• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 //
2 // Copyright (C) 2014 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 //
16 
17 #ifndef UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_VERIFIER_H_
18 #define UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_VERIFIER_H_
19 
20 #include <string>
21 
22 #include <base/macros.h>
23 #include <brillo/secure_blob.h>
24 
25 #include "update_engine/update_metadata.pb.h"
26 
27 // This class encapsulates methods used for payload signature verification.
28 // See payload_generator/payload_signer.h for payload signing.
29 
30 namespace chromeos_update_engine {
31 
32 class PayloadVerifier {
33  public:
34   // Interprets |signature_proto| as a protocol buffer containing the Signatures
35   // message and decrypts each signature data using the |pem_public_key|.
36   // |pem_public_key| should be a PEM format RSA public key data.
37   // Pads the 32 bytes |sha256_hash_data| to 256 or 512 bytes according to the
38   // PKCS#1 v1.5 standard; and returns whether *any* of the decrypted hashes
39   // matches the padded hash data. In case of any error parsing the signatures
40   // or the public key, returns false.
41   static bool VerifySignature(const std::string& signature_proto,
42                               const std::string& pem_public_key,
43                               const brillo::Blob& sha256_hash_data);
44 
45   // Decrypts |sig_data| with the given |pem_public_key| and populates
46   // |out_hash_data| with the decoded raw hash. |pem_public_key| should be a PEM
47   // format RSA public key data. Returns true if successful, false otherwise.
48   static bool GetRawHashFromSignature(const brillo::Blob& sig_data,
49                                       const std::string& pem_public_key,
50                                       brillo::Blob* out_hash_data);
51 
52   // Pads a SHA256 hash so that it may be encrypted/signed with RSA2048 or
53   // RSA4096 using the PKCS#1 v1.5 scheme.
54   // hash should be a pointer to vector of exactly 256 bits. |rsa_size| must be
55   // one of 256 or 512 bytes. The vector will be modified in place and will
56   // result in having a length of 2048 or 4096 bits, depending on the rsa size.
57   // Returns true on success, false otherwise.
58   static bool PadRSASHA256Hash(brillo::Blob* hash, size_t rsa_size);
59 
60  private:
61   // This should never be constructed
62   DISALLOW_IMPLICIT_CONSTRUCTORS(PayloadVerifier);
63 };
64 
65 }  // namespace chromeos_update_engine
66 
67 #endif  // UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_VERIFIER_H_
68