payload_signer.cc revision c31e4a742b56c122b50febc1f78fd1c3772ab7fd
1// Copyright (c) 2011 The Chromium OS Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "update_engine/payload_generator/payload_signer.h" 6 7#include <base/logging.h> 8#include <base/strings/string_split.h> 9#include <base/strings/string_util.h> 10#include <chromeos/data_encoding.h> 11#include <openssl/pem.h> 12 13#include "update_engine/omaha_hash_calculator.h" 14#include "update_engine/payload_generator/delta_diff_generator.h" 15#include "update_engine/payload_verifier.h" 16#include "update_engine/subprocess.h" 17#include "update_engine/update_metadata.pb.h" 18#include "update_engine/utils.h" 19 20using std::string; 21using std::vector; 22 23namespace chromeos_update_engine { 24 25namespace { 26 27// Given raw |signatures|, packs them into a protobuf and serializes it into a 28// binary blob. Returns true on success, false otherwise. 29bool ConvertSignatureToProtobufBlob(const vector<chromeos::Blob>& signatures, 30 chromeos::Blob* out_signature_blob) { 31 // Pack it into a protobuf 32 Signatures out_message; 33 uint32_t version = kSignatureMessageOriginalVersion; 34 LOG_IF(WARNING, kSignatureMessageCurrentVersion - 35 kSignatureMessageOriginalVersion + 1 < signatures.size()) 36 << "You may want to support clients in the range [" 37 << kSignatureMessageOriginalVersion << ", " 38 << kSignatureMessageCurrentVersion << "] inclusive, but you only " 39 << "provided " << signatures.size() << " signatures."; 40 for (const chromeos::Blob& signature : signatures) { 41 Signatures_Signature* sig_message = out_message.add_signatures(); 42 sig_message->set_version(version++); 43 sig_message->set_data(signature.data(), signature.size()); 44 } 45 46 // Serialize protobuf 47 string serialized; 48 TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized)); 49 out_signature_blob->insert(out_signature_blob->end(), 50 serialized.begin(), 51 serialized.end()); 52 LOG(INFO) << "Signature blob size: " << out_signature_blob->size(); 53 return true; 54} 55 56// Given an unsigned payload under |payload_path| and the |signature_blob_size| 57// generates an updated payload that includes a dummy signature op in its 58// manifest. It populates |out_metadata_size| with the size of the final 59// manifest after adding the dummy signature operation, and 60// |out_signatures_offset| with the expected offset for the new blob. Returns 61// true on success, false otherwise. 62bool AddSignatureOpToPayload(const string& payload_path, 63 uint64_t signature_blob_size, 64 chromeos::Blob* out_payload, 65 uint64_t* out_metadata_size, 66 uint64_t* out_signatures_offset) { 67 const int kProtobufOffset = 20; 68 const int kProtobufSizeOffset = 12; 69 70 // Loads the payload. 71 chromeos::Blob payload; 72 DeltaArchiveManifest manifest; 73 uint64_t metadata_size; 74 TEST_AND_RETURN_FALSE(PayloadVerifier::LoadPayload( 75 payload_path, &payload, &manifest, &metadata_size)); 76 77 // Is there already a signature op in place? 78 if (manifest.has_signatures_size()) { 79 // The signature op is tied to the size of the signature blob, but not it's 80 // contents. We don't allow the manifest to change if there is already an op 81 // present, because that might invalidate previously generated 82 // hashes/signatures. 83 if (manifest.signatures_size() != signature_blob_size) { 84 LOG(ERROR) << "Attempt to insert different signature sized blob. " 85 << "(current:" << manifest.signatures_size() 86 << "new:" << signature_blob_size << ")"; 87 return false; 88 } 89 90 LOG(INFO) << "Matching signature sizes already present."; 91 } else { 92 // Updates the manifest to include the signature operation. 93 DeltaDiffGenerator::AddSignatureOp(payload.size() - metadata_size, 94 signature_blob_size, 95 &manifest); 96 97 // Updates the payload to include the new manifest. 98 string serialized_manifest; 99 TEST_AND_RETURN_FALSE(manifest.AppendToString(&serialized_manifest)); 100 LOG(INFO) << "Updated protobuf size: " << serialized_manifest.size(); 101 payload.erase(payload.begin() + kProtobufOffset, 102 payload.begin() + metadata_size); 103 payload.insert(payload.begin() + kProtobufOffset, 104 serialized_manifest.begin(), 105 serialized_manifest.end()); 106 107 // Updates the protobuf size. 108 uint64_t size_be = htobe64(serialized_manifest.size()); 109 memcpy(&payload[kProtobufSizeOffset], &size_be, sizeof(size_be)); 110 metadata_size = serialized_manifest.size() + kProtobufOffset; 111 112 LOG(INFO) << "Updated payload size: " << payload.size(); 113 LOG(INFO) << "Updated metadata size: " << metadata_size; 114 } 115 116 out_payload->swap(payload); 117 *out_metadata_size = metadata_size; 118 *out_signatures_offset = metadata_size + manifest.signatures_offset(); 119 LOG(INFO) << "Signature Blob Offset: " << *out_signatures_offset; 120 return true; 121} 122} // namespace 123 124bool PayloadSigner::SignHash(const chromeos::Blob& hash, 125 const string& private_key_path, 126 chromeos::Blob* out_signature) { 127 LOG(INFO) << "Signing hash with private key: " << private_key_path; 128 string sig_path; 129 TEST_AND_RETURN_FALSE( 130 utils::MakeTempFile("signature.XXXXXX", &sig_path, nullptr)); 131 ScopedPathUnlinker sig_path_unlinker(sig_path); 132 133 string hash_path; 134 TEST_AND_RETURN_FALSE( 135 utils::MakeTempFile("hash.XXXXXX", &hash_path, nullptr)); 136 ScopedPathUnlinker hash_path_unlinker(hash_path); 137 // We expect unpadded SHA256 hash coming in 138 TEST_AND_RETURN_FALSE(hash.size() == 32); 139 chromeos::Blob padded_hash(hash); 140 PayloadVerifier::PadRSA2048SHA256Hash(&padded_hash); 141 TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(), 142 padded_hash.data(), 143 padded_hash.size())); 144 145 // This runs on the server, so it's okay to cop out and call openssl 146 // executable rather than properly use the library 147 vector<string> cmd; 148 base::SplitString("openssl rsautl -raw -sign -inkey x -in x -out x", 149 ' ', 150 &cmd); 151 cmd[cmd.size() - 5] = private_key_path; 152 cmd[cmd.size() - 3] = hash_path; 153 cmd[cmd.size() - 1] = sig_path; 154 155 int return_code = 0; 156 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code, 157 nullptr)); 158 TEST_AND_RETURN_FALSE(return_code == 0); 159 160 chromeos::Blob signature; 161 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature)); 162 out_signature->swap(signature); 163 return true; 164} 165 166bool PayloadSigner::SignPayload(const string& unsigned_payload_path, 167 const vector<string>& private_key_paths, 168 chromeos::Blob* out_signature_blob) { 169 chromeos::Blob hash_data; 170 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfFile( 171 unsigned_payload_path, -1, &hash_data) == 172 utils::FileSize(unsigned_payload_path)); 173 174 vector<chromeos::Blob> signatures; 175 for (const string& path : private_key_paths) { 176 chromeos::Blob signature; 177 TEST_AND_RETURN_FALSE(SignHash(hash_data, path, &signature)); 178 signatures.push_back(signature); 179 } 180 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures, 181 out_signature_blob)); 182 return true; 183} 184 185bool PayloadSigner::SignatureBlobLength(const vector<string>& private_key_paths, 186 uint64_t* out_length) { 187 DCHECK(out_length); 188 189 string x_path; 190 TEST_AND_RETURN_FALSE( 191 utils::MakeTempFile("signed_data.XXXXXX", &x_path, nullptr)); 192 ScopedPathUnlinker x_path_unlinker(x_path); 193 TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1)); 194 195 chromeos::Blob sig_blob; 196 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path, 197 private_key_paths, 198 &sig_blob)); 199 *out_length = sig_blob.size(); 200 return true; 201} 202 203bool PayloadSigner::PrepPayloadForHashing( 204 const string& payload_path, 205 const vector<int>& signature_sizes, 206 chromeos::Blob* payload_out, 207 uint64_t* metadata_size_out, 208 uint64_t* signatures_offset_out) { 209 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory. 210 211 // Loads the payload and adds the signature op to it. 212 vector<chromeos::Blob> signatures; 213 for (int signature_size : signature_sizes) { 214 signatures.emplace_back(signature_size, 0); 215 } 216 chromeos::Blob signature_blob; 217 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures, 218 &signature_blob)); 219 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path, 220 signature_blob.size(), 221 payload_out, 222 metadata_size_out, 223 signatures_offset_out)); 224 225 return true; 226} 227 228bool PayloadSigner::HashPayloadForSigning(const string& payload_path, 229 const vector<int>& signature_sizes, 230 chromeos::Blob* out_hash_data) { 231 chromeos::Blob payload; 232 uint64_t metadata_size; 233 uint64_t signatures_offset; 234 235 TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path, 236 signature_sizes, 237 &payload, 238 &metadata_size, 239 &signatures_offset)); 240 241 // Calculates the hash on the updated payload. Note that we stop calculating 242 // before we reach the signature information. 243 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(payload.data(), 244 signatures_offset, 245 out_hash_data)); 246 return true; 247} 248 249bool PayloadSigner::HashMetadataForSigning(const string& payload_path, 250 const vector<int>& signature_sizes, 251 chromeos::Blob* out_metadata_hash) { 252 chromeos::Blob payload; 253 uint64_t metadata_size; 254 uint64_t signatures_offset; 255 256 TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path, 257 signature_sizes, 258 &payload, 259 &metadata_size, 260 &signatures_offset)); 261 262 // Calculates the hash on the manifest. 263 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(payload.data(), 264 metadata_size, 265 out_metadata_hash)); 266 return true; 267} 268 269bool PayloadSigner::AddSignatureToPayload( 270 const string& payload_path, 271 const vector<chromeos::Blob>& signatures, 272 const string& signed_payload_path, 273 uint64_t *out_metadata_size) { 274 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory. 275 276 // Loads the payload and adds the signature op to it. 277 chromeos::Blob signature_blob; 278 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures, 279 &signature_blob)); 280 chromeos::Blob payload; 281 uint64_t signatures_offset; 282 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path, 283 signature_blob.size(), 284 &payload, 285 out_metadata_size, 286 &signatures_offset)); 287 // Appends the signature blob to the end of the payload and writes the new 288 // payload. 289 LOG(INFO) << "Payload size before signatures: " << payload.size(); 290 payload.resize(signatures_offset); 291 payload.insert(payload.begin() + signatures_offset, 292 signature_blob.begin(), 293 signature_blob.end()); 294 LOG(INFO) << "Signed payload size: " << payload.size(); 295 TEST_AND_RETURN_FALSE(utils::WriteFile(signed_payload_path.c_str(), 296 payload.data(), 297 payload.size())); 298 return true; 299} 300 301bool PayloadSigner::GetMetadataSignature(const void* const metadata, 302 size_t metadata_size, 303 const string& private_key_path, 304 string* out_signature) { 305 // Calculates the hash on the updated payload. Note that the payload includes 306 // the signature op but doesn't include the signature blob at the end. 307 chromeos::Blob metadata_hash; 308 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(metadata, 309 metadata_size, 310 &metadata_hash)); 311 312 chromeos::Blob signature; 313 TEST_AND_RETURN_FALSE(SignHash(metadata_hash, 314 private_key_path, 315 &signature)); 316 317 *out_signature = chromeos::data_encoding::Base64Encode(signature); 318 return true; 319} 320 321 322} // namespace chromeos_update_engine 323