Add double hash checking support for code signing (#1005)

ruslan-bikkinin · web-flow · commit e1cdd90e4ee6 · 2017-09-18T13:37:44.000+03:00
Add double hash checking support for code signing for both android and ios SDK
diff --git a/android/app/src/main/java/com/microsoft/codepush/react/CodePushUpdateManager.java b/android/app/src/main/java/com/microsoft/codepush/react/CodePushUpdateManager.java
@@ -257,7 +257,8 @@ public void downloadPackage(JSONObject updatePackage, String expectedBundleFileN
 
                 if (isSignatureVerificationEnabled) {
                     if (isSignatureAppearedInBundle) {
-                        CodePushUpdateUtils.verifySignature(newUpdateFolderPath, stringPublicKey);
+                        CodePushUpdateUtils.verifyFolderHash(newUpdateFolderPath, newUpdateHash);
+                        CodePushUpdateUtils.verifyUpdateSignature(newUpdateFolderPath, newUpdateHash, stringPublicKey);
                     } else {
                         throw new CodePushInvalidUpdateException(
                                 "Error! Public key was provided but there is no JWT signature within app bundle to verify. " +
diff --git a/android/app/src/main/java/com/microsoft/codepush/react/CodePushUpdateUtils.java b/android/app/src/main/java/com/microsoft/codepush/react/CodePushUpdateUtils.java
@@ -176,6 +176,8 @@ public static void verifyFolderHash(String folderPath, String expectedHash) {
         if (!expectedHash.equals(updateContentsManifestHash)) {
             throw new CodePushInvalidUpdateException("The update contents failed the data integrity check.");
         }
+
+        CodePushUtils.log("The update contents succeeded the data integrity check.");
     }
 
     public static Map<String, Object> verifyAndDecodeJWT(String jwt, PublicKey publicKey) {
@@ -184,7 +186,7 @@ public static Map<String, Object> verifyAndDecodeJWT(String jwt, PublicKey publi
             JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey)publicKey);
             if (signedJWT.verify(verifier)) {
                 Map<String, Object> claims = signedJWT.getJWTClaimsSet().getClaims();
-                CodePushUtils.log("JWT verification succeeded:\n" + claims.toString());
+                CodePushUtils.log("JWT verification succeeded, payload content: " + claims.toString());
                 return claims;
             }
             return null;
@@ -233,7 +235,7 @@ public static String getSignature(String folderPath) {
         }
     }
 
-    public static void verifySignature(String folderPath, String stringPublicKey) throws CodePushInvalidUpdateException {
+    public static void verifyUpdateSignature(String folderPath, String packageHash, String stringPublicKey) throws CodePushInvalidUpdateException {
         CodePushUtils.log("Verifying signature for folder path: " + folderPath);
 
         final PublicKey publicKey = parsePublicKey(stringPublicKey);
@@ -256,6 +258,10 @@ public static void verifySignature(String folderPath, String stringPublicKey) th
             throw new CodePushInvalidUpdateException("The update could not be verified because the signature did not specify a content hash.");
         }
 
-        CodePushUpdateUtils.verifyFolderHash(folderPath, contentHash);
+        if (!contentHash.equals(packageHash)) {
+            throw new CodePushInvalidUpdateException("The update contents failed the code signing check.");
+        }
+
+        CodePushUtils.log("The update contents succeeded the code signing check.");
     }
 }
diff --git a/ios/CodePush/CodePush.h b/ios/CodePush/CodePush.h
@@ -193,9 +193,10 @@ failCallback:(void (^)(NSError *err))failCallback;
                withPublicKey:(NSString *)publicKey
                        error:(NSError **)error;
 
-+ (BOOL)verifySignatureFor:(NSString *)updateFolderPath
-             withPublicKey:(NSString *)publicKey
-                  error:(NSError **)error;
++ (BOOL)verifyUpdateSignatureFor:(NSString *)updateFolderPath
+                    expectedHash:(NSString *)newUpdateHash
+                   withPublicKey:(NSString *)publicKeyString
+                           error:(NSError **)error;
 
 @end
 
diff --git a/ios/CodePush/CodePushPackage.m b/ios/CodePush/CodePushPackage.m
@@ -241,18 +241,32 @@ + (void)downloadPackage:(NSDictionary *)updatePackage
                                                         
                                                         if (isSignatureVerificationEnabled) {
                                                             if (isSignatureAppearedInBundle) {
-                                                                BOOL isSignatureValid = [CodePushUpdateUtils verifySignatureFor:newUpdateFolderPath
-                                                                                                                  withPublicKey:publicKey
-                                                                                                                          error:&error];
+                                                                if (![CodePushUpdateUtils verifyFolderHash:newUpdateFolderPath
+                                                                                              expectedHash:newUpdateHash
+                                                                                                     error:&error]) {
+                                                                    CPLog(@"The update contents failed the data integrity check.");
+                                                                    if (!error) {
+                                                                        error = [CodePushErrorUtils errorWithMessage:@"The update contents failed the data integrity check."];
+                                                                    }
+                                                                    
+                                                                    failCallback(error);
+                                                                    return;
+                                                                } else {
+                                                                    CPLog(@"The update contents succeeded the data integrity check.");
+                                                                }
+                                                                BOOL isSignatureValid = [CodePushUpdateUtils verifyUpdateSignatureFor:newUpdateFolderPath
+                                                                                                                         expectedHash:newUpdateHash
+                                                                                                                        withPublicKey:publicKey
+                                                                                                                                error:&error];
                                                                 if (!isSignatureValid) {
-                                                                    CPLog(@"Code signing integrity check error.");
+                                                                    CPLog(@"The update contents failed code signing check.");
                                                                     if (!error) {
-                                                                        error = [CodePushErrorUtils errorWithMessage:@"Code signing integrity check error."];
+                                                                        error = [CodePushErrorUtils errorWithMessage:@"The update contents failed code signing check."];
                                                                     }
                                                                     failCallback(error);
                                                                     return;
                                                                 } else {
-                                                                    CPLog(@"The update contents succeeded the code signing integrity check.");
+                                                                    CPLog(@"The update contents succeeded the code signing check.");
                                                                 }
                                                             } else {
                                                                 error = [CodePushErrorUtils errorWithMessage:
diff --git a/ios/CodePush/CodePushUpdateUtils.m b/ios/CodePush/CodePushUpdateUtils.m
@@ -335,9 +335,10 @@ + (NSDictionary *) verifyAndDecodeJWT:(NSString *)jwt
     }
 }
 
-+ (BOOL)verifySignatureFor:(NSString *)folderPath
-             withPublicKey:(NSString *)publicKeyString
-                     error:(NSError **)error
++ (BOOL)verifyUpdateSignatureFor:(NSString *)folderPath
+                    expectedHash:(NSString *)newUpdateHash
+                   withPublicKey:(NSString *)publicKeyString
+                           error:(NSError **)error
 {
     NSLog(@"Verifying signature for folder path: %@", folderPath);
     
@@ -360,16 +361,16 @@ + (BOOL)verifySignatureFor:(NSString *)folderPath
         return false;
     }
     
+    CPLog(@"JWT signature verification succeeded, payload content:  %@", envelopedPayload);
+    
     if(![envelopedPayload objectForKey:@"contentHash"]){
         CPLog(@"The update could not be verified because the signature did not specify a content hash.");
         return false;
     }
     
     NSString *contentHash = envelopedPayload[@"contentHash"];
     
-    return [self verifyFolderHash:folderPath
-                     expectedHash:contentHash
-                            error:error];
+    return [contentHash isEqualToString:newUpdateHash];
 }
 
 @end

Original file line number	Diff line number	Diff line change
`@@ -176,6 +176,8 @@ public static void verifyFolderHash(String folderPath, String expectedHash) {`
`176`	`176`	`if (!expectedHash.equals(updateContentsManifestHash)) {`
`177`	`177`	`throw new CodePushInvalidUpdateException("The update contents failed the data integrity check.");`
`178`	`178`	`}`
	`179`	`+`
	`180`	`+ CodePushUtils.log("The update contents succeeded the data integrity check.");`
`179`	`181`	`}`
`180`	`182`
`181`	`183`	`public static Map<String, Object> verifyAndDecodeJWT(String jwt, PublicKey publicKey) {`
`@@ -184,7 +186,7 @@ public static Map<String, Object> verifyAndDecodeJWT(String jwt, PublicKey publi`
`184`	`186`	`JWSVerifier verifier = new RSASSAVerifier((RSAPublicKey)publicKey);`
`185`	`187`	`if (signedJWT.verify(verifier)) {`
`186`	`188`	`Map<String, Object> claims = signedJWT.getJWTClaimsSet().getClaims();`
`187`		`- CodePushUtils.log("JWT verification succeeded:\n" + claims.toString());`
	`189`	`+ CodePushUtils.log("JWT verification succeeded, payload content: " + claims.toString());`
`188`	`190`	`return claims;`
`189`	`191`	`}`
`190`	`192`	`return null;`
`@@ -233,7 +235,7 @@ public static String getSignature(String folderPath) {`
`233`	`235`	`}`
`234`	`236`	`}`
`235`	`237`
`236`		`- public static void verifySignature(String folderPath, String stringPublicKey) throws CodePushInvalidUpdateException {`
	`238`	`+ public static void verifyUpdateSignature(String folderPath, String packageHash, String stringPublicKey) throws CodePushInvalidUpdateException {`
`237`	`239`	`CodePushUtils.log("Verifying signature for folder path: " + folderPath);`
`238`	`240`
`239`	`241`	`final PublicKey publicKey = parsePublicKey(stringPublicKey);`
`@@ -256,6 +258,10 @@ public static void verifySignature(String folderPath, String stringPublicKey) th`
`256`	`258`	`throw new CodePushInvalidUpdateException("The update could not be verified because the signature did not specify a content hash.");`
`257`	`259`	`}`
`258`	`260`
`259`		`- CodePushUpdateUtils.verifyFolderHash(folderPath, contentHash);`
	`261`	`+ if (!contentHash.equals(packageHash)) {`
	`262`	`+ throw new CodePushInvalidUpdateException("The update contents failed the code signing check.");`
	`263`	`+ }`
	`264`	`+`
	`265`	`+ CodePushUtils.log("The update contents succeeded the code signing check.");`
`260`	`266`	`}`
`261`	`267`	`}`
Original file line number	Diff line number	Diff line change
`@@ -335,9 +335,10 @@ + (NSDictionary ) verifyAndDecodeJWT:(NSString )jwt`
`335`	`335`	`}`
`336`	`336`	`}`
`337`	`337`
`338`		`-+ (BOOL)verifySignatureFor:(NSString *)folderPath`
`339`		`- withPublicKey:(NSString *)publicKeyString`
`340`		`- error:(NSError **)error`
	`338`	`++ (BOOL)verifyUpdateSignatureFor:(NSString *)folderPath`
	`339`	`+ expectedHash:(NSString *)newUpdateHash`
	`340`	`+ withPublicKey:(NSString *)publicKeyString`
	`341`	`+ error:(NSError **)error`
`341`	`342`	`{`
`342`	`343`	`NSLog(@"Verifying signature for folder path: %@", folderPath);`
`343`	`344`
`@@ -360,16 +361,16 @@ + (BOOL)verifySignatureFor:(NSString *)folderPath`
`360`	`361`	`return false;`
`361`	`362`	`}`
`362`	`363`
	`364`	`+ CPLog(@"JWT signature verification succeeded, payload content: %@", envelopedPayload);`
	`365`	`+`
`363`	`366`	`if(![envelopedPayload objectForKey:@"contentHash"]){`
`364`	`367`	`CPLog(@"The update could not be verified because the signature did not specify a content hash.");`
`365`	`368`	`return false;`
`366`	`369`	`}`
`367`	`370`
`368`	`371`	`NSString *contentHash = envelopedPayload[@"contentHash"];`
`369`	`372`
`370`		`- return [self verifyFolderHash:folderPath`
`371`		`- expectedHash:contentHash`
`372`		`- error:error];`
	`373`	`+ return [contentHash isEqualToString:newUpdateHash];`
`373`	`374`	`}`
`374`	`375`
`375`	`376`	`@end`