Blame - payload_consumer/payload_metadata.cc - platform/system/update_engine

blob: 02ec8b1585dd078bdef11b4ac5251ce9a2bc4bf5 [file] [log] [blame]

Sen Jiang	9c89e84	2018-02-02 13:51:21 -0800	[diff] [blame]	1	//
				2	// Copyright (C) 2018 The Android Open Source Project
				3	//
				4	// Licensed under the Apache License, Version 2.0 (the "License");
				5	// you may not use this file except in compliance with the License.
				6	// You may obtain a copy of the License at
				7	//
				8	// http://www.apache.org/licenses/LICENSE-2.0
				9	//
				10	// Unless required by applicable law or agreed to in writing, software
				11	// distributed under the License is distributed on an "AS IS" BASIS,
				12	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	// See the License for the specific language governing permissions and
				14	// limitations under the License.
				15	//
				16
				17	#include "update_engine/payload_consumer/payload_metadata.h"
				18
				19	#include <endian.h>
				20
				21	#include <brillo/data_encoding.h>
				22
				23	#include "update_engine/common/hash_calculator.h"
				24	#include "update_engine/common/utils.h"
				25	#include "update_engine/payload_consumer/payload_constants.h"
				26	#include "update_engine/payload_consumer/payload_verifier.h"
				27
				28	namespace chromeos_update_engine {
				29
				30	const uint64_t PayloadMetadata::kDeltaVersionOffset = sizeof(kDeltaMagic);
				31	const uint64_t PayloadMetadata::kDeltaVersionSize = 8;
				32	const uint64_t PayloadMetadata::kDeltaManifestSizeOffset =
				33	kDeltaVersionOffset + kDeltaVersionSize;
				34	const uint64_t PayloadMetadata::kDeltaManifestSizeSize = 8;
				35	const uint64_t PayloadMetadata::kDeltaMetadataSignatureSizeSize = 4;
				36
				37	bool PayloadMetadata::GetMetadataSignatureSizeOffset(
				38	uint64_t* out_offset) const {
				39	if (GetMajorVersion() == kBrilloMajorPayloadVersion) {
				40	*out_offset = kDeltaManifestSizeOffset + kDeltaManifestSizeSize;
				41	return true;
				42	}
				43	return false;
				44	}
				45
				46	bool PayloadMetadata::GetManifestOffset(uint64_t* out_offset) const {
				47	// Actual manifest begins right after the manifest size field or
				48	// metadata signature size field if major version >= 2.
				49	if (major_payload_version_ == kChromeOSMajorPayloadVersion) {
				50	*out_offset = kDeltaManifestSizeOffset + kDeltaManifestSizeSize;
				51	return true;
				52	}
				53	if (major_payload_version_ == kBrilloMajorPayloadVersion) {
				54	*out_offset = kDeltaManifestSizeOffset + kDeltaManifestSizeSize +
				55	kDeltaMetadataSignatureSizeSize;
				56	return true;
				57	}
				58	LOG(ERROR) << "Unknown major payload version: " << major_payload_version_;
				59	return false;
				60	}
				61
				62	MetadataParseResult PayloadMetadata::ParsePayloadHeader(
Sen Jiang	f123663	2018-05-11 16:03:23 -0700	[diff] [blame]	63	const brillo::Blob& payload, ErrorCode* error) {
Sen Jiang	9c89e84	2018-02-02 13:51:21 -0800	[diff] [blame]	64	uint64_t manifest_offset;
				65	// Ensure we have data to cover the major payload version.
				66	if (payload.size() < kDeltaManifestSizeOffset)
				67	return MetadataParseResult::kInsufficientData;
				68
				69	// Validate the magic string.
				70	if (memcmp(payload.data(), kDeltaMagic, sizeof(kDeltaMagic)) != 0) {
				71	LOG(ERROR) << "Bad payload format -- invalid delta magic.";
				72	*error = ErrorCode::kDownloadInvalidMetadataMagicString;
				73	return MetadataParseResult::kError;
				74	}
				75
				76	// Extract the payload version from the metadata.
				77	static_assert(sizeof(major_payload_version_) == kDeltaVersionSize,
				78	"Major payload version size mismatch");
				79	memcpy(&major_payload_version_,
				80	&payload[kDeltaVersionOffset],
				81	kDeltaVersionSize);
				82	// Switch big endian to host.
				83	major_payload_version_ = be64toh(major_payload_version_);
				84
Sen Jiang	f123663	2018-05-11 16:03:23 -0700	[diff] [blame]	85	if (major_payload_version_ < kMinSupportedMajorPayloadVersion \|\|
				86	major_payload_version_ > kMaxSupportedMajorPayloadVersion) {
Sen Jiang	9c89e84	2018-02-02 13:51:21 -0800	[diff] [blame]	87	LOG(ERROR) << "Bad payload format -- unsupported payload version: "
				88	<< major_payload_version_;
				89	*error = ErrorCode::kUnsupportedMajorPayloadVersion;
				90	return MetadataParseResult::kError;
				91	}
				92
				93	// Get the manifest offset now that we have payload version.
				94	if (!GetManifestOffset(&manifest_offset)) {
				95	*error = ErrorCode::kUnsupportedMajorPayloadVersion;
				96	return MetadataParseResult::kError;
				97	}
				98	// Check again with the manifest offset.
				99	if (payload.size() < manifest_offset)
				100	return MetadataParseResult::kInsufficientData;
				101
				102	// Next, parse the manifest size.
				103	static_assert(sizeof(manifest_size_) == kDeltaManifestSizeSize,
				104	"manifest_size size mismatch");
				105	memcpy(&manifest_size_,
				106	&payload[kDeltaManifestSizeOffset],
				107	kDeltaManifestSizeSize);
				108	manifest_size_ = be64toh(manifest_size_); // switch big endian to host
				109
				110	if (GetMajorVersion() == kBrilloMajorPayloadVersion) {
				111	// Parse the metadata signature size.
				112	static_assert(
				113	sizeof(metadata_signature_size_) == kDeltaMetadataSignatureSizeSize,
				114	"metadata_signature_size size mismatch");
				115	uint64_t metadata_signature_size_offset;
				116	if (!GetMetadataSignatureSizeOffset(&metadata_signature_size_offset)) {
				117	*error = ErrorCode::kError;
				118	return MetadataParseResult::kError;
				119	}
				120	memcpy(&metadata_signature_size_,
				121	&payload[metadata_signature_size_offset],
				122	kDeltaMetadataSignatureSizeSize);
				123	metadata_signature_size_ = be32toh(metadata_signature_size_);
				124	}
				125	metadata_size_ = manifest_offset + manifest_size_;
				126	return MetadataParseResult::kSuccess;
				127	}
				128
Sen Jiang	44ac3ea	2018-10-18 15:10:20 -0700	[diff] [blame^]	129	bool PayloadMetadata::ParsePayloadHeader(const brillo::Blob& payload) {
				130	ErrorCode error;
				131	return ParsePayloadHeader(payload, &error) == MetadataParseResult::kSuccess;
				132	}
				133
Sen Jiang	9c89e84	2018-02-02 13:51:21 -0800	[diff] [blame]	134	bool PayloadMetadata::GetManifest(const brillo::Blob& payload,
				135	DeltaArchiveManifest* out_manifest) const {
				136	uint64_t manifest_offset;
				137	if (!GetManifestOffset(&manifest_offset))
				138	return false;
				139	CHECK_GE(payload.size(), manifest_offset + manifest_size_);
				140	return out_manifest->ParseFromArray(&payload[manifest_offset],
				141	manifest_size_);
				142	}
				143
				144	ErrorCode PayloadMetadata::ValidateMetadataSignature(
				145	const brillo::Blob& payload,
				146	std::string metadata_signature,
				147	base::FilePath path_to_public_key) const {
				148	if (payload.size() < metadata_size_ + metadata_signature_size_)
				149	return ErrorCode::kDownloadMetadataSignatureError;
				150
				151	brillo::Blob metadata_signature_blob, metadata_signature_protobuf_blob;
				152	if (!metadata_signature.empty()) {
				153	// Convert base64-encoded signature to raw bytes.
				154	if (!brillo::data_encoding::Base64Decode(metadata_signature,
				155	&metadata_signature_blob)) {
				156	LOG(ERROR) << "Unable to decode base64 metadata signature: "
				157	<< metadata_signature;
				158	return ErrorCode::kDownloadMetadataSignatureError;
				159	}
				160	} else if (major_payload_version_ == kBrilloMajorPayloadVersion) {
				161	metadata_signature_protobuf_blob.assign(
				162	payload.begin() + metadata_size_,
				163	payload.begin() + metadata_size_ + metadata_signature_size_);
				164	}
				165
				166	if (metadata_signature_blob.empty() &&
				167	metadata_signature_protobuf_blob.empty()) {
				168	LOG(ERROR) << "Missing mandatory metadata signature in both Omaha "
				169	<< "response and payload.";
				170	return ErrorCode::kDownloadMetadataSignatureMissingError;
				171	}
				172
				173	LOG(INFO) << "Verifying metadata hash signature using public key: "
				174	<< path_to_public_key.value();
				175
				176	brillo::Blob calculated_metadata_hash;
				177	if (!HashCalculator::RawHashOfBytes(
				178	payload.data(), metadata_size_, &calculated_metadata_hash)) {
				179	LOG(ERROR) << "Unable to compute actual hash of manifest";
				180	return ErrorCode::kDownloadMetadataSignatureVerificationError;
				181	}
				182
				183	PayloadVerifier::PadRSA2048SHA256Hash(&calculated_metadata_hash);
				184	if (calculated_metadata_hash.empty()) {
				185	LOG(ERROR) << "Computed actual hash of metadata is empty.";
				186	return ErrorCode::kDownloadMetadataSignatureVerificationError;
				187	}
				188
				189	if (!metadata_signature_blob.empty()) {
				190	brillo::Blob expected_metadata_hash;
				191	if (!PayloadVerifier::GetRawHashFromSignature(metadata_signature_blob,
				192	path_to_public_key.value(),
				193	&expected_metadata_hash)) {
				194	LOG(ERROR) << "Unable to compute expected hash from metadata signature";
				195	return ErrorCode::kDownloadMetadataSignatureError;
				196	}
				197	if (calculated_metadata_hash != expected_metadata_hash) {
				198	LOG(ERROR) << "Manifest hash verification failed. Expected hash = ";
				199	utils::HexDumpVector(expected_metadata_hash);
				200	LOG(ERROR) << "Calculated hash = ";
				201	utils::HexDumpVector(calculated_metadata_hash);
				202	return ErrorCode::kDownloadMetadataSignatureMismatch;
				203	}
				204	} else {
				205	if (!PayloadVerifier::VerifySignature(metadata_signature_protobuf_blob,
				206	path_to_public_key.value(),
				207	calculated_metadata_hash)) {
				208	LOG(ERROR) << "Manifest hash verification failed.";
				209	return ErrorCode::kDownloadMetadataSignatureMismatch;
				210	}
				211	}
				212
				213	// The autoupdate_CatchBadSignatures test checks for this string in
				214	// log-files. Keep in sync.
				215	LOG(INFO) << "Metadata hash signature matches value in Omaha response.";
				216	return ErrorCode::kSuccess;
				217	}
				218
				219	} // namespace chromeos_update_engine