1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Permission is hereby granted, free of charge, to any person 5 * obtaining a copy of this software and associated documentation 6 * files (the "Software"), to deal in the Software without 7 * restriction, including without limitation the rights to use, copy, 8 * modify, merge, publish, distribute, sublicense, and/or sell copies 9 * of the Software, and to permit persons to whom the Software is 10 * furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be 13 * included in all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 * SOFTWARE. 23 */ 24 25 #ifdef AVB_INSIDE_LIBAVB_AFTL_H 26 #error "You can't include avb_aftl_types.h in the public header libavb_aftl.h." 27 #endif 28 29 #ifndef AVB_COMPILATION 30 #error "Never include this file, it may only be used from internal avb code." 31 #endif 32 33 #ifndef AVB_AFTL_TYPES_H_ 34 #define AVB_AFTL_TYPES_H_ 35 36 #include <libavb/libavb.h> 37 38 #ifdef __cplusplus 39 extern "C" { 40 #endif 41 42 #define AVB_AFTL_UINT64_MAX 0xfffffffffffffffful 43 #define AVB_AFTL_HASH_SIZE 32ul 44 #define AVB_AFTL_SIGNATURE_SIZE 512ul 45 /* Raw key size used for signature validation. */ 46 #define AVB_AFTL_PUB_KEY_SIZE 1032ul 47 /* Limit AftlDescriptor size to 64KB. */ 48 #define AVB_AFTL_MAX_AFTL_DESCRIPTOR_SIZE 65536ul 49 /* Limit version.incremental size to 256 characters. */ 50 #define AVB_AFTL_MAX_VERSION_INCREMENTAL_SIZE 256ul 51 /* AFTL trees require at most 64 hashes to reconstruct the root */ 52 #define AVB_AFTL_MAX_PROOF_SIZE 64 * AVB_AFTL_HASH_SIZE 53 /* Max URL limit. */ 54 #define AVB_AFTL_MAX_URL_SIZE 2048ul 55 /* Minimum valid size for a FirmwareInfo leaf. Derived from a minimal json 56 response that contains only the vbmeta_hash. */ 57 #define AVB_AFTL_MIN_FW_INFO_SIZE 103ul 58 /* Minimum valid size for a TrillianLogRootDescriptor. See the 59 TrillianLogRootDescriptor struct for details. The values here cover: 60 version: sizeof(uint16_t) 61 tree_size: sizeof(uint64_t) 62 root_hash_size: sizeof(uint8_t) 63 root_hash: AVB_AFTL_HASH_SIZE 64 timestamp; sizeof(uint64_t) 65 revision; sizeof(uint64_t) 66 metadata_size: sizeof(uint16_t) 67 metadata is optional, so it's not required for the minimum size. */ 68 #define AVB_AFTL_MIN_TLRD_SIZE \ 69 (sizeof(uint16_t) + sizeof(uint64_t) + sizeof(uint8_t) + \ 70 AVB_AFTL_HASH_SIZE + sizeof(uint64_t) + sizeof(uint64_t) + \ 71 sizeof(uint16_t)) 72 /* Minimum valid size for an AftlIcpEntry structure. See the 73 AftlIcpEntry struct for details. The values here cover: 74 log_url_size: sizeof(uint32_t) 75 leaf_index: sizeof(uint64_t) 76 log_root_descriptor_size: sizeof(uint32_t) 77 fw_info_leaf_size: sizeof(uint32_t) 78 log_root_sig_size: sizeof(uint32_t) 79 proof_hash_count: sizeof(uint8_t) 80 inc_proof_size: sizeof(uint32_t) 81 log_url: 4 (shortest practical URL) 82 log_root_descriptor: AVB_AFTL_MIN_TLRD_SIZE 83 fw_info_leaf: AVB_AFTL_MIN_FW_INFO_SIZE 84 log_root_signature: AVB_AFTL_SIGNATURE_SIZE 85 proofs: AVB_AFTL_HASH_SIZE as there must be at least one hash. */ 86 #define AVB_AFTL_MIN_AFTL_ICP_ENTRY_SIZE \ 87 (sizeof(uint32_t) + sizeof(uint64_t) + sizeof(uint32_t) + sizeof(uint32_t) + \ 88 sizeof(uint32_t) + sizeof(uint8_t) + sizeof(uint32_t) + 4 + \ 89 AVB_AFTL_MIN_TLRD_SIZE + AVB_AFTL_MIN_FW_INFO_SIZE + \ 90 AVB_AFTL_SIGNATURE_SIZE + AVB_AFTL_HASH_SIZE) 91 /* The maximum AftlIcpEntrySize is the max AftlDescriptor size minus the size 92 of the AftlIcpHeader. */ 93 #define AVB_AFTL_MAX_AFTL_ICP_ENTRY_SIZE \ 94 (AVB_AFTL_MAX_AFTL_DESCRIPTOR_SIZE - sizeof(AftlIcpHeader)) 95 /* The maximum FirmwareInfo is the max AftlDescriptor size minus the 96 size of the smallest valid AftlIcpEntry. */ 97 #define AVB_AFTL_MAX_FW_INFO_SIZE \ 98 (AVB_AFTL_MAX_AFTL_DESCRIPTOR_SIZE - AVB_AFTL_MIN_AFTL_ICP_ENTRY_SIZE) 99 /* The maximum metadata size in a TrillianLogRootDescriptor for AFTL is the 100 max AftlDescriptor size minus the smallest valid AftlIcpEntry size. */ 101 #define AVB_AFTL_MAX_METADATA_SIZE \ 102 (AVB_AFTL_MAX_AFTL_DESCRIPTOR_SIZE - AVB_AFTL_MIN_AFTL_ICP_ENTRY_SIZE) 103 /* The maximum TrillianLogRootDescriptor is the size of the smallest valid 104 TrillianLogRootDescriptor + the largest possible metadata size. */ 105 #define AVB_AFTL_MAX_TLRD_SIZE \ 106 (AVB_AFTL_MIN_TLRD_SIZE + AVB_AFTL_MAX_METADATA_SIZE) 107 108 /* Data structure containing AFTL header information. */ 109 typedef struct AftlIcpHeader { 110 uint32_t magic; 111 uint32_t required_icp_version_major; 112 uint32_t required_icp_version_minor; 113 uint32_t aftl_descriptor_size; /* Total size of the AftlDescriptor. */ 114 uint16_t icp_count; 115 } AVB_ATTR_PACKED AftlIcpHeader; 116 117 /* Data structure containing a Trillian LogRootDescriptor, from 118 https://github.com/google/trillian/blob/master/trillian.proto#L255 119 The log_root_signature is calculated over this structure. */ 120 typedef struct TrillianLogRootDescriptor { 121 uint16_t version; 122 uint64_t tree_size; 123 uint8_t root_hash_size; 124 uint8_t* root_hash; 125 uint64_t timestamp; 126 uint64_t revision; 127 uint16_t metadata_size; 128 uint8_t* metadata; 129 } TrillianLogRootDescriptor; 130 131 /* Data structure containing the firmware image info stored in the 132 transparency log. This is defined in 133 https://android.googlesource.com/platform/external/avb/+/master/proto/aftl.proto 134 */ 135 typedef struct FirmwareInfo { 136 uint32_t vbmeta_hash_size; 137 uint8_t* vbmeta_hash; 138 uint8_t* json_data; 139 } FirmwareInfo; 140 141 /* Data structure containing AFTL inclusion proof data from a single 142 transparency log. */ 143 typedef struct AftlIcpEntry { 144 uint32_t log_url_size; 145 uint64_t leaf_index; 146 uint32_t log_root_descriptor_size; 147 uint32_t fw_info_leaf_size; 148 uint16_t log_root_sig_size; 149 uint8_t proof_hash_count; 150 uint32_t inc_proof_size; 151 uint8_t* log_url; 152 TrillianLogRootDescriptor log_root_descriptor; 153 FirmwareInfo fw_info_leaf; 154 uint8_t* log_root_signature; 155 uint8_t proofs[/*proof_hash_count*/][AVB_AFTL_HASH_SIZE]; 156 } AVB_ATTR_PACKED AftlIcpEntry; 157 158 /* Main data structure for an AFTL descriptor. */ 159 typedef struct AftlDescriptor { 160 AftlIcpHeader header; 161 AftlIcpEntry** entries; 162 } AVB_ATTR_PACKED AftlDescriptor; 163 164 #ifdef __cplusplus 165 } 166 #endif 167 168 #endif /* AVB_AFTL_TYPES_H_ */ 169