• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <ctype.h>
18 #include <stdlib.h>
19 #include <android-base/strings.h>
20 #include "fec_private.h"
21 
22 /* converts a hex nibble into an int */
hextobin(char c)23 static inline int hextobin(char c)
24 {
25     if (c >= '0' && c <= '9') {
26         return c - '0';
27     } else if (c >= 'a' && c <= 'f') {
28         return c - 'a' + 10;
29     } else {
30         errno = EINVAL;
31         return -1;
32     }
33 }
34 
35 /* converts a hex string `src' of `size' characters to binary and copies the
36    the result into `dst' */
parse_hex(uint8_t * dst,uint32_t size,const char * src)37 static int parse_hex(uint8_t *dst, uint32_t size, const char *src)
38 {
39     int l, h;
40 
41     check(dst);
42     check(src);
43     check(2 * size == strlen(src));
44 
45     while (size) {
46         h = hextobin(tolower(*src++));
47         l = hextobin(tolower(*src++));
48 
49         check(l >= 0);
50         check(h >= 0);
51 
52         *dst++ = (h << 4) | l;
53         --size;
54     }
55 
56     return 0;
57 }
58 
59 /* parses a 64-bit unsigned integer from string `src' into `dst' and if
60    `maxval' is >0, checks that `dst' <= `maxval' */
parse_uint64(const char * src,uint64_t maxval,uint64_t * dst)61 static int parse_uint64(const char *src, uint64_t maxval, uint64_t *dst)
62 {
63     char *end;
64     unsigned long long int value;
65 
66     check(src);
67     check(dst);
68 
69     errno = 0;
70     value = strtoull(src, &end, 0);
71 
72     if (*src == '\0' || *end != '\0' ||
73             (errno == ERANGE && value == ULLONG_MAX)) {
74         errno = EINVAL;
75         return -1;
76     }
77 
78     if (maxval && value > maxval) {
79         errno = EINVAL;
80         return -1;
81     }
82 
83    *dst = (uint64_t)value;
84     return 0;
85 }
86 
87 /* computes the size of verity hash tree for `file_size' bytes and returns the
88    number of hash tree levels in `verity_levels,' and the number of hashes per
89    level in `level_hashes', if the parameters are non-NULL */
verity_get_size(uint64_t file_size,uint32_t * verity_levels,uint32_t * level_hashes)90 uint64_t verity_get_size(uint64_t file_size, uint32_t *verity_levels,
91         uint32_t *level_hashes)
92 {
93     /* we assume a known metadata size, 4 KiB block size, and SHA-256 to avoid
94        relying on disk content */
95 
96     uint32_t level = 0;
97     uint64_t total = 0;
98     uint64_t hashes = file_size / FEC_BLOCKSIZE;
99 
100     do {
101         if (level_hashes) {
102             level_hashes[level] = hashes;
103         }
104 
105         hashes = fec_div_round_up(hashes * SHA256_DIGEST_LENGTH, FEC_BLOCKSIZE);
106         total += hashes;
107 
108         ++level;
109     } while (hashes > 1);
110 
111     if (verity_levels) {
112         *verity_levels = level;
113     }
114 
115     return total * FEC_BLOCKSIZE;
116 }
117 
118 /* computes a SHA-256 salted with `f->verity.salt' from a FEC_BLOCKSIZE byte
119    buffer `block', and copies the hash to `hash' */
verity_hash(fec_handle * f,const uint8_t * block,uint8_t * hash)120 static inline int verity_hash(fec_handle *f, const uint8_t *block,
121         uint8_t *hash)
122 {
123     SHA256_CTX ctx;
124     SHA256_Init(&ctx);
125 
126     check(f);
127     check(f->verity.salt);
128     SHA256_Update(&ctx, f->verity.salt, f->verity.salt_size);
129 
130     check(block);
131     SHA256_Update(&ctx, block, FEC_BLOCKSIZE);
132 
133     check(hash);
134     SHA256_Final(hash, &ctx);
135     return 0;
136 }
137 
138 /* computes a verity hash for FEC_BLOCKSIZE bytes from buffer `block' and
139    compares it to the expected value in `expected' */
verity_check_block(fec_handle * f,const uint8_t * expected,const uint8_t * block)140 bool verity_check_block(fec_handle *f, const uint8_t *expected,
141         const uint8_t *block)
142 {
143     check(f);
144     check(block);
145 
146     uint8_t hash[SHA256_DIGEST_LENGTH];
147 
148     if (unlikely(verity_hash(f, block, hash) == -1)) {
149         error("failed to hash");
150         return false;
151     }
152 
153     check(expected);
154     return !memcmp(expected, hash, SHA256_DIGEST_LENGTH);
155 }
156 
157 /* reads a verity hash and the corresponding data block using error correction,
158    if available */
ecc_read_hashes(fec_handle * f,uint64_t hash_offset,uint8_t * hash,uint64_t data_offset,uint8_t * data)159 static bool ecc_read_hashes(fec_handle *f, uint64_t hash_offset,
160         uint8_t *hash, uint64_t data_offset, uint8_t *data)
161 {
162     check(f);
163 
164     if (hash && fec_pread(f, hash, SHA256_DIGEST_LENGTH, hash_offset) !=
165                     SHA256_DIGEST_LENGTH) {
166         error("failed to read hash tree: offset %" PRIu64 ": %s", hash_offset,
167             strerror(errno));
168         return false;
169     }
170 
171     check(data);
172 
173     if (fec_pread(f, data, FEC_BLOCKSIZE, data_offset) != FEC_BLOCKSIZE) {
174         error("failed to read hash tree: data_offset %" PRIu64 ": %s",
175             data_offset, strerror(errno));
176         return false;
177     }
178 
179     return true;
180 }
181 
182 /* reads the verity hash tree, validates it against the root hash in `root',
183    corrects errors if necessary, and copies valid data blocks for later use
184    to `f->verity.hash' */
verify_tree(fec_handle * f,const uint8_t * root)185 static int verify_tree(fec_handle *f, const uint8_t *root)
186 {
187     uint8_t data[FEC_BLOCKSIZE];
188     uint8_t hash[SHA256_DIGEST_LENGTH];
189 
190     check(f);
191     check(root);
192 
193     verity_info *v = &f->verity;
194     uint32_t levels = 0;
195 
196     /* calculate the size and the number of levels in the hash tree */
197     v->hash_size =
198         verity_get_size(v->data_blocks * FEC_BLOCKSIZE, &levels, NULL);
199 
200     check(v->hash_start < UINT64_MAX - v->hash_size);
201     check(v->hash_start + v->hash_size <= f->data_size);
202 
203     uint64_t hash_offset = v->hash_start;
204     uint64_t data_offset = hash_offset + FEC_BLOCKSIZE;
205 
206     v->hash_data_offset = data_offset;
207 
208     /* validate the root hash */
209     if (!raw_pread(f, data, FEC_BLOCKSIZE, hash_offset) ||
210             !verity_check_block(f, root, data)) {
211         /* try to correct */
212         if (!ecc_read_hashes(f, 0, NULL, hash_offset, data) ||
213                 !verity_check_block(f, root, data)) {
214             error("root hash invalid");
215             return -1;
216         } else if (f->mode & O_RDWR &&
217                     !raw_pwrite(f, data, FEC_BLOCKSIZE, hash_offset)) {
218             error("failed to rewrite the root block: %s", strerror(errno));
219             return -1;
220         }
221     }
222 
223     debug("root hash valid");
224 
225     /* calculate the number of hashes on each level */
226     uint32_t hashes[levels];
227 
228     verity_get_size(v->data_blocks * FEC_BLOCKSIZE, NULL, hashes);
229 
230     /* calculate the size and offset for the data hashes */
231     for (uint32_t i = 1; i < levels; ++i) {
232         uint32_t blocks = hashes[levels - i];
233         debug("%u hash blocks on level %u", blocks, levels - i);
234 
235         v->hash_data_offset = data_offset;
236         v->hash_data_blocks = blocks;
237 
238         data_offset += blocks * FEC_BLOCKSIZE;
239     }
240 
241     check(v->hash_data_blocks);
242     check(v->hash_data_blocks <= v->hash_size / FEC_BLOCKSIZE);
243 
244     check(v->hash_data_offset);
245     check(v->hash_data_offset <=
246         UINT64_MAX - (v->hash_data_blocks * FEC_BLOCKSIZE));
247     check(v->hash_data_offset < f->data_size);
248     check(v->hash_data_offset + v->hash_data_blocks * FEC_BLOCKSIZE <=
249         f->data_size);
250 
251     /* copy data hashes to memory in case they are corrupted, so we don't
252        have to correct them every time they are needed */
253     std::unique_ptr<uint8_t[]> data_hashes(
254        new (std::nothrow) uint8_t[f->verity.hash_data_blocks * FEC_BLOCKSIZE]);
255 
256     if (!data_hashes) {
257         errno = ENOMEM;
258         return -1;
259     }
260 
261     /* validate the rest of the hash tree */
262     data_offset = hash_offset + FEC_BLOCKSIZE;
263 
264     for (uint32_t i = 1; i < levels; ++i) {
265         uint32_t blocks = hashes[levels - i];
266 
267         for (uint32_t j = 0; j < blocks; ++j) {
268             /* ecc reads are very I/O intensive, so read raw hash tree and do
269                error correcting only if it doesn't validate */
270             if (!raw_pread(f, hash, SHA256_DIGEST_LENGTH,
271                     hash_offset + j * SHA256_DIGEST_LENGTH) ||
272                 !raw_pread(f, data, FEC_BLOCKSIZE,
273                     data_offset + j * FEC_BLOCKSIZE)) {
274                 error("failed to read hashes: %s", strerror(errno));
275                 return -1;
276             }
277 
278             if (!verity_check_block(f, hash, data)) {
279                 /* try to correct */
280                 if (!ecc_read_hashes(f,
281                         hash_offset + j * SHA256_DIGEST_LENGTH, hash,
282                         data_offset + j * FEC_BLOCKSIZE, data) ||
283                     !verity_check_block(f, hash, data)) {
284                     error("invalid hash tree: hash_offset %" PRIu64 ", "
285                         "data_offset %" PRIu64 ", block %u",
286                         hash_offset, data_offset, j);
287                     return -1;
288                 }
289 
290                 /* update the corrected blocks to the file if we are in r/w
291                    mode */
292                 if (f->mode & O_RDWR) {
293                     if (!raw_pwrite(f, hash, SHA256_DIGEST_LENGTH,
294                             hash_offset + j * SHA256_DIGEST_LENGTH) ||
295                         !raw_pwrite(f, data, FEC_BLOCKSIZE,
296                             data_offset + j * FEC_BLOCKSIZE)) {
297                         error("failed to write hashes: %s", strerror(errno));
298                         return -1;
299                     }
300                 }
301             }
302 
303             if (blocks == v->hash_data_blocks) {
304                 memcpy(data_hashes.get() + j * FEC_BLOCKSIZE, data,
305                     FEC_BLOCKSIZE);
306             }
307         }
308 
309         hash_offset = data_offset;
310         data_offset += blocks * FEC_BLOCKSIZE;
311     }
312 
313     debug("valid");
314 
315     v->hash = data_hashes.release();
316     return 0;
317 }
318 
319 /* reads, corrects and parses the verity table, validates parameters, and if
320    `f->flags' does not have `FEC_VERITY_DISABLE' set, calls `verify_tree' to
321    load and validate the hash tree */
parse_table(fec_handle * f,uint64_t offset,uint32_t size)322 static int parse_table(fec_handle *f, uint64_t offset, uint32_t size)
323 {
324     check(f);
325     check(size >= VERITY_MIN_TABLE_SIZE);
326     check(size <= VERITY_MAX_TABLE_SIZE);
327 
328     debug("offset = %" PRIu64 ", size = %u", offset, size);
329 
330     verity_info *v = &f->verity;
331     std::unique_ptr<char[]> table(new (std::nothrow) char[size + 1]);
332 
333     if (!table) {
334         errno = ENOMEM;
335         return -1;
336     }
337 
338     if (fec_pread(f, table.get(), size, offset) != (ssize_t)size) {
339         error("failed to read verity table: %s", strerror(errno));
340         return -1;
341     }
342 
343     table[size] = '\0';
344     debug("verity table: '%s'", table.get());
345 
346     int i = 0;
347     std::unique_ptr<uint8_t[]> salt;
348     uint8_t root[SHA256_DIGEST_LENGTH];
349 
350     auto tokens = android::base::Split(table.get(), " ");
351 
352     for (const auto token : tokens) {
353         switch (i++) {
354         case 0: /* version */
355             if (token != stringify(VERITY_TABLE_VERSION)) {
356                 error("unsupported verity table version: %s", token.c_str());
357                 return -1;
358             }
359             break;
360         case 3: /* data_block_size */
361         case 4: /* hash_block_size */
362             /* assume 4 KiB block sizes for everything */
363             if (token != stringify(FEC_BLOCKSIZE)) {
364                 error("unsupported verity block size: %s", token.c_str());
365                 return -1;
366             }
367             break;
368         case 5: /* num_data_blocks */
369             if (parse_uint64(token.c_str(), f->data_size / FEC_BLOCKSIZE,
370                     &v->data_blocks) == -1) {
371                 error("invalid number of verity data blocks: %s",
372                     token.c_str());
373                 return -1;
374             }
375             break;
376         case 6: /* hash_start_block */
377             if (parse_uint64(token.c_str(), f->data_size / FEC_BLOCKSIZE,
378                     &v->hash_start) == -1) {
379                 error("invalid verity hash start block: %s", token.c_str());
380                 return -1;
381             }
382 
383             v->hash_start *= FEC_BLOCKSIZE;
384             break;
385         case 7: /* algorithm */
386             if (token != "sha256") {
387                 error("unsupported verity hash algorithm: %s", token.c_str());
388                 return -1;
389             }
390             break;
391         case 8: /* digest */
392             if (parse_hex(root, sizeof(root), token.c_str()) == -1) {
393                 error("invalid verity root hash: %s", token.c_str());
394                 return -1;
395             }
396             break;
397         case 9: /* salt */
398             v->salt_size = token.size();
399             check(v->salt_size % 2 == 0);
400             v->salt_size /= 2;
401 
402             salt.reset(new (std::nothrow) uint8_t[v->salt_size]);
403 
404             if (!salt) {
405                 errno = ENOMEM;
406                 return -1;
407             }
408 
409             if (parse_hex(salt.get(), v->salt_size, token.c_str()) == -1) {
410                 error("invalid verity salt: %s", token.c_str());
411                 return -1;
412             }
413             break;
414         default:
415             break;
416         }
417     }
418 
419     if (i < VERITY_TABLE_ARGS) {
420         error("not enough arguments in verity table: %d; expected at least "
421             stringify(VERITY_TABLE_ARGS), i);
422         return -1;
423     }
424 
425     check(v->hash_start < f->data_size);
426 
427     if (v->metadata_start < v->hash_start) {
428         check(v->data_blocks == v->metadata_start / FEC_BLOCKSIZE);
429     } else {
430         check(v->data_blocks == v->hash_start / FEC_BLOCKSIZE);
431     }
432 
433     v->salt = salt.release();
434     v->table = table.release();
435 
436     if (!(f->flags & FEC_VERITY_DISABLE)) {
437         if (verify_tree(f, root) == -1) {
438             return -1;
439         }
440 
441         check(v->hash);
442 
443         uint8_t zero_block[FEC_BLOCKSIZE];
444         memset(zero_block, 0, FEC_BLOCKSIZE);
445 
446         if (verity_hash(f, zero_block, v->zero_hash) == -1) {
447             error("failed to hash");
448             return -1;
449         }
450     }
451 
452     return 0;
453 }
454 
455 /* rewrites verity metadata block using error corrected data in `f->verity' */
rewrite_metadata(fec_handle * f,uint64_t offset)456 static int rewrite_metadata(fec_handle *f, uint64_t offset)
457 {
458     check(f);
459     check(f->data_size > VERITY_METADATA_SIZE);
460     check(offset <= f->data_size - VERITY_METADATA_SIZE);
461 
462     std::unique_ptr<uint8_t[]> metadata(
463         new (std::nothrow) uint8_t[VERITY_METADATA_SIZE]);
464 
465     if (!metadata) {
466         errno = ENOMEM;
467         return -1;
468     }
469 
470     memset(metadata.get(), 0, VERITY_METADATA_SIZE);
471 
472     verity_info *v = &f->verity;
473     memcpy(metadata.get(), &v->header, sizeof(v->header));
474 
475     check(v->table);
476     size_t len = strlen(v->table);
477 
478     check(sizeof(v->header) + len <= VERITY_METADATA_SIZE);
479     memcpy(metadata.get() + sizeof(v->header), v->table, len);
480 
481     return raw_pwrite(f, metadata.get(), VERITY_METADATA_SIZE, offset);
482 }
483 
validate_header(const fec_handle * f,const verity_header * header,uint64_t offset)484 static int validate_header(const fec_handle *f, const verity_header *header,
485         uint64_t offset)
486 {
487     check(f);
488     check(header);
489 
490     if (header->magic != VERITY_MAGIC &&
491         header->magic != VERITY_MAGIC_DISABLE) {
492         return -1;
493     }
494 
495     if (header->version != VERITY_VERSION) {
496         error("unsupported verity version %u", header->version);
497         return -1;
498     }
499 
500     if (header->length < VERITY_MIN_TABLE_SIZE ||
501         header->length > VERITY_MAX_TABLE_SIZE) {
502         error("invalid verity table size: %u; expected ["
503             stringify(VERITY_MIN_TABLE_SIZE) ", "
504             stringify(VERITY_MAX_TABLE_SIZE) ")", header->length);
505         return -1;
506     }
507 
508     /* signature is skipped, because for our purposes it won't matter from
509        where the data originates; the caller of the library is responsible
510        for signature verification */
511 
512     if (offset > UINT64_MAX - header->length) {
513         error("invalid verity table length: %u", header->length);
514         return -1;
515     } else if (offset + header->length >= f->data_size) {
516         error("invalid verity table length: %u", header->length);
517         return -1;
518     }
519 
520     return 0;
521 }
522 
523 /* attempts to read verity metadata from `f->fd' position `offset'; if in r/w
524    mode, rewrites the metadata if it had errors */
verity_parse_header(fec_handle * f,uint64_t offset)525 int verity_parse_header(fec_handle *f, uint64_t offset)
526 {
527     check(f);
528     check(f->data_size > VERITY_METADATA_SIZE);
529 
530     if (offset > f->data_size - VERITY_METADATA_SIZE) {
531         debug("failed to read verity header: offset %" PRIu64 " is too far",
532             offset);
533         return -1;
534     }
535 
536     verity_info *v = &f->verity;
537     uint64_t errors = f->errors;
538 
539     if (!raw_pread(f, &v->header, sizeof(v->header), offset)) {
540         error("failed to read verity header: %s", strerror(errno));
541         return -1;
542     }
543 
544     /* use raw data to check for the alternative magic, because it will
545        be error corrected to VERITY_MAGIC otherwise */
546     if (v->header.magic == VERITY_MAGIC_DISABLE) {
547         /* this value is not used by us, but can be used by a caller to
548            decide whether dm-verity should be enabled */
549         v->disabled = true;
550     }
551 
552     if (fec_pread(f, &v->ecc_header, sizeof(v->ecc_header), offset) !=
553             sizeof(v->ecc_header)) {
554         warn("failed to read verity header: %s", strerror(errno));
555         return -1;
556     }
557 
558     if (validate_header(f, &v->header, offset)) {
559         /* raw verity header is invalid; this could be due to corruption, or
560            due to missing verity metadata */
561 
562         if (validate_header(f, &v->ecc_header, offset)) {
563             return -1; /* either way, we cannot recover */
564         }
565 
566         /* report mismatching fields */
567         if (!v->disabled && v->header.magic != v->ecc_header.magic) {
568             warn("corrected verity header magic");
569             v->header.magic = v->ecc_header.magic;
570         }
571 
572         if (v->header.version != v->ecc_header.version) {
573             warn("corrected verity header version");
574             v->header.version = v->ecc_header.version;
575         }
576 
577         if (v->header.length != v->ecc_header.length) {
578             warn("corrected verity header length");
579             v->header.length = v->ecc_header.length;
580         }
581 
582         if (memcmp(v->header.signature, v->ecc_header.signature,
583                 sizeof(v->header.signature))) {
584             warn("corrected verity header signature");
585             /* we have no way of knowing which signature is correct, if either
586                of them is */
587         }
588     }
589 
590     v->metadata_start = offset;
591 
592     if (parse_table(f, offset + sizeof(v->header), v->header.length) == -1) {
593         return -1;
594     }
595 
596     /* if we corrected something while parsing metadata and we are in r/w
597        mode, rewrite the corrected metadata */
598     if (f->mode & O_RDWR && f->errors > errors &&
599             rewrite_metadata(f, offset) < 0) {
600         warn("failed to rewrite verity metadata: %s", strerror(errno));
601     }
602 
603     if (v->metadata_start < v->hash_start) {
604         f->data_size = v->metadata_start;
605     } else {
606         f->data_size = v->hash_start;
607     }
608 
609     return 0;
610 }
611 
fec_verity_set_status(struct fec_handle * f,bool enabled)612 int fec_verity_set_status(struct fec_handle *f, bool enabled)
613 {
614     check(f);
615 
616     if (!(f->mode & O_RDWR)) {
617         error("cannot update verity magic: read-only handle");
618         errno = EBADF;
619         return -1;
620     }
621 
622     verity_info *v = &f->verity;
623 
624     if (!v->metadata_start) {
625         error("cannot update verity magic: no metadata found");
626         errno = EINVAL;
627         return -1;
628     }
629 
630     if (v->disabled == !enabled) {
631         return 0; /* nothing to do */
632     }
633 
634     uint32_t magic = enabled ? VERITY_MAGIC : VERITY_MAGIC_DISABLE;
635 
636     if (!raw_pwrite(f, &magic, sizeof(magic), v->metadata_start)) {
637         error("failed to update verity magic to %08x: %s", magic,
638             strerror(errno));
639         return -1;
640     }
641 
642     warn("updated verity magic to %08x (%s)", magic,
643         enabled ? "enabled" : "disabled");
644     v->disabled = !enabled;
645 
646     return 0;
647 }
648