1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Permission is hereby granted, free of charge, to any person 5 * obtaining a copy of this software and associated documentation 6 * files (the "Software"), to deal in the Software without 7 * restriction, including without limitation the rights to use, copy, 8 * modify, merge, publish, distribute, sublicense, and/or sell copies 9 * of the Software, and to permit persons to whom the Software is 10 * furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be 13 * included in all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 * SOFTWARE. 23 */ 24 #if !defined(AVB_INSIDE_LIBAVB_AFTL_H) && !defined(AVB_COMPILATION) 25 #error "Never include this file directly, include libavb_aftl.h instead." 26 #endif 27 28 #ifndef AVB_AFTL_VERIFY_H_ 29 #define AVB_AFTL_VERIFY_H_ 30 31 #include <libavb/libavb.h> 32 33 #ifdef __cplusplus 34 extern "C" { 35 #endif 36 37 typedef enum { 38 // When the verification succeeded. 39 AFTL_SLOT_VERIFY_RESULT_OK, 40 41 // If at some point during the verification, a memory allocation failed. This 42 // could be the case when handling a large number of log keys or inclusion 43 // proofs. 44 AFTL_SLOT_VERIFY_RESULT_ERROR_OOM, 45 46 // If at some point during the verification, we were not able to access some 47 // devices. This can be the case when reading the AftlImage from the 48 // partition. 49 AFTL_SLOT_VERIFY_RESULT_ERROR_IO, 50 51 // The VBMeta hash in the inclusion proof is not matching the VBMeta image 52 // hash. 53 AFTL_SLOT_VERIFY_RESULT_ERROR_VBMETA_HASH_MISMATCH, 54 55 // The root hash of the reconstructed tree do not match the value contained in 56 // the inclusion proof. 57 AFTL_SLOT_VERIFY_RESULT_ERROR_TREE_HASH_MISMATCH, 58 59 // The inclusion proof signature cannot be verified by the given key. 60 AFTL_SLOT_VERIFY_RESULT_ERROR_INVALID_PROOF_SIGNATURE, 61 62 // A generic error occurred during the verification. 63 AFTL_SLOT_VERIFY_RESULT_ERROR_VERIFICATION, 64 65 // At least one of the VBMetas did not have an AftlImage attached. 66 AFTL_SLOT_VERIFY_RESULT_ERROR_IMAGE_NOT_FOUND, 67 68 // Some content of one of the AFTLImages was found corrupted. 69 AFTL_SLOT_VERIFY_RESULT_ERROR_INVALID_IMAGE, 70 71 // Returned if the caller passed invalid parameters, for example if the prior 72 // call to avb_slot_verify failed. 73 AFTL_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT 74 75 } AftlSlotVerifyResult; 76 77 /* The entry point of AFTL validation. It uses the AvbSlotVerifyData structure, 78 * |slot_verify_data|, generated by a prior call to the avb_slot_verify 79 * function, and a transparency log key to validate the inclusion proof(s) 80 * attached to each VBMeta images. 81 * 82 * The caller is responsible for ensuring that the previous call to 83 * avb_slot_verify succeeded. If |slot_verify_data| is incomplete or NULL, 84 * AFTL_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT will be returned. 85 * 86 * The AftlImage structure is located after the VBMetaImage structure. Uses 87 * |ops| to read the partition where the VBMeta was loaded from. 88 * 89 * For each inclusion proof found, the following three validation steps are 90 * performed: 91 * 1. Match the VBMeta image hash with the hash in the tree leaf. 92 * 2. Match the root hash of the Merkle tree with the hash in the proof. 93 * 3. Verify the signature of the proof using the transparency log public key. 94 * See the definition of AftlSlotVerifyResult for all the possible return 95 * values. 96 */ 97 98 AftlSlotVerifyResult aftl_slot_verify(AvbOps* ops, 99 AvbSlotVerifyData* slot_verify_data, 100 uint8_t* key_bytes, 101 size_t key_size); 102 #ifdef __cplusplus 103 } 104 #endif 105 106 #endif /* AVB_AFTL_VERIFY_H_ */ 107