1 /* 2 * Copyright (C) 2020 The Android Open Source Project 3 * 4 * Permission is hereby granted, free of charge, to any person 5 * obtaining a copy of this software and associated documentation 6 * files (the "Software"), to deal in the Software without 7 * restriction, including without limitation the rights to use, copy, 8 * modify, merge, publish, distribute, sublicense, and/or sell copies 9 * of the Software, and to permit persons to whom the Software is 10 * furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be 13 * included in all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 * SOFTWARE. 23 */ 24 25 #ifdef AVB_INSIDE_LIBAVB_AFTL_H 26 #error "You can't include avb_aftl_types.h in the public header libavb_aftl.h." 27 #endif 28 29 #ifndef AVB_COMPILATION 30 #error "Never include this file, it may only be used from internal avb code." 31 #endif 32 33 #ifndef AVB_AFTL_TYPES_H_ 34 #define AVB_AFTL_TYPES_H_ 35 36 #include <libavb/libavb.h> 37 38 #ifdef __cplusplus 39 extern "C" { 40 #endif 41 42 #define AVB_AFTL_UINT64_MAX 0xfffffffffffffffful 43 #define AVB_AFTL_HASH_SIZE 32ul 44 #define AVB_AFTL_SIGNATURE_SIZE 512ul 45 /* Raw key size used for signature validation. */ 46 #define AVB_AFTL_PUB_KEY_SIZE 1032ul 47 /* Limit AftlImage size to 64KB. */ 48 #define AVB_AFTL_MAX_AFTL_IMAGE_SIZE 65536ul 49 /* Limit version.incremental size to 256 characters. */ 50 #define AVB_AFTL_MAX_VERSION_INCREMENTAL_SIZE 256ul 51 /* AFTL trees require at most 64 hashes to reconstruct the root */ 52 #define AVB_AFTL_MAX_PROOF_SIZE 64 * AVB_AFTL_HASH_SIZE 53 /* Max URL limit. */ 54 #define AVB_AFTL_MAX_URL_SIZE 2048ul 55 /* Minimum valid size for an Annotation leaf. */ 56 #define AVB_AFTL_MIN_ANNOTATION_SIZE 18ul 57 /* Minimum valid size for a TrillianLogRootDescriptor. See the 58 TrillianLogRootDescriptor struct for details. The values here cover: 59 version: sizeof(uint16_t) 60 tree_size: sizeof(uint64_t) 61 root_hash_size: sizeof(uint8_t) 62 root_hash: AVB_AFTL_HASH_SIZE 63 timestamp; sizeof(uint64_t) 64 revision; sizeof(uint64_t) 65 metadata_size: sizeof(uint16_t) 66 metadata is optional, so it's not required for the minimum size. */ 67 #define AVB_AFTL_MIN_TLRD_SIZE \ 68 (sizeof(uint16_t) + sizeof(uint64_t) + sizeof(uint8_t) + \ 69 AVB_AFTL_HASH_SIZE + sizeof(uint64_t) + sizeof(uint64_t) + \ 70 sizeof(uint16_t)) 71 /* Minimum valid size for an AftlIcpEntry structure. See the 72 AftlIcpEntry struct for details. The values here cover: 73 log_url_size: sizeof(uint32_t) 74 leaf_index: sizeof(uint64_t) 75 log_root_descriptor_size: sizeof(uint32_t) 76 annotation_leaf_size: sizeof(uint32_t) 77 log_root_sig_size: sizeof(uint32_t) 78 proof_hash_count: sizeof(uint8_t) 79 inc_proof_size: sizeof(uint32_t) 80 log_url: 4 (shortest practical URL) 81 log_root_descriptor: AVB_AFTL_MIN_TLRD_SIZE 82 annotation_leaf: AVB_AFTL_MIN_ANNOTATION_SIZE 83 log_root_signature: AVB_AFTL_SIGNATURE_SIZE 84 proofs: AVB_AFTL_HASH_SIZE as there must be at least one hash. */ 85 #define AVB_AFTL_MIN_AFTL_ICP_ENTRY_SIZE \ 86 (sizeof(uint32_t) + sizeof(uint64_t) + sizeof(uint32_t) + sizeof(uint32_t) + \ 87 sizeof(uint32_t) + sizeof(uint8_t) + sizeof(uint32_t) + 4 + \ 88 AVB_AFTL_MIN_TLRD_SIZE + AVB_AFTL_MIN_ANNOTATION_SIZE + \ 89 AVB_AFTL_SIGNATURE_SIZE + AVB_AFTL_HASH_SIZE) 90 /* The maximum AftlIcpEntrySize is the max AftlImage size minus the size 91 of the AftlImageHeader. */ 92 #define AVB_AFTL_MAX_AFTL_ICP_ENTRY_SIZE \ 93 (AVB_AFTL_MAX_AFTL_IMAGE_SIZE - sizeof(AftlImageHeader)) 94 /* The maximum Annotation size is the max AftlImage size minus the 95 size of the smallest valid AftlIcpEntry. */ 96 #define AVB_AFTL_MAX_ANNOTATION_SIZE \ 97 (AVB_AFTL_MAX_AFTL_IMAGE_SIZE - AVB_AFTL_MIN_AFTL_ICP_ENTRY_SIZE) 98 /* The maximum metadata size in a TrillianLogRootDescriptor for AFTL is the 99 max AftlImage size minus the smallest valid AftlIcpEntry size. */ 100 #define AVB_AFTL_MAX_METADATA_SIZE \ 101 (AVB_AFTL_MAX_AFTL_IMAGE_SIZE - AVB_AFTL_MIN_AFTL_ICP_ENTRY_SIZE) 102 /* The maximum TrillianLogRootDescriptor is the size of the smallest valid 103 TrillianLogRootDescriptor + the largest possible metadata size. */ 104 #define AVB_AFTL_MAX_TLRD_SIZE \ 105 (AVB_AFTL_MIN_TLRD_SIZE + AVB_AFTL_MAX_METADATA_SIZE) 106 107 /* Data structure containing a Trillian LogRootDescriptor, from 108 https://github.com/google/trillian/blob/master/trillian.proto#L255 109 The log_root_signature is calculated over this structure. */ 110 typedef struct TrillianLogRootDescriptor { 111 uint16_t version; 112 uint64_t tree_size; 113 uint8_t root_hash_size; 114 uint8_t* root_hash; 115 uint64_t timestamp; 116 uint64_t revision; 117 uint16_t metadata_size; 118 uint8_t* metadata; 119 } TrillianLogRootDescriptor; 120 121 typedef enum { 122 AVB_AFTL_HASH_SHA256, 123 _AVB_AFTL_HASH_ALGORITHM_NUM 124 } HashAlgorithm; 125 126 typedef enum { 127 AVB_AFTL_SIGNATURE_RSA, // RSA with PKCS1v15 128 AVB_AFTL_SIGNATURE_ECDSA, // ECDSA with P256 curve 129 _AVB_AFTL_SIGNATURE_ALGORITHM_NUM 130 } SignatureAlgorithm; 131 132 /* Data structure containing the signature within a leaf of the VBMeta 133 * annotation. This signature is made using the manufacturer key which is 134 * generally not available at boot time. Therefore, this structure is not 135 * verified by the bootloader. */ 136 typedef struct { 137 uint8_t hash_algorithm; 138 uint8_t signature_algorithm; 139 uint16_t signature_size; 140 uint8_t* signature; 141 } Signature; 142 143 /* Data structure containing the VBMeta annotation. */ 144 typedef struct { 145 uint8_t vbmeta_hash_size; 146 uint8_t* vbmeta_hash; 147 uint8_t version_incremental_size; 148 uint8_t* version_incremental; 149 uint8_t manufacturer_key_hash_size; 150 uint8_t* manufacturer_key_hash; 151 uint16_t description_size; 152 uint8_t* description; 153 } VBMetaPrimaryAnnotation; 154 155 #define AVB_AFTL_VBMETA_LEAF 0 156 #define AVB_AFTL_SIGNED_VBMETA_PRIMARY_ANNOTATION_LEAF 1 157 158 /* Data structure containing the leaf that is stored in the 159 transparency log. */ 160 typedef struct { 161 uint8_t version; 162 uint64_t timestamp; 163 uint8_t leaf_type; 164 Signature* signature; 165 VBMetaPrimaryAnnotation* annotation; 166 } SignedVBMetaPrimaryAnnotationLeaf; 167 168 /* Data structure containing AFTL inclusion proof data from a single 169 transparency log. */ 170 typedef struct AftlIcpEntry { 171 uint32_t log_url_size; 172 uint64_t leaf_index; 173 uint32_t log_root_descriptor_size; 174 uint32_t annotation_leaf_size; 175 uint16_t log_root_sig_size; 176 uint8_t proof_hash_count; 177 uint32_t inc_proof_size; 178 uint8_t* log_url; 179 TrillianLogRootDescriptor log_root_descriptor; 180 uint8_t* log_root_descriptor_raw; 181 SignedVBMetaPrimaryAnnotationLeaf* annotation_leaf; 182 uint8_t* annotation_leaf_raw; 183 uint8_t* log_root_signature; 184 uint8_t (*proofs)[AVB_AFTL_HASH_SIZE]; 185 } AftlIcpEntry; 186 187 /* Data structure containing AFTL header information. */ 188 typedef struct AftlImageHeader { 189 uint32_t magic; 190 uint32_t required_icp_version_major; 191 uint32_t required_icp_version_minor; 192 uint32_t image_size; /* Total size of the AftlImage, including this header */ 193 uint16_t icp_count; 194 } AVB_ATTR_PACKED AftlImageHeader; 195 196 /* Main data structure for an AFTL image. */ 197 typedef struct AftlImage { 198 AftlImageHeader header; 199 AftlIcpEntry** entries; 200 } AftlImage; 201 202 #ifdef __cplusplus 203 } 204 #endif 205 206 #endif /* AVB_AFTL_TYPES_H_ */ 207