• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //
2 // Copyright (C) 2018 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_
18 #define UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_
19 
20 #include <inttypes.h>
21 
22 #include <string>
23 #include <vector>
24 
25 #include <base/macros.h>
26 #include <brillo/secure_blob.h>
27 
28 #include "update_engine/common/error_code.h"
29 #include "update_engine/common/platform_constants.h"
30 #include "update_engine/update_metadata.pb.h"
31 
32 namespace chromeos_update_engine {
33 
34 enum class MetadataParseResult {
35   kSuccess,
36   kError,
37   kInsufficientData,
38 };
39 
40 // This class parses payload metadata and validate its signature.
41 class PayloadMetadata {
42  public:
43   static const uint64_t kDeltaVersionOffset;
44   static const uint64_t kDeltaVersionSize;
45   static const uint64_t kDeltaManifestSizeOffset;
46   static const uint64_t kDeltaManifestSizeSize;
47   static const uint64_t kDeltaMetadataSignatureSizeSize;
48 
49   PayloadMetadata() = default;
50 
51   // Attempts to parse the update payload header starting from the beginning of
52   // |payload|. On success, returns kMetadataParseSuccess. Returns
53   // kMetadataParseInsufficientData if more data is needed to parse the complete
54   // metadata. Returns kMetadataParseError if the metadata can't be parsed given
55   // the payload.
56   MetadataParseResult ParsePayloadHeader(const brillo::Blob& payload,
57                                          ErrorCode* error);
58   // Simpler version of the above, returns true on success.
59   bool ParsePayloadHeader(const brillo::Blob& payload);
60 
61   // Given the |payload|, verifies that the signed hash of its metadata matches
62   // |metadata_signature| (if present) or the metadata signature in payload
63   // itself (if present). Returns ErrorCode::kSuccess on match or a suitable
64   // error code otherwise. This method must be called before any part of the
65   // metadata is parsed so that a man-in-the-middle attack on the SSL connection
66   // to the payload server doesn't exploit any vulnerability in the code that
67   // parses the protocol buffer.
68   ErrorCode ValidateMetadataSignature(const brillo::Blob& payload,
69                                       const std::string& metadata_signature,
70                                       const std::string& pem_public_key) const;
71 
72   // Returns the major payload version. If the version was not yet parsed,
73   // returns zero.
GetMajorVersion()74   uint64_t GetMajorVersion() const { return major_payload_version_; }
75 
76   // Returns the size of the payload metadata, which includes the payload header
77   // and the manifest. If the header was not yet parsed, returns zero.
GetMetadataSize()78   uint64_t GetMetadataSize() const { return metadata_size_; }
79 
80   // Returns the size of the payload metadata signature. If the header was not
81   // yet parsed, returns zero.
GetMetadataSignatureSize()82   uint32_t GetMetadataSignatureSize() const { return metadata_signature_size_; }
83 
84   // Set |*out_manifest| to the manifest in |payload|.
85   // Returns true on success.
86   bool GetManifest(const brillo::Blob& payload,
87                    DeltaArchiveManifest* out_manifest) const;
88 
89  private:
90   // Set |*out_offset| to the byte offset at which the manifest protobuf begins
91   // in a payload. Return true on success, false if the offset is unknown.
92   bool GetManifestOffset(uint64_t* out_offset) const;
93 
94   // Set |*out_offset| to the byte offset where the size of the metadata
95   // signature is stored in a payload. Return true on success, if this field is
96   // not present in the payload, return false.
97   bool GetMetadataSignatureSizeOffset(uint64_t* out_offset) const;
98 
99   uint64_t metadata_size_{0};
100   uint64_t manifest_size_{0};
101   uint32_t metadata_signature_size_{0};
102   uint64_t major_payload_version_{0};
103 
104   DISALLOW_COPY_AND_ASSIGN(PayloadMetadata);
105 };
106 
107 }  // namespace chromeos_update_engine
108 
109 #endif  // UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_
110