• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef __HVB_CERT_H_
16 #define __HVB_CERT_H_
17 
18 #include "hvb_sysdeps.h"
19 #include "hvb.h"
20 #include "hvb_crypto.h"
21 
22 #ifdef __cplusplus
23 extern "C"
24 {
25 #endif
26 
27 /* Magic for the vbmeta image header. */
28 #define HVB_MAGIC                    "HVB"
29 #define HVB_MAGIC_LEN                4
30 
31 /* Maximum size of the release string including the terminating NUL byte. */
32 #define HVB_VERITY_RESERVED_SIZE     36
33 #define HVB_SIGNATURE_RESERVED_SIZE  52
34 #define VERITY_NAME_SIZE             64
35 #define HVB_SIGNATURE_MAX_SIZE       4096
36 #define HVB_CERT_MAX_SIZE            4096
37 
38 #define HVB_HASH_SIZE_RSA            32
39 
40 /* The version number of HVB - keep in sync with hvbtool. */
41 #define HVB_VERSION_MAJOR            1
42 #define HVB_VERSION_MINOR            1
43 
44 #define PUBKEY_MODULUS_LEN           256
45 #define PUBKEY_P_RR_LEN              256
46 #define SIGNATURE_LEN                256
47 #define HVB_SIGNATURE_FIXED_SIZE     224
48 
49 enum hvb_image_type {
50     HVB_IMAGE_TYPE_NONE,
51     HVB_IMAGE_TYPE_HASH,
52     HVB_IMAGE_TYPE_HASHTREE,
53     HVB_IMAGE_TYPE_MAX,
54 };
55 
56 struct hash_payload {
57     uint8_t *salt;
58     uint8_t *digest;
59 } HVB_ATTR_PACKED;
60 
61 struct hvb_sign_info {
62     uint64_t sig_length;
63     uint32_t algorithm;
64     uint32_t flags;
65     uint64_t pubkey_offset;
66     uint64_t pubkey_len;
67     uint64_t signature_offset;
68     uint64_t signature_len;
69     uint64_t user_id_offset;
70     uint32_t user_id_len;
71     uint8_t signature_reserved[HVB_SIGNATURE_RESERVED_SIZE];
72     struct hvb_buf pubk;
73     struct hvb_buf sign;
74     struct hvb_buf user_id;
75 } HVB_ATTR_PACKED;
76 
77 struct hvb_cert {
78     /* Three bytes equal to "HVB" (HVB_MAGIC). */
79     uint8_t magic[HVB_MAGIC_LEN];
80 
81     /* The major version of libhvb. */
82     uint32_t version_major;
83 
84     /* The minor version of libhvb. */
85     uint32_t version_minor;
86 
87     /* The release data for verity info data. */
88     uint8_t verity_reserved[HVB_VERITY_RESERVED_SIZE];
89 
90     /* The original length for image. */
91     uint64_t image_original_len;
92 
93     /* The length for image after padding zeroes. */
94     uint64_t image_len;
95 
96     /* The partition name. */
97     uint8_t image_name[VERITY_NAME_SIZE];
98 
99     /* The location of rollback value. */
100     uint64_t rollback_location;
101 
102     /* The rollback index. */
103     uint64_t rollback_index;
104 
105     /*
106      * The type of image verity.
107      * 1: hash image
108      * 2: hashtree image
109      */
110     uint32_t verity_type;
111 
112     /*
113      * The algorithm for calculated image hash.
114      * 0: ShA256
115      * 1: SHA1
116      * 2: SHA512
117      */
118     uint32_t hash_algo;
119 
120     /* The offset for salt data, it stored in hash_payload. */
121     uint64_t salt_offset;
122 
123     /* The size of salt data. */
124     uint64_t salt_size;
125 
126     /* The offset for digest, it stored in hash_payload. */
127     uint64_t digest_offset;
128 
129     /* The size of digest. */
130     uint64_t digest_size;
131 
132     /* The offset for hashtree. */
133     uint64_t hashtree_offset;
134 
135     /* The size of hashtree. */
136     uint64_t hashtree_size;
137 
138     /* The size of each block in hashtree mode (4 KB by default). */
139     uint64_t data_block_size;
140 
141     /* The size of each block for storing hash in a hashtree (4 KB by default). */
142     uint64_t hash_block_size;
143 
144     /* The device number FEC. */
145     uint64_t fec_num_roots;
146 
147     /* The offset of FEC. */
148     uint64_t fec_offset;
149 
150     /* The size of FEC. */
151     uint64_t fec_size;
152 
153     /* save the salt and digest of image. */
154     struct hash_payload hash_payload;
155 
156     /* signature info */
157     struct hvb_sign_info signature_info;
158 } HVB_ATTR_PACKED;
159 
160 enum hvb_errno cert_init_desc(struct hvb_ops *ops, const char *ptn, struct hvb_buf *cert_buf,
161     const char *const *hash_ptn_list, struct hvb_buf *out_pubk,
162     struct hvb_verified_data *vd);
163 enum hvb_errno hvb_cert_parser(struct hvb_cert *cert, struct hvb_buf *cert_buf);
164 
165 #ifdef __cplusplus
166 }
167 #endif
168 
169 #endif
170