github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/test/util/verity_util.h

github.com/SagerNet/gvisor@v0.0.0-20210707092255-7731c139d75c/test/util/verity_util.h (about)

     1  // Copyright 2021 The gVisor Authors.
     2  //
     3  // Licensed under the Apache License, Version 2.0 (the "License");
     4  // you may not use this file except in compliance with the License.
     5  // You may obtain a copy of the License at
     6  //
     7  //     http://www.apache.org/licenses/LICENSE-2.0
     8  //
     9  // Unless required by applicable law or agreed to in writing, software
    10  // distributed under the License is distributed on an "AS IS" BASIS,
    11  // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    12  // See the License for the specific language governing permissions and
    13  // limitations under the License.
    14  
    15  #ifndef GVISOR_TEST_UTIL_VERITY_UTIL_H_
    16  #define GVISOR_TEST_UTIL_VERITY_UTIL_H_
    17  
    18  #include <stdint.h>
    19  
    20  #include "test/util/posix_error.h"
    21  
    22  namespace gvisor {
    23  namespace testing {
    24  
    25  #ifndef FS_IOC_ENABLE_VERITY
    26  #define FS_IOC_ENABLE_VERITY 1082156677
    27  #endif
    28  
    29  #ifndef FS_IOC_MEASURE_VERITY
    30  #define FS_IOC_MEASURE_VERITY 3221513862
    31  #endif
    32  
    33  #ifndef FS_VERITY_FL
    34  #define FS_VERITY_FL 1048576
    35  #endif
    36  
    37  #ifndef FS_IOC_GETFLAGS
    38  #define FS_IOC_GETFLAGS 2148034049
    39  #endif
    40  
    41  struct fsverity_digest {
    42    unsigned short digest_algorithm;
    43    unsigned short digest_size; /* input/output */
    44    unsigned char digest[];
    45  };
    46  
    47  constexpr int kMaxDigestSize = 64;
    48  constexpr int kDefaultDigestSize = 32;
    49  constexpr char kContents[] = "foobarbaz";
    50  constexpr char kMerklePrefix[] = ".merkle.verity.";
    51  constexpr char kMerkleRootPrefix[] = ".merkleroot.verity.";
    52  
    53  // Get the Merkle tree file path for |path|.
    54  std::string MerklePath(absl::string_view path);
    55  
    56  // Get the root Merkle tree file path for |path|.
    57  std::string MerkleRootPath(absl::string_view path);
    58  
    59  // Provide a function to convert bytes to hex string, since
    60  // absl::BytesToHexString does not seem to be compatible with golang
    61  // hex.DecodeString used in verity due to zero-padding.
    62  std::string BytesToHexString(uint8_t bytes[], int size);
    63  
    64  // Flip a random bit in the file represented by fd.
    65  PosixError FlipRandomBit(int fd, int size);
    66  
    67  // Mount a verity on the tmpfs and enable both the file and the direcotry. Then
    68  // mount a new verity with measured root hash.
    69  PosixErrorOr<std::string> MountVerity(std::string tmpfs_dir,
    70                                        std::string filename);
    71  
    72  }  // namespace testing
    73  }  // namespace gvisor
    74  
    75  #endif  // GVISOR_TEST_UTIL_VERITY_UTIL_H_