diff options
author | Geremy Condra <gcondra@google.com> | 2013-10-21 20:34:13 +0000 |
---|---|---|
committer | Geremy Condra <gcondra@google.com> | 2013-10-21 18:22:37 -0700 |
commit | 649fd550341328077e403dd2b2024a9958ae2652 (patch) | |
tree | 88887d9b7bc9273195d8d849d74493a0f5438bfb /verity | |
parent | be349fd67b83f64a14ee21d1a1ac70d049d53df2 (diff) | |
download | extras-649fd550341328077e403dd2b2024a9958ae2652.tar.gz |
Revert "Temporary revert to fix the build."
This reverts commit d1cda72457fed396942ae58f689ce84de7af3e9e.
Additionally changes libcrypto to libcrypto-host.
Change-Id: I8e57c31f904fae0113a514c26a78711e15782216
Diffstat (limited to 'verity')
-rw-r--r-- | verity/Android.mk | 50 | ||||
-rw-r--r-- | verity/VeritySigner.java | 79 | ||||
-rw-r--r-- | verity/VeritySigner.mf | 1 | ||||
-rwxr-xr-x | verity/build_verity_metadata.py | 78 | ||||
-rwxr-xr-x | verity/build_verity_tree.py | 87 | ||||
-rw-r--r-- | verity/generate_verity_key.c | 165 | ||||
-rw-r--r-- | verity/syspatch.c | 61 | ||||
-rwxr-xr-x | verity/verity_signer | 8 |
8 files changed, 529 insertions, 0 deletions
diff --git a/verity/Android.mk b/verity/Android.mk new file mode 100644 index 00000000..68fe0ef9 --- /dev/null +++ b/verity/Android.mk @@ -0,0 +1,50 @@ +LOCAL_PATH:= $(call my-dir) + +include $(CLEAR_VARS) +LOCAL_MODULE := generate_verity_key +LOCAL_SRC_FILES := generate_verity_key.c +LOCAL_MODULE_CLASS := EXECUTABLES +LOCAL_MODULE_TAGS := optional +LOCAL_SHARED_LIBRARIES := libcrypto-host +LOCAL_C_INCLUDES += external/openssl/include +include $(BUILD_HOST_EXECUTABLE) + +#include $(CLEAR_VARS) +#LOCAL_MODULE := generate_block_patch +#LOCAL_SRC_FILES := generate_block_patch.c +#LOCAL_MODULE_CLASS := EXECUTABLES +#LOCAL_MODULE_TAGS := optional +#LOCAL_SHARED_LIBRARIES := libminibsdiff +#include $(BUILD_HOST_EXECUTABLE) + +include $(CLEAR_VARS) +LOCAL_SRC_FILES := VeritySigner.java +LOCAL_MODULE := VeritySigner +LOCAL_JAR_MANIFEST := VeritySigner.mf +LOCAL_MODULE_TAGS := optional +include $(BUILD_HOST_JAVA_LIBRARY) + +include $(CLEAR_VARS) +LOCAL_SRC_FILES := verity_signer +LOCAL_MODULE := verity_signer +LOCAL_MODULE_CLASS := EXECUTABLES +LOCAL_IS_HOST_MODULE := true +LOCAL_MODULE_TAGS := optional +include $(BUILD_PREBUILT) + +include $(CLEAR_VARS) +LOCAL_MODULE := build_verity_tree.py +LOCAL_MODULE_CLASS := EXECUTABLES +LOCAL_SRC_FILES := build_verity_tree.py +LOCAL_MODULE_CLASS := EXECUTABLES +LOCAL_IS_HOST_MODULE := true +LOCAL_MODULE_TAGS := optional +include $(BUILD_PREBUILT) + +include $(CLEAR_VARS) +LOCAL_MODULE := build_verity_metadata.py +LOCAL_MODULE_CLASS := EXECUTABLES +LOCAL_SRC_FILES := build_verity_metadata.py +LOCAL_IS_HOST_MODULE := true +LOCAL_MODULE_TAGS := optional +include $(BUILD_PREBUILT) diff --git a/verity/VeritySigner.java b/verity/VeritySigner.java new file mode 100644 index 00000000..f1d95c82 --- /dev/null +++ b/verity/VeritySigner.java @@ -0,0 +1,79 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.verity; + +import sun.misc.BASE64Decoder; +import sun.misc.BASE64Encoder; +import java.io.DataInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.InputStream; +import java.security.KeyFactory; +import java.security.PrivateKey; +import java.security.Signature; +import java.security.spec.PKCS8EncodedKeySpec; + +class VeritySigner { + + private static byte[] sign(PrivateKey privateKey, byte[] input) throws Exception { + Signature signer = Signature.getInstance("SHA1withRSA"); + signer.initSign(privateKey); + signer.update(input); + return signer.sign(); + } + + private static PKCS8EncodedKeySpec pemToDer(String pem) throws Exception { + pem = pem.replaceAll("^-.*", ""); + String base64_der = pem.replaceAll("-.*$", ""); + BASE64Decoder decoder = new BASE64Decoder(); + byte[] der = decoder.decodeBuffer(base64_der); + return new PKCS8EncodedKeySpec(der); + } + + private static PrivateKey loadPrivateKey(String pem) throws Exception { + PKCS8EncodedKeySpec keySpec = pemToDer(pem); + KeyFactory keyFactory = KeyFactory.getInstance("RSA"); + return (PrivateKey) keyFactory.generatePrivate(keySpec); + } + + private static byte[] read(String path) throws Exception { + File contentFile = new File(path); + byte[] content = new byte[(int)contentFile.length()]; + FileInputStream fis = new FileInputStream(contentFile); + fis.read(content); + fis.close(); + return content; + } + + private static void writeOutput(String path, byte[] output) throws Exception { + FileOutputStream fos = new FileOutputStream(path); + fos.write(output); + fos.close(); + } + + // USAGE: + // VeritySigner <contentfile> <key.pem> <sigfile> + // To verify that this has correct output: + // openssl rsautl -raw -inkey <key.pem> -encrypt -in <sigfile> > /tmp/dump + public static void main(String[] args) throws Exception { + byte[] content = read(args[0]); + PrivateKey privateKey = loadPrivateKey(new String(read(args[1]))); + byte[] signature = sign(privateKey, content); + writeOutput(args[2], signature); + } +} diff --git a/verity/VeritySigner.mf b/verity/VeritySigner.mf new file mode 100644 index 00000000..b36c1982 --- /dev/null +++ b/verity/VeritySigner.mf @@ -0,0 +1 @@ +Main-Class: com.android.verity.VeritySigner diff --git a/verity/build_verity_metadata.py b/verity/build_verity_metadata.py new file mode 100755 index 00000000..547e6060 --- /dev/null +++ b/verity/build_verity_metadata.py @@ -0,0 +1,78 @@ +#! /usr/bin/env python + +import os +import sys +import struct +import tempfile +import commands + +VERSION = 0 +MAGIC_NUMBER = 0xb001b001 +BLOCK_SIZE = 4096 +METADATA_SIZE = BLOCK_SIZE * 8 + +def run(cmd): + status, output = commands.getstatusoutput(cmd) + print output + if status: + exit(-1) + +def get_verity_metadata_size(data_size): + return METADATA_SIZE + +def build_metadata_block(verity_table, signature): + table_len = len(verity_table) + block = struct.pack("II256sI", MAGIC_NUMBER, VERSION, signature, table_len) + block += verity_table + block = block.ljust(METADATA_SIZE, '\x00') + return block + +def sign_verity_table(table, signer_path, key_path): + with tempfile.NamedTemporaryFile(suffix='.table') as table_file: + with tempfile.NamedTemporaryFile(suffix='.sig') as signature_file: + table_file.write(table) + table_file.flush() + cmd = " ".join((signer_path, table_file.name, key_path, signature_file.name)) + print cmd + run(cmd) + return signature_file.read() + +def build_verity_table(block_device, data_blocks, root_hash, salt): + table = "1 %s %s %s %s %s %s sha256 %s %s" + table %= ( block_device, + block_device, + BLOCK_SIZE, + BLOCK_SIZE, + data_blocks, + data_blocks + (METADATA_SIZE / BLOCK_SIZE), + root_hash, + salt) + return table + +def build_verity_metadata(data_blocks, metadata_image, root_hash, + salt, block_device, signer_path, signing_key): + # build the verity table + verity_table = build_verity_table(block_device, data_blocks, root_hash, salt) + # build the verity table signature + signature = sign_verity_table(verity_table, signer_path, signing_key) + # build the metadata block + metadata_block = build_metadata_block(verity_table, signature) + # write it to the outfile + with open(metadata_image, "wb") as f: + f.write(metadata_block) + +if __name__ == "__main__": + if len(sys.argv) == 3 and sys.argv[1] == "-s": + print get_verity_metadata_size(int(sys.argv[2])) + elif len(sys.argv) == 8: + data_image_blocks = int(sys.argv[1]) / 4096 + metadata_image = sys.argv[2] + root_hash = sys.argv[3] + salt = sys.argv[4] + block_device = sys.argv[5] + signer_path = sys.argv[6] + signing_key = sys.argv[7] + build_verity_metadata(data_image_blocks, metadata_image, root_hash, + salt, block_device, signer_path, signing_key) + else: + exit(-1) diff --git a/verity/build_verity_tree.py b/verity/build_verity_tree.py new file mode 100755 index 00000000..970d8c01 --- /dev/null +++ b/verity/build_verity_tree.py @@ -0,0 +1,87 @@ +#! /usr/bin/env python + +import os +import sys +import math +import hashlib +import binascii + +HASH_FUNCTION = "SHA256" +HASH_FUNCTION_SIZE = 32 +BLOCK_SIZE = 4096 +HASHES_PER_BLOCK = BLOCK_SIZE / HASH_FUNCTION_SIZE + +def generate_salt(): + return os.urandom(HASH_FUNCTION_SIZE) + +def get_hash_image_blocks(data_image_size): + data_image_blocks = data_image_size / BLOCK_SIZE + return data_image_blocks / (HASH_FUNCTION_SIZE * 2) + +def get_hash_image_size(data_image_size): + return get_hash_image_blocks(data_image_size) * BLOCK_SIZE + +def blockify(data): + blocks = [] + for i in range(0, len(data), BLOCK_SIZE): + chunk = data[i:i+BLOCK_SIZE] + blocks.append(chunk) + return blocks + +def read_blocks(image_path): + image = open(image_path, "rb").read() + return blockify(image) + +def hash_block(data, salt): + hasher = hashlib.new(HASH_FUNCTION) + hasher.update(salt) + hasher.update(data) + return hasher.digest() + +def block_align(level): + pad_size = (BLOCK_SIZE - (len(level) % BLOCK_SIZE)) % BLOCK_SIZE + pad = '\x00' * pad_size + return level + pad + +def generate_hashes(data_blocks, salt): + levels = [] + root_hash = '' + while True: + hashes = [hash_block(b, salt) for b in data_blocks] + if len(hashes) == 1: + root_hash = hashes[0] + break + else: + level = ''.join(hashes) + level = block_align(level) + levels.insert(0, level) + data_blocks = blockify(level) + return root_hash, ''.join(levels) + +def write_hashes(hashes, hash_image, hash_image_size): + hashes = hashes.ljust(hash_image_size, '\x00') + with open(hash_image, 'wb+') as hash_file: + hash_file.write(hashes) + +def generate_hash_image(data_image, hash_image, hash_image_size, salt): + blocks = read_blocks(data_image) + root_hash, hashes = generate_hashes(blocks, salt) + write_hashes(hashes, hash_image, hash_image_size) + return root_hash + +def build_verity_tree(data_image, hash_image, data_image_size): + salt = generate_salt() + hash_image_size = get_hash_image_size(data_image_size) + root_hash = generate_hash_image(data_image, hash_image, hash_image_size, salt) + print binascii.hexlify(root_hash), binascii.hexlify(salt) + +if __name__ == "__main__": + if len(sys.argv) == 3 and sys.argv[1] == "-s": + print get_hash_image_size(int(sys.argv[2])) + elif len(sys.argv) == 4: + data_image = sys.argv[1] + hash_image = sys.argv[2] + data_image_size = int(sys.argv[3]) + build_verity_tree(data_image, hash_image, data_image_size) + else: + exit(-1) diff --git a/verity/generate_verity_key.c b/verity/generate_verity_key.c new file mode 100644 index 00000000..7414af58 --- /dev/null +++ b/verity/generate_verity_key.c @@ -0,0 +1,165 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <stdio.h> +#include <string.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> + +/* HACK: we need the RSAPublicKey struct + * but RSA_verify conflits with openssl */ +#define RSA_verify RSA_verify_mincrypt +#include "mincrypt/rsa.h" +#undef RSA_verify + +#include <openssl/evp.h> +#include <openssl/objects.h> +#include <openssl/pem.h> +#include <openssl/rsa.h> +#include <openssl/sha.h> + +// Convert OpenSSL RSA private key to android pre-computed RSAPublicKey format. +// Lifted from secure adb's mincrypt key generation. +static int convert_to_mincrypt_format(RSA *rsa, RSAPublicKey *pkey) +{ + int ret = -1; + unsigned int i; + + if (RSA_size(rsa) != RSANUMBYTES) + goto out; + + BN_CTX* ctx = BN_CTX_new(); + BIGNUM* r32 = BN_new(); + BIGNUM* rr = BN_new(); + BIGNUM* r = BN_new(); + BIGNUM* rem = BN_new(); + BIGNUM* n = BN_new(); + BIGNUM* n0inv = BN_new(); + + BN_set_bit(r32, 32); + BN_copy(n, rsa->n); + BN_set_bit(r, RSANUMWORDS * 32); + BN_mod_sqr(rr, r, n, ctx); + BN_div(NULL, rem, n, r32, ctx); + BN_mod_inverse(n0inv, rem, r32, ctx); + + pkey->len = RSANUMWORDS; + pkey->n0inv = 0 - BN_get_word(n0inv); + for (i = 0; i < RSANUMWORDS; i++) { + BN_div(rr, rem, rr, r32, ctx); + pkey->rr[i] = BN_get_word(rem); + BN_div(n, rem, n, r32, ctx); + pkey->n[i] = BN_get_word(rem); + } + pkey->exponent = BN_get_word(rsa->e); + + ret = 0; + + BN_free(n0inv); + BN_free(n); + BN_free(rem); + BN_free(r); + BN_free(rr); + BN_free(r32); + BN_CTX_free(ctx); + +out: + return ret; +} + +static int write_public_keyfile(RSA *private_key, const char *private_key_path) +{ + RSAPublicKey pkey; + BIO *bfile = NULL; + char *path = NULL; + int ret = -1; + + if (asprintf(&path, "%s.pub", private_key_path) < 0) + goto out; + + if (convert_to_mincrypt_format(private_key, &pkey) < 0) + goto out; + + bfile = BIO_new_file(path, "w"); + if (!bfile) + goto out; + + BIO_write(bfile, &pkey, sizeof(pkey)); + BIO_flush(bfile); + + ret = 0; +out: + BIO_free_all(bfile); + free(path); + return ret; +} + +static int generate_key(const char *file) +{ + int ret = -1; + FILE *f = NULL; + RSA* rsa = RSA_new(); + BIGNUM* exponent = BN_new(); + EVP_PKEY* pkey = EVP_PKEY_new(); + + if (!pkey || !exponent || !rsa) { + printf("Failed to allocate key\n"); + goto out; + } + + BN_set_word(exponent, RSA_F4); + RSA_generate_key_ex(rsa, 2048, exponent, NULL); + EVP_PKEY_set1_RSA(pkey, rsa); + + f = fopen(file, "w"); + if (!f) { + printf("Failed to open '%s'\n", file); + goto out; + } + + if (!PEM_write_PrivateKey(f, pkey, NULL, NULL, 0, NULL, NULL)) { + printf("Failed to write key\n"); + goto out; + } + + if (write_public_keyfile(rsa, file) < 0) { + printf("Failed to write public key\n"); + goto out; + } + + ret = 0; + +out: + if (f) + fclose(f); + EVP_PKEY_free(pkey); + RSA_free(rsa); + BN_free(exponent); + return ret; +} + +static void usage(){ + printf("Usage: generate_verity_key <path-to-key>"); +} + +int main(int argc, char *argv[]) { + if (argc != 2) { + usage(); + exit(-1); + } + return generate_key(argv[1]); +}
\ No newline at end of file diff --git a/verity/syspatch.c b/verity/syspatch.c new file mode 100644 index 00000000..7e3909de --- /dev/null +++ b/verity/syspatch.c @@ -0,0 +1,61 @@ +/* + * Copyright (C) 2013 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <errno.h> +#include <fcntl.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include "LzmaDec.h" + +void usage() +{ + fprintf(stderr, "Usage: syspatch <patch> <target>\n"); +} + +int main(int argc, char *argv[]) +{ + char *patch_path; + char *target_path; + + int patch_fd; + int target_fd; + + if (argc == 3) { + patch_path = argv[1]; + target_path = argv[2]; + } else { + usage(); + exit(-1); + } + + patch_fd = open(patch_path, O_RDONLY); + if (patch_fd < 0) { + fprintf(stderr, "Couldn't open patch file (%s)\n", strerror(errno)); + exit(-1); + } + + target_fd = open(target_path, O_RDWR); + if (target_fd < 0) { + fprintf(stderr, "Couldn't open target file (%s)\n", strerror(errno)); + exit(-1); + } + + close(patch_fd); + close(target_fd); + exit(0); +} diff --git a/verity/verity_signer b/verity/verity_signer new file mode 100755 index 00000000..a4f337ae --- /dev/null +++ b/verity/verity_signer @@ -0,0 +1,8 @@ +#! /bin/sh + +# Start-up script for VeritySigner + +VERITYSIGNER_HOME=`dirname "$0"` +VERITYSIGNER_HOME=`dirname "$VERITYSIGNER_HOME"` + +java -Xmx512M -jar "$VERITYSIGNER_HOME"/framework/VeritySigner.jar "$@"
\ No newline at end of file |