authfs/src/fsverity/common.rs - android_packages_modules_Virtualization - Gitiles

 /*
  * Copyright (C) 2021 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 use std::io;

 use thiserror::Error;

 use super::sys::{FS_VERITY_HASH_ALG_SHA256, FS_VERITY_LOG_BLOCKSIZE, FS_VERITY_VERSION};
 use crate::common::{divide_roundup, CHUNK_SIZE};
 use crate::crypto::{CryptoError, Sha256Hash, Sha256Hasher};

 #[derive(Error, Debug)]
 pub enum FsverityError {
     #[error("Cannot verify a signature")]
     BadSignature,
     #[error("Insufficient data, only got {0}")]
     InsufficientData(usize),
     #[error("Cannot verify a block")]
     CannotVerify,
     #[error("I/O error")]
     Io(#[from] io::Error),
     #[error("Crypto")]
     UnexpectedCryptoError(#[from] CryptoError),
     #[error("Invalid state")]
     InvalidState,
 }

 fn log128_ceil(num: u64) -> Option<u64> {
     match num {
         0 => None,
         n => Some(divide_roundup(64 - (n - 1).leading_zeros() as u64, 7)),
     }
 }

 /// Return the Merkle tree height for our tree configuration, or None if the size is 0.
 pub fn merkle_tree_height(data_size: u64) -> Option<u64> {
     let hashes_per_node = CHUNK_SIZE / Sha256Hasher::HASH_SIZE as u64;
     let hash_pages = divide_roundup(data_size, hashes_per_node * CHUNK_SIZE);
     log128_ceil(hash_pages)
 }

 pub fn build_fsverity_digest(
     root_hash: &Sha256Hash,
     file_size: u64,
 ) -> Result<Sha256Hash, CryptoError> {
     // Little-endian byte representation of fsverity_descriptor from linux/fsverity.h
     // Not FFI-ed as it seems easier to deal with the raw bytes manually.
     Sha256Hasher::new()?
         .update(&FS_VERITY_VERSION.to_le_bytes())? // version
         .update(&FS_VERITY_HASH_ALG_SHA256.to_le_bytes())? // hash_algorithm
         .update(&FS_VERITY_LOG_BLOCKSIZE.to_le_bytes())? // log_blocksize
         .update(&0u8.to_le_bytes())? // salt_size
         .update(&0u32.to_le_bytes())? // sig_size
         .update(&file_size.to_le_bytes())? // data_size
         .update(root_hash)? // root_hash, first 32 bytes
         .update(&[0u8; 32])? // root_hash, last 32 bytes, always 0 because we are using sha256.
         .update(&[0u8; 32])? // salt
         .update(&[0u8; 32])? // reserved
         .update(&[0u8; 32])? // reserved
         .update(&[0u8; 32])? // reserved
         .update(&[0u8; 32])? // reserved
         .update(&[0u8; 16])? // reserved
         .finalize()
 }
	/*
	* Copyright (C) 2021 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	use std::io;

	use thiserror::Error;

	use super::sys::{FS_VERITY_HASH_ALG_SHA256, FS_VERITY_LOG_BLOCKSIZE, FS_VERITY_VERSION};
	use crate::common::{divide_roundup, CHUNK_SIZE};
	use crate::crypto::{CryptoError, Sha256Hash, Sha256Hasher};

	#[derive(Error, Debug)]
	pub enum FsverityError {
	#[error("Cannot verify a signature")]
	BadSignature,
	#[error("Insufficient data, only got {0}")]
	InsufficientData(usize),
	#[error("Cannot verify a block")]
	CannotVerify,
	#[error("I/O error")]
	Io(#[from] io::Error),
	#[error("Crypto")]
	UnexpectedCryptoError(#[from] CryptoError),
	#[error("Invalid state")]
	InvalidState,
	}

	fn log128_ceil(num: u64) -> Option<u64> {
	match num {
	0 => None,
	n => Some(divide_roundup(64 - (n - 1).leading_zeros() as u64, 7)),
	}
	}

	/// Return the Merkle tree height for our tree configuration, or None if the size is 0.
	pub fn merkle_tree_height(data_size: u64) -> Option<u64> {
	let hashes_per_node = CHUNK_SIZE / Sha256Hasher::HASH_SIZE as u64;
	let hash_pages = divide_roundup(data_size, hashes_per_node * CHUNK_SIZE);
	log128_ceil(hash_pages)
	}

	pub fn build_fsverity_digest(
	root_hash: &Sha256Hash,
	file_size: u64,
	) -> Result<Sha256Hash, CryptoError> {
	// Little-endian byte representation of fsverity_descriptor from linux/fsverity.h
	// Not FFI-ed as it seems easier to deal with the raw bytes manually.
	Sha256Hasher::new()?
	.update(&FS_VERITY_VERSION.to_le_bytes())? // version
	.update(&FS_VERITY_HASH_ALG_SHA256.to_le_bytes())? // hash_algorithm
	.update(&FS_VERITY_LOG_BLOCKSIZE.to_le_bytes())? // log_blocksize
	.update(&0u8.to_le_bytes())? // salt_size
	.update(&0u32.to_le_bytes())? // sig_size
	.update(&file_size.to_le_bytes())? // data_size
	.update(root_hash)? // root_hash, first 32 bytes
	.update(&[0u8; 32])? // root_hash, last 32 bytes, always 0 because we are using sha256.
	.update(&[0u8; 32])? // salt
	.update(&[0u8; 32])? // reserved
	.update(&[0u8; 32])? // reserved
	.update(&[0u8; 32])? // reserved
	.update(&[0u8; 32])? // reserved
	.update(&[0u8; 16])? // reserved
	.finalize()
	}