blob: 703033c50fc45e6cc601d54adef8c98f7cc93427 [file] [log] [blame]
/*
* Copyright 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#include <errno.h>
#ifndef HAVE_MACOS
#include <linux/fs.h> /* For BLKGETSIZE64 */
#endif
#include <stdarg.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include "2sysincludes.h"
#include "2common.h"
#include "2sha.h"
#include "cgptlib_internal.h"
#include "file_type.h"
#include "futility.h"
#include "gbb_header.h"
/* Default is to support everything we can */
enum vboot_version vboot_version = VBOOT_VERSION_ALL;
int debugging_enabled;
void Debug(const char *format, ...)
{
if (!debugging_enabled)
return;
va_list ap;
va_start(ap, format);
fprintf(stdout, "DEBUG: ");
vfprintf(stdout, format, ap);
va_end(ap);
}
static int is_null_terminated(const char *s, int len)
{
len--;
s += len;
while (len-- >= 0)
if (!*s--)
return 1;
return 0;
}
static inline uint32_t max(uint32_t a, uint32_t b)
{
return a > b ? a : b;
}
enum futil_file_type ft_recognize_gbb(uint8_t *buf, uint32_t len)
{
GoogleBinaryBlockHeader *gbb = (GoogleBinaryBlockHeader *)buf;
if (memcmp(gbb->signature, GBB_SIGNATURE, GBB_SIGNATURE_SIZE))
return FILE_TYPE_UNKNOWN;
if (gbb->major_version > GBB_MAJOR_VER)
return FILE_TYPE_UNKNOWN;
if (sizeof(GoogleBinaryBlockHeader) > len)
return FILE_TYPE_UNKNOWN;
/* close enough */
return FILE_TYPE_GBB;
}
int futil_valid_gbb_header(GoogleBinaryBlockHeader *gbb, uint32_t len,
uint32_t *maxlen_ptr)
{
if (len < sizeof(GoogleBinaryBlockHeader))
return 0;
if (memcmp(gbb->signature, GBB_SIGNATURE, GBB_SIGNATURE_SIZE))
return 0;
if (gbb->major_version != GBB_MAJOR_VER)
return 0;
/* Check limits first, to help identify problems */
if (maxlen_ptr) {
uint32_t maxlen = gbb->header_size;
maxlen = max(maxlen,
gbb->hwid_offset + gbb->hwid_size);
maxlen = max(maxlen,
gbb->rootkey_offset + gbb->rootkey_size);
maxlen = max(maxlen,
gbb->bmpfv_offset + gbb->bmpfv_size);
maxlen = max(maxlen,
gbb->recovery_key_offset + gbb->recovery_key_size);
*maxlen_ptr = maxlen;
}
if (gbb->header_size != GBB_HEADER_SIZE || gbb->header_size > len)
return 0;
if (gbb->hwid_offset < GBB_HEADER_SIZE)
return 0;
if (gbb->hwid_offset + gbb->hwid_size > len)
return 0;
if (gbb->hwid_size) {
const char *s = (const char *)
((uint8_t *)gbb + gbb->hwid_offset);
if (!is_null_terminated(s, gbb->hwid_size))
return 0;
}
if (gbb->rootkey_offset < GBB_HEADER_SIZE)
return 0;
if (gbb->rootkey_offset + gbb->rootkey_size > len)
return 0;
if (gbb->bmpfv_offset < GBB_HEADER_SIZE)
return 0;
if (gbb->bmpfv_offset + gbb->bmpfv_size > len)
return 0;
if (gbb->recovery_key_offset < GBB_HEADER_SIZE)
return 0;
if (gbb->recovery_key_offset + gbb->recovery_key_size > len)
return 0;
/* Seems legit... */
return 1;
}
/* For GBB v1.2 and later, print the stored digest of the HWID (and whether
* it's correct). Return true if it is correct. */
int print_hwid_digest(GoogleBinaryBlockHeader *gbb,
const char *banner, const char *footer)
{
printf("%s", banner);
/* There isn't one for v1.1 and earlier, so assume it's good. */
if (gbb->minor_version < 2) {
printf("<none>%s", footer);
return 1;
}
uint8_t *buf = (uint8_t *)gbb;
char *hwid_str = (char *)(buf + gbb->hwid_offset);
int is_valid = 0;
uint8_t digest[VB2_SHA256_DIGEST_SIZE];
if (VB2_SUCCESS == vb2_digest_buffer(buf + gbb->hwid_offset,
strlen(hwid_str), VB2_HASH_SHA256,
digest, sizeof(digest))) {
int i;
is_valid = 1;
/* print it, comparing as we go */
for (i = 0; i < VB2_SHA256_DIGEST_SIZE; i++) {
printf("%02x", gbb->hwid_digest[i]);
if (gbb->hwid_digest[i] != digest[i])
is_valid = 0;
}
}
printf(" %s", is_valid ? "valid" : "<invalid>");
printf("%s", footer);
return is_valid;
}
/* For GBB v1.2 and later, update the hwid_digest field. */
void update_hwid_digest(GoogleBinaryBlockHeader *gbb)
{
/* There isn't one for v1.1 and earlier */
if (gbb->minor_version < 2)
return;
uint8_t *buf = (uint8_t *)gbb;
char *hwid_str = (char *)(buf + gbb->hwid_offset);
vb2_digest_buffer(buf + gbb->hwid_offset, strlen(hwid_str),
VB2_HASH_SHA256,
gbb->hwid_digest, sizeof(gbb->hwid_digest));
}
/*
* TODO: All sorts of race conditions likely here, and everywhere this is used.
* Do we care? If so, fix it.
*/
void futil_copy_file_or_die(const char *infile, const char *outfile)
{
pid_t pid;
int status;
Debug("%s(%s, %s)\n", __func__, infile, outfile);
pid = fork();
if (pid < 0) {
fprintf(stderr, "Couldn't fork /bin/cp process: %s\n",
strerror(errno));
exit(1);
}
/* child */
if (!pid) {
execl("/bin/cp", "/bin/cp", infile, outfile, NULL);
fprintf(stderr, "Child couldn't exec /bin/cp: %s\n",
strerror(errno));
exit(1);
}
/* parent - wait for child to finish */
if (wait(&status) == -1) {
fprintf(stderr,
"Couldn't wait for /bin/cp process to exit: %s\n",
strerror(errno));
exit(1);
}
if (WIFEXITED(status)) {
status = WEXITSTATUS(status);
/* zero is normal exit */
if (!status)
return;
fprintf(stderr, "/bin/cp exited with status %d\n", status);
exit(1);
}
if (WIFSIGNALED(status)) {
status = WTERMSIG(status);
fprintf(stderr, "/bin/cp was killed with signal %d\n", status);
exit(1);
}
fprintf(stderr, "I have no idea what just happened\n");
exit(1);
}
enum futil_file_err futil_map_file(int fd, int writeable,
uint8_t **buf, uint32_t *len)
{
struct stat sb;
void *mmap_ptr;
uint32_t reasonable_len;
if (0 != fstat(fd, &sb)) {
fprintf(stderr, "Can't stat input file: %s\n",
strerror(errno));
return FILE_ERR_STAT;
}
#ifndef HAVE_MACOS
if (S_ISBLK(sb.st_mode))
ioctl(fd, BLKGETSIZE64, &sb.st_size);
#endif
/* If the image is larger than 2^32 bytes, it's wrong. */
if (sb.st_size < 0 || sb.st_size > UINT32_MAX) {
fprintf(stderr, "Image size is unreasonable\n");
return FILE_ERR_SIZE;
}
reasonable_len = (uint32_t)sb.st_size;
if (writeable)
mmap_ptr = mmap(0, sb.st_size,
PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
else
mmap_ptr = mmap(0, sb.st_size,
PROT_READ|PROT_WRITE, MAP_PRIVATE, fd, 0);
if (mmap_ptr == (void *)-1) {
fprintf(stderr, "Can't mmap %s file: %s\n",
writeable ? "output" : "input",
strerror(errno));
return FILE_ERR_MMAP;
}
*buf = (uint8_t *)mmap_ptr;
*len = reasonable_len;
return FILE_ERR_NONE;
}
enum futil_file_err futil_unmap_file(int fd, int writeable,
uint8_t *buf, uint32_t len)
{
void *mmap_ptr = buf;
enum futil_file_err err = FILE_ERR_NONE;
if (writeable &&
(0 != msync(mmap_ptr, len, MS_SYNC|MS_INVALIDATE))) {
fprintf(stderr, "msync failed: %s\n", strerror(errno));
err = FILE_ERR_MSYNC;
}
if (0 != munmap(mmap_ptr, len)) {
fprintf(stderr, "Can't munmap pointer: %s\n",
strerror(errno));
if (err == FILE_ERR_NONE)
err = FILE_ERR_MUNMAP;
}
return err;
}
#define DISK_SECTOR_SIZE 512
enum futil_file_type ft_recognize_gpt(uint8_t *buf, uint32_t len)
{
GptHeader *h;
/* GPT header starts at sector 1, is one sector long */
if (len < 2 * DISK_SECTOR_SIZE)
return FILE_TYPE_UNKNOWN;
h = (GptHeader *)(buf + DISK_SECTOR_SIZE);
if (memcmp(h->signature, GPT_HEADER_SIGNATURE,
GPT_HEADER_SIGNATURE_SIZE) &&
memcmp(h->signature, GPT_HEADER_SIGNATURE2,
GPT_HEADER_SIGNATURE_SIZE))
return FILE_TYPE_UNKNOWN;
if (h->revision != GPT_HEADER_REVISION)
return FILE_TYPE_UNKNOWN;
if (h->size < MIN_SIZE_OF_HEADER || h->size > MAX_SIZE_OF_HEADER)
return FILE_TYPE_UNKNOWN;
if (HeaderCrc(h) != h->header_crc32)
return FILE_TYPE_UNKNOWN;
return FILE_TYPE_CHROMIUMOS_DISK;
}