Verify AU payload manifest signature if present.
In order to support downloads over http for a number of reasons, we need
to secure http downloads. The first step in this process is to
verify the signature of the manifest itself before parsing. This can be
done even for https-based downloads in order to provide defense-in-depth
against a SSL attack. This CL adds the required verification logic in
update_engine, if such a manifest signature is present in the Omaha
response.
Until the delta generator is modified in a subsequent check-in to update
the manifest and payload with the required signature, none of this new
code will have any effect.
The delta generator change to populate non-zero values for these new
fields will follow in subsequent CLs.
BUG=chromium-os:33602
TEST=Tested on ZGB to make sure existing functionality works fine.
Added new unit tests.
Change-Id: I2d8b09c23faf87049893b1dee97a34e1f300aded
Reviewed-on: https://gerrit.chromium.org/gerrit/32844
Commit-Ready: Jay Srinivasan <jaysri@chromium.org>
Reviewed-by: Jay Srinivasan <jaysri@chromium.org>
Tested-by: Jay Srinivasan <jaysri@chromium.org>
diff --git a/payload_signer.h b/payload_signer.h
index 1e0db35..1c4a3eb 100644
--- a/payload_signer.h
+++ b/payload_signer.h
@@ -64,11 +64,22 @@
const std::string& public_key_path,
std::vector<char>* out_hash_data);
- // Same as previous function, but the client version can be set.
- static bool VerifySignatureVersion(const std::vector<char>& signature_blob,
- const std::string& public_key_path,
- uint32_t client_version,
- std::vector<char>* out_hash_data);
+ // Interprets signature_blob as a protocol buffer containing the Signatures
+ // message and decrypts the signature data using the public_key_path and
+ // stores the resultant raw hash data in out_hash_data. Returns true if
+ // everything is successful. False otherwise. It also takes the client_version
+ // and interprets the signature blob according to that version.
+ static bool VerifySignatureBlob(const std::vector<char>& signature_blob,
+ const std::string& public_key_path,
+ uint32_t client_version,
+ std::vector<char>* out_hash_data);
+
+ // Decrypts sig_data with the given public_key_path and populates
+ // out_hash_data with the decoded raw hash. Returns true if successful,
+ // false otherwise.
+ static bool GetRawHashFromSignature(const std::vector<char>& sig_data,
+ const std::string& public_key_path,
+ std::vector<char>* out_hash_data);
// Returns true if the payload in |payload_path| is signed and its hash can be
// verified using the public key in |public_key_path| with the signature
@@ -83,6 +94,12 @@
// will be modified in place and will result in having a length of
// 2048 bits. Returns true on success, false otherwise.
static bool PadRSA2048SHA256Hash(std::vector<char>* hash);
+
+ static bool GetManifestSignature(const char* manifest,
+ size_t manifest_size,
+ const std::string& private_key_path,
+ std::string* out_signature);
+
private:
// This should never be constructed
DISALLOW_IMPLICIT_CONSTRUCTORS(PayloadSigner);