, sizeof(size_be)); 123 metadata_size = serialized_manifest.size() + kProtobufOffset; 124 125 LOG(INFO) << "Updated payload size: " << payload.size(); 126 LOG(INFO) << "Updated metadata size: " << metadata_size; 127 } 128 129 out_payload->swap(payload); 130 *out_metadata_size = metadata_size; 131 *out_signatures_offset = metadata_size + manifest.signatures_offset(); 132 LOG(INFO) << "Signature Blob Offset: " << *out_signatures_offset; 133 return true; 134} 135} // namespace 136 137bool PayloadSigner::SignHash(const chromeos::Blob& hash, 138 const string& private_key_path, 139 chromeos::Blob* out_signature) { 140 LOG(INFO) << "Signing hash with private key: " << private_key_path; 141 string sig_path; 142 TEST_AND_RETURN_FALSE( 143 utils::MakeTempFile("signature.XXXXXX", &sig_path, nullptr)); 144 ScopedPathUnlinker sig_path_unlinker(sig_path); 145 146 string hash_path; 147 TEST_AND_RETURN_FALSE( 148 utils::MakeTempFile("hash.XXXXXX", &hash_path, nullptr)); 149 ScopedPathUnlinker hash_path_unlinker(hash_path); 150 // We expect unpadded SHA256 hash coming in 151 TEST_AND_RETURN_FALSE(hash.size() == 32); 152 chromeos::Blob padded_hash(hash); 153 PayloadVerifier::PadRSA2048SHA256Hash(&padded_hash); 154 TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(), 155 padded_hash.data(), 156 padded_hash.size())); 157 158 // This runs on the server, so it's okay to copy out and call openssl 159 // executable rather than properly use the library. 160 vector<string> cmd = {"openssl", "rsautl", "-raw", "-sign", "-inkey", 161 private_key_path, "-in", hash_path, "-out", sig_path}; 162 int return_code = 0; 163 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code, 164 nullptr)); 165 TEST_AND_RETURN_FALSE(return_code == 0); 166 167 chromeos::Blob signature; 168 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature)); 169 out_signature->swap(signature); 170 return true; 171} 172 173bool PayloadSigner::SignPayload(const string& unsigned_payload_path, 174 const vector<string>& private_key_paths, 175 chromeos::Blob* out_signature_blob) { 176 chromeos::Blob hash_data; 177 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfFile( 178 unsigned_payload_path, -1, &hash_data) == 179 utils::FileSize(unsigned_payload_path)); 180 181 vector<chromeos::Blob> signatures; 182 for (const string& path : private_key_paths) { 183 chromeos::Blob signature; 184 TEST_AND_RETURN_FALSE(SignHash(hash_data, path, &signature)); 185 signatures.push_back(signature); 186 } 187 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures, 188 out_signature_blob)); 189 return true; 190} 191 192bool PayloadSigner::SignatureBlobLength(const vector<string>& private_key_paths, 193 uint64_t* out_length) { 194 DCHECK(out_length); 195 196 string x_path; 197 TEST_AND_RETURN_FALSE( 198 utils::MakeTempFile("signed_data.XXXXXX", &x_path, nullptr)); 199 ScopedPathUnlinker x_path_unlinker(x_path); 200 TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1)); 201 202 chromeos::Blob sig_blob; 203 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path, 204 private_key_paths, 205 &sig_blob)); 206 *out_length = sig_blob.size(); 207 return true; 208} 209 210bool PayloadSigner::PrepPayloadForHashing( 211 const string& payload_path, 212 const vector<int>& signature_sizes, 213 chromeos::Blob* payload_out, 214 uint64_t* metadata_size_out, 215 uint64_t* signatures_offset_out) { 216 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory. 217 218 // Loads the payload and adds the signature op to it. 219 vector<chromeos::Blob> signatures; 220 for (int signature_size : signature_sizes) { 221 signatures.emplace_back(signature_size, 0); 222 } 223 chromeos::Blob signature_blob; 224 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures, 225 &signature_blob)); 226 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path, 227 signature_blob.size(), 228 payload_out, 229 metadata_size_out, 230 signatures_offset_out)); 231 232 return true; 233} 234 235bool PayloadSigner::HashPayloadForSigning(const string& payload_path, 236 const vector<int>& signature_sizes, 237 chromeos::Blob* out_hash_data) { 238 chromeos::Blob payload; 239 uint64_t metadata_size; 240 uint64_t signatures_offset; 241 242 TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path, 243 signature_sizes, 244 &payload, 245 &metadata_size, 246 &signatures_offset)); 247 248 // Calculates the hash on the updated payload. Note that we stop calculating 249 // before we reach the signature information. 250 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(payload.data(), 251 signatures_offset, 252 out_hash_data)); 253 return true; 254} 255 256bool PayloadSigner::HashMetadataForSigning(const string& payload_path, 257 const vector<int>& signature_sizes, 258 chromeos::Blob* out_metadata_hash) { 259 chromeos::Blob payload; 260 uint64_t metadata_size; 261 uint64_t signatures_offset; 262 263 TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path, 264 signature_sizes, 265 &payload, 266 &metadata_size, 267 &signatures_offset)); 268 269 // Calculates the hash on the manifest. 270 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(payload.data(), 271 metadata_size, 272 out_metadata_hash)); 273 return true; 274} 275 276bool PayloadSigner::AddSignatureToPayload( 277 const string& payload_path, 278 const vector<chromeos::Blob>& signatures, 279 const string& signed_payload_path, 280 uint64_t *out_metadata_size) { 281 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory. 282 283 // Loads the payload and adds the signature op to it. 284 chromeos::Blob signature_blob; 285 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures, 286 &signature_blob)); 287 chromeos::Blob payload; 288 uint64_t signatures_offset; 289 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path, 290 signature_blob.size(), 291 &payload, 292 out_metadata_size, 293 &signatures_offset)); 294 // Appends the signature blob to the end of the payload and writes the new 295 // payload. 296 LOG(INFO) << "Payload size before signatures: " << payload.size(); 297 payload.resize(signatures_offset); 298 payload.insert(payload.begin() + signatures_offset, 299 signature_blob.begin(), 300 signature_blob.end()); 301 LOG(INFO) << "Signed payload size: " << payload.size(); 302 TEST_AND_RETURN_FALSE(utils::WriteFile(signed_payload_path.c_str(), 303 payload.data(), 304 payload.size())); 305 return true; 306} 307 308bool PayloadSigner::GetMetadataSignature(const void* const metadata, 309 size_t metadata_size, 310 const string& private_key_path, 311 string* out_signature) { 312 // Calculates the hash on the updated payload. Note that the payload includes 313 // the signature op but doesn't include the signature blob at the end. 314 chromeos::Blob metadata_hash; 315 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(metadata, 316 metadata_size, 317 &metadata_hash)); 318 319 chromeos::Blob signature; 320 TEST_AND_RETURN_FALSE(SignHash(metadata_hash, 321 private_key_path, 322 &signature)); 323 324 *out_signature = chromeos::data_encoding::Base64Encode(signature); 325 return true; 326} 327 328 329} // namespace chromeos_update_engine 330