payload_signer.cc revision 6f20dd4fc8861d93d188cd27323d2f9746464aaf
1// 2// Copyright (C) 2011 The Android Open Source Project 3// 4// Licensed under the Apache License, Version 2.0 (the "License"); 5// you may not use this file except in compliance with the License. 6// You may obtain a copy of the License at 7// 8// http://www.apache.org/licenses/LICENSE-2.0 9// 10// Unless required by applicable law or agreed to in writing, software 11// distributed under the License is distributed on an "AS IS" BASIS, 12// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13// See the License for the specific language governing permissions and 14// limitations under the License. 15// 16 17#include "update_engine/payload_generator/payload_signer.h" 18 19#include <endian.h> 20 21#include <base/logging.h> 22#include <base/strings/string_split.h> 23#include <base/strings/string_util.h> 24#include <chromeos/data_encoding.h> 25#include <openssl/pem.h> 26 27#include "update_engine/omaha_hash_calculator.h" 28#include "update_engine/payload_generator/payload_file.h" 29#include "update_engine/payload_verifier.h" 30#include "update_engine/subprocess.h" 31#include "update_engine/update_metadata.pb.h" 32#include "update_engine/utils.h" 33 34using std::string; 35using std::vector; 36 37namespace chromeos_update_engine { 38 39namespace { 40 41// Given raw |signatures|, packs them into a protobuf and serializes it into a 42// binary blob. Returns true on success, false otherwise. 43bool ConvertSignatureToProtobufBlob(const vector<chromeos::Blob>& signatures, 44 chromeos::Blob* out_signature_blob) { 45 // Pack it into a protobuf 46 Signatures out_message; 47 uint32_t version = kSignatureMessageOriginalVersion; 48 LOG_IF(WARNING, kSignatureMessageCurrentVersion - 49 kSignatureMessageOriginalVersion + 1 < signatures.size()) 50 << "You may want to support clients in the range [" 51 << kSignatureMessageOriginalVersion << ", " 52 << kSignatureMessageCurrentVersion << "] inclusive, but you only " 53 << "provided " << signatures.size() << " signatures."; 54 for (const chromeos::Blob& signature : signatures) { 55 Signatures_Signature* sig_message = out_message.add_signatures(); 56 sig_message->set_version(version++); 57 sig_message->set_data(signature.data(), signature.size()); 58 } 59 60 // Serialize protobuf 61 string serialized; 62 TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized)); 63 out_signature_blob->insert(out_signature_blob->end(), 64 serialized.begin(), 65 serialized.end()); 66 LOG(INFO) << "Signature blob size: " << out_signature_blob->size(); 67 return true; 68} 69 70// Given an unsigned payload under |payload_path| and the |signature_blob_size| 71// generates an updated payload that includes a dummy signature op in its 72// manifest. It populates |out_metadata_size| with the size of the final 73// manifest after adding the dummy signature operation, and 74// |out_signatures_offset| with the expected offset for the new blob. Returns 75// true on success, false otherwise. 76bool AddSignatureOpToPayload(const string& payload_path, 77 uint64_t signature_blob_size, 78 chromeos::Blob* out_payload, 79 uint64_t* out_metadata_size, 80 uint64_t* out_signatures_offset) { 81 const int kProtobufOffset = 20; 82 const int kProtobufSizeOffset = 12; 83 84 // Loads the payload. 85 chromeos::Blob payload; 86 DeltaArchiveManifest manifest; 87 uint64_t metadata_size; 88 TEST_AND_RETURN_FALSE(PayloadVerifier::LoadPayload( 89 payload_path, &payload, &manifest, &metadata_size)); 90 91 // Is there already a signature op in place? 92 if (manifest.has_signatures_size()) { 93 // The signature op is tied to the size of the signature blob, but not it's 94 // contents. We don't allow the manifest to change if there is already an op 95 // present, because that might invalidate previously generated 96 // hashes/signatures. 97 if (manifest.signatures_size() != signature_blob_size) { 98 LOG(ERROR) << "Attempt to insert different signature sized blob. " 99 << "(current:" << manifest.signatures_size() 100 << "new:" << signature_blob_size << ")"; 101 return false; 102 } 103 104 LOG(INFO) << "Matching signature sizes already present."; 105 } else { 106 // Updates the manifest to include the signature operation. 107 AddSignatureOp(payload.size() - metadata_size, 108 signature_blob_size, 109 &manifest); 110 111 // Updates the payload to include the new manifest. 112 string serialized_manifest; 113 TEST_AND_RETURN_FALSE(manifest.AppendToString(&serialized_manifest)); 114 LOG(INFO) << "Updated protobuf size: " << serialized_manifest.size(); 115 payload.erase(payload.begin() + kProtobufOffset, 116 payload.begin() + metadata_size); 117 payload.insert(payload.begin() + kProtobufOffset, 118 serialized_manifest.begin(), 119 serialized_manifest.end()); 120 121 // Updates the protobuf size. 122 uint64_t size_be = htobe64(serialized_manifest.size()); 123 memcpy(&payload[kProtobufSizeOffset], &size_be, sizeof(size_be)); 124 metadata_size = serialized_manifest.size() + kProtobufOffset; 125 126 LOG(INFO) << "Updated payload size: " << payload.size(); 127 LOG(INFO) << "Updated metadata size: " << metadata_size; 128 } 129 130 out_payload->swap(payload); 131 *out_metadata_size = metadata_size; 132 *out_signatures_offset = metadata_size + manifest.signatures_offset(); 133 LOG(INFO) << "Signature Blob Offset: " << *out_signatures_offset; 134 return true; 135} 136} // namespace 137 138bool PayloadSigner::SignHash(const chromeos::Blob& hash, 139 const string& private_key_path, 140 chromeos::Blob* out_signature) { 141 LOG(INFO) << "Signing hash with private key: " << private_key_path; 142 string sig_path; 143 TEST_AND_RETURN_FALSE( 144 utils::MakeTempFile("signature.XXXXXX", &sig_path, nullptr)); 145 ScopedPathUnlinker sig_path_unlinker(sig_path); 146 147 string hash_path; 148 TEST_AND_RETURN_FALSE( 149 utils::MakeTempFile("hash.XXXXXX", &hash_path, nullptr)); 150 ScopedPathUnlinker hash_path_unlinker(hash_path); 151 // We expect unpadded SHA256 hash coming in 152 TEST_AND_RETURN_FALSE(hash.size() == 32); 153 chromeos::Blob padded_hash(hash); 154 PayloadVerifier::PadRSA2048SHA256Hash(&padded_hash); 155 TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(), 156 padded_hash.data(), 157 padded_hash.size())); 158 159 // This runs on the server, so it's okay to cop out and call openssl 160 // executable rather than properly use the library 161 vector<string> cmd; 162 base::SplitString("openssl rsautl -raw -sign -inkey x -in x -out x", 163 ' ', 164 &cmd); 165 cmd[cmd.size() - 5] = private_key_path; 166 cmd[cmd.size() - 3] = hash_path; 167 cmd[cmd.size() - 1] = sig_path; 168 169 int return_code = 0; 170 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code, 171 nullptr)); 172 TEST_AND_RETURN_FALSE(return_code == 0); 173 174 chromeos::Blob signature; 175 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature)); 176 out_signature->swap(signature); 177 return true; 178} 179 180bool PayloadSigner::SignPayload(const string& unsigned_payload_path, 181 const vector<string>& private_key_paths, 182 chromeos::Blob* out_signature_blob) { 183 chromeos::Blob hash_data; 184 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfFile( 185 unsigned_payload_path, -1, &hash_data) == 186 utils::FileSize(unsigned_payload_path)); 187 188 vector<chromeos::Blob> signatures; 189 for (const string& path : private_key_paths) { 190 chromeos::Blob signature; 191 TEST_AND_RETURN_FALSE(SignHash(hash_data, path, &signature)); 192 signatures.push_back(signature); 193 } 194 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures, 195 out_signature_blob)); 196 return true; 197} 198 199bool PayloadSigner::SignatureBlobLength(const vector<string>& private_key_paths, 200 uint64_t* out_length) { 201 DCHECK(out_length); 202 203 string x_path; 204 TEST_AND_RETURN_FALSE( 205 utils::MakeTempFile("signed_data.XXXXXX", &x_path, nullptr)); 206 ScopedPathUnlinker x_path_unlinker(x_path); 207 TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1)); 208 209 chromeos::Blob sig_blob; 210 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path, 211 private_key_paths, 212 &sig_blob)); 213 *out_length = sig_blob.size(); 214 return true; 215} 216 217bool PayloadSigner::PrepPayloadForHashing( 218 const string& payload_path, 219 const vector<int>& signature_sizes, 220 chromeos::Blob* payload_out, 221 uint64_t* metadata_size_out, 222 uint64_t* signatures_offset_out) { 223 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory. 224 225 // Loads the payload and adds the signature op to it. 226 vector<chromeos::Blob> signatures; 227 for (int signature_size : signature_sizes) { 228 signatures.emplace_back(signature_size, 0); 229 } 230 chromeos::Blob signature_blob; 231 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures, 232 &signature_blob)); 233 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path, 234 signature_blob.size(), 235 payload_out, 236 metadata_size_out, 237 signatures_offset_out)); 238 239 return true; 240} 241 242bool PayloadSigner::HashPayloadForSigning(const string& payload_path, 243 const vector<int>& signature_sizes, 244 chromeos::Blob* out_hash_data) { 245 chromeos::Blob payload; 246 uint64_t metadata_size; 247 uint64_t signatures_offset; 248 249 TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path, 250 signature_sizes, 251 &payload, 252 &metadata_size, 253 &signatures_offset)); 254 255 // Calculates the hash on the updated payload. Note that we stop calculating 256 // before we reach the signature information. 257 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(payload.data(), 258 signatures_offset, 259 out_hash_data)); 260 return true; 261} 262 263bool PayloadSigner::HashMetadataForSigning(const string& payload_path, 264 const vector<int>& signature_sizes, 265 chromeos::Blob* out_metadata_hash) { 266 chromeos::Blob payload; 267 uint64_t metadata_size; 268 uint64_t signatures_offset; 269 270 TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path, 271 signature_sizes, 272 &payload, 273 &metadata_size, 274 &signatures_offset)); 275 276 // Calculates the hash on the manifest. 277 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(payload.data(), 278 metadata_size, 279 out_metadata_hash)); 280 return true; 281} 282 283bool PayloadSigner::AddSignatureToPayload( 284 const string& payload_path, 285 const vector<chromeos::Blob>& signatures, 286 const string& signed_payload_path, 287 uint64_t *out_metadata_size) { 288 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory. 289 290 // Loads the payload and adds the signature op to it. 291 chromeos::Blob signature_blob; 292 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures, 293 &signature_blob)); 294 chromeos::Blob payload; 295 uint64_t signatures_offset; 296 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path, 297 signature_blob.size(), 298 &payload, 299 out_metadata_size, 300 &signatures_offset)); 301 // Appends the signature blob to the end of the payload and writes the new 302 // payload. 303 LOG(INFO) << "Payload size before signatures: " << payload.size(); 304 payload.resize(signatures_offset); 305 payload.insert(payload.begin() + signatures_offset, 306 signature_blob.begin(), 307 signature_blob.end()); 308 LOG(INFO) << "Signed payload size: " << payload.size(); 309 TEST_AND_RETURN_FALSE(utils::WriteFile(signed_payload_path.c_str(), 310 payload.data(), 311 payload.size())); 312 return true; 313} 314 315bool PayloadSigner::GetMetadataSignature(const void* const metadata, 316 size_t metadata_size, 317 const string& private_key_path, 318 string* out_signature) { 319 // Calculates the hash on the updated payload. Note that the payload includes 320 // the signature op but doesn't include the signature blob at the end. 321 chromeos::Blob metadata_hash; 322 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(metadata, 323 metadata_size, 324 &metadata_hash)); 325 326 chromeos::Blob signature; 327 TEST_AND_RETURN_FALSE(SignHash(metadata_hash, 328 private_key_path, 329 &signature)); 330 331 *out_signature = chromeos::data_encoding::Base64Encode(signature); 332 return true; 333} 334 335 336} // namespace chromeos_update_engine 337