1#! /usr/bin/env python 2# 3# Copyright (C) 2013 The Android Open Source Project 4# 5# Licensed under the Apache License, Version 2.0 (the "License"); 6# you may not use this file except in compliance with the License. 7# You may obtain a copy of the License at 8# 9# http://www.apache.org/licenses/LICENSE-2.0 10# 11# Unless required by applicable law or agreed to in writing, software 12# distributed under the License is distributed on an "AS IS" BASIS, 13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14# See the License for the specific language governing permissions and 15# limitations under the License. 16 17import argparse 18import os 19import sys 20import struct 21import shlex 22import subprocess 23import tempfile 24 25VERSION = 0 26MAGIC_NUMBER = 0xb001b001 27BLOCK_SIZE = 4096 28METADATA_SIZE = BLOCK_SIZE * 8 29 30def run(cmd): 31 p = subprocess.Popen(cmd, stdout=subprocess.PIPE) 32 output, _ = p.communicate() 33 print output 34 if p.returncode: 35 exit(-1) 36 37def get_verity_metadata_size(data_size): 38 return METADATA_SIZE 39 40def build_metadata_block(verity_table, signature): 41 table_len = len(verity_table) 42 block = struct.pack("II256sI", MAGIC_NUMBER, VERSION, signature, table_len) 43 block += verity_table 44 block = block.ljust(METADATA_SIZE, '\x00') 45 return block 46 47def sign_verity_table(table, signer_path, key_path, signer_args=None): 48 with tempfile.NamedTemporaryFile(suffix='.table') as table_file: 49 with tempfile.NamedTemporaryFile(suffix='.sig') as signature_file: 50 table_file.write(table) 51 table_file.flush() 52 if signer_args is None: 53 cmd = [signer_path, table_file.name, key_path, signature_file.name] 54 else: 55 args_list = shlex.split(signer_args) 56 cmd = [signer_path] + args_list + [table_file.name, key_path, signature_file.name] 57 print cmd 58 run(cmd) 59 return signature_file.read() 60 61def build_verity_table(block_device, data_blocks, root_hash, salt): 62 table = "1 %s %s %s %s %s %s sha256 %s %s" 63 table %= ( block_device, 64 block_device, 65 BLOCK_SIZE, 66 BLOCK_SIZE, 67 data_blocks, 68 data_blocks, 69 root_hash, 70 salt) 71 return table 72 73def build_verity_metadata(data_blocks, metadata_image, root_hash, salt, 74 block_device, signer_path, signing_key, signer_args=None): 75 # build the verity table 76 verity_table = build_verity_table(block_device, data_blocks, root_hash, salt) 77 # build the verity table signature 78 signature = sign_verity_table(verity_table, signer_path, signing_key, signer_args) 79 # build the metadata block 80 metadata_block = build_metadata_block(verity_table, signature) 81 # write it to the outfile 82 with open(metadata_image, "wb") as f: 83 f.write(metadata_block) 84 85if __name__ == "__main__": 86 parser = argparse.ArgumentParser() 87 subparsers = parser.add_subparsers() 88 89 parser_size = subparsers.add_parser('size') 90 parser_size.add_argument('partition_size', type=int, action='store', help='partition size') 91 parser_size.set_defaults(dest='size') 92 93 parser_build = subparsers.add_parser('build') 94 parser_build.add_argument('blocks', type=int, help='data image blocks') 95 parser_build.add_argument('metadata_image', action='store', help='metadata image') 96 parser_build.add_argument('root_hash', action='store', help='root hash') 97 parser_build.add_argument('salt', action='store', help='salt') 98 parser_build.add_argument('block_device', action='store', help='block device') 99 parser_build.add_argument('signer_path', action='store', help='verity signer path') 100 parser_build.add_argument('signing_key', action='store', help='verity signing key') 101 parser_build.add_argument('--signer_args', action='store', help='verity signer args') 102 parser_build.set_defaults(dest='build') 103 104 args = parser.parse_args() 105 106 if args.dest == 'size': 107 print get_verity_metadata_size(args.partition_size) 108 else: 109 build_verity_metadata(args.blocks / 4096, args.metadata_image, 110 args.root_hash, args.salt, args.block_device, 111 args.signer_path, args.signing_key, 112 args.signer_args) 113