authfs/src/fsverity/metadata/metadata.rs

/*
 * Copyright (C) 2021 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

//! Rust bindgen interface for FSVerity Metadata file (.fsv_meta)
use authfs_fsverity_metadata_bindgen::{
    fsverity_descriptor, fsverity_metadata_header, FSVERITY_HASH_ALG_SHA256,
    FSVERITY_SIGNATURE_TYPE_NONE, FSVERITY_SIGNATURE_TYPE_PKCS7, FSVERITY_SIGNATURE_TYPE_RAW,
};

use openssl::sha::sha256;
use std::cmp::min;
use std::ffi::OsString;
use std::fs::File;
use std::io::{self, Read, Seek};
use std::mem::{size_of, zeroed};
use std::os::unix::fs::{FileExt, MetadataExt};
use std::path::{Path, PathBuf};
use std::slice::from_raw_parts_mut;

/// Offset of `descriptor` in `struct fsverity_metadatata_header`.
const DESCRIPTOR_OFFSET: usize = 4;

/// Structure for parsed metadata.
pub struct FSVerityMetadata {
    /// Header for the metadata.
    pub header: fsverity_metadata_header,

    /// fs-verity digest of the file, with hash algorithm defined in the fs-verity descriptor.
    pub digest: Vec<u8>,

    /// Optional signature for the metadata.
    pub signature: Option<Vec<u8>>,

    metadata_file: File,

    merkle_tree_offset: u64,
}

impl FSVerityMetadata {
    /// Read the raw Merkle tree from the metadata, if it exists. The API semantics is similar to a
    /// regular pread(2), and may not return full requested buffer.
    pub fn read_merkle_tree(&self, offset: u64, buf: &mut [u8]) -> io::Result<usize> {
        let file_size = self.metadata_file.metadata()?.size();
        let start = self.merkle_tree_offset + offset;
        let end = min(file_size, start + buf.len() as u64);
        let read_size = (end - start) as usize;
        debug_assert!(read_size <= buf.len());
        if read_size == 0 {
            Ok(0)
        } else {
            self.metadata_file.read_exact_at(&mut buf[..read_size], start)?;
            Ok(read_size)
        }
    }
}

/// Common block and page size in Linux.
pub const CHUNK_SIZE: u64 = authfs_fsverity_metadata_bindgen::CHUNK_SIZE;

/// Derive a path of metadata for a given path.
/// e.g. "system/framework/foo.jar" -> "system/framework/foo.jar.fsv_meta"
pub fn get_fsverity_metadata_path(path: &Path) -> PathBuf {
    let mut os_string: OsString = path.into();
    os_string.push(".fsv_meta");
    os_string.into()
}

/// Parse metadata from given file, and returns a structure for the metadata.
pub fn parse_fsverity_metadata(mut metadata_file: File) -> io::Result<Box<FSVerityMetadata>> {
    let (header, digest) = {
        // SAFETY: The header doesn't include any pointers.
        let mut header: fsverity_metadata_header = unsafe { zeroed() };

        // SAFETY: fsverity_metadata_header is packed, so reading/write from/to the back_buffer
        // won't overflow.
        let back_buffer = unsafe {
            from_raw_parts_mut(
                &mut header as *mut fsverity_metadata_header as *mut u8,
                size_of::<fsverity_metadata_header>(),
            )
        };
        metadata_file.read_exact(back_buffer)?;

        // Digest needs to be calculated with the raw value (without changing the endianness).
        let digest = match header.descriptor.hash_algorithm {
            FSVERITY_HASH_ALG_SHA256 => Ok(sha256(
                &back_buffer
                    [DESCRIPTOR_OFFSET..DESCRIPTOR_OFFSET + size_of::<fsverity_descriptor>()],
            )
            .to_vec()),
            alg => Err(io::Error::new(
                io::ErrorKind::Other,
                format!("Unsupported hash algorithm {}, continue (likely failing soon)", alg),
            )),
        }?;

        // TODO(inseob): This doesn't seem ideal. Maybe we can consider nom?
        header.version = u32::from_le(header.version);
        header.descriptor.data_size = u64::from_le(header.descriptor.data_size);
        header.signature_type = u32::from_le(header.signature_type);
        header.signature_size = u32::from_le(header.signature_size);
        (header, digest)
    };

    if header.version != 1 {
        return Err(io::Error::new(io::ErrorKind::Other, "unsupported metadata version"));
    }

    let signature = match header.signature_type {
        FSVERITY_SIGNATURE_TYPE_NONE => None,
        FSVERITY_SIGNATURE_TYPE_PKCS7 | FSVERITY_SIGNATURE_TYPE_RAW => {
            // TODO: unpad pkcs7?
            let mut buf = vec![0u8; header.signature_size as usize];
            metadata_file.read_exact(&mut buf)?;
            Some(buf)
        }
        _ => return Err(io::Error::new(io::ErrorKind::Other, "unknown signature type")),
    };

    // merkle tree is at the next 4K boundary
    let merkle_tree_offset =
        (metadata_file.stream_position()? + CHUNK_SIZE - 1) / CHUNK_SIZE * CHUNK_SIZE;

    Ok(Box::new(FSVerityMetadata { header, digest, signature, metadata_file, merkle_tree_offset }))
}