Affected by GO-2024-2468 and 4 other vulnerabilities

GO-2024-2468: snapd Race Condition vulnerability in github.com/snapcore/snapd

GO-2024-2906: CVE-2024-5138 in github.com/snapcore/snapd

GO-2024-3007: snapd failed to restrict writes to the $HOME/bin path in github.com/snapcore/snapd

GO-2024-3008: snapd failed to properly check the file type when extracting a snap in github.com/snapcore/snapd

GO-2024-3009: snapd failed to properly check the destination of symbolic links when extracting a snap in github.com/snapcore/snapd

dmverity

package

v0.0.0-...-386592c Latest Latest Go to latest Published: Jan 24, 2025 License: GPL-3.0 Imports: 12 Imported by: 1

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/snapcore/snapd

Documentation ¶

Index ¶

Constants
func Format(dataDevice string, hashDevice string, opts *DmVerityParams) (rootHash string, err error)
type DmVerityParams
type VeritySuperblock
- func ReadSuperblock(filename string) (*VeritySuperblock, error)
- func (sb *VeritySuperblock) Size() int
- func (sb *VeritySuperblock) Validate() error

Constants ¶

View Source

const (
	// DefaultVerityFormat corresponds to veritysetup's default option for the --format argument which
	// currently is 1. This corresponds to the hash_type field of a dm-verity superblock.
	DefaultVerityFormat = 1
	// DefaultSuperblockVersion corresponds to the superblock version. Version 1 is the only one
	// currently supported by veritysetup. This corresponds to the version field of a dm-verity superblock.
	DefaultSuperblockVersion = 1
)

Variables ¶

This section is empty.

Functions ¶

func Format ¶

func Format(dataDevice string, hashDevice string, opts *DmVerityParams) (rootHash string, err error)

Format runs "veritysetup format" with the passed parameters and returns the dm-verity root hash.

"veritysetup format" calculates the hash verification data for dataDevice and stores them in hashDevice including the dm-verity superblock. The root hash is retrieved from the command's stdout.

Types ¶

type DmVerityParams ¶

type DmVerityParams struct {
	Format        uint8  `json:"format"`
	Hash          string `json:"hash"`
	DataBlocks    uint64 `json:"data-blocks"`
	DataBlockSize uint64 `json:"data-block-size"`
	HashBlockSize uint64 `json:"hash-block-size"`
	Salt          string `json:"salt"`
}

DmVerityParams contains the options to veritysetup format.

type VeritySuperblock ¶

type VeritySuperblock struct {
	Signature     [8]uint8  /* "verity\0\0" */
	Version       uint32    /* superblock version */
	HashType      uint32    /* 0 - Chrome OS, 1 - normal */
	Uuid          [16]uint8 /* UUID of hash device */
	Algorithm     [32]uint8 /* hash algorithm name */
	DataBlockSize uint32    /* data block in bytes */
	HashBlockSize uint32    /* hash block in bytes */
	DataBlocks    uint64    /* number of data blocks */
	SaltSize      uint16    /* salt size */
	Pad1          [6]uint8
	Salt          [256]uint8 /* salt */
	Pad2          [168]uint8
}

VeritySuperblock represents the dm-verity superblock structure.

It mirrors cryptsetup's verity_sb structure from https://gitlab.com/cryptsetup/cryptsetup/-/blob/main/lib/verity/verity.c?ref_type=heads#L25

func ReadSuperblock ¶

func ReadSuperblock(filename string) (*VeritySuperblock, error)

ReadSuperblock reads the dm-verity superblock from a dm-verity hash file.

func (*VeritySuperblock) Size ¶

func (sb *VeritySuperblock) Size() int

func (*VeritySuperblock) Validate ¶

func (sb *VeritySuperblock) Validate() error

Validate will perform consistency checks over an extracted superblock to determine whether it's a valid superblock or not.

Source Files ¶

View all Source files

veritysetup.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL