payload_signer.cc revision f68bbbc952aa9a71898e4939b5f36187fa564a50
1// Copyright (c) 2011 The Chromium OS Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "update_engine/payload_generator/payload_signer.h" 6 7#include <base/logging.h> 8#include <base/strings/string_split.h> 9#include <base/strings/string_util.h> 10#include <chromeos/data_encoding.h> 11#include <openssl/pem.h> 12 13#include "update_engine/omaha_hash_calculator.h" 14#include "update_engine/payload_generator/delta_diff_generator.h" 15#include "update_engine/payload_verifier.h" 16#include "update_engine/subprocess.h" 17#include "update_engine/update_metadata.pb.h" 18#include "update_engine/utils.h" 19 20using std::string; 21using std::vector; 22 23namespace chromeos_update_engine { 24 25namespace { 26 27// Given raw |signatures|, packs them into a protobuf and serializes it into a 28// binary blob. Returns true on success, false otherwise. 29bool ConvertSignatureToProtobufBlob(const vector<chromeos::Blob>& signatures, 30 chromeos::Blob* out_signature_blob) { 31 // Pack it into a protobuf 32 Signatures out_message; 33 uint32_t version = kSignatureMessageOriginalVersion; 34 LOG_IF(WARNING, kSignatureMessageCurrentVersion - 35 kSignatureMessageOriginalVersion + 1 < signatures.size()) 36 << "You may want to support clients in the range [" 37 << kSignatureMessageOriginalVersion << ", " 38 << kSignatureMessageCurrentVersion << "] inclusive, but you only " 39 << "provided " << signatures.size() << " signatures."; 40 for (const chromeos::Blob& signature : signatures) { 41 Signatures_Signature* sig_message = out_message.add_signatures(); 42 sig_message->set_version(version++); 43 sig_message->set_data(signature.data(), signature.size()); 44 } 45 46 // Serialize protobuf 47 string serialized; 48 TEST_AND_RETURN_FALSE(out_message.AppendToString(&serialized)); 49 out_signature_blob->insert(out_signature_blob->end(), 50 serialized.begin(), 51 serialized.end()); 52 LOG(INFO) << "Signature blob size: " << out_signature_blob->size(); 53 return true; 54} 55 56// Given an unsigned payload under |payload_path| and the |signature_blob_size| 57// generates an updated payload that includes a dummy signature op in its 58// manifest. It populates |out_metadata_size| with the size of the final 59// manifest after adding the dummy signature operation, and 60// |out_signatures_offset| with the expected offset for the new blob. Returns 61// true on success, false otherwise. 62bool AddSignatureOpToPayload(const string& payload_path, 63 uint64_t signature_blob_size, 64 chromeos::Blob* out_payload, 65 uint64_t* out_metadata_size, 66 uint64_t* out_signatures_offset) { 67 const int kProtobufOffset = 20; 68 const int kProtobufSizeOffset = 12; 69 70 // Loads the payload. 71 chromeos::Blob payload; 72 DeltaArchiveManifest manifest; 73 uint64_t metadata_size; 74 TEST_AND_RETURN_FALSE(PayloadVerifier::LoadPayload( 75 payload_path, &payload, &manifest, &metadata_size)); 76 77 // Is there already a signature op in place? 78 if (manifest.has_signatures_size()) { 79 // The signature op is tied to the size of the signature blob, but not it's 80 // contents. We don't allow the manifest to change if there is already an op 81 // present, because that might invalidate previously generated 82 // hashes/signatures. 83 if (manifest.signatures_size() != signature_blob_size) { 84 LOG(ERROR) << "Attempt to insert different signature sized blob. " 85 << "(current:" << manifest.signatures_size() 86 << "new:" << signature_blob_size << ")"; 87 return false; 88 } 89 90 LOG(INFO) << "Matching signature sizes already present."; 91 } else { 92 // Updates the manifest to include the signature operation. 93 DeltaDiffGenerator::AddSignatureOp(payload.size() - metadata_size, 94 signature_blob_size, 95 &manifest); 96 97 // Updates the payload to include the new manifest. 98 string serialized_manifest; 99 TEST_AND_RETURN_FALSE(manifest.AppendToString(&serialized_manifest)); 100 LOG(INFO) << "Updated protobuf size: " << serialized_manifest.size(); 101 payload.erase(payload.begin() + kProtobufOffset, 102 payload.begin() + metadata_size); 103 payload.insert(payload.begin() + kProtobufOffset, 104 serialized_manifest.begin(), 105 serialized_manifest.end()); 106 107 // Updates the protobuf size. 108 uint64_t size_be = htobe64(serialized_manifest.size()); 109 memcpy(&payload[kProtobufSizeOffset], &size_be, sizeof(size_be)); 110 metadata_size = serialized_manifest.size() + kProtobufOffset; 111 112 LOG(INFO) << "Updated payload size: " << payload.size(); 113 LOG(INFO) << "Updated metadata size: " << metadata_size; 114 } 115 116 out_payload->swap(payload); 117 *out_metadata_size = metadata_size; 118 *out_signatures_offset = metadata_size + manifest.signatures_offset(); 119 LOG(INFO) << "Signature Blob Offset: " << *out_signatures_offset; 120 return true; 121} 122} // namespace 123 124bool PayloadSigner::SignHash(const chromeos::Blob& hash, 125 const string& private_key_path, 126 chromeos::Blob* out_signature) { 127 LOG(INFO) << "Signing hash with private key: " << private_key_path; 128 string sig_path; 129 TEST_AND_RETURN_FALSE( 130 utils::MakeTempFile("signature.XXXXXX", &sig_path, nullptr)); 131 ScopedPathUnlinker sig_path_unlinker(sig_path); 132 133 string hash_path; 134 TEST_AND_RETURN_FALSE( 135 utils::MakeTempFile("hash.XXXXXX", &hash_path, nullptr)); 136 ScopedPathUnlinker hash_path_unlinker(hash_path); 137 // We expect unpadded SHA256 hash coming in 138 TEST_AND_RETURN_FALSE(hash.size() == 32); 139 chromeos::Blob padded_hash(hash); 140 PayloadVerifier::PadRSA2048SHA256Hash(&padded_hash); 141 TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(), 142 padded_hash.data(), 143 padded_hash.size())); 144 145 // This runs on the server, so it's okay to cop out and call openssl 146 // executable rather than properly use the library 147 vector<string> cmd; 148 base::SplitString("openssl rsautl -raw -sign -inkey x -in x -out x", 149 ' ', 150 &cmd); 151 cmd[cmd.size() - 5] = private_key_path; 152 cmd[cmd.size() - 3] = hash_path; 153 cmd[cmd.size() - 1] = sig_path; 154 155 // When running unittests, we need to use the openssl version from the 156 // SYSROOT instead of the one on the $PATH (host). 157 cmd[0] = utils::GetPathOnBoard("openssl"); 158 159 int return_code = 0; 160 TEST_AND_RETURN_FALSE(Subprocess::SynchronousExec(cmd, &return_code, 161 nullptr)); 162 TEST_AND_RETURN_FALSE(return_code == 0); 163 164 chromeos::Blob signature; 165 TEST_AND_RETURN_FALSE(utils::ReadFile(sig_path, &signature)); 166 out_signature->swap(signature); 167 return true; 168} 169 170bool PayloadSigner::SignPayload(const string& unsigned_payload_path, 171 const vector<string>& private_key_paths, 172 chromeos::Blob* out_signature_blob) { 173 chromeos::Blob hash_data; 174 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfFile( 175 unsigned_payload_path, -1, &hash_data) == 176 utils::FileSize(unsigned_payload_path)); 177 178 vector<chromeos::Blob> signatures; 179 for (const string& path : private_key_paths) { 180 chromeos::Blob signature; 181 TEST_AND_RETURN_FALSE(SignHash(hash_data, path, &signature)); 182 signatures.push_back(signature); 183 } 184 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures, 185 out_signature_blob)); 186 return true; 187} 188 189bool PayloadSigner::SignatureBlobLength(const vector<string>& private_key_paths, 190 uint64_t* out_length) { 191 DCHECK(out_length); 192 193 string x_path; 194 TEST_AND_RETURN_FALSE( 195 utils::MakeTempFile("signed_data.XXXXXX", &x_path, nullptr)); 196 ScopedPathUnlinker x_path_unlinker(x_path); 197 TEST_AND_RETURN_FALSE(utils::WriteFile(x_path.c_str(), "x", 1)); 198 199 chromeos::Blob sig_blob; 200 TEST_AND_RETURN_FALSE(PayloadSigner::SignPayload(x_path, 201 private_key_paths, 202 &sig_blob)); 203 *out_length = sig_blob.size(); 204 return true; 205} 206 207bool PayloadSigner::PrepPayloadForHashing( 208 const string& payload_path, 209 const vector<int>& signature_sizes, 210 chromeos::Blob* payload_out, 211 uint64_t* metadata_size_out, 212 uint64_t* signatures_offset_out) { 213 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory. 214 215 // Loads the payload and adds the signature op to it. 216 vector<chromeos::Blob> signatures; 217 for (int signature_size : signature_sizes) { 218 signatures.emplace_back(signature_size, 0); 219 } 220 chromeos::Blob signature_blob; 221 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures, 222 &signature_blob)); 223 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path, 224 signature_blob.size(), 225 payload_out, 226 metadata_size_out, 227 signatures_offset_out)); 228 229 return true; 230} 231 232bool PayloadSigner::HashPayloadForSigning(const string& payload_path, 233 const vector<int>& signature_sizes, 234 chromeos::Blob* out_hash_data) { 235 chromeos::Blob payload; 236 uint64_t metadata_size; 237 uint64_t signatures_offset; 238 239 TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path, 240 signature_sizes, 241 &payload, 242 &metadata_size, 243 &signatures_offset)); 244 245 // Calculates the hash on the updated payload. Note that we stop calculating 246 // before we reach the signature information. 247 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(payload.data(), 248 signatures_offset, 249 out_hash_data)); 250 return true; 251} 252 253bool PayloadSigner::HashMetadataForSigning(const string& payload_path, 254 const vector<int>& signature_sizes, 255 chromeos::Blob* out_metadata_hash) { 256 chromeos::Blob payload; 257 uint64_t metadata_size; 258 uint64_t signatures_offset; 259 260 TEST_AND_RETURN_FALSE(PrepPayloadForHashing(payload_path, 261 signature_sizes, 262 &payload, 263 &metadata_size, 264 &signatures_offset)); 265 266 // Calculates the hash on the manifest. 267 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(payload.data(), 268 metadata_size, 269 out_metadata_hash)); 270 return true; 271} 272 273bool PayloadSigner::AddSignatureToPayload( 274 const string& payload_path, 275 const vector<chromeos::Blob>& signatures, 276 const string& signed_payload_path, 277 uint64_t *out_metadata_size) { 278 // TODO(petkov): Reduce memory usage -- the payload is manipulated in memory. 279 280 // Loads the payload and adds the signature op to it. 281 chromeos::Blob signature_blob; 282 TEST_AND_RETURN_FALSE(ConvertSignatureToProtobufBlob(signatures, 283 &signature_blob)); 284 chromeos::Blob payload; 285 uint64_t signatures_offset; 286 TEST_AND_RETURN_FALSE(AddSignatureOpToPayload(payload_path, 287 signature_blob.size(), 288 &payload, 289 out_metadata_size, 290 &signatures_offset)); 291 // Appends the signature blob to the end of the payload and writes the new 292 // payload. 293 LOG(INFO) << "Payload size before signatures: " << payload.size(); 294 payload.resize(signatures_offset); 295 payload.insert(payload.begin() + signatures_offset, 296 signature_blob.begin(), 297 signature_blob.end()); 298 LOG(INFO) << "Signed payload size: " << payload.size(); 299 TEST_AND_RETURN_FALSE(utils::WriteFile(signed_payload_path.c_str(), 300 payload.data(), 301 payload.size())); 302 return true; 303} 304 305bool PayloadSigner::GetMetadataSignature(const void* const metadata, 306 size_t metadata_size, 307 const string& private_key_path, 308 string* out_signature) { 309 // Calculates the hash on the updated payload. Note that the payload includes 310 // the signature op but doesn't include the signature blob at the end. 311 chromeos::Blob metadata_hash; 312 TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(metadata, 313 metadata_size, 314 &metadata_hash)); 315 316 chromeos::Blob signature; 317 TEST_AND_RETURN_FALSE(SignHash(metadata_hash, 318 private_key_path, 319 &signature)); 320 321 *out_signature = chromeos::data_encoding::Base64Encode(signature); 322 return true; 323} 324 325 326} // namespace chromeos_update_engine 327