1 /* 2 * Copyright (C) 2008 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <stdint.h> 20 21 #include <functional> 22 #include <memory> 23 #include <vector> 24 25 #include <openssl/ec_key.h> 26 #include <openssl/rsa.h> 27 #include <openssl/sha.h> 28 29 constexpr size_t MiB = 1024 * 1024; 30 31 using HasherUpdateCallback = std::function<void(const uint8_t* addr, uint64_t size)>; 32 33 struct RSADeleter { operatorRSADeleter34 void operator()(RSA* rsa) const { 35 RSA_free(rsa); 36 } 37 }; 38 39 struct ECKEYDeleter { operatorECKEYDeleter40 void operator()(EC_KEY* ec_key) const { 41 EC_KEY_free(ec_key); 42 } 43 }; 44 45 struct Certificate { 46 typedef enum { 47 KEY_TYPE_RSA, 48 KEY_TYPE_EC, 49 } KeyType; 50 CertificateCertificate51 Certificate(int hash_len_, KeyType key_type_, std::unique_ptr<RSA, RSADeleter>&& rsa_, 52 std::unique_ptr<EC_KEY, ECKEYDeleter>&& ec_) 53 : hash_len(hash_len_), key_type(key_type_), rsa(std::move(rsa_)), ec(std::move(ec_)) {} 54 55 // SHA_DIGEST_LENGTH (SHA-1) or SHA256_DIGEST_LENGTH (SHA-256) 56 int hash_len; 57 KeyType key_type; 58 std::unique_ptr<RSA, RSADeleter> rsa; 59 std::unique_ptr<EC_KEY, ECKEYDeleter> ec; 60 }; 61 62 class VerifierInterface { 63 public: 64 virtual ~VerifierInterface() = default; 65 66 // Returns the package size in bytes. 67 virtual uint64_t GetPackageSize() const = 0; 68 69 // Reads |byte_count| data starting from |offset|, and puts the result in |buffer|. 70 virtual bool ReadFullyAtOffset(uint8_t* buffer, uint64_t byte_count, uint64_t offset) = 0; 71 72 // Updates the hash contexts for |length| bytes data starting from |start|. 73 virtual bool UpdateHashAtOffset(const std::vector<HasherUpdateCallback>& hashers, uint64_t start, 74 uint64_t length) = 0; 75 76 // Updates the progress in fraction during package verification. 77 virtual void SetProgress(float progress) = 0; 78 }; 79 80 // Looks for an RSA signature embedded in the .ZIP file comment given the path to the zip. 81 // Verifies that it matches one of the given public keys. Returns VERIFY_SUCCESS or 82 // VERIFY_FAILURE (if any error is encountered or no key matches the signature). 83 int verify_file(VerifierInterface* package, const std::vector<Certificate>& keys); 84 85 // Checks that the RSA key has a modulus of 2048 or 4096 bits long, and public exponent is 3 or 86 // 65537. 87 bool CheckRSAKey(const std::unique_ptr<RSA, RSADeleter>& rsa); 88 89 // Checks that the field size of the curve for the EC key is 256 bits. 90 bool CheckECKey(const std::unique_ptr<EC_KEY, ECKEYDeleter>& ec_key); 91 92 // Parses a PEM-encoded x509 certificate from the given buffer and saves it into |cert|. Returns 93 // false if there is a parsing failure or the signature's encryption algorithm is not supported. 94 bool LoadCertificateFromBuffer(const std::vector<uint8_t>& pem_content, Certificate* cert); 95 96 // Iterates over the zip entries with the suffix "x509.pem" and returns a list of recognized 97 // certificates. Returns an empty list if we fail to parse any of the entries. 98 std::vector<Certificate> LoadKeysFromZipfile(const std::string& zip_name); 99 100 #define VERIFY_SUCCESS 0 101 #define VERIFY_FAILURE 1 102