• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2025 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef ELF_CODE_SIGN_BLOCK_H
17 #define ELF_CODE_SIGN_BLOCK_H
18 
19 #include <cstdint>
20 #include <cstdlib>
21 #include <string>
22 #include <linux/fsverity.h>
23 #include <elfio.hpp>
24 #include "errcode.h"
25 
26 namespace OHOS {
27 namespace Security {
28 namespace CodeSign {
29 
30 #pragma pack(push, 1)
31 
32 typedef struct {
33     uint32_t type;
34     uint32_t length;
35     uint8_t  version;
36     uint8_t  hashAlgorithm;
37     uint8_t  logBlockSize;
38     uint8_t  saltSize;
39     uint32_t signSize;
40     uint64_t dataSize;
41     uint8_t  rootHash[64];
42     uint8_t  salt[32];
43     uint32_t flags;
44     uint8_t  reserved_1[12];
45     uint8_t  reserved_2[127];
46     uint8_t  csVersion;
47     uint8_t  signature[0];
48 } ElfSignInfo;
49 
50 #pragma pack(pop)
51 
52 typedef int32_t CallbackFunc(const std::string &path, const struct code_sign_enable_arg &arg);
53 
54 class ElfCodeSignBlock {
55 public:
56     ElfCodeSignBlock();
57     ~ElfCodeSignBlock();
58 
59     int32_t EnforceCodeSign(const std::string &realPath, CallbackFunc &func);
60 
61 private:
62 
63     static constexpr uint16_t ELF_CS_VERSION = 0x3;
64     static constexpr uint32_t CSB_FS_VERITY_DESCRIPTOR_TYPE = 0x1;
65     static constexpr uint32_t CSB_FSVERITY_BLOCK_SIZE = 12;
66     static const std::string CODE_SIGN_SECTION;
67 
68     int32_t ParseSignBlock(const std::string &realPath);
69     int32_t CheckElfSignInfo(const uint64_t csBlockSize);
70 
71     std::unique_ptr<uint8_t[]> signBlockBuffer_;
72     const ElfSignInfo *signInfo_ = nullptr;
73 };
74 } // CodeSign namespace
75 } // Security namespace
76 } // OHOS namespace
77 #endif
78