1 //
2 // Copyright (C) 2014 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_VERIFIER_H_
18 #define UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_VERIFIER_H_
19 
20 #include <memory>
21 #include <string>
22 #include <utility>
23 #include <vector>
24 
25 #include <brillo/secure_blob.h>
26 #include <openssl/evp.h>
27 
28 #include "update_engine/update_metadata.pb.h"
29 
30 // This class holds the public keys and implements methods used for payload
31 // signature verification. See payload_generator/payload_signer.h for payload
32 // signing.
33 
34 namespace chromeos_update_engine {
35 
36 class PayloadVerifier {
37  public:
38   // Pads a SHA256 hash so that it may be encrypted/signed with RSA2048 or
39   // RSA4096 using the PKCS#1 v1.5 scheme.
40   // hash should be a pointer to vector of exactly 256 bits. |rsa_size| must be
41   // one of 256 or 512 bytes. The vector will be modified in place and will
42   // result in having a length of 2048 or 4096 bits, depending on the rsa size.
43   // Returns true on success, false otherwise.
44   static bool PadRSASHA256Hash(brillo::Blob* hash, size_t rsa_size);
45 
46   // Parses the input as a PEM encoded public string. And creates a
47   // PayloadVerifier with that public key for signature verification.
48   static std::unique_ptr<PayloadVerifier> CreateInstance(
49       const std::string& pem_public_key);
50 
51   // Extracts the public keys from the certificates contained in the input
52   // zip file. And creates a PayloadVerifier with these public keys.
53   static std::unique_ptr<PayloadVerifier> CreateInstanceFromZipPath(
54       const std::string& certificate_zip_path);
55 
56   // Interprets |signature_proto| as a protocol buffer containing the
57   // |Signatures| message and decrypts each signature data using the stored
58   // public key. Pads the 32 bytes |sha256_hash_data| to 256 or 512 bytes
59   // according to the PKCS#1 v1.5 standard; and returns whether *any* of the
60   // decrypted hashes matches the padded hash data. In case of any error parsing
61   // the signatures, returns false.
62   bool VerifySignature(const std::string& signature_proto,
63                        const brillo::Blob& sha256_hash_data) const;
64 
65   // Verifies if |sig_data| is a raw signature of the hash |sha256_hash_data|.
66   // If PayloadVerifier is using RSA as the public key, further puts the
67   // decrypted data of |sig_data| into |decrypted_sig_data|.
68   bool VerifyRawSignature(const brillo::Blob& sig_data,
69                           const brillo::Blob& sha256_hash_data,
70                           brillo::Blob* decrypted_sig_data) const;
71 
72  private:
73   explicit PayloadVerifier(
74       std::vector<std::unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)>>&&
75           public_keys)
76       : public_keys_(std::move(public_keys)) {}
77 
78   // Decrypts |sig_data| with the given |public_key| and populates
79   // |out_hash_data| with the decoded raw hash. Returns true if successful,
80   // false otherwise.
81   bool GetRawHashFromSignature(const brillo::Blob& sig_data,
82                                const EVP_PKEY* public_key,
83                                brillo::Blob* out_hash_data) const;
84 
85   std::vector<std::unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)>> public_keys_;
86 };
87 
88 }  // namespace chromeos_update_engine
89 
90 #endif  // UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_VERIFIER_H_
91