AU: Switch to 2048 bit RSA keys; Pad SHA256 hashes appropriately.

Manually pad hashes according to how SHA256 hashes should be padded
for use in RSA 2048 bit encryption.

Also, remove the public key from the repository, as it's generated by
scons.

In an upcoming CL, I will test via an actual update.

BUG=chromium-os:13341
TEST=unittests

Review URL: http://codereview.chromium.org/6771024

Change-Id: I8aa93ed54e4d32b46f4d817a5ae5c36d9f0885f6

Author: adlr

delta_performer.cc

@@ -601,7 +601,8 @@ bool DeltaPerformer::VerifyPayload(
   OmahaHashCalculator signed_hasher;
   TEST_AND_RETURN_FALSE(signed_hasher.SetContext(signed_hash_context_));
   TEST_AND_RETURN_FALSE(signed_hasher.Finalize());
-  const vector<char>& hash_data = signed_hasher.raw_hash();
+  vector<char> hash_data = signed_hasher.raw_hash();
+  PayloadSigner::PadRSA2048SHA256Hash(&hash_data);
   TEST_AND_RETURN_FALSE(!hash_data.empty());
   TEST_AND_RETURN_FALSE(hash_data == signed_hash_data);
   return true;

delta_performer_unittest.cc

@@ -149,7 +149,7 @@ void SignGeneratedShellPayload(SignatureTest signature_test,
     LOG(INFO) << "Generating a mismatched private key.";
     ASSERT_EQ(0,
               System(StringPrintf(
-                  "/usr/bin/openssl genrsa -out %s 1024",
+                  "/usr/bin/openssl genrsa -out %s 2048",
                   private_key_path.c_str())));
   }
   int signature_size = GetSignatureSize(private_key_path);
@@ -164,12 +164,18 @@ void SignGeneratedShellPayload(SignatureTest signature_test,
                 signature_size,
                 hash_file.c_str())));
 
+  // Pad the hash
+  vector<char> hash;
+  ASSERT_TRUE(utils::ReadFile(hash_file, &hash));
+  ASSERT_TRUE(PayloadSigner::PadRSA2048SHA256Hash(&hash));
+  ASSERT_TRUE(WriteFileVector(hash_file, hash));
+
   string sig_file;
   ASSERT_TRUE(utils::MakeTempFile("/tmp/signature.XXXXXX", &sig_file, NULL));
   ScopedPathUnlinker sig_unlinker(sig_file);
   ASSERT_EQ(0,
             System(StringPrintf(
-                "/usr/bin/openssl rsautl -pkcs -sign -inkey %s -in %s -out %s",
+                "/usr/bin/openssl rsautl -raw -sign -inkey %s -in %s -out %s",
                 private_key_path.c_str(),
                 hash_file.c_str(),
                 sig_file.c_str())));

payload_signer.cc

@@ -23,6 +23,28 @@ namespace chromeos_update_engine {
 const uint32_t kSignatureMessageVersion = 1;
 
 namespace {
+
+const char kRSA2048SHA256Padding[] = {
+  0x00, 0x01, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
+  0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x30, 0x31, 0x30,
+  0x0d, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05,
+  0x00, 0x04, 0x20
+};
+
 // Given a raw |signature|, packs it into a protobuf and serializes it into a
 // binary blob. Returns true on success, false otherwise.
 bool ConvertSignatureToProtobufBlob(const vector<char> signature,
@@ -113,14 +135,18 @@ bool PayloadSigner::SignHash(const vector<char>& hash,
   TEST_AND_RETURN_FALSE(
       utils::MakeTempFile("/tmp/hash.XXXXXX", &hash_path, NULL));
   ScopedPathUnlinker hash_path_unlinker(hash_path);
+  // We expect unpadded SHA256 hash coming in
+  TEST_AND_RETURN_FALSE(hash.size() == 32);
+  vector<char> padded_hash(hash);
+  PadRSA2048SHA256Hash(&padded_hash);
   TEST_AND_RETURN_FALSE(utils::WriteFile(hash_path.c_str(),
-                                         hash.data(),
-                                         hash.size()));
+                                         padded_hash.data(),
+                                         padded_hash.size()));
 
   // This runs on the server, so it's okay to cop out and call openssl
   // executable rather than properly use the library
   vector<string> cmd;
-  SplitString("/usr/bin/openssl rsautl -pkcs -sign -inkey x -in x -out x",
+  SplitString("/usr/bin/openssl rsautl -raw -sign -inkey x -in x -out x",
               ' ',
               &cmd);
   cmd[cmd.size() - 5] = private_key_path;
@@ -220,7 +246,7 @@ bool PayloadSigner::VerifySignature(const std::vector<char>& signature_blob,
       reinterpret_cast<const unsigned char*>(sig_data.data()),
       reinterpret_cast<unsigned char*>(hash_data.data()),
       rsa,
-      RSA_PKCS1_PADDING);
+      RSA_NO_PADDING);
   RSA_free(rsa);
   TEST_AND_RETURN_FALSE(decrypt_size > 0 &&
                         decrypt_size <= static_cast<int>(hash_data.size()));
@@ -251,6 +277,7 @@ bool PayloadSigner::VerifySignedPayload(const std::string& payload_path,
   vector<char> hash;
   TEST_AND_RETURN_FALSE(OmahaHashCalculator::RawHashOfBytes(
       payload.data(), metadata_size + manifest.signatures_offset(), &hash));
+  PadRSA2048SHA256Hash(&hash);
   TEST_AND_RETURN_FALSE(hash == signed_hash);
   return true;
 }
@@ -299,4 +326,13 @@ bool PayloadSigner::AddSignatureToPayload(const string& payload_path,
   return true;
 }
 
+bool PayloadSigner::PadRSA2048SHA256Hash(std::vector<char>* hash) {
+  TEST_AND_RETURN_FALSE(hash->size() == 32);
+  hash->insert(hash->begin(),
+               kRSA2048SHA256Padding,
+               kRSA2048SHA256Padding + sizeof(kRSA2048SHA256Padding));
+  TEST_AND_RETURN_FALSE(hash->size() == 256);
+  return true;
+}
+
 }  // namespace chromeos_update_engine

payload_signer.h

@@ -67,6 +67,12 @@ class PayloadSigner {
   static bool VerifySignedPayload(const std::string& payload_path,
                                   const std::string& public_key_path);
 
+  // Pads a SHA256 hash so that it may be encrypted/signed with RSA2048
+  // using the PKCS#1 v1.5 scheme.
+  // hash should be a pointer to vector of exactly 256 bits. The vector
+  // will be modified in place and will result in having a length of
+  // 2048 bits. Returns true on success, false otherwise.
+  static bool PadRSA2048SHA256Hash(std::vector<char>* hash);
  private:
   // This should never be constructed
   DISALLOW_IMPLICIT_CONSTRUCTORS(PayloadSigner);

payload_signer_unittest.cc

@@ -14,7 +14,7 @@ using std::string;
 using std::vector;
 
 // Note: the test key was generated with the following command:
-// openssl genrsa -out unittest_key.pem 1024
+// openssl genrsa -out unittest_key.pem 2048
 
 namespace chromeos_update_engine {
 
@@ -23,29 +23,55 @@ const char* kUnittestPublicKeyPath = "unittest_key.pub.pem";
 
 // Some data and its corresponding hash and signature:
 const char kDataToSign[] = "This is some data to sign.";
+
+// Generated by:
+// echo -n 'This is some data to sign.' | openssl dgst -sha256 -binary |
+//   hexdump -v -e '" " 8/1 "0x%02x, " "\n"'
 const char kDataHash[] = {
   0x7a, 0x07, 0xa6, 0x44, 0x08, 0x86, 0x20, 0xa6,
   0xc1, 0xf8, 0xd9, 0x02, 0x05, 0x63, 0x0d, 0xb7,
   0xfc, 0x2b, 0xa0, 0xa9, 0x7c, 0x9d, 0x1d, 0x8c,
   0x01, 0xf5, 0x78, 0x6d, 0xc5, 0x11, 0xb4, 0x06
 };
+
+// Generated with openssl 1.0, which at the time of this writing, you need
+// to download and install yourself. Here's my command:
+// echo -n 'This is some data to sign.' | openssl dgst -sha256 -binary |
+//    ~/local/bin/openssl pkeyutl -sign -inkey unittest_key.pem -pkeyopt
+//    digest:sha256 | hexdump -v -e '" " 8/1 "0x%02x, " "\n"'
 const char kDataSignature[] = {
-  0xa4, 0xbc, 0x8f, 0xeb, 0x81, 0x05, 0xaa, 0x56,
-  0x1b, 0x56, 0xe5, 0xcb, 0x9b, 0x1a, 0x00, 0xd7,
-  0x1d, 0x87, 0x8e, 0xda, 0x5e, 0x90, 0x09, 0xb8,
-  0x15, 0xf4, 0x25, 0x97, 0x2f, 0x3c, 0xa1, 0xf3,
-  0x02, 0x75, 0xcd, 0x67, 0x4b, 0x0c, 0x1f, 0xf5,
-  0x6e, 0xf1, 0x58, 0xd7, 0x0d, 0x8c, 0x18, 0x91,
-  0x52, 0x30, 0x98, 0x64, 0x58, 0xc0, 0xe2, 0xb5,
-  0x77, 0x3b, 0x96, 0x8f, 0x05, 0xc4, 0x7f, 0x7a,
-  0x9a, 0x44, 0x0f, 0xc7, 0x1b, 0x90, 0x83, 0xf8,
-  0x69, 0x05, 0xa8, 0x02, 0x57, 0xcd, 0x2e, 0x5b,
-  0x96, 0xc7, 0x77, 0xa6, 0x1f, 0x97, 0x97, 0x05,
-  0xb3, 0x30, 0x1c, 0x27, 0xd7, 0x2d, 0x31, 0x60,
-  0x84, 0x7e, 0x99, 0x00, 0xe6, 0xe1, 0x39, 0xa6,
-  0xf3, 0x3a, 0x72, 0xba, 0xc4, 0xfe, 0x68, 0xa9,
-  0x08, 0xfa, 0xbc, 0xa8, 0x44, 0x66, 0xa0, 0x60,
-  0xde, 0xc9, 0xb2, 0xba, 0xbc, 0x80, 0xb5, 0x55
+  0x9f, 0x86, 0x25, 0x8b, 0xf3, 0xcc, 0xe3, 0x95,
+  0x5f, 0x45, 0x83, 0xb2, 0x66, 0xf0, 0x2a, 0xcf,
+  0xb7, 0xaa, 0x52, 0x25, 0x7a, 0xdd, 0x9d, 0x65,
+  0xe5, 0xd6, 0x02, 0x4b, 0x37, 0x99, 0x53, 0x06,
+  0xc2, 0xc9, 0x37, 0x36, 0x25, 0x62, 0x09, 0x4f,
+  0x6b, 0x22, 0xf8, 0xb3, 0x89, 0x14, 0x98, 0x1a,
+  0xbc, 0x30, 0x90, 0x4a, 0x43, 0xf5, 0xea, 0x2e,
+  0xf0, 0xa4, 0xba, 0xc3, 0xa7, 0xa3, 0x44, 0x70,
+  0xd6, 0xc4, 0x89, 0xd8, 0x45, 0x71, 0xbb, 0xee,
+  0x59, 0x87, 0x3d, 0xd5, 0xe5, 0x40, 0x22, 0x3d,
+  0x73, 0x7e, 0x2a, 0x58, 0x93, 0x8e, 0xcb, 0x9c,
+  0xf2, 0xbb, 0x4a, 0xc9, 0xd2, 0x2c, 0x52, 0x42,
+  0xb0, 0xd1, 0x13, 0x22, 0xa4, 0x78, 0xc7, 0xc6,
+  0x3e, 0xf1, 0xdc, 0x4c, 0x7b, 0x2d, 0x40, 0xda,
+  0x58, 0xac, 0x4a, 0x11, 0x96, 0x3d, 0xa0, 0x01,
+  0xf6, 0x96, 0x74, 0xf6, 0x6c, 0x0c, 0x49, 0x69,
+  0x4e, 0xc1, 0x7e, 0x9f, 0x2a, 0x42, 0xdd, 0x15,
+  0x6b, 0x37, 0x2e, 0x3a, 0xa7, 0xa7, 0x6d, 0x91,
+  0x13, 0xe8, 0x59, 0xde, 0xfe, 0x99, 0x07, 0xd9,
+  0x34, 0x0f, 0x17, 0xb3, 0x05, 0x4c, 0xd2, 0xc6,
+  0x82, 0xb7, 0x38, 0x36, 0x63, 0x1d, 0x9e, 0x21,
+  0xa6, 0x32, 0xef, 0xf1, 0x65, 0xe6, 0xed, 0x95,
+  0x25, 0x9b, 0x61, 0xe0, 0xba, 0x86, 0xa1, 0x7f,
+  0xf8, 0xa5, 0x4a, 0x32, 0x1f, 0x15, 0x20, 0x8a,
+  0x41, 0xc5, 0xb0, 0xd9, 0x4a, 0xda, 0x85, 0xf3,
+  0xdc, 0xa0, 0x98, 0x5d, 0x1d, 0x18, 0x9d, 0x2e,
+  0x42, 0xea, 0x69, 0x13, 0x74, 0x3c, 0x74, 0xf7,
+  0x6d, 0x43, 0xb0, 0x63, 0x90, 0xdb, 0x04, 0xd5,
+  0x05, 0xc9, 0x73, 0x1f, 0x6c, 0xd6, 0xfa, 0x46,
+  0x4e, 0x0f, 0x33, 0x58, 0x5b, 0x0d, 0x1b, 0x55,
+  0x39, 0xb9, 0x0f, 0x43, 0x37, 0xc0, 0x06, 0x0c,
+  0x29, 0x93, 0x43, 0xc7, 0x43, 0xb9, 0xab, 0x7d
 };
 
 //class PayloadSignerTest : public ::testing::Test {};
@@ -96,9 +122,11 @@ TEST(PayloadSignerTest, VerifySignatureTest) {
   EXPECT_TRUE(PayloadSigner::VerifySignature(signature_blob,
                                              kUnittestPublicKeyPath,
                                              &hash_data));
-  ASSERT_EQ(arraysize(kDataHash), hash_data.size());
-  for (size_t i = 0; i < arraysize(kDataHash); i++) {
-    EXPECT_EQ(kDataHash[i], hash_data[i]);
+  vector<char> padded_hash_data(kDataHash, kDataHash + sizeof(kDataHash));
+  PayloadSigner::PadRSA2048SHA256Hash(&padded_hash_data);
+  ASSERT_EQ(padded_hash_data.size(), hash_data.size());
+  for (size_t i = 0; i < padded_hash_data.size(); i++) {
+    EXPECT_EQ(padded_hash_data[i], hash_data[i]);
   }
 }
 

unittest_key.pem

@@ -1,15 +1,27 @@
 -----BEGIN RSA PRIVATE KEY-----
-MIICXQIBAAKBgQDh27889vgney5Fmg89ZR80CFAhBWfj/33/6uRfWRs9tNP0kKpy
-Iml8Q4s6acPyp4VUlmfcayVKIkoNYhV+D9oRtNGmjosPCTRmupQ+55z0/FFHjtT5
-4sJShFvBcCofygvHeYqrzgpZdB8z1z/zhAfJc43hs2jFcr82UvkQ8XD3xwIDAQAB
-AoGAeiVwqFTcYeXBYYzu3wI4PNieFS2qQOjkyKnM9i/nhpir5GD0fSNVLwoMWvvm
-J+4nMlbhNpiPoycmK1S3UOTbxqFgw5b0DSUMiiGBdPIc7X0hPVIeR4I40g81fFl0
-3EyvZxlZexzfeTISbp+gpa+KW1bYoxY7e9TWCQDP+cuB34ECQQD5uJXzjU5AKTpA
-hgE1u2WetuGsnl95S96cBwuCiULAcbdFXQYip57eODfoNI2QDGyhdhcr3OBzhbR5
-ScK1qIXBAkEA54mPrA+65eEtv2fD4Iqt1qcvuVll/fSIdq6yQJEnzCUEsT7Ink0C
-WvAAHYlBISkc8onIagPowCQfGbVangQvhwJBAJ438HIOfpyyQmEtRkj4AausrZGE
-CnO8uT9cS1OaifuKURcWmFOOpl6fefSaj3LMHGu0eXvmByPKfA04ya/1JUECQQCX
-FQAW+jyue/zqBL+f6V39zyIpA9i1mbbiGqRd1Vnur8kcDyfBg+ahiDHLFCDXjohB
-Cv8njl114xwYHmp+6aRJAkAtumVpfP3KIAg7q7pXT5W1yTTqrzN/xAn4AQhnaXuh
-6Kt1dgWF7IQUEzoMKHBgciuwh2KjIxOx1/sMfLj3nz3H
+MIIEpAIBAAKCAQEAx6hqS+Hbc7jN82ek+OBkHJNvlWXktyS2XCuQtGtnHjEV7Ou5
+hHNF96s5wEn8RDtrdLocm0a+SqXXf7KycFRTZxLdDbqWAMUlPXOaPI+PZLWkB7/K
+V7Cdj6vPGbeq7elu+aT/budhzTvq2stYrrAlcr/21tOVDPiWtfCdykh7FCXi6FaY
+HoNy5A6EKQLfLBuJoU/QoCufldmwlFaFDKl+Koos6R1QYJfCNZfgocrW1PIh+8t1
+JIvw6Izo8+fTme7nev7Ol2YZiMWJpRYKx8MgxW2UgTXlRpmQN56pc9LUsnVA8FND
+BN57+gMJj+XmdDmbtMpOsyXfSNEgnuwMPcEcmwIDAQABAoIBABPkwgKhlH4pUcwI
+7bUmlpMKVbnrFyjwbYMtjBOOCA5IEckzi56Y5cXRt8VjGdGqogBVcvg9ykQh1iER
+KxpqLI0+oev2RW/6NMW0uQ+DtmPwfVGQWJb4MBraoZ4MYOmnsrkJKbJhN6t9Zt86
+F7IANxsB6ZRqLJXIRywFt5MqOak+GAnQJ8C8eSQg70NhbEhSOrD8wrD6tfvgIqta
+XxhtlQWUAILIWetnWrJsalMqnreGn7vhc7+iihhMtXh1xNBMTA+gzpov/Cx21iH5
+DM9ppSA6HHDXrMhauryypIRrhjOUWRyDws/kIHgIW4TCbULOlxqsputQeTmdf0ti
+7lpwqAECgYEA7nNKkct3Vs51Ugk4GUPC4NOyYRPNc9UQAfHViB9gSDRacCo9Ax9J
+83hJGqDXlNGzELOnhzMn8jQMyF13eWzOsMozK6Fj3uW7DBvelg5bfgsZDUUO5WUF
+6BYbOheVqf12rIHR9BKBmCfLEKyxbKmw5bnB0uNo7IuBPBNuhPbvkgECgYEA1lo5
+XHWJpQnVl+JzXLHpXBK2nfnFAOtvzlTW+7gteeU12X2HcFASrzp7C1ULVV+i1Kcz
+tDFIA5yiFjEqmSJ/TsO8aqAhL5BXJjylCepQK7XkEOGCR8eQjlt7E4DulAsQbfpt
+k30HVVlIOFqLCWKSW8M3dy/Plodq/Gyq26rntpsCgYAzsNyGdIQfVkxKh2MY3v6c
+/Gdb8g4EwThiI4m1o4+ct3SvggiN57eBRx8Z3ao+QaM+yKNVhLpxH+VxfgmLUhIQ
+cxTarXbX+BcvTc9X2i7tSPyaStEq21aHdFtcoYY5Po/+X3ojHevoDyBPMhCYTMTj
+V/xzegbh2HAglNnNizZuAQKBgQCyOxEpBP5vgS7d/MgJklFEYrb/wjgBnMI5oSek
+5C7EBUdyUUM1qw7uLsUy1gL3eO7uvRxrvvJvNmU76KPP8vRCLNTVH9KYNv+P5qsg
+BHmm7rX1J11pi9Fx3TUIMZOu+0gs+ib0lOhtGjDH0tl680BZFohfDR0hv/XAcCbd
+Qk0q8wKBgQCGbURFFW/5RZUA77MmpY6jsEMw2gJmVtjO5IWZg9VPvLQQPgCr4Ho/
+bS2LIsT6pS+hrLOoz5KI0YueRS0jQYI+WkRqNf5wYNjxPql9632FiDLHO+Xv8PBe
+kHrPHy0GGT1igXScY4eemw4ZC1OSdZfkVn6Ui/JvBHrydJ2LrutMWQ==
 -----END RSA PRIVATE KEY-----