• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <stdlib.h>
18 #include <sys/ioctl.h>
19 #include <sys/stat.h>
20 
21 extern "C" {
22     #include <squashfs_utils.h>
23     #include <ext4_sb.h>
24 }
25 
26 #if defined(__linux__)
27     #include <linux/fs.h>
28 #elif defined(__APPLE__)
29     #include <sys/disk.h>
30     #define BLKGETSIZE64 DKIOCGETBLOCKCOUNT
31     #define fdatasync(fd) fcntl((fd), F_FULLFSYNC)
32 #endif
33 
34 #include "fec_private.h"
35 
36 /* used by `find_offset'; returns metadata size for a file size `size' and
37    `roots' Reed-Solomon parity bytes */
38 using size_func = uint64_t (*)(uint64_t size, int roots);
39 
40 /* performs a binary search to find a metadata offset from a file so that
41    the metadata size matches function `get_real_size(size, roots)', using
42    the approximate size returned by `get_appr_size' as a starting point */
find_offset(uint64_t file_size,int roots,uint64_t * offset,size_func get_appr_size,size_func get_real_size)43 static int find_offset(uint64_t file_size, int roots, uint64_t *offset,
44         size_func get_appr_size, size_func get_real_size)
45 {
46     check(offset);
47     check(get_appr_size);
48     check(get_real_size);
49 
50     if (file_size % FEC_BLOCKSIZE) {
51         /* must be a multiple of block size */
52         error("file size not multiple of " stringify(FEC_BLOCKSIZE));
53         errno = EINVAL;
54         return -1;
55     }
56 
57     uint64_t mi = get_appr_size(file_size, roots);
58     uint64_t lo = file_size - mi * 2;
59     uint64_t hi = file_size - mi / 2;
60 
61     while (lo < hi) {
62         mi = ((hi + lo) / (2 * FEC_BLOCKSIZE)) * FEC_BLOCKSIZE;
63         uint64_t total = mi + get_real_size(mi, roots);
64 
65         if (total < file_size) {
66             lo = mi + FEC_BLOCKSIZE;
67         } else if (total > file_size) {
68             hi = mi;
69         } else {
70             *offset = mi;
71             debug("file_size = %" PRIu64 " -> offset = %" PRIu64, file_size,
72                 mi);
73             return 0;
74         }
75     }
76 
77     warn("could not determine offset");
78     errno = ERANGE;
79     return -1;
80 }
81 
82 /* returns verity metadata size for a `size' byte file */
get_verity_size(uint64_t size,int)83 static uint64_t get_verity_size(uint64_t size, int)
84 {
85     return VERITY_METADATA_SIZE + verity_get_size(size, NULL, NULL);
86 }
87 
88 /* computes the verity metadata offset for a file with size `f->size' */
find_verity_offset(fec_handle * f,uint64_t * offset)89 static int find_verity_offset(fec_handle *f, uint64_t *offset)
90 {
91     check(f);
92     check(offset);
93 
94     return find_offset(f->data_size, 0, offset, get_verity_size,
95                 get_verity_size);
96 }
97 
98 /* attempts to read and validate an ecc header from file position `offset' */
parse_ecc_header(fec_handle * f,uint64_t offset)99 static int parse_ecc_header(fec_handle *f, uint64_t offset)
100 {
101     check(f);
102     check(f->ecc.rsn > 0 && f->ecc.rsn < FEC_RSM);
103     check(f->size > sizeof(fec_header));
104 
105     debug("offset = %" PRIu64, offset);
106 
107     if (offset > f->size - sizeof(fec_header)) {
108         return -1;
109     }
110 
111     fec_header header;
112 
113     /* there's obviously no ecc data at this point, so there is no need to
114        call fec_pread to access this data */
115     if (!raw_pread(f, &header, sizeof(fec_header), offset)) {
116         error("failed to read: %s", strerror(errno));
117         return -1;
118     }
119 
120     /* move offset back to the beginning of the block for validating header */
121     offset -= offset % FEC_BLOCKSIZE;
122 
123     if (header.magic != FEC_MAGIC) {
124         return -1;
125     }
126     if (header.version != FEC_VERSION) {
127         error("unsupported ecc version: %u", header.version);
128         return -1;
129     }
130     if (header.size != sizeof(fec_header)) {
131         error("unexpected ecc header size: %u", header.size);
132         return -1;
133     }
134     if (header.roots == 0 || header.roots >= FEC_RSM) {
135         error("invalid ecc roots: %u", header.roots);
136         return -1;
137     }
138     if (f->ecc.roots != (int)header.roots) {
139         error("unexpected number of roots: %d vs %u", f->ecc.roots,
140             header.roots);
141         return -1;
142     }
143     if (header.fec_size % header.roots ||
144             header.fec_size % FEC_BLOCKSIZE) {
145         error("inconsistent ecc size %u", header.fec_size);
146         return -1;
147     }
148     /* structure: data | ecc | header */
149     if (offset < header.fec_size ||
150             offset - header.fec_size != header.inp_size) {
151         error("unexpected input size: %" PRIu64 " vs %" PRIu64, offset,
152             header.inp_size);
153         return -1;
154     }
155 
156     f->data_size = header.inp_size;
157     f->ecc.blocks = fec_div_round_up(f->data_size, FEC_BLOCKSIZE);
158     f->ecc.rounds = fec_div_round_up(f->ecc.blocks, f->ecc.rsn);
159 
160     if (header.fec_size !=
161             (uint32_t)f->ecc.rounds * f->ecc.roots * FEC_BLOCKSIZE) {
162         error("inconsistent ecc size %u", header.fec_size);
163         return -1;
164     }
165 
166     f->ecc.size = header.fec_size;
167     f->ecc.start = header.inp_size;
168 
169     /* validate encoding data; caller may opt not to use it if invalid */
170     SHA256_CTX ctx;
171     SHA256_Init(&ctx);
172 
173     uint8_t buf[FEC_BLOCKSIZE];
174     uint32_t n = 0;
175     uint32_t len = FEC_BLOCKSIZE;
176 
177     while (n < f->ecc.size) {
178         if (len > f->ecc.size - n) {
179             len = f->ecc.size - n;
180         }
181 
182         if (!raw_pread(f, buf, len, f->ecc.start + n)) {
183             error("failed to read ecc: %s", strerror(errno));
184             return -1;
185         }
186 
187         SHA256_Update(&ctx, buf, len);
188         n += len;
189     }
190 
191     uint8_t hash[SHA256_DIGEST_LENGTH];
192     SHA256_Final(hash, &ctx);
193 
194     f->ecc.valid = !memcmp(hash, header.hash, SHA256_DIGEST_LENGTH);
195 
196     if (!f->ecc.valid) {
197         warn("ecc data not valid");
198     }
199 
200     return 0;
201 }
202 
203 /* attempts to read an ecc header from `offset', and checks for a backup copy
204    at the end of the block if the primary header is not valid */
parse_ecc(fec_handle * f,uint64_t offset)205 static int parse_ecc(fec_handle *f, uint64_t offset)
206 {
207     check(f);
208     check(offset % FEC_BLOCKSIZE == 0);
209     check(offset < UINT64_MAX - FEC_BLOCKSIZE);
210 
211     /* check the primary header at the beginning of the block */
212     if (parse_ecc_header(f, offset) == 0) {
213         return 0;
214     }
215 
216     /* check the backup header at the end of the block */
217     if (parse_ecc_header(f, offset + FEC_BLOCKSIZE - sizeof(fec_header)) == 0) {
218         warn("using backup ecc header");
219         return 0;
220     }
221 
222     return -1;
223 }
224 
225 /* reads the squashfs superblock and returns the size of the file system in
226    `offset' */
get_squashfs_size(fec_handle * f,uint64_t * offset)227 static int get_squashfs_size(fec_handle *f, uint64_t *offset)
228 {
229     check(f);
230     check(offset);
231 
232     size_t sb_size = squashfs_get_sb_size();
233     check(sb_size <= SSIZE_MAX);
234 
235     uint8_t buffer[sb_size];
236 
237     if (fec_pread(f, buffer, sizeof(buffer), 0) != (ssize_t)sb_size) {
238         error("failed to read superblock: %s", strerror(errno));
239         return -1;
240     }
241 
242     squashfs_info sq;
243 
244     if (squashfs_parse_sb_buffer(buffer, &sq) < 0) {
245         error("failed to parse superblock: %s", strerror(errno));
246         return -1;
247     }
248 
249     *offset = sq.bytes_used_4K_padded;
250     return 0;
251 }
252 
253 /* reads the ext4 superblock and returns the size of the file system in
254    `offset' */
get_ext4_size(fec_handle * f,uint64_t * offset)255 static int get_ext4_size(fec_handle *f, uint64_t *offset)
256 {
257     check(f);
258     check(f->size > 1024 + sizeof(ext4_super_block));
259     check(offset);
260 
261     ext4_super_block sb;
262 
263     if (fec_pread(f, &sb, sizeof(sb), 1024) != sizeof(sb)) {
264         error("failed to read superblock: %s", strerror(errno));
265         return -1;
266     }
267 
268     fs_info info;
269     info.len = 0;  /* only len is set to 0 to ask the device for real size. */
270 
271     if (ext4_parse_sb(&sb, &info) != 0) {
272         errno = EINVAL;
273         return -1;
274     }
275 
276     *offset = info.len;
277     return 0;
278 }
279 
280 /* attempts to determine file system size, if no fs type is specified in
281    `f->flags', tries all supported types, and returns the size in `offset' */
get_fs_size(fec_handle * f,uint64_t * offset)282 static int get_fs_size(fec_handle *f, uint64_t *offset)
283 {
284     check(f);
285     check(offset);
286 
287     if (f->flags & FEC_FS_EXT4) {
288         return get_ext4_size(f, offset);
289     } else if (f->flags & FEC_FS_SQUASH) {
290         return get_squashfs_size(f, offset);
291     } else {
292         /* try all alternatives */
293         int rc = get_ext4_size(f, offset);
294 
295         if (rc == 0) {
296             debug("found ext4fs");
297             return rc;
298         }
299 
300         rc = get_squashfs_size(f, offset);
301 
302         if (rc == 0) {
303             debug("found squashfs");
304         }
305 
306         return rc;
307     }
308 }
309 
310 /* locates, validates, and loads verity metadata from `f->fd' */
load_verity(fec_handle * f)311 static int load_verity(fec_handle *f)
312 {
313     check(f);
314     debug("size = %" PRIu64 ", flags = %d", f->data_size, f->flags);
315 
316     uint64_t offset = f->data_size - VERITY_METADATA_SIZE;
317 
318     /* verity header is at the end of the data area */
319     if (verity_parse_header(f, offset) == 0) {
320         debug("found at %" PRIu64 " (start %" PRIu64 ")", offset,
321             f->verity.hash_start);
322         return 0;
323     }
324 
325     debug("trying legacy formats");
326 
327     /* legacy format at the end of the partition */
328     if (find_verity_offset(f, &offset) == 0 &&
329             verity_parse_header(f, offset) == 0) {
330         debug("found at %" PRIu64 " (start %" PRIu64 ")", offset,
331             f->verity.hash_start);
332         return 0;
333     }
334 
335     /* legacy format after the file system, but not at the end */
336     int rc = get_fs_size(f, &offset);
337 
338     if (rc == 0) {
339         debug("file system size = %" PRIu64, offset);
340         rc = verity_parse_header(f, offset);
341 
342         if (rc == 0) {
343             debug("found at %" PRIu64 " (start %" PRIu64 ")", offset,
344                 f->verity.hash_start);
345         }
346     }
347 
348     return rc;
349 }
350 
351 /* locates, validates, and loads ecc data from `f->fd' */
load_ecc(fec_handle * f)352 static int load_ecc(fec_handle *f)
353 {
354     check(f);
355     debug("size = %" PRIu64, f->data_size);
356 
357     uint64_t offset = f->data_size - FEC_BLOCKSIZE;
358 
359     if (parse_ecc(f, offset) == 0) {
360         debug("found at %" PRIu64 " (start %" PRIu64 ")", offset,
361             f->ecc.start);
362         return 0;
363     }
364 
365     return -1;
366 }
367 
368 /* sets `f->size' to the size of the file or block device */
get_size(fec_handle * f)369 static int get_size(fec_handle *f)
370 {
371     check(f);
372 
373     struct stat st;
374 
375     if (fstat(f->fd, &st) == -1) {
376         error("fstat failed: %s", strerror(errno));
377         return -1;
378     }
379 
380     if (S_ISBLK(st.st_mode)) {
381         debug("block device");
382 
383         if (ioctl(f->fd, BLKGETSIZE64, &f->size) == -1) {
384             error("ioctl failed: %s", strerror(errno));
385             return -1;
386         }
387     } else if (S_ISREG(st.st_mode)) {
388         debug("file");
389         f->size = st.st_size;
390     } else {
391         error("unsupported type %d", (int)st.st_mode);
392         errno = EACCES;
393         return -1;
394     }
395 
396     return 0;
397 }
398 
399 /* clears fec_handle fiels to safe values */
reset_handle(fec_handle * f)400 static void reset_handle(fec_handle *f)
401 {
402     f->fd = -1;
403     f->flags = 0;
404     f->mode = 0;
405     f->errors = 0;
406     f->data_size = 0;
407     f->pos = 0;
408     f->size = 0;
409 
410     memset(&f->ecc, 0, sizeof(f->ecc));
411     memset(&f->verity, 0, sizeof(f->verity));
412 }
413 
414 /* closes and flushes `f->fd' and releases any memory allocated for `f' */
fec_close(struct fec_handle * f)415 int fec_close(struct fec_handle *f)
416 {
417     check(f);
418 
419     if (f->fd != -1) {
420         if (f->mode & O_RDWR && fdatasync(f->fd) == -1) {
421             warn("fdatasync failed: %s", strerror(errno));
422         }
423 
424         TEMP_FAILURE_RETRY(close(f->fd));
425     }
426 
427     if (f->verity.hash) {
428         delete[] f->verity.hash;
429     }
430     if (f->verity.salt) {
431         delete[] f->verity.salt;
432     }
433     if (f->verity.table) {
434         delete[] f->verity.table;
435     }
436 
437     pthread_mutex_destroy(&f->mutex);
438 
439     reset_handle(f);
440     delete f;
441 
442     return 0;
443 }
444 
445 /* populates `data' from the internal data in `f', returns a value <0 if verity
446    metadata is not available in `f->fd' */
fec_verity_get_metadata(struct fec_handle * f,struct fec_verity_metadata * data)447 int fec_verity_get_metadata(struct fec_handle *f, struct fec_verity_metadata *data)
448 {
449     check(f);
450     check(data);
451 
452     if (!f->verity.metadata_start) {
453         return -1;
454     }
455 
456     check(f->data_size < f->size);
457     check(f->data_size <= f->verity.hash_start);
458     check(f->data_size <= f->verity.metadata_start);
459     check(f->verity.table);
460 
461     data->disabled = f->verity.disabled;
462     data->data_size = f->data_size;
463     memcpy(data->signature, f->verity.header.signature,
464         sizeof(data->signature));
465     memcpy(data->ecc_signature, f->verity.ecc_header.signature,
466         sizeof(data->ecc_signature));
467     data->table = f->verity.table;
468     data->table_length = f->verity.header.length;
469 
470     return 0;
471 }
472 
473 /* populates `data' from the internal data in `f', returns a value <0 if ecc
474    metadata is not available in `f->fd' */
fec_ecc_get_metadata(struct fec_handle * f,struct fec_ecc_metadata * data)475 int fec_ecc_get_metadata(struct fec_handle *f, struct fec_ecc_metadata *data)
476 {
477     check(f);
478     check(data);
479 
480     if (!f->ecc.start) {
481         return -1;
482     }
483 
484     check(f->data_size < f->size);
485     check(f->ecc.start >= f->data_size);
486     check(f->ecc.start < f->size);
487     check(f->ecc.start % FEC_BLOCKSIZE == 0)
488 
489     data->valid = f->ecc.valid;
490     data->roots = f->ecc.roots;
491     data->blocks = f->ecc.blocks;
492     data->rounds = f->ecc.rounds;
493     data->start = f->ecc.start;
494 
495     return 0;
496 }
497 
498 /* populates `data' from the internal status in `f' */
fec_get_status(struct fec_handle * f,struct fec_status * s)499 int fec_get_status(struct fec_handle *f, struct fec_status *s)
500 {
501     check(f);
502     check(s);
503 
504     s->flags = f->flags;
505     s->mode = f->mode;
506     s->errors = f->errors;
507     s->data_size = f->data_size;
508     s->size = f->size;
509 
510     return 0;
511 }
512 
513 /* opens `path' using given options and returns a fec_handle in `handle' if
514    successful */
fec_open(struct fec_handle ** handle,const char * path,int mode,int flags,int roots)515 int fec_open(struct fec_handle **handle, const char *path, int mode, int flags,
516         int roots)
517 {
518     check(path);
519     check(handle);
520     check(roots > 0 && roots < FEC_RSM);
521 
522     debug("path = %s, mode = %d, flags = %d, roots = %d", path, mode, flags,
523         roots);
524 
525     if (mode & (O_CREAT | O_TRUNC | O_EXCL | O_WRONLY)) {
526         /* only reading and updating existing files is supported */
527         error("failed to open '%s': (unsupported mode %d)", path, mode);
528         errno = EACCES;
529         return -1;
530     }
531 
532     fec::handle f(new (std::nothrow) fec_handle, fec_close);
533 
534     if (unlikely(!f)) {
535         error("failed to allocate file handle");
536         errno = ENOMEM;
537         return -1;
538     }
539 
540     reset_handle(f.get());
541 
542     f->mode = mode;
543     f->ecc.roots = roots;
544     f->ecc.rsn = FEC_RSM - roots;
545     f->flags = flags;
546 
547     if (unlikely(pthread_mutex_init(&f->mutex, NULL) != 0)) {
548         error("failed to create a mutex: %s", strerror(errno));
549         return -1;
550     }
551 
552     f->fd = TEMP_FAILURE_RETRY(open(path, mode | O_CLOEXEC));
553 
554     if (f->fd == -1) {
555         error("failed to open '%s': %s", path, strerror(errno));
556         return -1;
557     }
558 
559     if (get_size(f.get()) == -1) {
560         error("failed to get size for '%s': %s", path, strerror(errno));
561         return -1;
562     }
563 
564     f->data_size = f->size; /* until ecc and/or verity are loaded */
565 
566     if (load_ecc(f.get()) == -1) {
567         debug("error-correcting codes not found from '%s'", path);
568     }
569 
570     if (load_verity(f.get()) == -1) {
571         debug("verity metadata not found from '%s'", path);
572     }
573 
574     *handle = f.release();
575     return 0;
576 }
577