You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
124 lines
4.7 KiB
124 lines
4.7 KiB
//
|
|
// Copyright (C) 2018 The Android Open Source Project
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
//
|
|
|
|
#ifndef UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_
|
|
#define UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_
|
|
|
|
#include <inttypes.h>
|
|
|
|
#include <string>
|
|
#include <vector>
|
|
|
|
#include <base/macros.h>
|
|
#include <brillo/secure_blob.h>
|
|
|
|
#include "update_engine/common/error_code.h"
|
|
#include "update_engine/common/platform_constants.h"
|
|
#include "update_engine/payload_consumer/payload_verifier.h"
|
|
#include "update_engine/update_metadata.pb.h"
|
|
|
|
namespace chromeos_update_engine {
|
|
|
|
enum class MetadataParseResult {
|
|
kSuccess,
|
|
kError,
|
|
kInsufficientData,
|
|
};
|
|
|
|
// This class parses payload metadata and validate its signature.
|
|
class PayloadMetadata {
|
|
public:
|
|
static const uint64_t kDeltaVersionOffset;
|
|
static const uint64_t kDeltaVersionSize;
|
|
static const uint64_t kDeltaManifestSizeOffset;
|
|
static const uint64_t kDeltaManifestSizeSize;
|
|
static const uint64_t kDeltaMetadataSignatureSizeSize;
|
|
|
|
PayloadMetadata() = default;
|
|
|
|
// Attempts to parse the update payload header starting from the beginning of
|
|
// |payload|. On success, returns kMetadataParseSuccess. Returns
|
|
// kMetadataParseInsufficientData if more data is needed to parse the complete
|
|
// metadata. Returns kMetadataParseError if the metadata can't be parsed given
|
|
// the payload.
|
|
MetadataParseResult ParsePayloadHeader(const brillo::Blob& payload,
|
|
ErrorCode* error);
|
|
MetadataParseResult ParsePayloadHeader(const unsigned char* payload,
|
|
size_t size,
|
|
ErrorCode* error);
|
|
// Simpler version of the above, returns true on success.
|
|
bool ParsePayloadHeader(const brillo::Blob& payload);
|
|
|
|
// Given the |payload|, verifies that the signed hash of its metadata matches
|
|
// |metadata_signature| (if present) or the metadata signature in payload
|
|
// itself (if present). Returns ErrorCode::kSuccess on match or a suitable
|
|
// error code otherwise. This method must be called before any part of the
|
|
// metadata is parsed so that an on-path attack on the SSL connection
|
|
// to the payload server doesn't exploit any vulnerability in the code that
|
|
// parses the protocol buffer.
|
|
ErrorCode ValidateMetadataSignature(
|
|
const brillo::Blob& payload,
|
|
const std::string& metadata_signature,
|
|
const PayloadVerifier& payload_verifier) const;
|
|
|
|
// Returns the major payload version. If the version was not yet parsed,
|
|
// returns zero.
|
|
uint64_t GetMajorVersion() const { return major_payload_version_; }
|
|
|
|
// Returns the size of the payload metadata, which includes the payload header
|
|
// and the manifest. If the header was not yet parsed, returns zero.
|
|
uint64_t GetMetadataSize() const { return metadata_size_; }
|
|
|
|
// Returns the size of the payload metadata signature. If the header was not
|
|
// yet parsed, returns zero.
|
|
uint32_t GetMetadataSignatureSize() const { return metadata_signature_size_; }
|
|
|
|
// Set |*out_manifest| to the manifest in |payload|.
|
|
// Returns true on success.
|
|
bool GetManifest(const brillo::Blob& payload,
|
|
DeltaArchiveManifest* out_manifest) const;
|
|
|
|
bool GetManifest(const unsigned char* payload,
|
|
size_t size,
|
|
DeltaArchiveManifest* out_manifest) const;
|
|
|
|
// Parses a payload file |payload_path| and prepares the metadata properties,
|
|
// manifest and metadata signatures. Can be used as an easy to use utility to
|
|
// get the payload information without manually the process.
|
|
bool ParsePayloadFile(const std::string& payload_path,
|
|
DeltaArchiveManifest* manifest,
|
|
Signatures* metadata_signatures);
|
|
|
|
private:
|
|
// Returns the byte offset at which the manifest protobuf begins in a payload.
|
|
uint64_t GetManifestOffset() const;
|
|
|
|
// Returns the byte offset where the size of the metadata signature is stored
|
|
// in a payload.
|
|
uint64_t GetMetadataSignatureSizeOffset() const;
|
|
|
|
uint64_t metadata_size_{0};
|
|
uint64_t manifest_size_{0};
|
|
uint32_t metadata_signature_size_{0};
|
|
uint64_t major_payload_version_{0};
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(PayloadMetadata);
|
|
};
|
|
|
|
} // namespace chromeos_update_engine
|
|
|
|
#endif // UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_
|