/* * Copyright (C) 2008 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "common.h" #include "verifier.h" #include "minzip/Zip.h" #include "mincrypt/rsa.h" #include "mincrypt/sha.h" #include /* required for resolv.h */ #include /* for base64 codec */ #include /* Return an allocated buffer with the contents of a zip file entry. */ static char *slurpEntry(const ZipArchive *pArchive, const ZipEntry *pEntry) { if (!mzIsZipEntryIntact(pArchive, pEntry)) { UnterminatedString fn = mzGetZipEntryFileName(pEntry); LOGE("Invalid %.*s\n", fn.len, fn.str); return NULL; } int len = mzGetZipEntryUncompLen(pEntry); char *buf = malloc(len + 1); if (buf == NULL) { UnterminatedString fn = mzGetZipEntryFileName(pEntry); LOGE("Can't allocate %d bytes for %.*s\n", len, fn.len, fn.str); return NULL; } if (!mzReadZipEntry(pArchive, pEntry, buf, len)) { UnterminatedString fn = mzGetZipEntryFileName(pEntry); LOGE("Can't read %.*s\n", fn.len, fn.str); free(buf); return NULL; } buf[len] = '\0'; return buf; } struct DigestContext { SHA_CTX digest; unsigned *doneBytes; unsigned totalBytes; }; /* mzProcessZipEntryContents callback to update an SHA-1 hash context. */ static bool updateHash(const unsigned char *data, int dataLen, void *cookie) { struct DigestContext *context = (struct DigestContext *) cookie; SHA_update(&context->digest, data, dataLen); if (context->doneBytes != NULL) { *context->doneBytes += dataLen; if (context->totalBytes > 0) { ui_set_progress(*context->doneBytes * 1.0 / context->totalBytes); } } return true; } /* Get the SHA-1 digest of a zip file entry. */ static bool digestEntry(const ZipArchive *pArchive, const ZipEntry *pEntry, unsigned *doneBytes, unsigned totalBytes, uint8_t digest[SHA_DIGEST_SIZE]) { struct DigestContext context; SHA_init(&context.digest); context.doneBytes = doneBytes; context.totalBytes = totalBytes; if (!mzProcessZipEntryContents(pArchive, pEntry, updateHash, &context)) { UnterminatedString fn = mzGetZipEntryFileName(pEntry); LOGE("Can't digest %.*s\n", fn.len, fn.str); return false; } memcpy(digest, SHA_final(&context.digest), SHA_DIGEST_SIZE); #ifdef LOG_VERBOSE UnterminatedString fn = mzGetZipEntryFileName(pEntry); char base64[SHA_DIGEST_SIZE * 3]; b64_ntop(digest, SHA_DIGEST_SIZE, base64, sizeof(base64)); LOGV("sha1(%.*s) = %s\n", fn.len, fn.str, base64); #endif return true; } /* Find a /META-INF/xxx.SF signature file signed by a matching xxx.RSA file. */ static const ZipEntry *verifySignature(const ZipArchive *pArchive, const RSAPublicKey *pKeys, unsigned int numKeys) { static const char prefix[] = "META-INF/"; static const char rsa[] = ".RSA", sf[] = ".SF"; unsigned int i, j; for (i = 0; i < mzZipEntryCount(pArchive); ++i) { const ZipEntry *rsaEntry = mzGetZipEntryAt(pArchive, i); UnterminatedString rsaName = mzGetZipEntryFileName(rsaEntry); int rsaLen = mzGetZipEntryUncompLen(rsaEntry); if (rsaLen >= RSANUMBYTES && rsaName.len > sizeof(prefix) && !strncmp(rsaName.str, prefix, sizeof(prefix) - 1) && !strncmp(rsaName.str + rsaName.len - sizeof(rsa) + 1, rsa, sizeof(rsa) - 1)) { char *sfName = malloc(rsaName.len - sizeof(rsa) + sizeof(sf) + 1); if (sfName == NULL) { LOGE("Can't allocate %d bytes for filename\n", rsaName.len); continue; } /* Replace .RSA with .SF */ strncpy(sfName, rsaName.str, rsaName.len - sizeof(rsa) + 1); strcpy(sfName + rsaName.len - sizeof(rsa) + 1, sf); const ZipEntry *sfEntry = mzFindZipEntry(pArchive, sfName); free(sfName); if (sfEntry == NULL) { LOGW("Missing signature file %s\n", sfName); continue; } uint8_t sfDigest[SHA_DIGEST_SIZE]; if (!digestEntry(pArchive, sfEntry, NULL, 0, sfDigest)) continue; char *rsaBuf = slurpEntry(pArchive, rsaEntry); if (rsaBuf == NULL) continue; /* Try to verify the signature with all the keys. */ uint8_t *sig = (uint8_t *) rsaBuf + rsaLen - RSANUMBYTES; for (j = 0; j < numKeys; ++j) { if (RSA_verify(&pKeys[j], sig, RSANUMBYTES, sfDigest)) { free(rsaBuf); LOGI("Verified %.*s\n", rsaName.len, rsaName.str); return sfEntry; } } free(rsaBuf); LOGW("Can't verify %.*s\n", rsaName.len, rsaName.str); } } LOGE("No signature (%d files)\n", mzZipEntryCount(pArchive)); return NULL; } /* Verify /META-INF/MANIFEST.MF against the digest in a signature file. */ static const ZipEntry *verifyManifest(const ZipArchive *pArchive, const ZipEntry *sfEntry) { static const char prefix[] = "SHA1-Digest-Manifest: ", eol[] = "\r\n"; uint8_t expected[SHA_DIGEST_SIZE + 3], actual[SHA_DIGEST_SIZE]; char *sfBuf = slurpEntry(pArchive, sfEntry); if (sfBuf == NULL) return NULL; char *line, *save; for (line = strtok_r(sfBuf, eol, &save); line != NULL; line = strtok_r(NULL, eol, &save)) { if (!strncasecmp(prefix, line, sizeof(prefix) - 1)) { UnterminatedString fn = mzGetZipEntryFileName(sfEntry); const char *digest = line + sizeof(prefix) - 1; int n = b64_pton(digest, expected, sizeof(expected)); if (n != SHA_DIGEST_SIZE) { LOGE("Invalid base64 in %.*s: %s (%d)\n", fn.len, fn.str, digest, n); line = NULL; } break; } } free(sfBuf); if (line == NULL) { LOGE("No digest manifest in signature file\n"); return false; } const char *mfName = "META-INF/MANIFEST.MF"; const ZipEntry *mfEntry = mzFindZipEntry(pArchive, mfName); if (mfEntry == NULL) { LOGE("No manifest file %s\n", mfName); return NULL; } if (!digestEntry(pArchive, mfEntry, NULL, 0, actual)) return NULL; if (memcmp(expected, actual, SHA_DIGEST_SIZE)) { UnterminatedString fn = mzGetZipEntryFileName(sfEntry); LOGE("Wrong digest for %s in %.*s\n", mfName, fn.len, fn.str); return NULL; } LOGI("Verified %s\n", mfName); return mfEntry; } /* Verify all the files in a Zip archive against the manifest. */ static bool verifyArchive(const ZipArchive *pArchive, const ZipEntry *mfEntry) { static const char namePrefix[] = "Name: "; static const char contPrefix[] = " "; // Continuation of the filename static const char digestPrefix[] = "SHA1-Digest: "; static const char eol[] = "\r\n"; char *mfBuf = slurpEntry(pArchive, mfEntry); if (mfBuf == NULL) return false; /* we're using calloc() here, so the initial state of the array is false */ bool *unverified = (bool *) calloc(mzZipEntryCount(pArchive), sizeof(bool)); if (unverified == NULL) { LOGE("Can't allocate valid flags\n"); free(mfBuf); return false; } /* Mark all the files in the archive that need to be verified. * As we scan the manifest and check signatures, we'll unset these flags. * At the end, we'll make sure that all the flags are unset. */ unsigned i, totalBytes = 0; for (i = 0; i < mzZipEntryCount(pArchive); ++i) { const ZipEntry *entry = mzGetZipEntryAt(pArchive, i); UnterminatedString fn = mzGetZipEntryFileName(entry); int len = mzGetZipEntryUncompLen(entry); // Don't validate: directories, the manifest, *.RSA, and *.SF. if (entry == mfEntry) { LOGV("Skipping manifest %.*s\n", fn.len, fn.str); } else if (fn.len > 0 && fn.str[fn.len-1] == '/' && len == 0) { LOGV("Skipping directory %.*s\n", fn.len, fn.str); } else if (!strncasecmp(fn.str, "META-INF/", 9) && ( !strncasecmp(fn.str + fn.len - 4, ".RSA", 4) || !strncasecmp(fn.str + fn.len - 3, ".SF", 3))) { LOGV("Skipping signature %.*s\n", fn.len, fn.str); } else { unverified[i] = true; totalBytes += len; } } unsigned doneBytes = 0; char *line, *save, *name = NULL; for (line = strtok_r(mfBuf, eol, &save); line != NULL; line = strtok_r(NULL, eol, &save)) { if (!strncasecmp(line, namePrefix, sizeof(namePrefix) - 1)) { // "Name:" introducing a new stanza if (name != NULL) { LOGE("No digest:\n %s\n", name); break; } name = strdup(line + sizeof(namePrefix) - 1); if (name == NULL) { LOGE("Can't copy filename in %s\n", line); break; } } else if (!strncasecmp(line, contPrefix, sizeof(contPrefix) - 1)) { // Continuing a long name (nothing else should be continued) const char *tail = line + sizeof(contPrefix) - 1; if (name == NULL) { LOGE("Unexpected continuation:\n %s\n", tail); } char *concat; if (asprintf(&concat, "%s%s", name, tail) < 0) { LOGE("Can't append continuation %s\n", tail); break; } free(name); name = concat; } else if (!strncasecmp(line, digestPrefix, sizeof(digestPrefix) - 1)) { // "Digest:" supplying a hash code for the current stanza const char *base64 = line + sizeof(digestPrefix) - 1; if (name == NULL) { LOGE("Unexpected digest:\n %s\n", base64); break; } const ZipEntry *entry = mzFindZipEntry(pArchive, name); if (entry == NULL) { LOGE("Missing file:\n %s\n", name); break; } if (!mzIsZipEntryIntact(pArchive, entry)) { LOGE("Corrupt file:\n %s\n", name); break; } if (!unverified[mzGetZipEntryIndex(pArchive, entry)]) { LOGE("Unexpected file:\n %s\n", name); break; } uint8_t expected[SHA_DIGEST_SIZE + 3], actual[SHA_DIGEST_SIZE]; int n = b64_pton(base64, expected, sizeof(expected)); if (n != SHA_DIGEST_SIZE) { LOGE("Invalid base64:\n %s\n %s\n", name, base64); break; } if (!digestEntry(pArchive, entry, &doneBytes, totalBytes, actual) || memcmp(expected, actual, SHA_DIGEST_SIZE) != 0) { LOGE("Wrong digest:\n %s\n", name); break; } LOGI("Verified %s\n", name); unverified[mzGetZipEntryIndex(pArchive, entry)] = false; free(name); name = NULL; } } if (name != NULL) free(name); free(mfBuf); for (i = 0; i < mzZipEntryCount(pArchive) && !unverified[i]; ++i) ; free(unverified); // This means we didn't get to the end of the manifest successfully. if (line != NULL) return false; if (i < mzZipEntryCount(pArchive)) { const ZipEntry *entry = mzGetZipEntryAt(pArchive, i); UnterminatedString fn = mzGetZipEntryFileName(entry); LOGE("No digest for %.*s\n", fn.len, fn.str); return false; } return true; } bool verify_jar_signature(const ZipArchive *pArchive, const RSAPublicKey *pKeys, int numKeys) { const ZipEntry *sfEntry = verifySignature(pArchive, pKeys, numKeys); if (sfEntry == NULL) return false; const ZipEntry *mfEntry = verifyManifest(pArchive, sfEntry); if (mfEntry == NULL) return false; return verifyArchive(pArchive, mfEntry); }