1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <linux/fsverity.h>
17
18 #include "code_sign_helper.h"
19 #include "constants.h"
20 #include "directory_ex.h"
21 #include "file_helper.h"
22 #include "log.h"
23
24 namespace OHOS {
25 namespace Security {
26 namespace CodeSign {
ParseCodeSignBlock(const std::string & realPath,const EntryMap & entryMap,FileType fileType)27 int32_t CodeSignHelper::ParseCodeSignBlock(const std::string &realPath,
28 const EntryMap &entryMap, FileType fileType)
29 {
30 return codeSignBlock_.ParseCodeSignBlock(realPath, entryMap, fileType);
31 }
32
ProcessMultiTask(const std::string & ownerId,const std::string & pluginId,const std::string & path,CallbackFunc & func,uint32_t flag)33 int32_t CodeSignHelper::ProcessMultiTask(const std::string &ownerId, const std::string &pluginId,
34 const std::string &path, CallbackFunc &func, uint32_t flag)
35 {
36 int32_t ret;
37 do {
38 ret = ProcessOneFile(flag);
39 if (ret == CS_SUCCESS_END) {
40 break;
41 } else if (ret != CS_SUCCESS) {
42 return ret;
43 }
44 } while (ret == CS_SUCCESS);
45 return ExecuteMultiTask(ownerId, pluginId, path, func);
46 }
47
ProcessOneFile(uint32_t flag)48 int32_t CodeSignHelper::ProcessOneFile(uint32_t flag)
49 {
50 std::string targetFile;
51 struct code_sign_enable_arg arg = {0};
52 int32_t ret = codeSignBlock_.GetOneFileAndCodeSignInfo(targetFile, arg, flag);
53 if (ret != CS_SUCCESS) {
54 return ret;
55 }
56 ShowCodeSignInfo(targetFile, arg);
57 std::string realPath;
58 if (!OHOS::PathToRealPath(targetFile, realPath)) {
59 LOG_INFO("get real path failed, path = %{public}s", targetFile.c_str());
60 return CS_ERR_FILE_PATH;
61 }
62 ret = CodeSignUtils::IsSupportFsVerity(targetFile);
63 if (ret != CS_SUCCESS) {
64 return ret;
65 }
66 multiTask_.AddTaskData(targetFile, arg);
67 return ret;
68 }
69
ExecuteMultiTask(const std::string & ownerId,const std::string & pluginId,const std::string & path,CallbackFunc & func)70 int32_t CodeSignHelper::ExecuteMultiTask(const std::string &ownerId, const std::string &pluginId,
71 const std::string &path, CallbackFunc &func)
72 {
73 return multiTask_.ExecuteEnableCodeSignTask(ownerId, pluginId, path, func);
74 }
75
ShowCodeSignInfo(const std::string & path,const struct code_sign_enable_arg & arg)76 void CodeSignHelper::ShowCodeSignInfo(const std::string &path, const struct code_sign_enable_arg &arg)
77 {
78 uint8_t *salt = reinterpret_cast<uint8_t *>(arg.salt_ptr);
79 uint8_t rootHash[64] = {0};
80 uint8_t *rootHashPtr = rootHash;
81 if (arg.flags & CodeSignBlock::CSB_SIGN_INFO_MERKLE_TREE
82 && reinterpret_cast<uint8_t *>(arg.root_hash_ptr) != nullptr) {
83 rootHashPtr = reinterpret_cast<uint8_t *>(arg.root_hash_ptr);
84 }
85
86 LOG_DEBUG("{ "
87 "file:%{public}s version:%{public}d hash_algorithm:%{public}d block_size:%{public}d sig_size:%{public}d "
88 "data_size:%{public}lld salt_size:%{public}d salt:[%{public}d, ..., %{public}d, ..., %{public}d] "
89 "flags:%{public}d tree_offset:%{public}lld root_hash:[%{public}d, %{public}d, %{public}d, ..., %{public}d, "
90 "..., %{public}d] pgtypeinfo_size:%{public}d pgtypeinfo_off:%{public}lld }",
91 path.c_str(), arg.cs_version, arg.hash_algorithm, arg.block_size, arg.sig_size,
92 arg.data_size, arg.salt_size, salt[0], salt[16], salt[31], arg.flags, arg.tree_offset, // 16, 31 data index
93 rootHashPtr[0], rootHashPtr[1], rootHashPtr[2], rootHashPtr[32], rootHashPtr[63], // 2, 32, 63 data index
94 arg.pgtypeinfo_size, arg.pgtypeinfo_off);
95 }
96 }
97 }
98 }