//
// Copyright (C) 2018 The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
#include "update_engine/payload_generator/payload_generation_config.h"
#include <base/logging.h>
#include <base/strings/string_number_conversions.h>
#include <base/strings/string_split.h>
#include <brillo/secure_blob.h>
#include <fec/io.h>
#include <libavb/libavb.h>
#include <verity/hash_tree_builder.h>
#include "update_engine/common/utils.h"
#include "update_engine/payload_consumer/verity_writer_android.h"
#include "update_engine/payload_generator/extent_ranges.h"
namespace chromeos_update_engine {
namespace {
bool AvbDescriptorCallback(const AvbDescriptor* descriptor, void* user_data) {
PartitionConfig* part = static_cast<PartitionConfig*>(user_data);
AvbDescriptor desc;
TEST_AND_RETURN_FALSE(
avb_descriptor_validate_and_byteswap(descriptor, &desc));
if (desc.tag != AVB_DESCRIPTOR_TAG_HASHTREE)
return true;
AvbHashtreeDescriptor hashtree;
TEST_AND_RETURN_FALSE(avb_hashtree_descriptor_validate_and_byteswap(
reinterpret_cast<const AvbHashtreeDescriptor*>(descriptor), &hashtree));
// We only support version 1 right now, will need to introduce a new
// payload minor version to support new dm verity version.
TEST_AND_RETURN_FALSE(hashtree.dm_verity_version == 1);
part->verity.hash_tree_algorithm =
reinterpret_cast<const char*>(hashtree.hash_algorithm);
const uint8_t* salt = reinterpret_cast<const uint8_t*>(descriptor) +
sizeof(AvbHashtreeDescriptor) +
hashtree.partition_name_len;
part->verity.hash_tree_salt.assign(salt, salt + hashtree.salt_len);
TEST_AND_RETURN_FALSE(hashtree.data_block_size ==
part->fs_interface->GetBlockSize());
part->verity.hash_tree_data_extent =
ExtentForBytes(hashtree.data_block_size, 0, hashtree.image_size);
TEST_AND_RETURN_FALSE(hashtree.hash_block_size ==
part->fs_interface->GetBlockSize());
part->verity.hash_tree_extent = ExtentForBytes(
hashtree.hash_block_size, hashtree.tree_offset, hashtree.tree_size);
part->verity.fec_data_extent =
ExtentForBytes(hashtree.data_block_size, 0, hashtree.fec_offset);
part->verity.fec_extent = ExtentForBytes(
hashtree.data_block_size, hashtree.fec_offset, hashtree.fec_size);
part->verity.fec_roots = hashtree.fec_num_roots;
return true;
}
// Generate hash tree and FEC based on the verity config and verify that it
// matches the hash tree and FEC stored in the image.
bool VerifyVerityConfig(const PartitionConfig& part) {
const size_t block_size = part.fs_interface->GetBlockSize();
if (part.verity.hash_tree_extent.num_blocks() != 0) {
auto hash_function =
HashTreeBuilder::HashFunction(part.verity.hash_tree_algorithm);
TEST_AND_RETURN_FALSE(hash_function != nullptr);
HashTreeBuilder hash_tree_builder(block_size, hash_function);
uint64_t data_size =
part.verity.hash_tree_data_extent.num_blocks() * block_size;
uint64_t tree_size = hash_tree_builder.CalculateSize(data_size);
TEST_AND_RETURN_FALSE(
tree_size == part.verity.hash_tree_extent.num_blocks() * block_size);
TEST_AND_RETURN_FALSE(
hash_tree_builder.Initialize(data_size, part.verity.hash_tree_salt));
brillo::Blob buffer;
for (uint64_t offset = part.verity.hash_tree_data_extent.start_block() *
block_size,
data_end = offset + data_size;
offset < data_end;) {
constexpr uint64_t kBufferSize = 1024 * 1024;
size_t bytes_to_read = std::min(kBufferSize, data_end - offset);
TEST_AND_RETURN_FALSE(
utils::ReadFileChunk(part.path, offset, bytes_to_read, &buffer));
TEST_AND_RETURN_FALSE(
hash_tree_builder.Update(buffer.data(), buffer.size()));
offset += buffer.size();
buffer.clear();
}
TEST_AND_RETURN_FALSE(hash_tree_builder.BuildHashTree());
TEST_AND_RETURN_FALSE(utils::ReadFileChunk(
part.path,
part.verity.hash_tree_extent.start_block() * block_size,
tree_size,
&buffer));
TEST_AND_RETURN_FALSE(hash_tree_builder.CheckHashTree(buffer));
}
if (part.verity.fec_extent.num_blocks() != 0) {
TEST_AND_RETURN_FALSE(VerityWriterAndroid::EncodeFEC(
part.path,
part.verity.fec_data_extent.start_block() * block_size,
part.verity.fec_data_extent.num_blocks() * block_size,
part.verity.fec_extent.start_block() * block_size,
part.verity.fec_extent.num_blocks() * block_size,
part.verity.fec_roots,
block_size,
true /* verify_mode */));
}
return true;
}
} // namespace
bool ImageConfig::LoadVerityConfig() {
for (PartitionConfig& part : partitions) {
// Parse AVB devices.
if (part.size > sizeof(AvbFooter)) {
uint64_t footer_offset = part.size - sizeof(AvbFooter);
brillo::Blob buffer;
TEST_AND_RETURN_FALSE(utils::ReadFileChunk(
part.path, footer_offset, sizeof(AvbFooter), &buffer));
if (memcmp(buffer.data(), AVB_FOOTER_MAGIC, AVB_FOOTER_MAGIC_LEN) == 0) {
LOG(INFO) << "Parsing verity config from AVB footer for " << part.name;
AvbFooter footer;
TEST_AND_RETURN_FALSE(avb_footer_validate_and_byteswap(
reinterpret_cast<const AvbFooter*>(buffer.data()), &footer));
buffer.clear();
TEST_AND_RETURN_FALSE(
footer.vbmeta_offset + sizeof(AvbVBMetaImageHeader) <= part.size);
TEST_AND_RETURN_FALSE(utils::ReadFileChunk(
part.path, footer.vbmeta_offset, footer.vbmeta_size, &buffer));
TEST_AND_RETURN_FALSE(avb_descriptor_foreach(
buffer.data(), buffer.size(), AvbDescriptorCallback, &part));
}
}
// Parse VB1.0 devices with FEC metadata, devices with hash tree without
// FEC will be skipped for now.
if (part.verity.IsEmpty() && part.size > FEC_BLOCKSIZE) {
brillo::Blob fec_metadata;
TEST_AND_RETURN_FALSE(utils::ReadFileChunk(part.path,
part.size - FEC_BLOCKSIZE,
sizeof(fec_header),
&fec_metadata));
const fec_header* header =
reinterpret_cast<const fec_header*>(fec_metadata.data());
if (header->magic == FEC_MAGIC) {
LOG(INFO)
<< "Parsing verity config from Verified Boot 1.0 metadata for "
<< part.name;
const size_t block_size = part.fs_interface->GetBlockSize();
// FEC_VERITY_DISABLE skips verifying verity hash tree, because we will
// verify it ourselves later.
fec::io fh(part.path, O_RDONLY, FEC_VERITY_DISABLE);
TEST_AND_RETURN_FALSE(fh);
fec_verity_metadata verity_data;
if (fh.get_verity_metadata(verity_data)) {
auto verity_table = base::SplitString(verity_data.table,
" ",
base::KEEP_WHITESPACE,
base::SPLIT_WANT_ALL);
TEST_AND_RETURN_FALSE(verity_table.size() == 10);
size_t data_block_size = 0;
TEST_AND_RETURN_FALSE(
base::StringToSizeT(verity_table[3], &data_block_size));
TEST_AND_RETURN_FALSE(block_size == data_block_size);
size_t hash_block_size = 0;
TEST_AND_RETURN_FALSE(
base::StringToSizeT(verity_table[4], &hash_block_size));
TEST_AND_RETURN_FALSE(block_size == hash_block_size);
uint64_t num_data_blocks = 0;
TEST_AND_RETURN_FALSE(
base::StringToUint64(verity_table[5], &num_data_blocks));
part.verity.hash_tree_data_extent =
ExtentForRange(0, num_data_blocks);
uint64_t hash_start_block = 0;
TEST_AND_RETURN_FALSE(
base::StringToUint64(verity_table[6], &hash_start_block));
part.verity.hash_tree_algorithm = verity_table[7];
TEST_AND_RETURN_FALSE(base::HexStringToBytes(
verity_table[9], &part.verity.hash_tree_salt));
auto hash_function =
HashTreeBuilder::HashFunction(part.verity.hash_tree_algorithm);
TEST_AND_RETURN_FALSE(hash_function != nullptr);
HashTreeBuilder hash_tree_builder(block_size, hash_function);
uint64_t tree_size =
hash_tree_builder.CalculateSize(num_data_blocks * block_size);
part.verity.hash_tree_extent =
ExtentForRange(hash_start_block, tree_size / block_size);
}
fec_ecc_metadata ecc_data;
if (fh.get_ecc_metadata(ecc_data) && ecc_data.valid) {
TEST_AND_RETURN_FALSE(block_size == FEC_BLOCKSIZE);
part.verity.fec_data_extent = ExtentForRange(0, ecc_data.blocks);
part.verity.fec_extent =
ExtentForBytes(block_size, ecc_data.start, header->fec_size);
part.verity.fec_roots = ecc_data.roots;
}
}
}
if (!part.verity.IsEmpty()) {
TEST_AND_RETURN_FALSE(VerifyVerityConfig(part));
}
}
return true;
}
} // namespace chromeos_update_engine