1/* 2 * Copyright (C) 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <stdlib.h> 18#include <sys/ioctl.h> 19#include <sys/stat.h> 20 21#include <ext4_utils/ext4_sb.h> 22 23extern "C" { 24 #include <squashfs_utils.h> 25} 26 27#if defined(__linux__) 28 #include <linux/fs.h> 29#elif defined(__APPLE__) 30 #include <sys/disk.h> 31 #define BLKGETSIZE64 DKIOCGETBLOCKCOUNT 32 #define fdatasync(fd) fcntl((fd), F_FULLFSYNC) 33#endif 34 35#include "fec_private.h" 36 37/* used by `find_offset'; returns metadata size for a file size `size' and 38 `roots' Reed-Solomon parity bytes */ 39using size_func = uint64_t (*)(uint64_t size, int roots); 40 41/* performs a binary search to find a metadata offset from a file so that 42 the metadata size matches function `get_real_size(size, roots)', using 43 the approximate size returned by `get_appr_size' as a starting point */ 44static int find_offset(uint64_t file_size, int roots, uint64_t *offset, 45 size_func get_appr_size, size_func get_real_size) 46{ 47 check(offset); 48 check(get_appr_size); 49 check(get_real_size); 50 51 if (file_size % FEC_BLOCKSIZE) { 52 /* must be a multiple of block size */ 53 error("file size not multiple of " stringify(FEC_BLOCKSIZE)); 54 errno = EINVAL; 55 return -1; 56 } 57 58 uint64_t mi = get_appr_size(file_size, roots); 59 uint64_t lo = file_size - mi * 2; 60 uint64_t hi = file_size - mi / 2; 61 62 while (lo < hi) { 63 mi = ((hi + lo) / (2 * FEC_BLOCKSIZE)) * FEC_BLOCKSIZE; 64 uint64_t total = mi + get_real_size(mi, roots); 65 66 if (total < file_size) { 67 lo = mi + FEC_BLOCKSIZE; 68 } else if (total > file_size) { 69 hi = mi; 70 } else { 71 *offset = mi; 72 debug("file_size = %" PRIu64 " -> offset = %" PRIu64, file_size, 73 mi); 74 return 0; 75 } 76 } 77 78 warn("could not determine offset"); 79 errno = ERANGE; 80 return -1; 81} 82 83/* returns verity metadata size for a `size' byte file */ 84static uint64_t get_verity_size(uint64_t size, int) 85{ 86 return VERITY_METADATA_SIZE + verity_get_size(size, NULL, NULL); 87} 88 89/* computes the verity metadata offset for a file with size `f->size' */ 90static int find_verity_offset(fec_handle *f, uint64_t *offset) 91{ 92 check(f); 93 check(offset); 94 95 return find_offset(f->data_size, 0, offset, get_verity_size, 96 get_verity_size); 97} 98 99/* attempts to read and validate an ecc header from file position `offset' */ 100static int parse_ecc_header(fec_handle *f, uint64_t offset) 101{ 102 check(f); 103 check(f->ecc.rsn > 0 && f->ecc.rsn < FEC_RSM); 104 check(f->size > sizeof(fec_header)); 105 106 debug("offset = %" PRIu64, offset); 107 108 if (offset > f->size - sizeof(fec_header)) { 109 return -1; 110 } 111 112 fec_header header; 113 114 /* there's obviously no ecc data at this point, so there is no need to 115 call fec_pread to access this data */ 116 if (!raw_pread(f, &header, sizeof(fec_header), offset)) { 117 error("failed to read: %s", strerror(errno)); 118 return -1; 119 } 120 121 /* move offset back to the beginning of the block for validating header */ 122 offset -= offset % FEC_BLOCKSIZE; 123 124 if (header.magic != FEC_MAGIC) { 125 return -1; 126 } 127 if (header.version != FEC_VERSION) { 128 error("unsupported ecc version: %u", header.version); 129 return -1; 130 } 131 if (header.size != sizeof(fec_header)) { 132 error("unexpected ecc header size: %u", header.size); 133 return -1; 134 } 135 if (header.roots == 0 || header.roots >= FEC_RSM) { 136 error("invalid ecc roots: %u", header.roots); 137 return -1; 138 } 139 if (f->ecc.roots != (int)header.roots) { 140 error("unexpected number of roots: %d vs %u", f->ecc.roots, 141 header.roots); 142 return -1; 143 } 144 if (header.fec_size % header.roots || 145 header.fec_size % FEC_BLOCKSIZE) { 146 error("inconsistent ecc size %u", header.fec_size); 147 return -1; 148 } 149 150 f->data_size = header.inp_size; 151 f->ecc.blocks = fec_div_round_up(f->data_size, FEC_BLOCKSIZE); 152 f->ecc.rounds = fec_div_round_up(f->ecc.blocks, f->ecc.rsn); 153 154 if (header.fec_size != 155 (uint32_t)f->ecc.rounds * f->ecc.roots * FEC_BLOCKSIZE) { 156 error("inconsistent ecc size %u", header.fec_size); 157 return -1; 158 } 159 160 f->ecc.size = header.fec_size; 161 f->ecc.start = header.inp_size; 162 163 /* validate encoding data; caller may opt not to use it if invalid */ 164 SHA256_CTX ctx; 165 SHA256_Init(&ctx); 166 167 uint8_t buf[FEC_BLOCKSIZE]; 168 uint32_t n = 0; 169 uint32_t len = FEC_BLOCKSIZE; 170 171 while (n < f->ecc.size) { 172 if (len > f->ecc.size - n) { 173 len = f->ecc.size - n; 174 } 175 176 if (!raw_pread(f, buf, len, f->ecc.start + n)) { 177 error("failed to read ecc: %s", strerror(errno)); 178 return -1; 179 } 180 181 SHA256_Update(&ctx, buf, len); 182 n += len; 183 } 184 185 uint8_t hash[SHA256_DIGEST_LENGTH]; 186 SHA256_Final(hash, &ctx); 187 188 f->ecc.valid = !memcmp(hash, header.hash, SHA256_DIGEST_LENGTH); 189 190 if (!f->ecc.valid) { 191 warn("ecc data not valid"); 192 } 193 194 return 0; 195} 196 197/* attempts to read an ecc header from `offset', and checks for a backup copy 198 at the end of the block if the primary header is not valid */ 199static int parse_ecc(fec_handle *f, uint64_t offset) 200{ 201 check(f); 202 check(offset % FEC_BLOCKSIZE == 0); 203 check(offset < UINT64_MAX - FEC_BLOCKSIZE); 204 205 /* check the primary header at the beginning of the block */ 206 if (parse_ecc_header(f, offset) == 0) { 207 return 0; 208 } 209 210 /* check the backup header at the end of the block */ 211 if (parse_ecc_header(f, offset + FEC_BLOCKSIZE - sizeof(fec_header)) == 0) { 212 warn("using backup ecc header"); 213 return 0; 214 } 215 216 return -1; 217} 218 219/* reads the squashfs superblock and returns the size of the file system in 220 `offset' */ 221static int get_squashfs_size(fec_handle *f, uint64_t *offset) 222{ 223 check(f); 224 check(offset); 225 226 size_t sb_size = squashfs_get_sb_size(); 227 check(sb_size <= SSIZE_MAX); 228 229 uint8_t buffer[sb_size]; 230 231 if (fec_pread(f, buffer, sizeof(buffer), 0) != (ssize_t)sb_size) { 232 error("failed to read superblock: %s", strerror(errno)); 233 return -1; 234 } 235 236 squashfs_info sq; 237 238 if (squashfs_parse_sb_buffer(buffer, &sq) < 0) { 239 error("failed to parse superblock: %s", strerror(errno)); 240 return -1; 241 } 242 243 *offset = sq.bytes_used_4K_padded; 244 return 0; 245} 246 247/* reads the ext4 superblock and returns the size of the file system in 248 `offset' */ 249static int get_ext4_size(fec_handle *f, uint64_t *offset) 250{ 251 check(f); 252 check(f->size > 1024 + sizeof(ext4_super_block)); 253 check(offset); 254 255 ext4_super_block sb; 256 257 if (fec_pread(f, &sb, sizeof(sb), 1024) != sizeof(sb)) { 258 error("failed to read superblock: %s", strerror(errno)); 259 return -1; 260 } 261 262 fs_info info; 263 info.len = 0; /* only len is set to 0 to ask the device for real size. */ 264 265 if (ext4_parse_sb(&sb, &info) != 0) { 266 errno = EINVAL; 267 return -1; 268 } 269 270 *offset = info.len; 271 return 0; 272} 273 274/* attempts to determine file system size, if no fs type is specified in 275 `f->flags', tries all supported types, and returns the size in `offset' */ 276static int get_fs_size(fec_handle *f, uint64_t *offset) 277{ 278 check(f); 279 check(offset); 280 281 if (f->flags & FEC_FS_EXT4) { 282 return get_ext4_size(f, offset); 283 } else if (f->flags & FEC_FS_SQUASH) { 284 return get_squashfs_size(f, offset); 285 } else { 286 /* try all alternatives */ 287 int rc = get_ext4_size(f, offset); 288 289 if (rc == 0) { 290 debug("found ext4fs"); 291 return rc; 292 } 293 294 rc = get_squashfs_size(f, offset); 295 296 if (rc == 0) { 297 debug("found squashfs"); 298 } 299 300 return rc; 301 } 302} 303 304/* locates, validates, and loads verity metadata from `f->fd' */ 305static int load_verity(fec_handle *f) 306{ 307 check(f); 308 debug("size = %" PRIu64 ", flags = %d", f->data_size, f->flags); 309 310 uint64_t offset = f->data_size - VERITY_METADATA_SIZE; 311 312 /* verity header is at the end of the data area */ 313 if (verity_parse_header(f, offset) == 0) { 314 debug("found at %" PRIu64 " (start %" PRIu64 ")", offset, 315 f->verity.hash_start); 316 return 0; 317 } 318 319 debug("trying legacy formats"); 320 321 /* legacy format at the end of the partition */ 322 if (find_verity_offset(f, &offset) == 0 && 323 verity_parse_header(f, offset) == 0) { 324 debug("found at %" PRIu64 " (start %" PRIu64 ")", offset, 325 f->verity.hash_start); 326 return 0; 327 } 328 329 /* legacy format after the file system, but not at the end */ 330 int rc = get_fs_size(f, &offset); 331 332 if (rc == 0) { 333 debug("file system size = %" PRIu64, offset); 334 rc = verity_parse_header(f, offset); 335 336 if (rc == 0) { 337 debug("found at %" PRIu64 " (start %" PRIu64 ")", offset, 338 f->verity.hash_start); 339 } 340 } 341 342 return rc; 343} 344 345/* locates, validates, and loads ecc data from `f->fd' */ 346static int load_ecc(fec_handle *f) 347{ 348 check(f); 349 debug("size = %" PRIu64, f->data_size); 350 351 uint64_t offset = f->data_size - FEC_BLOCKSIZE; 352 353 if (parse_ecc(f, offset) == 0) { 354 debug("found at %" PRIu64 " (start %" PRIu64 ")", offset, 355 f->ecc.start); 356 return 0; 357 } 358 359 return -1; 360} 361 362/* sets `f->size' to the size of the file or block device */ 363static int get_size(fec_handle *f) 364{ 365 check(f); 366 367 struct stat st; 368 369 if (fstat(f->fd, &st) == -1) { 370 error("fstat failed: %s", strerror(errno)); 371 return -1; 372 } 373 374 if (S_ISBLK(st.st_mode)) { 375 debug("block device"); 376 377 if (ioctl(f->fd, BLKGETSIZE64, &f->size) == -1) { 378 error("ioctl failed: %s", strerror(errno)); 379 return -1; 380 } 381 } else if (S_ISREG(st.st_mode)) { 382 debug("file"); 383 f->size = st.st_size; 384 } else { 385 error("unsupported type %d", (int)st.st_mode); 386 errno = EACCES; 387 return -1; 388 } 389 390 return 0; 391} 392 393/* clears fec_handle fiels to safe values */ 394static void reset_handle(fec_handle *f) 395{ 396 f->fd = -1; 397 f->flags = 0; 398 f->mode = 0; 399 f->errors = 0; 400 f->data_size = 0; 401 f->pos = 0; 402 f->size = 0; 403 404 memset(&f->ecc, 0, sizeof(f->ecc)); 405 memset(&f->verity, 0, sizeof(f->verity)); 406} 407 408/* closes and flushes `f->fd' and releases any memory allocated for `f' */ 409int fec_close(struct fec_handle *f) 410{ 411 check(f); 412 413 if (f->fd != -1) { 414 if (f->mode & O_RDWR && fdatasync(f->fd) == -1) { 415 warn("fdatasync failed: %s", strerror(errno)); 416 } 417 418 TEMP_FAILURE_RETRY(close(f->fd)); 419 } 420 421 if (f->verity.hash) { 422 delete[] f->verity.hash; 423 } 424 if (f->verity.salt) { 425 delete[] f->verity.salt; 426 } 427 if (f->verity.table) { 428 delete[] f->verity.table; 429 } 430 431 pthread_mutex_destroy(&f->mutex); 432 433 reset_handle(f); 434 delete f; 435 436 return 0; 437} 438 439/* populates `data' from the internal data in `f', returns a value <0 if verity 440 metadata is not available in `f->fd' */ 441int fec_verity_get_metadata(struct fec_handle *f, struct fec_verity_metadata *data) 442{ 443 check(f); 444 check(data); 445 446 if (!f->verity.metadata_start) { 447 return -1; 448 } 449 450 check(f->data_size < f->size); 451 check(f->data_size <= f->verity.hash_start); 452 check(f->data_size <= f->verity.metadata_start); 453 check(f->verity.table); 454 455 data->disabled = f->verity.disabled; 456 data->data_size = f->data_size; 457 memcpy(data->signature, f->verity.header.signature, 458 sizeof(data->signature)); 459 memcpy(data->ecc_signature, f->verity.ecc_header.signature, 460 sizeof(data->ecc_signature)); 461 data->table = f->verity.table; 462 data->table_length = f->verity.header.length; 463 464 return 0; 465} 466 467/* populates `data' from the internal data in `f', returns a value <0 if ecc 468 metadata is not available in `f->fd' */ 469int fec_ecc_get_metadata(struct fec_handle *f, struct fec_ecc_metadata *data) 470{ 471 check(f); 472 check(data); 473 474 if (!f->ecc.start) { 475 return -1; 476 } 477 478 check(f->data_size < f->size); 479 check(f->ecc.start >= f->data_size); 480 check(f->ecc.start < f->size); 481 check(f->ecc.start % FEC_BLOCKSIZE == 0) 482 483 data->valid = f->ecc.valid; 484 data->roots = f->ecc.roots; 485 data->blocks = f->ecc.blocks; 486 data->rounds = f->ecc.rounds; 487 data->start = f->ecc.start; 488 489 return 0; 490} 491 492/* populates `data' from the internal status in `f' */ 493int fec_get_status(struct fec_handle *f, struct fec_status *s) 494{ 495 check(f); 496 check(s); 497 498 s->flags = f->flags; 499 s->mode = f->mode; 500 s->errors = f->errors; 501 s->data_size = f->data_size; 502 s->size = f->size; 503 504 return 0; 505} 506 507/* opens `path' using given options and returns a fec_handle in `handle' if 508 successful */ 509int fec_open(struct fec_handle **handle, const char *path, int mode, int flags, 510 int roots) 511{ 512 check(path); 513 check(handle); 514 check(roots > 0 && roots < FEC_RSM); 515 516 debug("path = %s, mode = %d, flags = %d, roots = %d", path, mode, flags, 517 roots); 518 519 if (mode & (O_CREAT | O_TRUNC | O_EXCL | O_WRONLY)) { 520 /* only reading and updating existing files is supported */ 521 error("failed to open '%s': (unsupported mode %d)", path, mode); 522 errno = EACCES; 523 return -1; 524 } 525 526 fec::handle f(new (std::nothrow) fec_handle, fec_close); 527 528 if (unlikely(!f)) { 529 error("failed to allocate file handle"); 530 errno = ENOMEM; 531 return -1; 532 } 533 534 reset_handle(f.get()); 535 536 f->mode = mode; 537 f->ecc.roots = roots; 538 f->ecc.rsn = FEC_RSM - roots; 539 f->flags = flags; 540 541 if (unlikely(pthread_mutex_init(&f->mutex, NULL) != 0)) { 542 error("failed to create a mutex: %s", strerror(errno)); 543 return -1; 544 } 545 546 f->fd = TEMP_FAILURE_RETRY(open(path, mode | O_CLOEXEC)); 547 548 if (f->fd == -1) { 549 error("failed to open '%s': %s", path, strerror(errno)); 550 return -1; 551 } 552 553 if (get_size(f.get()) == -1) { 554 error("failed to get size for '%s': %s", path, strerror(errno)); 555 return -1; 556 } 557 558 f->data_size = f->size; /* until ecc and/or verity are loaded */ 559 560 if (load_ecc(f.get()) == -1) { 561 debug("error-correcting codes not found from '%s'", path); 562 } 563 564 if (load_verity(f.get()) == -1) { 565 debug("verity metadata not found from '%s'", path); 566 } 567 568 *handle = f.release(); 569 return 0; 570} 571