Alex Deymo | 923d8fa | 2014-07-15 17:58:51 -0700 | [diff] [blame] | 1 | // Copyright 2014 The Chromium OS Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef UPDATE_ENGINE_PAYLOAD_VERIFIER_H_ |
| 6 | #define UPDATE_ENGINE_PAYLOAD_VERIFIER_H_ |
| 7 | |
| 8 | #include <string> |
| 9 | #include <vector> |
| 10 | |
Ben Chan | 05735a1 | 2014-09-03 07:48:22 -0700 | [diff] [blame] | 11 | #include <base/macros.h> |
Alex Vakulenko | f68bbbc | 2015-02-09 12:53:18 -0800 | [diff] [blame] | 12 | #include <chromeos/secure_blob.h> |
Ben Chan | 05735a1 | 2014-09-03 07:48:22 -0700 | [diff] [blame] | 13 | |
Alex Deymo | 923d8fa | 2014-07-15 17:58:51 -0700 | [diff] [blame] | 14 | #include "update_engine/update_metadata.pb.h" |
| 15 | |
| 16 | // This class encapsulates methods used for payload signature verification. |
| 17 | // See payload_generator/payload_signer.h for payload signing. |
| 18 | |
| 19 | namespace chromeos_update_engine { |
| 20 | |
| 21 | extern const uint32_t kSignatureMessageOriginalVersion; |
| 22 | extern const uint32_t kSignatureMessageCurrentVersion; |
| 23 | |
| 24 | class PayloadVerifier { |
| 25 | public: |
| 26 | // Returns false if the payload signature can't be verified. Returns true |
| 27 | // otherwise and sets |out_hash| to the signed payload hash. |
Alex Vakulenko | f68bbbc | 2015-02-09 12:53:18 -0800 | [diff] [blame] | 28 | static bool VerifySignature(const chromeos::Blob& signature_blob, |
Alex Deymo | 923d8fa | 2014-07-15 17:58:51 -0700 | [diff] [blame] | 29 | const std::string& public_key_path, |
Alex Vakulenko | f68bbbc | 2015-02-09 12:53:18 -0800 | [diff] [blame] | 30 | chromeos::Blob* out_hash_data); |
Alex Deymo | 923d8fa | 2014-07-15 17:58:51 -0700 | [diff] [blame] | 31 | |
| 32 | // Interprets signature_blob as a protocol buffer containing the Signatures |
| 33 | // message and decrypts the signature data using the public_key_path and |
| 34 | // stores the resultant raw hash data in out_hash_data. Returns true if |
| 35 | // everything is successful. False otherwise. It also takes the client_version |
| 36 | // and interprets the signature blob according to that version. |
Alex Vakulenko | f68bbbc | 2015-02-09 12:53:18 -0800 | [diff] [blame] | 37 | static bool VerifySignatureBlob(const chromeos::Blob& signature_blob, |
Alex Deymo | 923d8fa | 2014-07-15 17:58:51 -0700 | [diff] [blame] | 38 | const std::string& public_key_path, |
| 39 | uint32_t client_version, |
Alex Vakulenko | f68bbbc | 2015-02-09 12:53:18 -0800 | [diff] [blame] | 40 | chromeos::Blob* out_hash_data); |
Alex Deymo | 923d8fa | 2014-07-15 17:58:51 -0700 | [diff] [blame] | 41 | |
| 42 | // Decrypts sig_data with the given public_key_path and populates |
| 43 | // out_hash_data with the decoded raw hash. Returns true if successful, |
| 44 | // false otherwise. |
Alex Vakulenko | f68bbbc | 2015-02-09 12:53:18 -0800 | [diff] [blame] | 45 | static bool GetRawHashFromSignature(const chromeos::Blob& sig_data, |
Alex Deymo | 923d8fa | 2014-07-15 17:58:51 -0700 | [diff] [blame] | 46 | const std::string& public_key_path, |
Alex Vakulenko | f68bbbc | 2015-02-09 12:53:18 -0800 | [diff] [blame] | 47 | chromeos::Blob* out_hash_data); |
Alex Deymo | 923d8fa | 2014-07-15 17:58:51 -0700 | [diff] [blame] | 48 | |
| 49 | // Returns true if the payload in |payload_path| is signed and its hash can be |
| 50 | // verified using the public key in |public_key_path| with the signature |
| 51 | // of a given version in the signature blob. Returns false otherwise. |
| 52 | static bool VerifySignedPayload(const std::string& payload_path, |
| 53 | const std::string& public_key_path, |
| 54 | uint32_t client_key_check_version); |
| 55 | |
| 56 | // Pads a SHA256 hash so that it may be encrypted/signed with RSA2048 |
| 57 | // using the PKCS#1 v1.5 scheme. |
| 58 | // hash should be a pointer to vector of exactly 256 bits. The vector |
| 59 | // will be modified in place and will result in having a length of |
| 60 | // 2048 bits. Returns true on success, false otherwise. |
Alex Vakulenko | f68bbbc | 2015-02-09 12:53:18 -0800 | [diff] [blame] | 61 | static bool PadRSA2048SHA256Hash(chromeos::Blob* hash); |
Alex Deymo | 923d8fa | 2014-07-15 17:58:51 -0700 | [diff] [blame] | 62 | |
| 63 | // Reads the payload from the given |payload_path| into the |out_payload| |
| 64 | // vector. It also parses the manifest protobuf in the payload and returns it |
| 65 | // in |out_manifest| along with the size of the entire metadata in |
| 66 | // |out_metadata_size|. |
| 67 | static bool LoadPayload(const std::string& payload_path, |
Alex Vakulenko | f68bbbc | 2015-02-09 12:53:18 -0800 | [diff] [blame] | 68 | chromeos::Blob* out_payload, |
Alex Deymo | 923d8fa | 2014-07-15 17:58:51 -0700 | [diff] [blame] | 69 | DeltaArchiveManifest* out_manifest, |
| 70 | uint64_t* out_metadata_size); |
| 71 | |
| 72 | private: |
| 73 | // This should never be constructed |
| 74 | DISALLOW_IMPLICIT_CONSTRUCTORS(PayloadVerifier); |
| 75 | }; |
| 76 | |
| 77 | } // namespace chromeos_update_engine |
| 78 | |
| 79 | #endif // UPDATE_ENGINE_PAYLOAD_VERIFIER_H_ |