arc/data-snapshotd/file_utils.h - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2020 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef ARC_DATA_SNAPSHOTD_FILE_UTILS_H_
 #define ARC_DATA_SNAPSHOTD_FILE_UTILS_H_

 #include <string>
 #include <vector>

 #include <base/files/file_path.h>

 #include "proto/directory.pb.h"

 namespace crypto {

 class RSAPrivateKey;

 }  // namespace crypto

 namespace arc {
 namespace data_snapshotd {

 // Extracts all files and file info for all files from |dir| and fills in
 // |snapshot_directory| object, that should be non-nullptr.
 // Set |inode_verification_enabled| to false only for testing to disable the
 // inode integrity check for snapshot directories.
 // Returns true in case of success and false in case of any error.
 bool ReadSnapshotDirectory(const base::FilePath& dir,
                            SnapshotDirectory* snapshot_directory,
                            bool inode_verification_enabled = true);

 // Calculates SHA256 hash for serialized |dir|.
 // In case of any error returns empty hash.
 std::vector<uint8_t> CalculateDirectoryCryptographicHash(
     const SnapshotDirectory& dir);

 // Encodes and stores |public_key_info| on disk in |dir|/public_key_info file.
 // |dir| is an existing directory, where a prospective snapshot signed with
 // a corresponding private key will be stored.
 // Returns false in case of any error.
 bool StorePublicKey(const base::FilePath& dir,
                     const std::vector<uint8_t>& public_key_info);

 // Stores |userhash| on disk in |dir|/userhash file.
 // |dir| is an existing directory, where a prospective snapshot signed with
 // a corresponding private key will be stored.
 // Returns false in case of any error.
 bool StoreUserhash(const base::FilePath& dir, const std::string& userhash);

 // Calculates SHA256 hash for |dir| (excluding |dir|/hash file), signs it with
 // |private_key| and stores in |dir|/hash file.
 // Set |inode_verification_enabled| to false only for testing to disable the
 // inode integrity check for snapshot directories.
 // Returns false in case of any error.
 bool SignAndStoreHash(const base::FilePath& dir,
                       crypto::RSAPrivateKey* private_key,
                       bool inode_verification_enabled);

 // Verifies signed hash stored in a |dir|/hash file by public key stored in a
 // |dir|/public_key_info.
 // Verifies |expected_userhash| is equal to the userhash stored in
 // |dir|/userhash.
 // Verifies integrity of |dir|/public_key_info by sha256 hash
 // |expected_public_key_digest|.
 // Set |inode_verification_enabled| to false only for testing to disable the
 // inode integrity check for snapshot directories.
 // Returns false in case of any error.
 bool VerifyHash(const base::FilePath& dir,
                 const std::string& expected_userhash,
                 const std::string& expected_public_key_digest,
                 bool inode_verification_enabled);

 // Calculates SHA256 hash of |value| and encodes it.
 // Returns an empty string in case of any error.
 std::string CalculateEncodedSha256Digest(const std::vector<uint8_t>& value);

 // Copies the given path, all subdirectories and their contents as well.
 //
 // If there are files existing under to_path, always overwrite. Returns true
 // if successful, false otherwise. Wildcards on the names are not supported.
 //
 // This function uses base::CopyDirectory, but preserves file attributes, such
 // as modification_time.
 bool CopySnapshotDirectory(const base::FilePath& from,
                            const base::FilePath& to);

 }  // namespace data_snapshotd
 }  // namespace arc

 #endif  // ARC_DATA_SNAPSHOTD_FILE_UTILS_H_
	// Copyright 2020 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef ARC_DATA_SNAPSHOTD_FILE_UTILS_H_
	#define ARC_DATA_SNAPSHOTD_FILE_UTILS_H_

	#include <string>
	#include <vector>

	#include <base/files/file_path.h>

	#include "proto/directory.pb.h"

	namespace crypto {

	class RSAPrivateKey;

	} // namespace crypto

	namespace arc {
	namespace data_snapshotd {

	// Extracts all files and file info for all files from \|dir\| and fills in
	// \|snapshot_directory\| object, that should be non-nullptr.
	// Set \|inode_verification_enabled\| to false only for testing to disable the
	// inode integrity check for snapshot directories.
	// Returns true in case of success and false in case of any error.
	bool ReadSnapshotDirectory(const base::FilePath& dir,
	SnapshotDirectory* snapshot_directory,
	bool inode_verification_enabled = true);

	// Calculates SHA256 hash for serialized \|dir\|.
	// In case of any error returns empty hash.
	std::vector<uint8_t> CalculateDirectoryCryptographicHash(
	const SnapshotDirectory& dir);

	// Encodes and stores \|public_key_info\| on disk in \|dir\|/public_key_info file.
	// \|dir\| is an existing directory, where a prospective snapshot signed with
	// a corresponding private key will be stored.
	// Returns false in case of any error.
	bool StorePublicKey(const base::FilePath& dir,
	const std::vector<uint8_t>& public_key_info);

	// Stores \|userhash\| on disk in \|dir\|/userhash file.
	// \|dir\| is an existing directory, where a prospective snapshot signed with
	// a corresponding private key will be stored.
	// Returns false in case of any error.
	bool StoreUserhash(const base::FilePath& dir, const std::string& userhash);

	// Calculates SHA256 hash for \|dir\| (excluding \|dir\|/hash file), signs it with
	// \|private_key\| and stores in \|dir\|/hash file.
	// Set \|inode_verification_enabled\| to false only for testing to disable the
	// inode integrity check for snapshot directories.
	// Returns false in case of any error.
	bool SignAndStoreHash(const base::FilePath& dir,
	crypto::RSAPrivateKey* private_key,
	bool inode_verification_enabled);

	// Verifies signed hash stored in a \|dir\|/hash file by public key stored in a
	// \|dir\|/public_key_info.
	// Verifies \|expected_userhash\| is equal to the userhash stored in
	// \|dir\|/userhash.
	// Verifies integrity of \|dir\|/public_key_info by sha256 hash
	// \|expected_public_key_digest\|.
	// Set \|inode_verification_enabled\| to false only for testing to disable the
	// inode integrity check for snapshot directories.
	// Returns false in case of any error.
	bool VerifyHash(const base::FilePath& dir,
	const std::string& expected_userhash,
	const std::string& expected_public_key_digest,
	bool inode_verification_enabled);

	// Calculates SHA256 hash of \|value\| and encodes it.
	// Returns an empty string in case of any error.
	std::string CalculateEncodedSha256Digest(const std::vector<uint8_t>& value);

	// Copies the given path, all subdirectories and their contents as well.
	//
	// If there are files existing under to_path, always overwrite. Returns true
	// if successful, false otherwise. Wildcards on the names are not supported.
	//
	// This function uses base::CopyDirectory, but preserves file attributes, such
	// as modification_time.
	bool CopySnapshotDirectory(const base::FilePath& from,
	const base::FilePath& to);

	} // namespace data_snapshotd
	} // namespace arc

	#endif // ARC_DATA_SNAPSHOTD_FILE_UTILS_H_