Use fsverity metadata file for authfs
Instead of alternative signature and merkle tree, authfs will use
.fsv_meta files, which are installed to the system partition with
PRODUCT_SYSTEM_FSVERITY_GENERATE_METADATA Makefile.
Bug: 205987437
Test: atest ComposHostTestCases AuthFsTestCase
Test: run "atest ." inside authfs/tests
Change-Id: Ia9db78663e0e322c7a59305c67ac5b84716d8efe
diff --git a/authfs/Android.bp b/authfs/Android.bp
index 353b597..471b0cf 100644
--- a/authfs/Android.bp
+++ b/authfs/Android.bp
@@ -14,6 +14,7 @@
"libandroid_logger",
"libanyhow",
"libauthfs_crypto_bindgen",
+ "libauthfs_fsverity_metadata",
"libbinder_rpc_unstable_bindgen",
"libbinder_rs",
"libcfg_if",
@@ -69,15 +70,12 @@
srcs: [
"testdata/cert.der",
"testdata/input.4k",
- "testdata/input.4k.fsv_sig",
- "testdata/input.4k.merkle_dump",
+ "testdata/input.4k.fsv_meta",
"testdata/input.4k1",
- "testdata/input.4k1.fsv_sig",
- "testdata/input.4k1.merkle_dump",
+ "testdata/input.4k1.fsv_meta",
"testdata/input.4m",
- "testdata/input.4m.fsv_sig",
- "testdata/input.4m.merkle_dump",
- "testdata/input.4m.merkle_dump.bad",
+ "testdata/input.4m.fsv_meta",
+ "testdata/input.4m.fsv_meta.bad_merkle",
],
}
diff --git a/authfs/fd_server/Android.bp b/authfs/fd_server/Android.bp
index 327df0d..9499cd2 100644
--- a/authfs/fd_server/Android.bp
+++ b/authfs/fd_server/Android.bp
@@ -9,6 +9,7 @@
"authfs_aidl_interface-rust",
"libandroid_logger",
"libanyhow",
+ "libauthfs_fsverity_metadata",
"libbinder_common",
"libbinder_rpc_unstable_bindgen",
"libbinder_rs",
diff --git a/authfs/fd_server/src/aidl.rs b/authfs/fd_server/src/aidl.rs
index c2206c8..125b991 100644
--- a/authfs/fd_server/src/aidl.rs
+++ b/authfs/fd_server/src/aidl.rs
@@ -38,6 +38,9 @@
use authfs_aidl_interface::binder::{
BinderFeatures, ExceptionCode, Interface, Result as BinderResult, Status, StatusCode, Strong,
};
+use authfs_fsverity_metadata::{
+ get_fsverity_metadata_path, parse_fsverity_metadata, FSVerityMetadata,
+};
use binder_common::{new_binder_exception, new_binder_service_specific_error};
/// Bitflags of forbidden file mode, e.g. setuid, setgid and sticky bit.
@@ -51,13 +54,8 @@
/// The file to read from. fs-verity metadata can be retrieved from this file's FD.
file: File,
- /// Alternative Merkle tree stored in another file.
- /// TODO(205987437): Replace with .fsv_meta file.
- alt_merkle_tree: Option<File>,
-
- /// Alternative signature stored in another file.
- /// TODO(205987437): Replace with .fsv_meta file.
- alt_signature: Option<File>,
+ // Alternative metadata storing merkle tree and signature.
+ alt_metadata: Option<Box<FSVerityMetadata>>,
},
/// A readable/writable file to serve by this server. This backing file should just be a
@@ -139,23 +137,23 @@
let offset: u64 = validate_and_cast_offset(offset)?;
self.handle_fd(id, |config| match config {
- FdConfig::Readonly { file, alt_merkle_tree, .. } => {
- if let Some(tree_file) = &alt_merkle_tree {
- read_into_buf(tree_file, size, offset).map_err(|e| {
+ FdConfig::Readonly { file, alt_metadata, .. } => {
+ let mut buf = vec![0; size];
+
+ let s = if let Some(metadata) = &alt_metadata {
+ metadata.read_merkle_tree(offset, &mut buf).map_err(|e| {
error!("readFsverityMerkleTree: read error: {}", e);
new_errno_error(Errno::EIO)
- })
+ })?
} else {
- let mut buf = vec![0; size];
- let s = fsverity::read_merkle_tree(file.as_raw_fd(), offset, &mut buf)
- .map_err(|e| {
- error!("readFsverityMerkleTree: failed to retrieve merkle tree: {}", e);
- new_errno_error(Errno::EIO)
- })?;
- debug_assert!(s <= buf.len(), "Shouldn't return more bytes than asked");
- buf.truncate(s);
- Ok(buf)
- }
+ fsverity::read_merkle_tree(file.as_raw_fd(), offset, &mut buf).map_err(|e| {
+ error!("readFsverityMerkleTree: failed to retrieve merkle tree: {}", e);
+ new_errno_error(Errno::EIO)
+ })?
+ };
+ debug_assert!(s <= buf.len(), "Shouldn't return more bytes than asked");
+ buf.truncate(s);
+ Ok(buf)
}
FdConfig::ReadWrite(_file) => {
// For a writable file, Merkle tree is not expected to be served since Auth FS
@@ -169,15 +167,16 @@
fn readFsveritySignature(&self, id: i32) -> BinderResult<Vec<u8>> {
self.handle_fd(id, |config| match config {
- FdConfig::Readonly { file, alt_signature, .. } => {
- if let Some(sig_file) = &alt_signature {
- // Supposedly big enough buffer size to store signature.
- let size = MAX_REQUESTING_DATA as usize;
- let offset = 0;
- read_into_buf(sig_file, size, offset).map_err(|e| {
- error!("readFsveritySignature: read error: {}", e);
- new_errno_error(Errno::EIO)
- })
+ FdConfig::Readonly { file, alt_metadata, .. } => {
+ if let Some(metadata) = &alt_metadata {
+ if let Some(signature) = &metadata.signature {
+ Ok(signature.clone())
+ } else {
+ Err(new_binder_exception(
+ ExceptionCode::SERVICE_SPECIFIC,
+ "metadata doesn't contain a signature".to_string(),
+ ))
+ }
} else {
let mut buf = vec![0; MAX_REQUESTING_DATA as usize];
let s = fsverity::read_signature(file.as_raw_fd(), &mut buf).map_err(|e| {
@@ -267,11 +266,12 @@
FdConfig::InputDir(dir) => {
let file = open_readonly_at(dir.as_raw_fd(), &path_buf).map_err(new_errno_error)?;
- // TODO(205987437): Provide the corresponding ".fsv_meta" file when it's created.
- Ok((
- file.as_raw_fd(),
- FdConfig::Readonly { file, alt_merkle_tree: None, alt_signature: None },
- ))
+ let metadata_path_buf = get_fsverity_metadata_path(&path_buf);
+ let metadata = open_readonly_at(dir.as_raw_fd(), &metadata_path_buf)
+ .ok()
+ .and_then(|f| parse_fsverity_metadata(f).ok());
+
+ Ok((file.as_raw_fd(), FdConfig::Readonly { file, alt_metadata: metadata }))
}
FdConfig::OutputDir(_) => {
Err(new_errno_error(Errno::ENOSYS)) // TODO: Implement when needed
diff --git a/authfs/fd_server/src/main.rs b/authfs/fd_server/src/main.rs
index f17b7e8..fe0475f 100644
--- a/authfs/fd_server/src/main.rs
+++ b/authfs/fd_server/src/main.rs
@@ -34,6 +34,7 @@
use std::os::unix::io::FromRawFd;
use aidl::{FdConfig, FdService};
+use authfs_fsverity_metadata::parse_fsverity_metadata;
const RPC_SERVICE_PORT: u32 = 3264; // TODO: support dynamic port for multiple fd_server instances
@@ -54,17 +55,19 @@
fn parse_arg_ro_fds(arg: &str) -> Result<(i32, FdConfig)> {
let result: Result<Vec<i32>, _> = arg.split(':').map(|x| x.parse::<i32>()).collect();
let fds = result?;
- if fds.len() > 3 {
+ if fds.len() > 2 {
bail!("Too many options: {}", arg);
}
Ok((
fds[0],
FdConfig::Readonly {
file: fd_to_file(fds[0])?,
- // Alternative Merkle tree, if provided
- alt_merkle_tree: fds.get(1).map(|fd| fd_to_file(*fd)).transpose()?,
- // Alternative signature, if provided
- alt_signature: fds.get(2).map(|fd| fd_to_file(*fd)).transpose()?,
+ // Alternative metadata source, if provided
+ alt_metadata: fds
+ .get(1)
+ .map(|fd| fd_to_file(*fd))
+ .transpose()?
+ .and_then(|f| parse_fsverity_metadata(f).ok()),
},
))
}
diff --git a/authfs/src/auth.rs b/authfs/src/auth.rs
index 71ad858..729b4d2 100644
--- a/authfs/src/auth.rs
+++ b/authfs/src/auth.rs
@@ -20,7 +20,7 @@
// verify the signature, not the full certificate chain.
pub trait Authenticator {
- fn verify(&self, signature: &[u8], signed_data: &[u8]) -> io::Result<bool>;
+ fn verify(&self, signature: Option<&[u8]>, signed_data: &[u8]) -> io::Result<bool>;
}
pub struct FakeAuthenticator {
@@ -39,7 +39,7 @@
}
impl Authenticator for FakeAuthenticator {
- fn verify(&self, _signature_pem: &[u8], _signed_data: &[u8]) -> io::Result<bool> {
+ fn verify(&self, _signature_pem: Option<&[u8]>, _signed_data: &[u8]) -> io::Result<bool> {
Ok(self.should_allow)
}
}
diff --git a/authfs/src/fsverity/metadata/Android.bp b/authfs/src/fsverity/metadata/Android.bp
new file mode 100644
index 0000000..39ce515
--- /dev/null
+++ b/authfs/src/fsverity/metadata/Android.bp
@@ -0,0 +1,20 @@
+rust_bindgen {
+ name: "libauthfs_fsverity_metadata_bindgen",
+ wrapper_src: "metadata.hpp",
+ crate_name: "authfs_fsverity_metadata_bindgen",
+ source_stem: "metadata_bindings",
+ apex_available: ["com.android.virt"],
+}
+
+rust_library {
+ name: "libauthfs_fsverity_metadata",
+ crate_name: "authfs_fsverity_metadata",
+ srcs: [
+ "metadata.rs",
+ ],
+ rustlibs: [
+ "libauthfs_fsverity_metadata_bindgen",
+ ],
+ edition: "2018",
+ apex_available: ["com.android.virt"],
+}
diff --git a/authfs/src/fsverity/metadata/metadata.hpp b/authfs/src/fsverity/metadata/metadata.hpp
new file mode 100644
index 0000000..7bbd3da
--- /dev/null
+++ b/authfs/src/fsverity/metadata/metadata.hpp
@@ -0,0 +1,63 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef AUTHFS_FSVERITY_METADATA_H
+#define AUTHFS_FSVERITY_METADATA_H
+
+// This file contains the format of fs-verity metadata (.fsv_meta).
+//
+// The header format of .fsv_meta is:
+//
+// +-----------+---------------------------------------------+------------+
+// | Address | Description | Size |
+// +-----------+---------------------------------------------+------------+
+// | 0x0000 | 32-bit LE, version of the format | 4 |
+// | | | |
+// | 0x0004 | fsverity_descriptor (see linux/fsverity.h) | 256 |
+// | | | |
+// | 0x0104 | 32-bit LE, type of signature | 4 |
+// | | (0: NONE, 1: PKCS7, 2: RAW) | |
+// | | | |
+// | 0x0108 | 32-bit LE, size of signature | 4 |
+// | | | |
+// | 0x010C | signature | See 0x0108 |
+// +-----------+---------------------------------------------+------------+
+//
+// After the header, merkle tree dump exists at the first 4K boundary. Usually it's 0x1000, but it
+// could be, for example, 0x2000 or 0x3000, depending on the size of header.
+//
+// TODO(b/193113326): sync with build/make/tools/releasetools/fsverity_metadata_generator.py
+
+#include <stddef.h>
+#include <stdint.h>
+#include <linux/fsverity.h>
+
+const uint64_t CHUNK_SIZE = 4096;
+
+enum class FSVERITY_SIGNATURE_TYPE : __le32 {
+ NONE = 0,
+ PKCS7 = 1,
+ RAW = 2,
+};
+
+struct fsverity_metadata_header {
+ __le32 version;
+ fsverity_descriptor descriptor;
+ FSVERITY_SIGNATURE_TYPE signature_type;
+ __le32 signature_size;
+} __attribute__((packed));
+
+#endif // AUTHFS_FSVERITY_METADATA_H
diff --git a/authfs/src/fsverity/metadata/metadata.rs b/authfs/src/fsverity/metadata/metadata.rs
new file mode 100644
index 0000000..0092bee
--- /dev/null
+++ b/authfs/src/fsverity/metadata/metadata.rs
@@ -0,0 +1,112 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Rust bindgen interface for FSVerity Metadata file (.fsv_meta)
+use authfs_fsverity_metadata_bindgen::{
+ fsverity_metadata_header, FSVERITY_SIGNATURE_TYPE_NONE, FSVERITY_SIGNATURE_TYPE_PKCS7,
+ FSVERITY_SIGNATURE_TYPE_RAW,
+};
+
+use std::cmp::min;
+use std::os::unix::fs::MetadataExt;
+
+/// Structure for parsed metadata.
+pub struct FSVerityMetadata {
+ /// Header for the metadata.
+ pub header: fsverity_metadata_header,
+
+ /// Optional signature for the metadata.
+ pub signature: Option<Vec<u8>>,
+
+ metadata_file: File,
+
+ merkle_tree_offset: u64,
+}
+
+impl FSVerityMetadata {
+ /// Read the raw Merkle tree from the metadata, if it exists. The API semantics is similar to a
+ /// regular pread(2), and may not return full requested buffer.
+ pub fn read_merkle_tree(&self, offset: u64, buf: &mut [u8]) -> io::Result<usize> {
+ let start = self.merkle_tree_offset + offset;
+ let end = min(self.metadata_file.metadata()?.size(), start + buf.len() as u64);
+ let read_size = (end - start) as usize;
+ debug_assert!(read_size <= buf.len());
+ self.metadata_file.read_exact_at(&mut buf[..read_size], start)?;
+ Ok(read_size)
+ }
+}
+
+use std::ffi::OsString;
+use std::fs::File;
+use std::io::{self, Read, Seek};
+use std::mem::{size_of, zeroed};
+use std::os::unix::fs::FileExt;
+use std::path::{Path, PathBuf};
+use std::slice::from_raw_parts_mut;
+
+/// Common block and page size in Linux.
+pub const CHUNK_SIZE: u64 = authfs_fsverity_metadata_bindgen::CHUNK_SIZE;
+
+/// Derive a path of metadata for a given path.
+/// e.g. "system/framework/foo.jar" -> "system/framework/foo.jar.fsv_meta"
+pub fn get_fsverity_metadata_path(path: &Path) -> PathBuf {
+ let mut os_string: OsString = path.into();
+ os_string.push(".fsv_meta");
+ os_string.into()
+}
+
+/// Parse metadata from given file, and returns a structure for the metadata.
+pub fn parse_fsverity_metadata(mut metadata_file: File) -> io::Result<Box<FSVerityMetadata>> {
+ let header_size = size_of::<fsverity_metadata_header>();
+
+ // SAFETY: the header doesn't include any pointers
+ let header: fsverity_metadata_header = unsafe {
+ let mut header: fsverity_metadata_header = zeroed();
+ let buffer = from_raw_parts_mut(
+ &mut header as *mut fsverity_metadata_header as *mut u8,
+ header_size,
+ );
+ metadata_file.read_exact(buffer)?;
+
+ // TODO(inseob): This doesn't seem ideal. Maybe we can consider nom?
+ header.version = u32::from_le(header.version);
+ header.descriptor.data_size = u64::from_le(header.descriptor.data_size);
+ header.signature_type = u32::from_le(header.signature_type);
+ header.signature_size = u32::from_le(header.signature_size);
+ header
+ };
+
+ if header.version != 1 {
+ return Err(io::Error::new(io::ErrorKind::Other, "unsupported metadata version"));
+ }
+
+ let signature = match header.signature_type {
+ FSVERITY_SIGNATURE_TYPE_NONE => None,
+ FSVERITY_SIGNATURE_TYPE_PKCS7 | FSVERITY_SIGNATURE_TYPE_RAW => {
+ // TODO: unpad pkcs7?
+ let mut buf = vec![0u8; header.signature_size as usize];
+ metadata_file.read_exact(&mut buf)?;
+ Some(buf)
+ }
+ _ => return Err(io::Error::new(io::ErrorKind::Other, "unknown signature type")),
+ };
+
+ // merkle tree is at the next 4K boundary
+ let merkle_tree_offset =
+ (metadata_file.stream_position()? + CHUNK_SIZE - 1) / CHUNK_SIZE * CHUNK_SIZE;
+
+ Ok(Box::new(FSVerityMetadata { header, signature, metadata_file, merkle_tree_offset }))
+}
diff --git a/authfs/src/fsverity/verifier.rs b/authfs/src/fsverity/verifier.rs
index 4a18c6a..1add37a 100644
--- a/authfs/src/fsverity/verifier.rs
+++ b/authfs/src/fsverity/verifier.rs
@@ -137,7 +137,7 @@
authenticator: &A,
chunked_file: F,
file_size: u64,
- sig: Vec<u8>,
+ sig: Option<&[u8]>,
merkle_tree: M,
) -> Result<VerifiedFileReader<F, M>, FsverityError> {
let mut buf = [0u8; CHUNK_SIZE as usize];
@@ -147,7 +147,7 @@
}
let root_hash = Sha256Hasher::new()?.update(&buf[..])?.finalize()?;
let formatted_digest = build_fsverity_formatted_digest(&root_hash, file_size)?;
- let valid = authenticator.verify(&sig, &formatted_digest)?;
+ let valid = authenticator.verify(sig, &formatted_digest)?;
if valid {
Ok(VerifiedFileReader { chunked_file, file_size, merkle_tree, root_hash })
} else {
@@ -175,9 +175,9 @@
use crate::auth::FakeAuthenticator;
use crate::file::ReadByChunk;
use anyhow::Result;
+ use authfs_fsverity_metadata::{parse_fsverity_metadata, FSVerityMetadata};
use std::cmp::min;
- use std::fs::{self, File};
- use std::io::Read;
+ use std::fs::File;
use std::os::unix::fs::FileExt;
struct LocalFileReader {
@@ -210,7 +210,17 @@
}
}
- type LocalVerifiedFileReader = VerifiedFileReader<LocalFileReader, LocalFileReader>;
+ type LocalVerifiedFileReader = VerifiedFileReader<LocalFileReader, MerkleTreeReader>;
+
+ pub struct MerkleTreeReader {
+ metadata: Box<FSVerityMetadata>,
+ }
+
+ impl ReadByChunk for MerkleTreeReader {
+ fn read_chunk(&self, chunk_index: u64, buf: &mut ChunkBuffer) -> io::Result<usize> {
+ self.metadata.read_merkle_tree(chunk_index * CHUNK_SIZE, buf)
+ }
+ }
fn total_chunk_number(file_size: u64) -> u64 {
(file_size + 4095) / 4096
@@ -219,28 +229,28 @@
// Returns a reader with fs-verity verification and the file size.
fn new_reader_with_fsverity(
content_path: &str,
- merkle_tree_path: &str,
- signature_path: &str,
+ metadata_path: &str,
) -> Result<(LocalVerifiedFileReader, u64)> {
let file_reader = LocalFileReader::new(File::open(content_path)?)?;
let file_size = file_reader.len();
- let merkle_tree = LocalFileReader::new(File::open(merkle_tree_path)?)?;
- let mut sig = Vec::new();
- let _ = File::open(signature_path)?.read_to_end(&mut sig)?;
+ let metadata = parse_fsverity_metadata(File::open(metadata_path)?)?;
let authenticator = FakeAuthenticator::always_succeed();
Ok((
- VerifiedFileReader::new(&authenticator, file_reader, file_size, sig, merkle_tree)?,
+ VerifiedFileReader::new(
+ &authenticator,
+ file_reader,
+ file_size,
+ metadata.signature.clone().as_deref(),
+ MerkleTreeReader { metadata },
+ )?,
file_size,
))
}
#[test]
fn fsverity_verify_full_read_4k() -> Result<()> {
- let (file_reader, file_size) = new_reader_with_fsverity(
- "testdata/input.4k",
- "testdata/input.4k.merkle_dump",
- "testdata/input.4k.fsv_sig",
- )?;
+ let (file_reader, file_size) =
+ new_reader_with_fsverity("testdata/input.4k", "testdata/input.4k.fsv_meta")?;
for i in 0..total_chunk_number(file_size) {
let mut buf = [0u8; 4096];
@@ -251,11 +261,8 @@
#[test]
fn fsverity_verify_full_read_4k1() -> Result<()> {
- let (file_reader, file_size) = new_reader_with_fsverity(
- "testdata/input.4k1",
- "testdata/input.4k1.merkle_dump",
- "testdata/input.4k1.fsv_sig",
- )?;
+ let (file_reader, file_size) =
+ new_reader_with_fsverity("testdata/input.4k1", "testdata/input.4k1.fsv_meta")?;
for i in 0..total_chunk_number(file_size) {
let mut buf = [0u8; 4096];
@@ -266,11 +273,8 @@
#[test]
fn fsverity_verify_full_read_4m() -> Result<()> {
- let (file_reader, file_size) = new_reader_with_fsverity(
- "testdata/input.4m",
- "testdata/input.4m.merkle_dump",
- "testdata/input.4m.fsv_sig",
- )?;
+ let (file_reader, file_size) =
+ new_reader_with_fsverity("testdata/input.4m", "testdata/input.4m.fsv_meta")?;
for i in 0..total_chunk_number(file_size) {
let mut buf = [0u8; 4096];
@@ -283,8 +287,7 @@
fn fsverity_verify_bad_merkle_tree() -> Result<()> {
let (file_reader, _) = new_reader_with_fsverity(
"testdata/input.4m",
- "testdata/input.4m.merkle_dump.bad", // First leaf node is corrupted.
- "testdata/input.4m.fsv_sig",
+ "testdata/input.4m.fsv_meta.bad_merkle", // First leaf node is corrupted.
)?;
// A lowest broken node (a 4K chunk that contains 128 sha256 hashes) will fail the read
@@ -304,10 +307,15 @@
let authenticator = FakeAuthenticator::always_fail();
let file_reader = LocalFileReader::new(File::open("testdata/input.4m")?)?;
let file_size = file_reader.len();
- let merkle_tree = LocalFileReader::new(File::open("testdata/input.4m.merkle_dump")?)?;
- let sig = fs::read("testdata/input.4m.fsv_sig")?;
- assert!(VerifiedFileReader::new(&authenticator, file_reader, file_size, sig, merkle_tree)
- .is_err());
+ let metadata = parse_fsverity_metadata(File::open("testdata/input.4m.fsv_meta")?)?;
+ assert!(VerifiedFileReader::new(
+ &authenticator,
+ file_reader,
+ file_size,
+ metadata.signature.clone().as_deref(),
+ MerkleTreeReader { metadata },
+ )
+ .is_err());
Ok(())
}
}
diff --git a/authfs/src/main.rs b/authfs/src/main.rs
index 421cc02..858b099 100644
--- a/authfs/src/main.rs
+++ b/authfs/src/main.rs
@@ -27,7 +27,7 @@
//! of the actual file name, the exposed file names through AuthFS are currently integer, e.g.
//! /mountpoint/42.
-use anyhow::{bail, Context, Result};
+use anyhow::{bail, Result};
use log::error;
use std::convert::TryInto;
use std::path::{Path, PathBuf};
@@ -166,7 +166,7 @@
remote_fd: i32,
file_size: u64,
) -> Result<AuthFsEntry> {
- let signature = service.readFsveritySignature(remote_fd).context("Failed to read signature")?;
+ let signature = service.readFsveritySignature(remote_fd).ok();
let authenticator = FakeAuthenticator::always_succeed();
Ok(AuthFsEntry::VerifiedReadonly {
@@ -174,7 +174,7 @@
&authenticator,
RemoteFileReader::new(service.clone(), remote_fd),
file_size,
- signature,
+ signature.as_deref(),
RemoteMerkleTreeReader::new(service.clone(), remote_fd),
)?,
file_size,
diff --git a/authfs/testdata/README.md b/authfs/testdata/README.md
index 113fe62..cf641a9 100644
--- a/authfs/testdata/README.md
+++ b/authfs/testdata/README.md
@@ -1,9 +1,10 @@
fs-verity signing
=================
With a key pair, fs-verity signature can be generated by simply running
-`fsverity` command line tool from
+`fsverity_metadata_generator` command line tool, which uses
[fsverity-util](https://git.kernel.org/pub/scm/linux/kernel/git/ebiggers/fsverity-utils.git).
```
-fsverity sign test.data test.data.fsv_sig --key=key.pem --cert=cert.pem
+fsverity_metadata_generator --fsverity-path {fsverity_path} --key key.pem --key-format pem \
+ --cert cert.pem --signature pkcs7 --output test.data.fsv_meta test.data
```
diff --git a/authfs/testdata/input.4k.fsv_meta b/authfs/testdata/input.4k.fsv_meta
new file mode 100644
index 0000000..d6a899e
--- /dev/null
+++ b/authfs/testdata/input.4k.fsv_meta
Binary files differ
diff --git a/authfs/testdata/input.4k.fsv_sig b/authfs/testdata/input.4k.fsv_sig
deleted file mode 100644
index 247a297..0000000
--- a/authfs/testdata/input.4k.fsv_sig
+++ /dev/null
Binary files differ
diff --git a/authfs/testdata/input.4k.merkle_dump b/authfs/testdata/input.4k.merkle_dump
deleted file mode 100644
index d93cd33..0000000
--- a/authfs/testdata/input.4k.merkle_dump
+++ /dev/null
Binary files differ
diff --git a/authfs/testdata/input.4k1.fsv_meta b/authfs/testdata/input.4k1.fsv_meta
new file mode 100644
index 0000000..acbbb40
--- /dev/null
+++ b/authfs/testdata/input.4k1.fsv_meta
Binary files differ
diff --git a/authfs/testdata/input.4k1.fsv_sig b/authfs/testdata/input.4k1.fsv_sig
deleted file mode 100644
index 02f0056..0000000
--- a/authfs/testdata/input.4k1.fsv_sig
+++ /dev/null
Binary files differ
diff --git a/authfs/testdata/input.4k1.merkle_dump b/authfs/testdata/input.4k1.merkle_dump
deleted file mode 100644
index 4ebdc3c..0000000
--- a/authfs/testdata/input.4k1.merkle_dump
+++ /dev/null
Binary files differ
diff --git a/authfs/testdata/input.4m.merkle_dump.bad b/authfs/testdata/input.4m.fsv_meta
similarity index 89%
copy from authfs/testdata/input.4m.merkle_dump.bad
copy to authfs/testdata/input.4m.fsv_meta
index eec67ca..447a780 100644
--- a/authfs/testdata/input.4m.merkle_dump.bad
+++ b/authfs/testdata/input.4m.fsv_meta
Binary files differ
diff --git a/authfs/testdata/input.4m.merkle_dump.bad b/authfs/testdata/input.4m.fsv_meta.bad_merkle
similarity index 89%
rename from authfs/testdata/input.4m.merkle_dump.bad
rename to authfs/testdata/input.4m.fsv_meta.bad_merkle
index eec67ca..fd61c3e 100644
--- a/authfs/testdata/input.4m.merkle_dump.bad
+++ b/authfs/testdata/input.4m.fsv_meta.bad_merkle
Binary files differ
diff --git a/authfs/testdata/input.4m.fsv_sig b/authfs/testdata/input.4m.fsv_sig
deleted file mode 100644
index 12adca3..0000000
--- a/authfs/testdata/input.4m.fsv_sig
+++ /dev/null
Binary files differ
diff --git a/authfs/testdata/input.4m.merkle_dump b/authfs/testdata/input.4m.merkle_dump
deleted file mode 100644
index b369bab..0000000
--- a/authfs/testdata/input.4m.merkle_dump
+++ /dev/null
Binary files differ
diff --git a/authfs/tests/AndroidTest.xml b/authfs/tests/AndroidTest.xml
index 643e2b4..cc358f2 100644
--- a/authfs/tests/AndroidTest.xml
+++ b/authfs/tests/AndroidTest.xml
@@ -40,20 +40,14 @@
<option name="push-file" key="input.4m" value="/data/local/tmp/authfs/input.4m" />
<option name="push-file" key="input.4k1" value="/data/local/tmp/authfs/input.4k1" />
<option name="push-file" key="input.4k" value="/data/local/tmp/authfs/input.4k" />
- <option name="push-file" key="input.4m.fsv_sig"
- value="/data/local/tmp/authfs/input.4m.fsv_sig" />
- <option name="push-file" key="input.4k1.fsv_sig"
- value="/data/local/tmp/authfs/input.4k1.fsv_sig" />
- <option name="push-file" key="input.4k.fsv_sig"
- value="/data/local/tmp/authfs/input.4k.fsv_sig" />
- <option name="push-file" key="input.4m.merkle_dump"
- value="/data/local/tmp/authfs/input.4m.merkle_dump" />
- <option name="push-file" key="input.4m.merkle_dump.bad"
- value="/data/local/tmp/authfs/input.4m.merkle_dump.bad" />
- <option name="push-file" key="input.4k1.merkle_dump"
- value="/data/local/tmp/authfs/input.4k1.merkle_dump" />
- <option name="push-file" key="input.4k.merkle_dump"
- value="/data/local/tmp/authfs/input.4k.merkle_dump" />
+ <option name="push-file" key="input.4m.fsv_meta"
+ value="/data/local/tmp/authfs/input.4m.fsv_meta" />
+ <option name="push-file" key="input.4k1.fsv_meta"
+ value="/data/local/tmp/authfs/input.4k1.fsv_meta" />
+ <option name="push-file" key="input.4k.fsv_meta"
+ value="/data/local/tmp/authfs/input.4k.fsv_meta" />
+ <option name="push-file" key="input.4m.fsv_meta.bad_merkle"
+ value="/data/local/tmp/authfs/input.4m.fsv_meta.bad_merkle" />
</target_preparer>
<test class="com.android.compatibility.common.tradefed.testtype.JarHostTest" >
diff --git a/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
index 101a349..acaead0 100644
--- a/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
+++ b/authfs/tests/java/src/com/android/fs/AuthFsHostTest.java
@@ -161,9 +161,8 @@
public void testReadWithFsverityVerification_RemoteFile() throws Exception {
// Setup
runFdServerOnAndroid(
- "--open-ro 3:input.4m --open-ro 4:input.4m.merkle_dump --open-ro 5:input.4m.fsv_sig"
- + " --open-ro 6:input.4m",
- "--ro-fds 3:4:5 --ro-fds 6");
+ "--open-ro 3:input.4m --open-ro 4:input.4m.fsv_meta --open-ro 6:input.4m",
+ "--ro-fds 3:4 --ro-fds 6");
runAuthFsOnMicrodroid(
"--remote-ro-file-unverified 6 --remote-ro-file 3:cert.der --cid "
@@ -186,10 +185,9 @@
public void testReadWithFsverityVerification_RemoteSmallerFile() throws Exception {
// Setup
runFdServerOnAndroid(
- "--open-ro 3:input.4k --open-ro 4:input.4k.merkle_dump --open-ro"
- + " 5:input.4k.fsv_sig --open-ro 6:input.4k1 --open-ro 7:input.4k1.merkle_dump"
- + " --open-ro 8:input.4k1.fsv_sig",
- "--ro-fds 3:4:5 --ro-fds 6:7:8");
+ "--open-ro 3:input.4k --open-ro 4:input.4k.fsv_meta --open-ro"
+ + " 6:input.4k1 --open-ro 7:input.4k1.fsv_meta",
+ "--ro-fds 3:4 --ro-fds 6:7");
runAuthFsOnMicrodroid(
"--remote-ro-file 3:cert.der --remote-ro-file 6:cert.der --cid " + VMADDR_CID_HOST);
@@ -209,9 +207,8 @@
public void testReadWithFsverityVerification_TamperedMerkleTree() throws Exception {
// Setup
runFdServerOnAndroid(
- "--open-ro 3:input.4m --open-ro 4:input.4m.merkle_dump.bad "
- + "--open-ro 5:input.4m.fsv_sig",
- "--ro-fds 3:4:5");
+ "--open-ro 3:input.4m --open-ro 4:input.4m.fsv_meta.bad_merkle",
+ "--ro-fds 3:4");
runAuthFsOnMicrodroid("--remote-ro-file 3:cert.der --cid " + VMADDR_CID_HOST);
// Verify