Victor Hsieh | dde1790 | 2021-02-26 12:35:31 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2021 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | use std::io; |
| 18 | |
| 19 | use thiserror::Error; |
| 20 | |
| 21 | use super::sys::{FS_VERITY_HASH_ALG_SHA256, FS_VERITY_LOG_BLOCKSIZE, FS_VERITY_VERSION}; |
| 22 | use crate::common::{divide_roundup, CHUNK_SIZE}; |
| 23 | use crate::crypto::{CryptoError, Sha256Hash, Sha256Hasher}; |
| 24 | |
| 25 | #[derive(Error, Debug)] |
| 26 | pub enum FsverityError { |
| 27 | #[error("Cannot verify a signature")] |
| 28 | BadSignature, |
| 29 | #[error("Insufficient data, only got {0}")] |
| 30 | InsufficientData(usize), |
| 31 | #[error("Cannot verify a block")] |
| 32 | CannotVerify, |
| 33 | #[error("I/O error")] |
| 34 | Io(#[from] io::Error), |
| 35 | #[error("Crypto")] |
| 36 | UnexpectedCryptoError(#[from] CryptoError), |
| 37 | #[error("Invalid state")] |
| 38 | InvalidState, |
| 39 | } |
| 40 | |
| 41 | fn log128_ceil(num: u64) -> Option<u64> { |
| 42 | match num { |
| 43 | 0 => None, |
| 44 | n => Some(divide_roundup(64 - (n - 1).leading_zeros() as u64, 7)), |
| 45 | } |
| 46 | } |
| 47 | |
| 48 | /// Return the Merkle tree height for our tree configuration, or None if the size is 0. |
| 49 | pub fn merkle_tree_height(data_size: u64) -> Option<u64> { |
| 50 | let hashes_per_node = CHUNK_SIZE / Sha256Hasher::HASH_SIZE as u64; |
| 51 | let hash_pages = divide_roundup(data_size, hashes_per_node * CHUNK_SIZE); |
| 52 | log128_ceil(hash_pages) |
| 53 | } |
| 54 | |
Victor Hsieh | 35dfa1e | 2022-01-12 17:03:35 -0800 | [diff] [blame^] | 55 | /// Returns the size of Merkle tree for `data_size` bytes amount of data. |
| 56 | pub fn merkle_tree_size(mut data_size: u64) -> u64 { |
| 57 | let mut total = 0; |
| 58 | while data_size > CHUNK_SIZE { |
| 59 | let hash_size = divide_roundup(data_size, CHUNK_SIZE) * Sha256Hasher::HASH_SIZE as u64; |
| 60 | let hash_storage_size = divide_roundup(hash_size, CHUNK_SIZE) * CHUNK_SIZE; |
| 61 | total += hash_storage_size; |
| 62 | data_size = hash_storage_size; |
| 63 | } |
| 64 | total |
| 65 | } |
| 66 | |
Victor Hsieh | dde1790 | 2021-02-26 12:35:31 -0800 | [diff] [blame] | 67 | pub fn build_fsverity_digest( |
| 68 | root_hash: &Sha256Hash, |
| 69 | file_size: u64, |
| 70 | ) -> Result<Sha256Hash, CryptoError> { |
| 71 | // Little-endian byte representation of fsverity_descriptor from linux/fsverity.h |
| 72 | // Not FFI-ed as it seems easier to deal with the raw bytes manually. |
| 73 | Sha256Hasher::new()? |
| 74 | .update(&FS_VERITY_VERSION.to_le_bytes())? // version |
| 75 | .update(&FS_VERITY_HASH_ALG_SHA256.to_le_bytes())? // hash_algorithm |
| 76 | .update(&FS_VERITY_LOG_BLOCKSIZE.to_le_bytes())? // log_blocksize |
| 77 | .update(&0u8.to_le_bytes())? // salt_size |
| 78 | .update(&0u32.to_le_bytes())? // sig_size |
| 79 | .update(&file_size.to_le_bytes())? // data_size |
| 80 | .update(root_hash)? // root_hash, first 32 bytes |
| 81 | .update(&[0u8; 32])? // root_hash, last 32 bytes, always 0 because we are using sha256. |
| 82 | .update(&[0u8; 32])? // salt |
| 83 | .update(&[0u8; 32])? // reserved |
| 84 | .update(&[0u8; 32])? // reserved |
| 85 | .update(&[0u8; 32])? // reserved |
| 86 | .update(&[0u8; 32])? // reserved |
| 87 | .update(&[0u8; 16])? // reserved |
| 88 | .finalize() |
| 89 | } |
Victor Hsieh | 35dfa1e | 2022-01-12 17:03:35 -0800 | [diff] [blame^] | 90 | |
| 91 | #[cfg(test)] |
| 92 | mod tests { |
| 93 | use super::*; |
| 94 | |
| 95 | #[test] |
| 96 | fn test_merkle_tree_size() { |
| 97 | // To produce groundtruth: |
| 98 | // dd if=/dev/zero of=zeros bs=1 count=524289 && \ |
| 99 | // fsverity digest --out-merkle-tree=tree zeros && \ |
| 100 | // du -b tree |
| 101 | assert_eq!(merkle_tree_size(0), 0); |
| 102 | assert_eq!(merkle_tree_size(1), 0); |
| 103 | assert_eq!(merkle_tree_size(4096), 0); |
| 104 | assert_eq!(merkle_tree_size(4097), 4096); |
| 105 | assert_eq!(merkle_tree_size(524288), 4096); |
| 106 | assert_eq!(merkle_tree_size(524289), 12288); |
| 107 | } |
| 108 | } |