a198b1e964
$ PYTHONPATH=$PYTHONPATH:system/update_engine/scripts \
./build/make/tools/releasetools/check_ota_package_signature.py \
build/target/product/security/testkey.x509.pem \
out/dist/aosp_marlin-ota-eng.zip
Package: out/dist/aosp_marlin-ota-eng.zip
Certificate: build/target/product/security/testkey.x509.pem
...
Whole package signature VERIFIED
Verifying A/B OTA payload signatures...
...
Payload signatures VERIFIED
Bug: 65261072
Test: Signed a package and its payload with the right keys; ran the
command above.
Test: Signed the payload with a different key; ran the command above and
observed the reported verification failure.
Change-Id: If626ecb327a9826cd0956eef94914c939068a7d1
251 lines
8.7 KiB
Python
Executable file
251 lines
8.7 KiB
Python
Executable file
#!/usr/bin/env python
|
|
#
|
|
# Copyright (C) 2016 The Android Open Source Project
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
"""
|
|
Verify a given OTA package with the specifed certificate.
|
|
"""
|
|
|
|
from __future__ import print_function
|
|
|
|
import argparse
|
|
import common
|
|
import re
|
|
import subprocess
|
|
import sys
|
|
import tempfile
|
|
import zipfile
|
|
|
|
from hashlib import sha1
|
|
from hashlib import sha256
|
|
|
|
# 'update_payload' package is under 'system/update_engine/scripts/', which
|
|
# should to be included in PYTHONPATH.
|
|
from update_payload.payload import Payload
|
|
from update_payload.update_metadata_pb2 import Signatures
|
|
|
|
|
|
def CertUsesSha256(cert):
|
|
"""Check if the cert uses SHA-256 hashing algorithm."""
|
|
|
|
cmd = ['openssl', 'x509', '-text', '-noout', '-in', cert]
|
|
p1 = common.Run(cmd, stdout=subprocess.PIPE)
|
|
cert_dump, _ = p1.communicate()
|
|
|
|
algorithm = re.search(r'Signature Algorithm: ([a-zA-Z0-9]+)', cert_dump)
|
|
assert algorithm, "Failed to identify the signature algorithm."
|
|
|
|
assert not algorithm.group(1).startswith('ecdsa'), (
|
|
'This script doesn\'t support verifying ECDSA signed package yet.')
|
|
|
|
return algorithm.group(1).startswith('sha256')
|
|
|
|
|
|
def VerifyPackage(cert, package):
|
|
"""Verify the given package with the certificate.
|
|
|
|
(Comments from bootable/recovery/verifier.cpp:)
|
|
|
|
An archive with a whole-file signature will end in six bytes:
|
|
|
|
(2-byte signature start) $ff $ff (2-byte comment size)
|
|
|
|
(As far as the ZIP format is concerned, these are part of the
|
|
archive comment.) We start by reading this footer, this tells
|
|
us how far back from the end we have to start reading to find
|
|
the whole comment.
|
|
"""
|
|
|
|
print('Package: %s' % (package,))
|
|
print('Certificate: %s' % (cert,))
|
|
|
|
# Read in the package.
|
|
with open(package) as package_file:
|
|
package_bytes = package_file.read()
|
|
|
|
length = len(package_bytes)
|
|
assert length >= 6, "Not big enough to contain footer."
|
|
|
|
footer = [ord(x) for x in package_bytes[-6:]]
|
|
assert footer[2] == 0xff and footer[3] == 0xff, "Footer is wrong."
|
|
|
|
signature_start_from_end = (footer[1] << 8) + footer[0]
|
|
assert signature_start_from_end > 6, "Signature start is in the footer."
|
|
|
|
signature_start = length - signature_start_from_end
|
|
|
|
# Determine how much of the file is covered by the signature. This is
|
|
# everything except the signature data and length, which includes all of the
|
|
# EOCD except for the comment length field (2 bytes) and the comment data.
|
|
comment_len = (footer[5] << 8) + footer[4]
|
|
signed_len = length - comment_len - 2
|
|
|
|
print('Package length: %d' % (length,))
|
|
print('Comment length: %d' % (comment_len,))
|
|
print('Signed data length: %d' % (signed_len,))
|
|
print('Signature start: %d' % (signature_start,))
|
|
|
|
use_sha256 = CertUsesSha256(cert)
|
|
print('Use SHA-256: %s' % (use_sha256,))
|
|
|
|
if use_sha256:
|
|
h = sha256()
|
|
else:
|
|
h = sha1()
|
|
h.update(package_bytes[:signed_len])
|
|
package_digest = h.hexdigest().lower()
|
|
|
|
print('Digest: %s' % (package_digest,))
|
|
|
|
# Get the signature from the input package.
|
|
signature = package_bytes[signature_start:-6]
|
|
sig_file = common.MakeTempFile(prefix='sig-')
|
|
with open(sig_file, 'wb') as f:
|
|
f.write(signature)
|
|
|
|
# Parse the signature and get the hash.
|
|
cmd = ['openssl', 'asn1parse', '-inform', 'DER', '-in', sig_file]
|
|
p1 = common.Run(cmd, stdout=subprocess.PIPE)
|
|
sig, _ = p1.communicate()
|
|
assert p1.returncode == 0, "Failed to parse the signature."
|
|
|
|
digest_line = sig.strip().split('\n')[-1]
|
|
digest_string = digest_line.split(':')[3]
|
|
digest_file = common.MakeTempFile(prefix='digest-')
|
|
with open(digest_file, 'wb') as f:
|
|
f.write(digest_string.decode('hex'))
|
|
|
|
# Verify the digest by outputing the decrypted result in ASN.1 structure.
|
|
decrypted_file = common.MakeTempFile(prefix='decrypted-')
|
|
cmd = ['openssl', 'rsautl', '-verify', '-certin', '-inkey', cert,
|
|
'-in', digest_file, '-out', decrypted_file]
|
|
p1 = common.Run(cmd, stdout=subprocess.PIPE)
|
|
p1.communicate()
|
|
assert p1.returncode == 0, "Failed to run openssl rsautl -verify."
|
|
|
|
# Parse the output ASN.1 structure.
|
|
cmd = ['openssl', 'asn1parse', '-inform', 'DER', '-in', decrypted_file]
|
|
p1 = common.Run(cmd, stdout=subprocess.PIPE)
|
|
decrypted_output, _ = p1.communicate()
|
|
assert p1.returncode == 0, "Failed to parse the output."
|
|
|
|
digest_line = decrypted_output.strip().split('\n')[-1]
|
|
digest_string = digest_line.split(':')[3].lower()
|
|
|
|
# Verify that the two digest strings match.
|
|
assert package_digest == digest_string, "Verification failed."
|
|
|
|
# Verified successfully upon reaching here.
|
|
print('\nWhole package signature VERIFIED\n')
|
|
|
|
|
|
def VerifyAbOtaPayload(cert, package):
|
|
"""Verifies the payload and metadata signatures in an A/B OTA payload."""
|
|
|
|
def VerifySignatureBlob(hash_file, blob):
|
|
"""Verifies the input hash_file against the signature blob."""
|
|
signatures = Signatures()
|
|
signatures.ParseFromString(blob)
|
|
|
|
extracted_sig_file = common.MakeTempFile(
|
|
prefix='extracted-sig-', suffix='.bin')
|
|
# In Android, we only expect one signature.
|
|
assert len(signatures.signatures) == 1, \
|
|
'Invalid number of signatures: %d' % len(signatures.signatures)
|
|
signature = signatures.signatures[0]
|
|
length = len(signature.data)
|
|
assert length == 256, 'Invalid signature length %d' % (length,)
|
|
with open(extracted_sig_file, 'w') as f:
|
|
f.write(signature.data)
|
|
|
|
# Verify the signature file extracted from the payload, by reversing the
|
|
# signing operation. Alternatively, this can be done by calling 'openssl
|
|
# rsautl -verify -certin -inkey <cert.pem> -in <extracted_sig_file> -out
|
|
# <output>', then to assert that
|
|
# <output> == SHA-256 DigestInfo prefix || <hash_file>.
|
|
cmd = ['openssl', 'pkeyutl', '-verify', '-certin', '-inkey', cert,
|
|
'-pkeyopt', 'digest:sha256', '-in', hash_file,
|
|
'-sigfile', extracted_sig_file]
|
|
p = common.Run(cmd, stdout=subprocess.PIPE)
|
|
result, _ = p.communicate()
|
|
|
|
# https://github.com/openssl/openssl/pull/3213
|
|
# 'openssl pkeyutl -verify' (prior to 1.1.0) returns non-zero return code,
|
|
# even on successful verification. To avoid the false alarm with older
|
|
# openssl, check the output directly.
|
|
assert result.strip() == 'Signature Verified Successfully', result.strip()
|
|
|
|
package_zip = zipfile.ZipFile(package, 'r')
|
|
if 'payload.bin' not in package_zip.namelist():
|
|
common.ZipClose(package_zip)
|
|
return
|
|
|
|
print('Verifying A/B OTA payload signatures...')
|
|
|
|
package_dir = tempfile.mkdtemp(prefix='package-')
|
|
common.OPTIONS.tempfiles.append(package_dir)
|
|
|
|
payload_file = package_zip.extract('payload.bin', package_dir)
|
|
payload = Payload(open(payload_file, 'rb'))
|
|
payload.Init()
|
|
|
|
# Extract the payload hash and metadata hash from the payload.bin.
|
|
payload_hash_file = common.MakeTempFile(prefix='hash-', suffix='.bin')
|
|
metadata_hash_file = common.MakeTempFile(prefix='hash-', suffix='.bin')
|
|
cmd = ['brillo_update_payload', 'hash',
|
|
'--unsigned_payload', payload_file,
|
|
'--signature_size', '256',
|
|
'--metadata_hash_file', metadata_hash_file,
|
|
'--payload_hash_file', payload_hash_file]
|
|
p = common.Run(cmd, stdout=subprocess.PIPE)
|
|
p.communicate()
|
|
assert p.returncode == 0, 'brillo_update_payload hash failed'
|
|
|
|
# Payload signature verification.
|
|
assert payload.manifest.HasField('signatures_offset')
|
|
payload_signature = payload.ReadDataBlob(
|
|
payload.manifest.signatures_offset, payload.manifest.signatures_size)
|
|
VerifySignatureBlob(payload_hash_file, payload_signature)
|
|
|
|
# Metadata signature verification.
|
|
metadata_signature = payload.ReadDataBlob(
|
|
-payload.header.metadata_signature_len,
|
|
payload.header.metadata_signature_len)
|
|
VerifySignatureBlob(metadata_hash_file, metadata_signature)
|
|
|
|
common.ZipClose(package_zip)
|
|
|
|
# Verified successfully upon reaching here.
|
|
print('\nPayload signatures VERIFIED\n\n')
|
|
|
|
|
|
def main():
|
|
parser = argparse.ArgumentParser()
|
|
parser.add_argument('certificate', help='The certificate to be used.')
|
|
parser.add_argument('package', help='The OTA package to be verified.')
|
|
args = parser.parse_args()
|
|
|
|
VerifyPackage(args.certificate, args.package)
|
|
VerifyAbOtaPayload(args.certificate, args.package)
|
|
|
|
|
|
if __name__ == '__main__':
|
|
try:
|
|
main()
|
|
except AssertionError as err:
|
|
print('\n ERROR: %s\n' % (err,))
|
|
sys.exit(1)
|
|
finally:
|
|
common.Cleanup()
|