1 /* 2 * Copyright (c) 2025 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef ELF_CODE_SIGN_BLOCK_V1_H 17 #define ELF_CODE_SIGN_BLOCK_V1_H 18 19 #include <cstdint> 20 #include <cstdlib> 21 #include <string> 22 #include <linux/fsverity.h> 23 #include "errcode.h" 24 25 namespace OHOS { 26 namespace Security { 27 namespace CodeSign { 28 29 #pragma pack(push, 1) 30 typedef struct { 31 uint16_t type; 32 uint16_t tag; 33 uint32_t size; 34 uint32_t offset; 35 } ElfBlockHeader; 36 37 typedef struct { 38 uint32_t type; 39 uint32_t length; 40 uint8_t merkleTree[0]; 41 } ElfMerkleTreeSegment; 42 43 typedef struct { 44 uint32_t type; 45 uint32_t length; 46 uint8_t version; 47 uint8_t hashAlgorithm; 48 uint8_t logBlockSize; 49 uint8_t saltSize; 50 uint32_t signSize; 51 uint64_t dataSize; 52 uint8_t rootHash[64]; 53 uint8_t salt[32]; 54 uint32_t flags; 55 uint8_t reserved_1[4]; 56 uint64_t treeOffset; 57 uint8_t reserved_2[127]; 58 uint8_t csVersion; 59 uint8_t signature[0]; 60 } ElfSignInfoSegment; 61 62 typedef struct { 63 uint8_t magic[16]; 64 uint8_t version[4]; 65 uint32_t blockSize; 66 uint32_t blockNum; 67 uint8_t reserved[4]; 68 } ElfSignHeader; 69 70 #pragma pack(pop) 71 72 typedef int32_t CallbackFunc(const std::string &path, const struct code_sign_enable_arg &arg); 73 74 class ElfCodeSignBlockV1 { 75 public: 76 ElfCodeSignBlockV1(); 77 ~ElfCodeSignBlockV1(); 78 79 int32_t EnforceCodeSign(const std::string &realPath, CallbackFunc &func); 80 81 private: 82 ElfCodeSignBlockV1(const ElfCodeSignBlockV1 &) = delete; 83 ElfCodeSignBlockV1 &operator=(const ElfCodeSignBlockV1 &) = delete; 84 85 static constexpr uint8_t ELF_HEADER_MAGIC[4] = {0x7f, 0x45, 0x4c, 0x46}; 86 static constexpr uint8_t SIGN_HEADER_MAGIC[16] = { 87 0x65, 0x6c, 0x66, 0x20, 0x73, 0x69, 0x67, 0x6e, 0x20, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x20, 0x20 88 }; 89 static constexpr uint8_t SIGN_HEADER_VERSION[4] = {0x31, 0x30, 0x30, 0x30}; 90 static constexpr uint16_t CSB_HEADER_TYPE = 0x3; 91 static constexpr uint32_t CSB_MERKLE_TREE_TYPE = 0x2; 92 static constexpr uint32_t CSB_FS_VERITY_DESCRIPTOR_TYPE = 0x1; 93 static constexpr int SIGN_BLOCK_HEADER_SIZE = 32; 94 static constexpr uint32_t SIGN_BLOCK_NUM_MAX = 2; 95 static constexpr uint32_t CSB_FSVERITY_BLOCK_SIZE = 12; 96 97 int32_t ParseSignBlock(const std::string &realPath); 98 int32_t ReadFile(std::ifstream &fileStream, uintmax_t fileSize); 99 int32_t ParseSignData(); 100 101 std::unique_ptr<uint8_t[]> signHeaderBuffer_; 102 std::unique_ptr<uint8_t[]> signBlockBuffer_; 103 const ElfSignHeader *signHeader_ = nullptr; 104 const ElfSignInfoSegment *signInfoSeg_ = nullptr; 105 }; 106 } // CodeSign namespace 107 } // Security namespace 108 } // OHOS namespace 109 #endif 110