diff options
-rw-r--r-- | Android.bp | 25 | ||||
-rw-r--r-- | package.cpp | 114 | ||||
-rw-r--r-- | package.h | 13 | ||||
-rw-r--r-- | tests/Android.bp | 2 | ||||
-rw-r--r-- | tests/component/verifier_test.cpp | 15 | ||||
-rw-r--r-- | tests/unit/package_test.cpp | 117 | ||||
-rw-r--r-- | verifier.cpp | 2 | ||||
-rw-r--r-- | verifier.h | 2 |
8 files changed, 273 insertions, 17 deletions
diff --git a/Android.bp b/Android.bp index 10f6c7976..4c7ce52e9 100644 --- a/Android.bp +++ b/Android.bp @@ -151,6 +151,7 @@ cc_defaults { static_libs: [ "librecovery_fastboot", "libminui", + "libpackage", "libverifier", "libotautil", @@ -175,7 +176,6 @@ cc_library_static { "fsck_unshare_blocks.cpp", "fuse_sdcard_provider.cpp", "install.cpp", - "package.cpp", "recovery.cpp", "roots.cpp", ], @@ -210,6 +210,29 @@ cc_library_static { ], } +cc_library_static { + name: "libpackage", + recovery_available: true, + + defaults: [ + "recovery_defaults", + ], + + srcs: [ + "package.cpp", + ], + + shared_libs: [ + "libbase", + "libcrypto", + "libziparchive", + ], + + static_libs: [ + "libotautil", + ], +} + cc_binary { name: "recovery", recovery: true, diff --git a/package.cpp b/package.cpp index d40427859..6c7289f3f 100644 --- a/package.cpp +++ b/package.cpp @@ -17,10 +17,12 @@ #include "package.h" #include <string.h> +#include <unistd.h> +#include <android-base/file.h> #include <android-base/logging.h> #include <android-base/stringprintf.h> -#include <openssl/sha.h> +#include <android-base/unique_fd.h> #include "otautil/error_code.h" #include "otautil/sysutil.h" @@ -67,14 +69,38 @@ class MemoryPackage : public Package { ZipArchiveHandle zip_handle_; }; -// TODO(xunchang) Implement the PackageFromFd. - void Package::SetProgress(float progress) { if (set_progress_) { set_progress_(progress); } } +class FilePackage : public Package { + public: + FilePackage(android::base::unique_fd&& fd, uint64_t file_size, const std::string& path, + const std::function<void(float)>& set_progress); + + ~FilePackage() override; + + uint64_t GetPackageSize() const override { + return package_size_; + } + + bool ReadFullyAtOffset(uint8_t* buffer, uint64_t byte_count, uint64_t offset) override; + + ZipArchiveHandle GetZipArchiveHandle() override; + + bool UpdateHashAtOffset(const std::vector<HasherUpdateCallback>& hashers, uint64_t start, + uint64_t length) override; + + private: + android::base::unique_fd fd_; // The underlying fd to the open package. + uint64_t package_size_; + std::string path_; // The physical path to the package. + + ZipArchiveHandle zip_handle_; +}; + std::unique_ptr<Package> Package::CreateMemoryPackage( const std::string& path, const std::function<void(float)>& set_progress) { std::unique_ptr<MemMapping> mmap = std::make_unique<MemMapping>(); @@ -86,6 +112,23 @@ std::unique_ptr<Package> Package::CreateMemoryPackage( return std::make_unique<MemoryPackage>(path, std::move(mmap), set_progress); } +std::unique_ptr<Package> Package::CreateFilePackage( + const std::string& path, const std::function<void(float)>& set_progress) { + android::base::unique_fd fd(open(path.c_str(), O_RDONLY)); + if (fd == -1) { + PLOG(ERROR) << "Failed to open " << path; + return nullptr; + } + + off64_t file_size = lseek64(fd.get(), 0, SEEK_END); + if (file_size == -1) { + PLOG(ERROR) << "Failed to get the package size"; + return nullptr; + } + + return std::make_unique<FilePackage>(std::move(fd), file_size, path, set_progress); +} + std::unique_ptr<Package> Package::CreateMemoryPackage( std::vector<uint8_t> content, const std::function<void(float)>& set_progress) { return std::make_unique<MemoryPackage>(std::move(content), set_progress); @@ -152,3 +195,68 @@ ZipArchiveHandle MemoryPackage::GetZipArchiveHandle() { return zip_handle_; } + +FilePackage::FilePackage(android::base::unique_fd&& fd, uint64_t file_size, const std::string& path, + const std::function<void(float)>& set_progress) + : fd_(std::move(fd)), package_size_(file_size), path_(path), zip_handle_(nullptr) { + set_progress_ = set_progress; +} + +FilePackage::~FilePackage() { + if (zip_handle_) { + CloseArchive(zip_handle_); + } +} + +bool FilePackage::ReadFullyAtOffset(uint8_t* buffer, uint64_t byte_count, uint64_t offset) { + if (byte_count > package_size_ || offset > package_size_ - byte_count) { + LOG(ERROR) << "Out of bound read, offset: " << offset << ", size: " << byte_count + << ", total package_size: " << package_size_; + return false; + } + + if (!android::base::ReadFullyAtOffset(fd_.get(), buffer, byte_count, offset)) { + PLOG(ERROR) << "Failed to read " << byte_count << " bytes data at offset " << offset; + return false; + } + + return true; +} + +bool FilePackage::UpdateHashAtOffset(const std::vector<HasherUpdateCallback>& hashers, + uint64_t start, uint64_t length) { + if (length > package_size_ || start > package_size_ - length) { + LOG(ERROR) << "Out of bound read, offset: " << start << ", size: " << length + << ", total package_size: " << package_size_; + return false; + } + + uint64_t so_far = 0; + while (so_far < length) { + uint64_t read_size = std::min<uint64_t>(length - so_far, 16 * MiB); + std::vector<uint8_t> buffer(read_size); + if (!ReadFullyAtOffset(buffer.data(), read_size, start + so_far)) { + return false; + } + + for (const auto& hasher : hashers) { + hasher(buffer.data(), read_size); + } + so_far += read_size; + } + + return true; +} + +ZipArchiveHandle FilePackage::GetZipArchiveHandle() { + if (zip_handle_) { + return zip_handle_; + } + + if (auto err = OpenArchiveFd(fd_.get(), path_.c_str(), &zip_handle_); err != 0) { + LOG(ERROR) << "Can't open package" << path_ << " : " << ErrorCodeString(err); + return nullptr; + } + + return zip_handle_; +} @@ -32,6 +32,13 @@ // interface for both packages loaded in memory and packages read from fd. class Package : public VerifierInterface { public: + static std::unique_ptr<Package> CreateMemoryPackage( + const std::string& path, const std::function<void(float)>& set_progress); + static std::unique_ptr<Package> CreateMemoryPackage( + std::vector<uint8_t> content, const std::function<void(float)>& set_progress); + static std::unique_ptr<Package> CreateFilePackage(const std::string& path, + const std::function<void(float)>& set_progress); + virtual ~Package() = default; // Opens the package as a zip file and returns the ZipArchiveHandle. @@ -40,12 +47,6 @@ class Package : public VerifierInterface { // Updates the progress in fraction during package verification. void SetProgress(float progress) override; - static std::unique_ptr<Package> CreateMemoryPackage( - const std::string& path, const std::function<void(float)>& set_progress); - - static std::unique_ptr<Package> CreateMemoryPackage( - std::vector<uint8_t> content, const std::function<void(float)>& set_progress); - protected: // An optional function to update the progress. std::function<void(float)> set_progress_; diff --git a/tests/Android.bp b/tests/Android.bp index 898ed7d60..ef5919eb5 100644 --- a/tests/Android.bp +++ b/tests/Android.bp @@ -77,6 +77,7 @@ librecovery_static_libs = [ "librecovery", "librecovery_fastboot", "libminui", + "libpackage", "libverifier", "libotautil", @@ -117,6 +118,7 @@ cc_test { static_libs: libapplypatch_static_libs + [ "librecovery_ui", "libminui", + "libpackage", "libverifier", "libotautil", "libupdater", diff --git a/tests/component/verifier_test.cpp b/tests/component/verifier_test.cpp index c26d76d73..c904cd038 100644 --- a/tests/component/verifier_test.cpp +++ b/tests/component/verifier_test.cpp @@ -240,8 +240,10 @@ class VerifierTest : public testing::TestWithParam<std::vector<std::string>> { void SetUp() override { std::vector<std::string> args = GetParam(); std::string path = from_testdata_base(args[0]); - package_ = Package::CreateMemoryPackage(path, nullptr); - ASSERT_NE(nullptr, package_); + memory_package_ = Package::CreateMemoryPackage(path, nullptr); + ASSERT_NE(nullptr, memory_package_); + file_package_ = Package::CreateFilePackage(path, nullptr); + ASSERT_NE(nullptr, file_package_); for (auto it = ++args.cbegin(); it != args.cend(); ++it) { std::string public_key_file = from_testdata_base("testkey_" + *it + ".x509.pem"); @@ -250,7 +252,8 @@ class VerifierTest : public testing::TestWithParam<std::vector<std::string>> { } } - std::unique_ptr<Package> package_; + std::unique_ptr<Package> memory_package_; + std::unique_ptr<Package> file_package_; std::vector<Certificate> certs_; }; @@ -304,11 +307,13 @@ TEST(VerifierTest, BadPackage_SignatureStartOutOfBounds) { } TEST_P(VerifierSuccessTest, VerifySucceed) { - ASSERT_EQ(VERIFY_SUCCESS, verify_file(package_.get(), certs_)); + ASSERT_EQ(VERIFY_SUCCESS, verify_file(memory_package_.get(), certs_)); + ASSERT_EQ(VERIFY_SUCCESS, verify_file(file_package_.get(), certs_)); } TEST_P(VerifierFailureTest, VerifyFailure) { - ASSERT_EQ(VERIFY_FAILURE, verify_file(package_.get(), certs_)); + ASSERT_EQ(VERIFY_FAILURE, verify_file(memory_package_.get(), certs_)); + ASSERT_EQ(VERIFY_FAILURE, verify_file(file_package_.get(), certs_)); } INSTANTIATE_TEST_CASE_P(SingleKeySuccess, VerifierSuccessTest, diff --git a/tests/unit/package_test.cpp b/tests/unit/package_test.cpp new file mode 100644 index 000000000..fa492d38b --- /dev/null +++ b/tests/unit/package_test.cpp @@ -0,0 +1,117 @@ +/* + * Copyright (C) 2019 The Android Open Source Project + * + * Licensed under the Apache License, version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agree to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <stdio.h> + +#include <functional> +#include <string> +#include <vector> + +#include <android-base/file.h> +#include <gtest/gtest.h> +#include <openssl/sha.h> +#include <ziparchive/zip_writer.h> + +#include "common/test_constants.h" +#include "package.h" + +class PackageTest : public ::testing::Test { + protected: + void SetUp() override; + + // A list of package classes for test, including MemoryPackage and FilePackage. + std::vector<std::unique_ptr<Package>> packages_; + + TemporaryFile temp_file_; // test package file. + std::string file_content_; // actual bytes of the package file. +}; + +void PackageTest::SetUp() { + std::vector<std::string> entries = { "file1.txt", "file2.txt", "dir1/file3.txt" }; + FILE* file_ptr = fdopen(temp_file_.release(), "wb"); + ZipWriter writer(file_ptr); + for (const auto& entry : entries) { + ASSERT_EQ(0, writer.StartEntry(entry.c_str(), ZipWriter::kCompress)); + ASSERT_EQ(0, writer.WriteBytes(entry.c_str(), entry.size())); + ASSERT_EQ(0, writer.FinishEntry()); + } + writer.Finish(); + ASSERT_EQ(0, fclose(file_ptr)); + + ASSERT_TRUE(android::base::ReadFileToString(temp_file_.path, &file_content_)); + auto memory_package = Package::CreateMemoryPackage(temp_file_.path, nullptr); + ASSERT_TRUE(memory_package); + packages_.emplace_back(std::move(memory_package)); + + auto file_package = Package::CreateFilePackage(temp_file_.path, nullptr); + ASSERT_TRUE(file_package); + packages_.emplace_back(std::move(file_package)); +} + +TEST_F(PackageTest, ReadFullyAtOffset_success) { + for (const auto& package : packages_) { + std::vector<uint8_t> buffer(file_content_.size()); + ASSERT_TRUE(package->ReadFullyAtOffset(buffer.data(), file_content_.size(), 0)); + ASSERT_EQ(file_content_, std::string(buffer.begin(), buffer.end())); + + ASSERT_TRUE(package->ReadFullyAtOffset(buffer.data(), file_content_.size() - 10, 10)); + ASSERT_EQ(file_content_.substr(10), std::string(buffer.begin(), buffer.end() - 10)); + } +} + +TEST_F(PackageTest, ReadFullyAtOffset_failure) { + for (const auto& package : packages_) { + std::vector<uint8_t> buffer(file_content_.size()); + // Out of bound read. + ASSERT_FALSE(package->ReadFullyAtOffset(buffer.data(), file_content_.size(), 10)); + } +} + +TEST_F(PackageTest, UpdateHashAtOffset_sha1_hash) { + // Check that the hash matches for first half of the file. + uint64_t hash_size = file_content_.size() / 2; + std::vector<uint8_t> expected_sha(SHA_DIGEST_LENGTH); + SHA1(reinterpret_cast<uint8_t*>(file_content_.data()), hash_size, expected_sha.data()); + + for (const auto& package : packages_) { + SHA_CTX ctx; + SHA1_Init(&ctx); + std::vector<HasherUpdateCallback> hashers{ std::bind(&SHA1_Update, &ctx, std::placeholders::_1, + std::placeholders::_2) }; + package->UpdateHashAtOffset(hashers, 0, hash_size); + + std::vector<uint8_t> calculated_sha(SHA_DIGEST_LENGTH); + SHA1_Final(calculated_sha.data(), &ctx); + ASSERT_EQ(expected_sha, calculated_sha); + } +} + +TEST_F(PackageTest, GetZipArchiveHandle_extract_entry) { + for (const auto& package : packages_) { + ZipArchiveHandle zip = package->GetZipArchiveHandle(); + ASSERT_TRUE(zip); + + // Check that we can extract one zip entry. + std::string entry_name = "dir1/file3.txt"; + ZipString path(entry_name.c_str()); + ZipEntry entry; + ASSERT_EQ(0, FindEntry(zip, path, &entry)); + + std::vector<uint8_t> extracted(entry_name.size()); + ASSERT_EQ(0, ExtractToMemory(zip, &entry, extracted.data(), extracted.size())); + ASSERT_EQ(entry_name, std::string(extracted.begin(), extracted.end())); + } +} diff --git a/verifier.cpp b/verifier.cpp index b6c3895ce..68a011e0d 100644 --- a/verifier.cpp +++ b/verifier.cpp @@ -39,8 +39,6 @@ #include "asn1_decoder.h" #include "otautil/print_sha1.h" -static constexpr size_t MiB = 1024 * 1024; - /* * Simple version of PKCS#7 SignedData extraction. This extracts the * signature OCTET STRING to be used for signature verification. diff --git a/verifier.h b/verifier.h index b80096d41..106b86b85 100644 --- a/verifier.h +++ b/verifier.h @@ -27,6 +27,8 @@ #include <openssl/rsa.h> #include <openssl/sha.h> +constexpr size_t MiB = 1024 * 1024; + using HasherUpdateCallback = std::function<void(const uint8_t* addr, uint64_t size)>; struct RSADeleter { |