| /* |
| * Copyright (C) 2020 The Android Open Source Project |
| * |
| * Permission is hereby granted, free of charge, to any person |
| * obtaining a copy of this software and associated documentation |
| * files (the "Software"), to deal in the Software without |
| * restriction, including without limitation the rights to use, copy, |
| * modify, merge, publish, distribute, sublicense, and/or sell copies |
| * of the Software, and to permit persons to whom the Software is |
| * furnished to do so, subject to the following conditions: |
| * |
| * The above copyright notice and this permission notice shall be |
| * included in all copies or substantial portions of the Software. |
| * |
| * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
| * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF |
| * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
| * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS |
| * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN |
| * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN |
| * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE |
| * SOFTWARE. |
| */ |
| #if !defined(AVB_INSIDE_LIBAVB_AFTL_H) && !defined(AVB_COMPILATION) |
| #error "Never include this file directly, include libavb_aftl.h instead." |
| #endif |
| |
| #ifndef AVB_AFTL_VERIFY_H_ |
| #define AVB_AFTL_VERIFY_H_ |
| |
| #include <libavb/libavb.h> |
| |
| #ifdef __cplusplus |
| extern "C" { |
| #endif |
| |
| typedef enum { |
| // When the verification succeeded. |
| AFTL_SLOT_VERIFY_RESULT_OK, |
| |
| // If at some point during the verification, a memory allocation failed. This |
| // could be the case when handling a large number of log keys or inclusion |
| // proofs. |
| AFTL_SLOT_VERIFY_RESULT_ERROR_OOM, |
| |
| // If at some point during the verification, we were not able to access some |
| // devices. This can be the case when reading the AftlImage from the |
| // partition. |
| AFTL_SLOT_VERIFY_RESULT_ERROR_IO, |
| |
| // The VBMeta hash in the inclusion proof is not matching the VBMeta image |
| // hash. |
| AFTL_SLOT_VERIFY_RESULT_ERROR_VBMETA_HASH_MISMATCH, |
| |
| // The root hash of the reconstructed tree do not match the value contained in |
| // the inclusion proof. |
| AFTL_SLOT_VERIFY_RESULT_ERROR_TREE_HASH_MISMATCH, |
| |
| // The inclusion proof signature cannot be verified by the given key. |
| AFTL_SLOT_VERIFY_RESULT_ERROR_INVALID_PROOF_SIGNATURE, |
| |
| // A generic error occurred during the verification. |
| AFTL_SLOT_VERIFY_RESULT_ERROR_VERIFICATION, |
| |
| // At least one of the VBMetas did not have an AftlImage attached. |
| AFTL_SLOT_VERIFY_RESULT_ERROR_IMAGE_NOT_FOUND, |
| |
| // Some content of one of the AFTLImages was found corrupted. |
| AFTL_SLOT_VERIFY_RESULT_ERROR_INVALID_IMAGE, |
| |
| // Returned if the caller passed invalid parameters, for example if the prior |
| // call to avb_slot_verify failed. |
| AFTL_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT |
| |
| } AftlSlotVerifyResult; |
| |
| /* The entry point of AFTL validation. It uses the AvbSlotVerifyData structure, |
| * |slot_verify_data|, generated by a prior call to the avb_slot_verify |
| * function, and a transparency log key to validate the inclusion proof(s) |
| * attached to each VBMeta images. |
| * |
| * The caller is responsible for ensuring that the previous call to |
| * avb_slot_verify succeeded. If |slot_verify_data| is incomplete or NULL, |
| * AFTL_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT will be returned. |
| * |
| * The AftlImage structure is located after the VBMetaImage structure. Uses |
| * |ops| to read the partition where the VBMeta was loaded from. |
| * |
| * For each inclusion proof found, the following three validation steps are |
| * performed: |
| * 1. Match the VBMeta image hash with the hash in the tree leaf. |
| * 2. Match the root hash of the Merkle tree with the hash in the proof. |
| * 3. Verify the signature of the proof using the transparency log public key. |
| * See the definition of AftlSlotVerifyResult for all the possible return |
| * values. |
| */ |
| |
| AftlSlotVerifyResult aftl_slot_verify(AvbOps* ops, |
| AvbSlotVerifyData* slot_verify_data, |
| uint8_t* key_bytes, |
| size_t key_size); |
| #ifdef __cplusplus |
| } |
| #endif |
| |
| #endif /* AVB_AFTL_VERIFY_H_ */ |