1 /*
2 * Copyright (c) 2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <linux/fsverity.h>
17
18 #include "code_sign_helper.h"
19 #include "constants.h"
20 #include "file_helper.h"
21 #include "log.h"
22
23 namespace OHOS {
24 namespace Security {
25 namespace CodeSign {
ParseCodeSignBlock(const std::string & realPath,const EntryMap & entryMap,FileType fileType)26 int32_t CodeSignHelper::ParseCodeSignBlock(const std::string &realPath,
27 const EntryMap &entryMap, FileType fileType)
28 {
29 return codeSignBlock_.ParseCodeSignBlock(realPath, entryMap, fileType);
30 }
31
ProcessMultiTask(const std::string & ownerId,const std::string & path,CallbackFunc & func)32 int32_t CodeSignHelper::ProcessMultiTask(const std::string &ownerId, const std::string &path, CallbackFunc &func)
33 {
34 int32_t ret;
35 do {
36 ret = ProcessOneFile();
37 if (ret == CS_SUCCESS_END) {
38 ret = CS_SUCCESS;
39 break;
40 } else if (ret != CS_SUCCESS) {
41 return ret;
42 }
43 } while (ret == CS_SUCCESS);
44 return ExecuteMultiTask(ownerId, path, func);
45 }
46
ProcessOneFile()47 int32_t CodeSignHelper::ProcessOneFile()
48 {
49 std::string targetFile;
50 struct code_sign_enable_arg arg = {0};
51 int32_t ret = codeSignBlock_.GetOneFileAndCodeSignInfo(targetFile, arg);
52 if (ret != CS_SUCCESS) {
53 return ret;
54 }
55 ShowCodeSignInfo(targetFile, arg);
56 if (!CheckFilePathValid(targetFile, Constants::ENABLE_APP_BASE_PATH)) {
57 return CS_ERR_FILE_PATH;
58 }
59 ret = CodeSignUtils::IsSupportFsVerity(targetFile);
60 if (ret != CS_SUCCESS) {
61 return ret;
62 }
63 multiTask_.AddTaskData(targetFile, arg);
64 return ret;
65 }
66
ExecuteMultiTask(const std::string & ownerId,const std::string & path,CallbackFunc & func)67 int32_t CodeSignHelper::ExecuteMultiTask(const std::string &ownerId,
68 const std::string &path, CallbackFunc &func)
69 {
70 return multiTask_.ExecuteEnableCodeSignTask(ownerId, path, func);
71 }
72
ShowCodeSignInfo(const std::string & path,const struct code_sign_enable_arg & arg)73 void CodeSignHelper::ShowCodeSignInfo(const std::string &path, const struct code_sign_enable_arg &arg)
74 {
75 uint8_t *salt = reinterpret_cast<uint8_t *>(arg.salt_ptr);
76 uint8_t rootHash[64] = {0};
77 uint8_t *rootHashPtr = rootHash;
78 if (arg.flags & CodeSignBlock::CSB_SIGN_INFO_MERKLE_TREE
79 && reinterpret_cast<uint8_t *>(arg.root_hash_ptr) != nullptr) {
80 rootHashPtr = reinterpret_cast<uint8_t *>(arg.root_hash_ptr);
81 }
82
83 LOG_DEBUG("{ "
84 "file:%{public}s version:%{public}d hash_algorithm:%{public}d block_size:%{public}d sig_size:%{public}d "
85 "data_size:%{public}lld salt_size:%{public}d salt:[%{public}d, ..., %{public}d, ..., %{public}d] "
86 "flags:%{public}d tree_offset:%{public}lld root_hash:[%{public}d, %{public}d, %{public}d, ..., %{public}d, "
87 "..., %{public}d] }",
88 path.c_str(), arg.cs_version, arg.hash_algorithm, arg.block_size, arg.sig_size,
89 arg.data_size, arg.salt_size, salt[0], salt[16], salt[31], arg.flags, arg.tree_offset, // 16, 31 data index
90 rootHashPtr[0], rootHashPtr[1], rootHashPtr[2], rootHashPtr[32], rootHashPtr[63]); // 2, 32, 63 data index
91 }
92 }
93 }
94 }