Home | History | Annotate | Download | only in payload_consumer 
      1 //
      2 // Copyright (C) 2018 The Android Open Source Project
      3 //
      4 // Licensed under the Apache License, Version 2.0 (the "License");
      5 // you may not use this file except in compliance with the License.
      6 // You may obtain a copy of the License at
      7 //
      8 //      http://www.apache.org/licenses/LICENSE-2.0
      9 //
     10 // Unless required by applicable law or agreed to in writing, software
     11 // distributed under the License is distributed on an "AS IS" BASIS,
     12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13 // See the License for the specific language governing permissions and
     14 // limitations under the License.
     15 //
     16 
     17 #ifndef UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_
     18 #define UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_
     19 
     20 #include <inttypes.h>
     21 
     22 #include <string>
     23 #include <vector>
     24 
     25 #include <base/files/file_path.h>
     26 #include <brillo/secure_blob.h>
     27 
     28 #include "update_engine/common/error_code.h"
     29 #include "update_engine/common/platform_constants.h"
     30 #include "update_engine/update_metadata.pb.h"
     31 
     32 namespace chromeos_update_engine {
     33 
     34 enum class MetadataParseResult {
     35   kSuccess,
     36   kError,
     37   kInsufficientData,
     38 };
     39 
     40 // This class parses payload metadata and validate its signature.
     41 class PayloadMetadata {
     42  public:
     43   static const uint64_t kDeltaVersionOffset;
     44   static const uint64_t kDeltaVersionSize;
     45   static const uint64_t kDeltaManifestSizeOffset;
     46   static const uint64_t kDeltaManifestSizeSize;
     47   static const uint64_t kDeltaMetadataSignatureSizeSize;
     48 
     49   PayloadMetadata() = default;
     50 
     51   // Attempts to parse the update payload header starting from the beginning of
     52   // |payload|. On success, returns kMetadataParseSuccess. Returns
     53   // kMetadataParseInsufficientData if more data is needed to parse the complete
     54   // metadata. Returns kMetadataParseError if the metadata can't be parsed given
     55   // the payload.
     56   MetadataParseResult ParsePayloadHeader(const brillo::Blob& payload,
     57                                          uint64_t supported_major_version,
     58                                          ErrorCode* error);
     59 
     60   // Given the |payload|, verifies that the signed hash of its metadata matches
     61   // |metadata_signature| (if present) or the metadata signature in payload
     62   // itself (if present). Returns ErrorCode::kSuccess on match or a suitable
     63   // error code otherwise. This method must be called before any part of the
     64   // metadata is parsed so that a man-in-the-middle attack on the SSL connection
     65   // to the payload server doesn't exploit any vulnerability in the code that
     66   // parses the protocol buffer.
     67   ErrorCode ValidateMetadataSignature(const brillo::Blob& payload,
     68                                       std::string metadata_signature,
     69                                       base::FilePath path_to_public_key) const;
     70 
     71   // Returns the major payload version. If the version was not yet parsed,
     72   // returns zero.
     73   uint64_t GetMajorVersion() const { return major_payload_version_; }
     74 
     75   // Returns the size of the payload metadata, which includes the payload header
     76   // and the manifest. If the header was not yet parsed, returns zero.
     77   uint64_t GetMetadataSize() const { return metadata_size_; }
     78 
     79   // Returns the size of the payload metadata signature. If the header was not
     80   // yet parsed, returns zero.
     81   uint32_t GetMetadataSignatureSize() const { return metadata_signature_size_; }
     82 
     83   // Set |*out_manifest| to the manifest in |payload|.
     84   // Returns true on success.
     85   bool GetManifest(const brillo::Blob& payload,
     86                    DeltaArchiveManifest* out_manifest) const;
     87 
     88  private:
     89   // Set |*out_offset| to the byte offset at which the manifest protobuf begins
     90   // in a payload. Return true on success, false if the offset is unknown.
     91   bool GetManifestOffset(uint64_t* out_offset) const;
     92 
     93   // Set |*out_offset| to the byte offset where the size of the metadata
     94   // signature is stored in a payload. Return true on success, if this field is
     95   // not present in the payload, return false.
     96   bool GetMetadataSignatureSizeOffset(uint64_t* out_offset) const;
     97 
     98   uint64_t metadata_size_{0};
     99   uint64_t manifest_size_{0};
    100   uint32_t metadata_signature_size_{0};
    101   uint64_t major_payload_version_{0};
    102 
    103   DISALLOW_COPY_AND_ASSIGN(PayloadMetadata);
    104 };
    105 
    106 }  // namespace chromeos_update_engine
    107 
    108 #endif  // UPDATE_ENGINE_PAYLOAD_CONSUMER_PAYLOAD_METADATA_H_
    109