1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package com.android.server.signedconfig; 18 19 import android.os.Build; 20 import android.util.Slog; 21 import android.util.StatsLog; 22 23 import java.nio.charset.StandardCharsets; 24 import java.security.InvalidKeyException; 25 import java.security.KeyFactory; 26 import java.security.NoSuchAlgorithmException; 27 import java.security.PublicKey; 28 import java.security.Signature; 29 import java.security.SignatureException; 30 import java.security.spec.EncodedKeySpec; 31 import java.security.spec.InvalidKeySpecException; 32 import java.security.spec.X509EncodedKeySpec; 33 import java.util.Base64; 34 35 /** 36 * Helper class for verifying config signatures. 37 */ 38 public class SignatureVerifier { 39 40 private static final String TAG = "SignedConfig"; 41 private static final boolean DBG = false; 42 43 private static final String DEBUG_KEY = 44 "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmJKs4lSn+XRhMQmMid+Zbhbu13YrU1haIhVC5296InRu1" 45 + "x7A8PV1ejQyisBODGgRY6pqkAHRncBCYcgg5wIIJg=="; 46 private static final String PROD_KEY = 47 "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+lky6wKyGL6lE1VrD0YTMHwb0Xwc+tzC8MvnrzVxodvTp" 48 + "VY/jV7V+Zktcx+pry43XPABFRXtbhTo+qykhyBA1g=="; 49 50 private final SignedConfigEvent mEvent; 51 private final PublicKey mDebugKey; 52 private final PublicKey mProdKey; 53 54 public SignatureVerifier(SignedConfigEvent event) { 55 mEvent = event; 56 mDebugKey = Build.IS_DEBUGGABLE ? createKey(DEBUG_KEY) : null; 57 mProdKey = createKey(PROD_KEY); 58 } 59 60 private static PublicKey createKey(String base64) { 61 EncodedKeySpec keySpec; 62 try { 63 byte[] key = Base64.getDecoder().decode(base64); 64 keySpec = new X509EncodedKeySpec(key); 65 } catch (IllegalArgumentException e) { 66 Slog.e(TAG, "Failed to base64 decode public key", e); 67 return null; 68 } 69 try { 70 KeyFactory factory = KeyFactory.getInstance("EC"); 71 return factory.generatePublic(keySpec); 72 } catch (NoSuchAlgorithmException | InvalidKeySpecException e) { 73 Slog.e(TAG, "Failed to construct public key", e); 74 return null; 75 } 76 } 77 78 private boolean verifyWithPublicKey(PublicKey key, byte[] data, byte[] signature) 79 throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { 80 Signature verifier = Signature.getInstance("SHA256withECDSA"); 81 verifier.initVerify(key); 82 verifier.update(data); 83 return verifier.verify(signature); 84 } 85 86 /** 87 * Verify a signature for signed config. 88 * 89 * @param config Config as read from APK meta-data. 90 * @param base64Signature Signature as read from APK meta-data. 91 * @return {@code true} iff the signature was successfully verified. 92 */ 93 public boolean verifySignature(String config, String base64Signature) 94 throws NoSuchAlgorithmException, InvalidKeyException, SignatureException { 95 byte[] signature; 96 try { 97 signature = Base64.getDecoder().decode(base64Signature); 98 } catch (IllegalArgumentException e) { 99 mEvent.status = StatsLog.SIGNED_CONFIG_REPORTED__STATUS__BASE64_FAILURE_SIGNATURE; 100 Slog.e(TAG, "Failed to base64 decode signature"); 101 return false; 102 } 103 byte[] data = config.getBytes(StandardCharsets.UTF_8); 104 if (DBG) Slog.i(TAG, "Data: " + Base64.getEncoder().encodeToString(data)); 105 106 if (Build.IS_DEBUGGABLE) { 107 if (mDebugKey != null) { 108 if (DBG) Slog.w(TAG, "Trying to verify signature using debug key"); 109 if (verifyWithPublicKey(mDebugKey, data, signature)) { 110 Slog.i(TAG, "Verified config using debug key"); 111 mEvent.verifiedWith = StatsLog.SIGNED_CONFIG_REPORTED__VERIFIED_WITH__DEBUG; 112 return true; 113 } else { 114 if (DBG) Slog.i(TAG, "Config verification failed using debug key"); 115 } 116 } else { 117 Slog.w(TAG, "Debuggable build, but have no debug key"); 118 } 119 } 120 if (mProdKey == null) { 121 Slog.e(TAG, "No prod key; construction failed?"); 122 mEvent.status = 123 StatsLog.SIGNED_CONFIG_REPORTED__STATUS__SIGNATURE_CHECK_FAILED_PROD_KEY_ABSENT; 124 return false; 125 } 126 if (verifyWithPublicKey(mProdKey, data, signature)) { 127 Slog.i(TAG, "Verified config using production key"); 128 mEvent.verifiedWith = StatsLog.SIGNED_CONFIG_REPORTED__VERIFIED_WITH__PRODUCTION; 129 return true; 130 } else { 131 if (DBG) Slog.i(TAG, "Verification failed using production key"); 132 mEvent.status = StatsLog.SIGNED_CONFIG_REPORTED__STATUS__SIGNATURE_CHECK_FAILED; 133 return false; 134 } 135 } 136 } 137