Gitiles
Code Review Sign In
gerrit.twrp.me / android_bootable_recovery / 62bd9e04c72f81a99a613ce00e045fa290821807 / . / crypto / fs_mgr / fs_mgr_verity.c
blob: 969eab2a065e43f9766a1d0e8d5616d102e4085b [file] [log] [blame]
Dees Troy4dff2e62013-11-10 04:11:43 +0000[diff] [blame]1/*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include <stdio.h>
18#include <stdlib.h>
19#include <string.h>
20#include <unistd.h>
21#include <fcntl.h>
22#include <ctype.h>
23#include <sys/mount.h>
24#include <sys/stat.h>
25#include <errno.h>
26#include <sys/types.h>
27#include <sys/wait.h>
28#include <libgen.h>
29#include <time.h>
30
31#include <private/android_filesystem_config.h>
32#include <logwrap/logwrap.h>
33
34#include "mincrypt/rsa.h"
35#include "mincrypt/sha.h"
36#include "mincrypt/sha256.h"
37
38#include "ext4_utils.h"
39#include "ext4.h"
40
41#include "fs_mgr_priv.h"
42#include "fs_mgr_priv_verity.h"
43
44#define VERITY_METADATA_SIZE 32768
45#define VERITY_METADATA_MAGIC_NUMBER 0xb001b001
46#define VERITY_TABLE_RSA_KEY "/verity_key"
47
48extern struct fs_info info;
49
50static RSAPublicKey *load_key(char *path)
51{
52 FILE *f;
53 RSAPublicKey *key;
54
55 key = malloc(sizeof(RSAPublicKey));
56 if (!key) {
57 ERROR("Can't malloc key\n");
58 return NULL;
59 }
60
61 f = fopen(path, "r");
62 if (!f) {
63 ERROR("Can't open '%s'\n", path);
64 free(key);
65 return NULL;
66 }
67
68 if (!fread(key, sizeof(*key), 1, f)) {
69 ERROR("Could not read key!");
70 fclose(f);
71 free(key);
72 return NULL;
73 }
74
75 if (key->len != RSANUMWORDS) {
76 ERROR("Invalid key length %d\n", key->len);
77 fclose(f);
78 free(key);
79 return NULL;
80 }
81
82 fclose(f);
83 return key;
84}
85
86static int verify_table(char *signature, char *table, int table_length)
87{
88 int fd;
89 RSAPublicKey *key;
90 uint8_t hash_buf[SHA_DIGEST_SIZE];
91 int retval = -1;
92
93 // Hash the table
94 SHA_hash((uint8_t*)table, table_length, hash_buf);
95
96 // Now get the public key from the keyfile
97 key = load_key(VERITY_TABLE_RSA_KEY);
98 if (!key) {
99 ERROR("Couldn't load verity keys");
100 goto out;
101 }
102
103 // verify the result
104 if (!RSA_verify(key,
105 (uint8_t*) signature,
106 RSANUMBYTES,
107 (uint8_t*) hash_buf,
108 SHA_DIGEST_SIZE)) {
109 ERROR("Couldn't verify table.");
110 goto out;
111 }
112
113 retval = 0;
114
115out:
116 free(key);
117 return retval;
118}
119
120static int get_target_device_size(char *blk_device, uint64_t *device_size)
121{
122 int data_device;
123 struct ext4_super_block sb;
124
125 data_device = open(blk_device, O_RDONLY);
126 if (data_device < 0) {
127 ERROR("Error opening block device (%s)", strerror(errno));
128 return -1;
129 }
130
131 if (lseek64(data_device, 1024, SEEK_SET) < 0) {
132 ERROR("Error seeking to superblock");
133 close(data_device);
134 return -1;
135 }
136
137 if (read(data_device, &sb, sizeof(sb)) != sizeof(sb)) {
138 ERROR("Error reading superblock");
139 close(data_device);
140 return -1;
141 }
142
143 ext4_parse_sb(&sb);
144 *device_size = info.len;
145
146 close(data_device);
147 return 0;
148}
149
150static int read_verity_metadata(char *block_device, char **signature, char **table)
151{
152 unsigned magic_number;
153 unsigned table_length;
154 uint64_t device_length;
155 int protocol_version;
156 FILE *device;
157 int retval = -1;
158
159 device = fopen(block_device, "r");
160 if (!device) {
161 ERROR("Could not open block device %s (%s).\n", block_device, strerror(errno));
162 goto out;
163 }
164
165 // find the start of the verity metadata
166 if (get_target_device_size(block_device, &device_length) < 0) {
167 ERROR("Could not get target device size.\n");
168 goto out;
169 }
170 if (fseek(device, device_length, SEEK_SET) < 0) {
171 ERROR("Could not seek to start of verity metadata block.\n");
172 goto out;
173 }
174
175 // check the magic number
176 if (!fread(&magic_number, sizeof(int), 1, device)) {
177 ERROR("Couldn't read magic number!\n");
178 goto out;
179 }
180 if (magic_number != VERITY_METADATA_MAGIC_NUMBER) {
181 ERROR("Couldn't find verity metadata at offset %llu!\n", device_length);
182 goto out;
183 }
184
185 // check the protocol version
186 if (!fread(&protocol_version, sizeof(int), 1, device)) {
187 ERROR("Couldn't read verity metadata protocol version!\n");
188 goto out;
189 }
190 if (protocol_version != 0) {
191 ERROR("Got unknown verity metadata protocol version %d!\n", protocol_version);
192 goto out;
193 }
194
195 // get the signature
196 *signature = (char*) malloc(RSANUMBYTES * sizeof(char));
197 if (!*signature) {
198 ERROR("Couldn't allocate memory for signature!\n");
199 goto out;
200 }
201 if (!fread(*signature, RSANUMBYTES, 1, device)) {
202 ERROR("Couldn't read signature from verity metadata!\n");
203 free(*signature);
204 goto out;
205 }
206
207 // get the size of the table
208 if (!fread(&table_length, sizeof(int), 1, device)) {
209 ERROR("Couldn't get the size of the verity table from metadata!\n");
210 free(*signature);
211 goto out;
212 }
213
214 // get the table + null terminator
215 table_length += 1;
216 *table = malloc(table_length);
217 if(!*table) {
218 ERROR("Couldn't allocate memory for verity table!\n");
219 goto out;
220 }
221 if (!fgets(*table, table_length, device)) {
222 ERROR("Couldn't read the verity table from metadata!\n");
223 free(*table);
224 free(*signature);
225 goto out;
226 }
227
228 retval = 0;
229
230out:
231 if (device)
232 fclose(device);
233 return retval;
234}
235
236static void verity_ioctl_init(struct dm_ioctl *io, char *name, unsigned flags)
237{
238 memset(io, 0, DM_BUF_SIZE);
239 io->data_size = DM_BUF_SIZE;
240 io->data_start = sizeof(struct dm_ioctl);
241 io->version[0] = 4;
242 io->version[1] = 0;
243 io->version[2] = 0;
244 io->flags = flags | DM_READONLY_FLAG;
245 if (name) {
246 strlcpy(io->name, name, sizeof(io->name));
247 }
248}
249
250static int create_verity_device(struct dm_ioctl *io, char *name, int fd)
251{
252 verity_ioctl_init(io, name, 1);
253 if (ioctl(fd, DM_DEV_CREATE, io)) {
254 ERROR("Error creating device mapping (%s)", strerror(errno));
255 return -1;
256 }
257 return 0;
258}
259
260static int get_verity_device_name(struct dm_ioctl *io, char *name, int fd, char **dev_name)
261{
262 verity_ioctl_init(io, name, 0);
263 if (ioctl(fd, DM_DEV_STATUS, io)) {
264 ERROR("Error fetching verity device number (%s)", strerror(errno));
265 return -1;
266 }
267 int dev_num = (io->dev & 0xff) | ((io->dev >> 12) & 0xfff00);
268 if (asprintf(dev_name, "/dev/block/dm-%u", dev_num) < 0) {
269 ERROR("Error getting verity block device name (%s)", strerror(errno));
270 return -1;
271 }
272 return 0;
273}
274
275static int load_verity_table(struct dm_ioctl *io, char *name, char *blockdev, int fd, char *table)
276{
277 char *verity_params;
278 char *buffer = (char*) io;
279 uint64_t device_size = 0;
280
281 if (get_target_device_size(blockdev, &device_size) < 0) {
282 return -1;
283 }
284
285 verity_ioctl_init(io, name, DM_STATUS_TABLE_FLAG);
286
287 struct dm_target_spec *tgt = (struct dm_target_spec *) &buffer[sizeof(struct dm_ioctl)];
288
289 // set tgt arguments here
290 io->target_count = 1;
291 tgt->status=0;
292 tgt->sector_start=0;
293 tgt->length=device_size/512;
294 strcpy(tgt->target_type, "verity");
295
296 // build the verity params here
297 verity_params = buffer + sizeof(struct dm_ioctl) + sizeof(struct dm_target_spec);
298 if (sprintf(verity_params, "%s", table) < 0) {
299 return -1;
300 }
301
302 // set next target boundary
303 verity_params += strlen(verity_params) + 1;
304 verity_params = (char*) (((unsigned long)verity_params + 7) & ~8);
305 tgt->next = verity_params - buffer;
306
307 // send the ioctl to load the verity table
308 if (ioctl(fd, DM_TABLE_LOAD, io)) {
309 ERROR("Error loading verity table (%s)", strerror(errno));
310 return -1;
311 }
312
313 return 0;
314}
315
316static int resume_verity_table(struct dm_ioctl *io, char *name, int fd)
317{
318 verity_ioctl_init(io, name, 0);
319 if (ioctl(fd, DM_DEV_SUSPEND, io)) {
320 ERROR("Error activating verity device (%s)", strerror(errno));
321 return -1;
322 }
323 return 0;
324}
325
326static int test_access(char *device) {
327 int tries = 25;
328 while (tries--) {
329 if (!access(device, F_OK) || errno != ENOENT) {
330 return 0;
331 }
332 usleep(40 * 1000);
333 }
334 return -1;
335}
336
337int fs_mgr_setup_verity(struct fstab_rec *fstab) {
338
339 int retval = -1;
340
341 char *verity_blk_name;
342 char *verity_table;
343 char *verity_table_signature;
344
345 char buffer[DM_BUF_SIZE];
346 struct dm_ioctl *io = (struct dm_ioctl *) buffer;
347 char *mount_point = basename(fstab->mount_point);
348
349 // set the dm_ioctl flags
350 io->flags |= 1;
351 io->target_count = 1;
352
353 // get the device mapper fd
354 int fd;
355 if ((fd = open("/dev/device-mapper", O_RDWR)) < 0) {
356 ERROR("Error opening device mapper (%s)", strerror(errno));
357 return retval;
358 }
359
360 // create the device
361 if (create_verity_device(io, mount_point, fd) < 0) {
362 ERROR("Couldn't create verity device!");
363 goto out;
364 }
365
366 // get the name of the device file
367 if (get_verity_device_name(io, mount_point, fd, &verity_blk_name) < 0) {
368 ERROR("Couldn't get verity device number!");
369 goto out;
370 }
371
372 // read the verity block at the end of the block device
373 if (read_verity_metadata(fstab->blk_device,
374 &verity_table_signature,
375 &verity_table) < 0) {
376 goto out;
377 }
378
379 // verify the signature on the table
380 if (verify_table(verity_table_signature,
381 verity_table,
382 strlen(verity_table)) < 0) {
383 goto out;
384 }
385
386 // load the verity mapping table
387 if (load_verity_table(io, mount_point, fstab->blk_device, fd, verity_table) < 0) {
388 goto out;
389 }
390
391 // activate the device
392 if (resume_verity_table(io, mount_point, fd) < 0) {
393 goto out;
394 }
395
396 // assign the new verity block device as the block device
397 free(fstab->blk_device);
398 fstab->blk_device = verity_blk_name;
399
400 // make sure we've set everything up properly
401 if (test_access(fstab->blk_device) < 0) {
402 goto out;
403 }
404
405 retval = 0;
406
407out:
408 close(fd);
409 return retval;
410}