Alan Stokes | 183d7d3 | 2021-12-08 16:10:45 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2021 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | //! Support for generating and signing an info file listing names and digests of generated |
| 18 | //! artifacts. |
| 19 | |
| 20 | #![allow(dead_code)] // Will be used soon |
| 21 | |
Alan Stokes | 46a1dff | 2021-12-14 10:56:05 +0000 | [diff] [blame] | 22 | use crate::compos_key_service::Signer; |
Alan Stokes | 183d7d3 | 2021-12-08 16:10:45 +0000 | [diff] [blame] | 23 | use crate::fsverity; |
| 24 | use anyhow::{anyhow, Context, Result}; |
| 25 | use odsign_proto::odsign_info::OdsignInfo; |
| 26 | use protobuf::Message; |
| 27 | use std::fs::File; |
| 28 | use std::io::Write; |
| 29 | use std::os::unix::io::AsRawFd; |
Alan Stokes | 46a1dff | 2021-12-14 10:56:05 +0000 | [diff] [blame] | 30 | use std::path::Path; |
Alan Stokes | 183d7d3 | 2021-12-08 16:10:45 +0000 | [diff] [blame] | 31 | |
| 32 | const TARGET_DIRECTORY: &str = "/data/misc/apexdata/com.android.art/dalvik-cache"; |
| 33 | const SIGNATURE_EXTENSION: &str = ".signature"; |
| 34 | |
| 35 | /// Accumulates and then signs information about generated artifacts. |
| 36 | pub struct ArtifactSigner<'a> { |
Alan Stokes | 46a1dff | 2021-12-14 10:56:05 +0000 | [diff] [blame] | 37 | base_directory: &'a Path, |
Alan Stokes | 183d7d3 | 2021-12-08 16:10:45 +0000 | [diff] [blame] | 38 | file_digests: Vec<(String, String)>, // (File name, digest in hex) |
| 39 | } |
| 40 | |
| 41 | impl<'a> ArtifactSigner<'a> { |
| 42 | /// base_directory specifies the directory under which the artifacts are currently located; |
| 43 | /// they will eventually be moved under TARGET_DIRECTORY once they are verified and activated. |
Alan Stokes | 46a1dff | 2021-12-14 10:56:05 +0000 | [diff] [blame] | 44 | pub fn new(base_directory: &'a Path) -> Self { |
| 45 | Self { base_directory, file_digests: Vec::new() } |
Alan Stokes | 183d7d3 | 2021-12-08 16:10:45 +0000 | [diff] [blame] | 46 | } |
| 47 | |
Alan Stokes | 46a1dff | 2021-12-14 10:56:05 +0000 | [diff] [blame] | 48 | pub fn add_artifact(&mut self, path: &Path) -> Result<()> { |
Alan Stokes | 183d7d3 | 2021-12-08 16:10:45 +0000 | [diff] [blame] | 49 | // The path we store is where the file will be when it is verified, not where it is now. |
| 50 | let suffix = path |
| 51 | .strip_prefix(&self.base_directory) |
| 52 | .context("Artifacts must be under base directory")?; |
| 53 | let target_path = Path::new(TARGET_DIRECTORY).join(suffix); |
| 54 | let target_path = target_path.to_str().ok_or_else(|| anyhow!("Invalid path"))?; |
| 55 | |
Alan Stokes | 46a1dff | 2021-12-14 10:56:05 +0000 | [diff] [blame] | 56 | let file = File::open(path).with_context(|| format!("Opening {}", path.display()))?; |
Alan Stokes | 183d7d3 | 2021-12-08 16:10:45 +0000 | [diff] [blame] | 57 | let digest = fsverity::measure(file.as_raw_fd())?; |
| 58 | let digest = to_hex_string(&digest); |
| 59 | |
| 60 | self.file_digests.push((target_path.to_owned(), digest)); |
| 61 | Ok(()) |
| 62 | } |
| 63 | |
| 64 | /// Consume this ArtifactSigner and write details of all its artifacts to the given path, |
| 65 | /// with accompanying sigature file. |
Alan Stokes | 46a1dff | 2021-12-14 10:56:05 +0000 | [diff] [blame] | 66 | pub fn write_info_and_signature(self, signer: Signer, info_path: &Path) -> Result<()> { |
Alan Stokes | 183d7d3 | 2021-12-08 16:10:45 +0000 | [diff] [blame] | 67 | let mut info = OdsignInfo::new(); |
| 68 | info.mut_file_hashes().extend(self.file_digests.into_iter()); |
| 69 | let bytes = info.write_to_bytes()?; |
| 70 | |
Alan Stokes | 46a1dff | 2021-12-14 10:56:05 +0000 | [diff] [blame] | 71 | let signature = signer.sign(&bytes)?; |
Alan Stokes | 183d7d3 | 2021-12-08 16:10:45 +0000 | [diff] [blame] | 72 | |
Alan Stokes | 35bac3c | 2021-12-16 14:37:24 +0000 | [diff] [blame^] | 73 | let mut file = |
| 74 | File::create(info_path).with_context(|| format!("Creating {}", info_path.display()))?; |
Alan Stokes | 183d7d3 | 2021-12-08 16:10:45 +0000 | [diff] [blame] | 75 | file.write_all(&bytes)?; |
| 76 | |
| 77 | let mut signature_name = info_path.file_name().unwrap().to_owned(); |
| 78 | signature_name.push(SIGNATURE_EXTENSION); |
| 79 | let signature_path = info_path.with_file_name(&signature_name); |
Alan Stokes | 35bac3c | 2021-12-16 14:37:24 +0000 | [diff] [blame^] | 80 | let mut signature_file = File::create(&signature_path) |
| 81 | .with_context(|| format!("Creating {}", signature_path.display()))?; |
Alan Stokes | 183d7d3 | 2021-12-08 16:10:45 +0000 | [diff] [blame] | 82 | signature_file.write_all(&signature)?; |
| 83 | |
| 84 | Ok(()) |
| 85 | } |
| 86 | } |
| 87 | |
| 88 | fn to_hex_string(buf: &[u8]) -> String { |
| 89 | buf.iter().map(|b| format!("{:02x}", b)).collect() |
| 90 | } |