1 /* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef __FEC_PRIVATE_H__ 18 #define __FEC_PRIVATE_H__ 19 20 #include <errno.h> 21 #include <fcntl.h> 22 #include <memory> 23 #include <new> 24 #include <pthread.h> 25 #include <stdio.h> 26 #include <string.h> 27 #include <string> 28 #include <sys/syscall.h> 29 #include <unistd.h> 30 #include <vector> 31 32 #include <crypto_utils/android_pubkey.h> 33 #include <fec/ecc.h> 34 #include <fec/io.h> 35 #include <openssl/sha.h> 36 #include <utils/Compat.h> 37 38 /* processing parameters */ 39 #define WORK_MIN_THREADS 1 40 #define WORK_MAX_THREADS 64 41 42 /* verity parameters */ 43 #define VERITY_CACHE_BLOCKS 4096 44 #define VERITY_NO_CACHE UINT64_MAX 45 46 /* verity definitions */ 47 #define VERITY_METADATA_SIZE (8 * FEC_BLOCKSIZE) 48 #define VERITY_TABLE_ARGS 10 /* mandatory arguments */ 49 #define VERITY_MIN_TABLE_SIZE (VERITY_TABLE_ARGS * 2) /* for a sanity check */ 50 #define VERITY_MAX_TABLE_SIZE (VERITY_METADATA_SIZE - sizeof(verity_header)) 51 52 /* verity header and metadata */ 53 #define VERITY_MAGIC 0xB001B001 54 #define VERITY_MAGIC_DISABLE 0x46464F56 55 #define VERITY_VERSION 0 56 #define VERITY_TABLE_FIELDS 10 57 #define VERITY_TABLE_VERSION 1 58 59 struct verity_header { 60 uint32_t magic; 61 uint32_t version; 62 uint8_t signature[ANDROID_PUBKEY_MODULUS_SIZE]; 63 uint32_t length; 64 }; 65 66 /* file handle */ 67 struct ecc_info { 68 bool valid; 69 int roots; 70 int rsn; 71 uint32_t size; 72 uint64_t blocks; 73 uint64_t rounds; 74 uint64_t start; /* offset in file */ 75 }; 76 77 struct verity_info { 78 bool disabled; 79 char *table; 80 uint32_t hash_data_blocks; 81 uint32_t hash_size; 82 uint64_t hash_data_offset; 83 uint64_t hash_start; 84 uint8_t *hash; 85 uint32_t salt_size; 86 uint8_t *salt; 87 uint64_t data_blocks; 88 uint64_t metadata_start; /* offset in file */ 89 uint8_t zero_hash[SHA256_DIGEST_LENGTH]; 90 verity_header header; 91 verity_header ecc_header; 92 }; 93 94 struct verity_block_info { 95 uint64_t index; 96 bool valid; 97 }; 98 99 struct fec_handle { 100 ecc_info ecc; 101 int fd; 102 int flags; /* additional flags passed to fec_open */ 103 int mode; /* mode for open(2) */ 104 pthread_mutex_t mutex; 105 uint64_t errors; 106 uint64_t data_size; 107 uint64_t pos; 108 uint64_t size; 109 verity_info verity; 110 }; 111 112 /* I/O helpers */ 113 extern bool raw_pread(fec_handle *f, void *buf, size_t count, 114 uint64_t offset); 115 extern bool raw_pwrite(fec_handle *f, const void *buf, size_t count, 116 uint64_t offset); 117 118 /* processing functions */ 119 typedef ssize_t (*read_func)(fec_handle *f, uint8_t *dest, size_t count, 120 uint64_t offset, size_t *errors); 121 122 extern ssize_t process(fec_handle *f, uint8_t *buf, size_t count, 123 uint64_t offset, read_func func); 124 125 /* verity functions */ 126 extern uint64_t verity_get_size(uint64_t file_size, uint32_t *verity_levels, 127 uint32_t *level_hashes); 128 129 extern int verity_parse_header(fec_handle *f, uint64_t offset); 130 131 extern bool verity_check_block(fec_handle *f, const uint8_t *expected, 132 const uint8_t *block); 133 134 /* helper macros */ 135 #ifndef unlikely 136 #define unlikely(x) __builtin_expect(!!(x), 0) 137 #define likely(x) __builtin_expect(!!(x), 1) 138 #endif 139 140 #ifndef stringify 141 #define __stringify(x) #x 142 #define stringify(x) __stringify(x) 143 #endif 144 145 /* warnings, errors, debug output */ 146 #ifdef FEC_NO_KLOG 147 #define __log(func, type, format, args...) \ 148 fprintf(stderr, "fec: <%d> " type ": %s: " format "\n", \ 149 (int)syscall(SYS_gettid), __FUNCTION__, ##args) 150 #else 151 #include <cutils/klog.h> 152 153 #define __log(func, type, format, args...) \ 154 KLOG_##func("fec", "<%d> " type ": %s: " format "\n", \ 155 (int)syscall(SYS_gettid), __FUNCTION__, ##args) 156 #endif 157 158 #ifdef NDEBUG 159 #define debug(format, args...) 160 #else 161 #define debug(format, args...) __log(DEBUG, "debug", format, ##args) 162 #endif 163 164 #define warn(format, args...) __log(WARNING, "warning", format, ##args) 165 #define error(format, args...) __log(ERROR, "error", format, ##args) 166 167 #define check(p) \ 168 if (unlikely(!(p))) { \ 169 error("`%s' failed", #p); \ 170 errno = EFAULT; \ 171 return -1; \ 172 } 173 174 #endif /* __FEC_PRIVATE_H__ */ 175