| From 892e42a06f570fdb0c968f645d131ba26b5e5a22 Mon Sep 17 00:00:00 2001 |
| From: Meena Shanmugam <meenashanmugam@google.com> |
| Date: Mon, 10 Oct 2022 00:32:50 +0000 |
| Subject: [PATCH] LAKITU:verity: Add support to print new and old dm-verity |
| format. |
| |
| Current verity tool returns old dm-verity format. COS plan to use the |
| new dm verity format in the upcoming release. Added a version option to |
| specify the dm verity format. If no option is given, it returns old |
| format by default. Once the patch is upstreamed and SDK tool is updated |
| with this option, this patch can be removed. |
| |
| Change-Id: If21c2d164c1cd0bede24d551e32ae71b8293eead |
| --- |
| verity/file_hasher.cc | 54 +++++++++++++++++++++++++++++++------------ |
| verity/file_hasher.h | 4 ++-- |
| verity/verity_main.cc | 21 +++++++++++++---- |
| 3 files changed, 57 insertions(+), 22 deletions(-) |
| |
| diff --git a/verity/file_hasher.cc b/verity/file_hasher.cc |
| index fae04f817c..25ea3a3b3f 100644 |
| --- a/verity/file_hasher.cc |
| +++ b/verity/file_hasher.cc |
| @@ -146,7 +146,8 @@ const char* FileHasher::RandomSalt() { |
| return random_salt_; |
| } |
| |
| -std::string FileHasher::GetTable(bool colocated) { |
| +std::string FileHasher::GetTable(bool colocated, |
| + unsigned int version) { |
| // Grab the digest (up to 1kbit supported) |
| uint8_t digest[128]; |
| char hexsalt[DM_BHT_SALT_SIZE * 2 + 1]; |
| @@ -161,24 +162,47 @@ std::string FileHasher::GetTable(bool colocated) { |
| if (colocated) |
| hash_start = root_end; |
| |
| - std::vector<std::string> parts = { |
| - "0", |
| - base::NumberToString(root_end), |
| - "verity", |
| - "payload=ROOT_DEV", |
| - "hashtree=HASH_DEV", |
| - "hashstart=" + base::NumberToString(hash_start), |
| - "alg=" + std::string(alg_), |
| - "root_hexdigest=" + std::string(reinterpret_cast<char*>(digest)), |
| - }; |
| - if (have_salt) |
| - parts.push_back("salt=" + std::string(hexsalt)); |
| + std::vector<std::string> parts; |
| + if (version == 1) { |
| + parts = { |
| + "0", |
| + base::NumberToString(root_end), |
| + "verity", |
| + "0", |
| + "ROOT_DEV", |
| + "HASH_DEV", |
| + "4096", |
| + "4096", |
| + base::NumberToString(hash_start>>3), |
| + base::NumberToString(hash_start>>3), |
| + std::string(alg_), |
| + std::string(reinterpret_cast<char*>(digest)), |
| + }; |
| + if (have_salt) { |
| + parts.push_back(std::string(hexsalt)); |
| + } |
| + } else { |
| + parts = { |
| + "0", |
| + base::NumberToString(root_end), |
| + "verity", |
| + "payload=ROOT_DEV", |
| + "hashtree=HASH_DEV", |
| + "hashstart=" + base::NumberToString(hash_start), |
| + "alg=" + std::string(alg_), |
| + "root_hexdigest=" + std::string(reinterpret_cast<char*>(digest)), |
| + }; |
| + if (have_salt) { |
| + parts.push_back("salt=" + std::string(hexsalt)); |
| + } |
| + } |
| |
| return base::JoinString(parts, " "); |
| } |
| |
| -void FileHasher::PrintTable(bool colocated) { |
| - printf("%s\n", GetTable(colocated).c_str()); |
| +void FileHasher::PrintTable(bool colocated, |
| + unsigned int version) { |
| + printf("%s\n", GetTable(colocated, version).c_str()); |
| } |
| |
| } // namespace verity |
| diff --git a/verity/file_hasher.h b/verity/file_hasher.h |
| index 1549555f4e..d5151b6219 100644 |
| --- a/verity/file_hasher.h |
| +++ b/verity/file_hasher.h |
| @@ -40,8 +40,8 @@ class BRILLO_EXPORT FileHasher { |
| virtual bool Hash(); |
| virtual bool Store(); |
| // Print a table to stdout which contains a dmsetup compatible format |
| - virtual void PrintTable(bool colocated); |
| - virtual std::string GetTable(bool colocated); |
| + virtual void PrintTable(bool colocated, unsigned int version); |
| + virtual std::string GetTable(bool colocated, unsigned int version); |
| |
| virtual const char* RandomSalt(); |
| virtual void set_salt(const char* salt); |
| diff --git a/verity/verity_main.cc b/verity/verity_main.cc |
| index 16d9aead65..934af23d6c 100644 |
| --- a/verity/verity_main.cc |
| +++ b/verity/verity_main.cc |
| @@ -31,6 +31,7 @@ void print_usage(const char* name) { |
| " hashtree Path to a hash tree to create or read from\n" |
| " root_hexdigest Digest of the root node (in hex) for verification\n" |
| " salt Salt (in hex)\n" |
| + " version one of 0 or 1\n" |
| "\n", |
| name); |
| } |
| @@ -46,7 +47,8 @@ static int verity_create(const char* alg, |
| const char* image_path, |
| unsigned int image_blocks, |
| const char* hash_path, |
| - const char* salt); |
| + const char* salt, |
| + unsigned int version); |
| |
| void splitarg(char* arg, char** key, char** val) { |
| char* sp = NULL; |
| @@ -61,6 +63,7 @@ int main(int argc, char** argv) { |
| const char* hashtree = NULL; |
| const char* salt = NULL; |
| unsigned int payload_blocks = 0; |
| + unsigned int version = 0; |
| int i; |
| char *key, *val; |
| |
| @@ -87,7 +90,14 @@ int main(int argc, char** argv) { |
| // Silently drop the mode for now... |
| } else if (!strcmp(key, "salt")) { |
| salt = val; |
| - } else { |
| + } else if (!strcmp(key, "version")) { |
| + version = (unsigned int)strtoul(val, NULL, 0); |
| + if (version > 1) { |
| + fprintf(stderr, "version should be either 0 or 1\n"); |
| + print_usage(argv[0]); |
| + return -1; |
| + } |
| + } else { |
| fprintf(stderr, "bogus key: '%s'\n", key); |
| print_usage(argv[0]); |
| return -1; |
| @@ -102,7 +112,7 @@ int main(int argc, char** argv) { |
| } |
| |
| if (mode == VERITY_CREATE) { |
| - return verity_create(alg, payload, payload_blocks, hashtree, salt); |
| + return verity_create(alg, payload, payload_blocks, hashtree, salt, version); |
| } else { |
| LOG(FATAL) << "Verification not done yet"; |
| } |
| @@ -113,7 +123,8 @@ static int verity_create(const char* alg, |
| const char* image_path, |
| unsigned int image_blocks, |
| const char* hash_path, |
| - const char* salt) { |
| + const char* salt, |
| + unsigned int version) { |
| auto source = std::make_unique<base::File>( |
| base::FilePath(image_path), |
| base::File::FLAG_OPEN | base::File::FLAG_READ); |
| @@ -133,6 +144,6 @@ static int verity_create(const char* alg, |
| hasher.set_salt(salt); |
| LOG_IF(FATAL, !hasher.Hash()) << "Failed to hash hasher"; |
| LOG_IF(FATAL, !hasher.Store()) << "Failed to store hasher"; |
| - hasher.PrintTable(true); |
| + hasher.PrintTable(true, version); |
| return 0; |
| } |
| -- |
| 2.38.0.413.g74048e4d9e-goog |
| |