verity: Fix the broken 'build_verity_tree -A'.

Commit 6eb049322c26431961fb69168a113bfd27016ab3 introduced a bug in checking if there's any passed-in salt string (via '-A <salt>' or '-a <salt>'). "salt.data()" should be "salt.empty()", which otherwise may or may not be nullptr even if salt is empty. This CL fixes the issue. This CL also removes the duplicate variable 'salt_size', which can be fully covered by salt.size(). Test: m build_verity_tree; Test: `build_verity_tree system.img verity.img` gives random root hash and salt string across runs. Test: `build_verity_tree -A <hex string> system.img verity.img` gives identical results across runs. Test: `build_verity_tree -a <string> system.img verity.img` gives identical results across runs. Change-Id: I377e42fc48c0f703dc33d813466f6ef60514bbe5
author: Tao Bao <tbao@google.com> 2017-09-22 22:09:32 -0700
committer: Tao Bao <tbao@google.com> 2017-09-22 22:38:00 -0700
commit: 88d51357dc38642e709216ec2217b18e92884b35 (patch)
tree: 3f612e62acf6e12db07a27bb19f460e037534fd5 /verity
parent: 1db7fa615d40c8eebd4fb844d8bef526b925822b (diff)
download: extras-88d51357dc38642e709216ec2217b18e92884b35.tar.gz
1 files changed, 12 insertions, 14 deletions
diff --git a/verity/build_verity_tree.cpp b/verity/build_verity_tree.cpp
index 69c761de..e841c20e 100644
--- a/verity/build_verity_tree.cpp
+++ b/verity/build_verity_tree.cpp
@@ -127,7 +127,6 @@ int main(int argc, char **argv)
     char *data_filename;
     char *verity_filename;
     std::vector<unsigned char> salt;
-    size_t salt_size = 0;
     bool sparse = false;
     size_t block_size = 4096;
     uint64_t calculate_size = 0;
@@ -158,9 +157,9 @@ int main(int argc, char **argv)
                 if(!BN_hex2bn(&bn, optarg)) {
                     FATAL("failed to convert salt from hex\n");
                 }
-                salt_size = BN_num_bytes(bn);
+                size_t salt_size = BN_num_bytes(bn);
                 salt.resize(salt_size);
-                if((size_t)BN_bn2bin(bn, salt.data()) != salt_size) {
+                if (BN_bn2bin(bn, salt.data()) != salt_size) {
                     FATAL("failed to convert salt to bytes\n");
                 }
             }
@@ -207,18 +206,17 @@ int main(int argc, char **argv)
     size_t hash_size = EVP_MD_size(md);
     assert(hash_size * 2 < block_size);
 
-    if (salt.data() || !salt_size) {
-        salt_size = hash_size;
-        salt.resize(salt_size);
+    if (salt.empty()) {
+        salt.resize(hash_size);
 
         int random_fd = open("/dev/urandom", O_RDONLY);
         if (random_fd < 0) {
             FATAL("failed to open /dev/urandom\n");
         }
 
-        ssize_t ret = read(random_fd, salt.data(), salt_size);
-        if (ret != (ssize_t)salt_size) {
-            FATAL("failed to read %zu bytes from /dev/urandom: %zd %d\n", salt_size, ret, errno);
+        ssize_t ret = read(random_fd, salt.data(), salt.size());
+        if (ret != static_cast<ssize_t>(salt.size())) {
+            FATAL("failed to read %zu bytes from /dev/urandom: %zd %d\n", salt.size(), ret, errno);
         }
         close(random_fd);
     }
@@ -300,7 +298,7 @@ int main(int argc, char **argv)
     unsigned char zero_block_hash[hash_size];
     unsigned char zero_block[block_size];
     memset(zero_block, 0, block_size);
-    hash_block(md, zero_block, block_size, salt.data(), salt_size, zero_block_hash, NULL);
+    hash_block(md, zero_block, block_size, salt.data(), salt.size(), zero_block_hash, NULL);
 
     unsigned char root_hash[hash_size];
     verity_tree_levels[levels] = root_hash;
@@ -308,7 +306,7 @@ int main(int argc, char **argv)
     struct sparse_hash_ctx ctx;
     ctx.hashes = verity_tree_levels[0];
     ctx.salt = salt.data();
-    ctx.salt_size = salt_size;
+    ctx.salt_size = salt.size();
     ctx.hash_size = hash_size;
     ctx.block_size = block_size;
     ctx.zero_block_hash = zero_block_hash;
@@ -324,7 +322,7 @@ int main(int argc, char **argv)
         hash_blocks(md,
                 verity_tree_levels[i], verity_tree_level_blocks[i] * block_size,
                 verity_tree_levels[i + 1], &out_size,
-                salt.data(), salt_size, block_size);
+                salt.data(), salt.size(), block_size);
           if (i < levels - 1) {
               assert(div_round_up(out_size, block_size) == verity_tree_level_blocks[i + 1]);
           } else {
@@ -336,8 +334,8 @@ int main(int argc, char **argv)
         printf("%02x", root_hash[i]);
     }
     printf(" ");
-    for (size_t i = 0; i < salt_size; i++) {
-        printf("%02x", salt.data()[i]);
+    for (size_t i = 0; i < salt.size(); i++) {
+        printf("%02x", salt[i]);
     }
     printf("\n");
author	Tao Bao <tbao@google.com>	2017-09-22 22:09:32 -0700
committer	Tao Bao <tbao@google.com>	2017-09-22 22:38:00 -0700
commit	88d51357dc38642e709216ec2217b18e92884b35 (patch)
tree	3f612e62acf6e12db07a27bb19f460e037534fd5 /verity
parent	1db7fa615d40c8eebd4fb844d8bef526b925822b (diff)
download	extras-88d51357dc38642e709216ec2217b18e92884b35.tar.gz