1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Permission is hereby granted, free of charge, to any person
5  * obtaining a copy of this software and associated documentation
6  * files (the "Software"), to deal in the Software without
7  * restriction, including without limitation the rights to use, copy,
8  * modify, merge, publish, distribute, sublicense, and/or sell copies
9  * of the Software, and to permit persons to whom the Software is
10  * furnished to do so, subject to the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24 
25 #ifdef AVB_INSIDE_LIBAVB_AFTL_H
26 #error "You can't include avb_aftl_types.h in the public header libavb_aftl.h."
27 #endif
28 
29 #ifndef AVB_COMPILATION
30 #error "Never include this file, it may only be used from internal avb code."
31 #endif
32 
33 #ifndef AVB_AFTL_TYPES_H_
34 #define AVB_AFTL_TYPES_H_
35 
36 #include <libavb/libavb.h>
37 
38 #ifdef __cplusplus
39 extern "C" {
40 #endif
41 
42 #define AVB_AFTL_UINT64_MAX 0xfffffffffffffffful
43 #define AVB_AFTL_HASH_SIZE 32ul
44 #define AVB_AFTL_SIGNATURE_SIZE 512ul
45 /* Raw key size used for signature validation. */
46 #define AVB_AFTL_PUB_KEY_SIZE 1032ul
47 /* Limit AftlImage size to 64KB. */
48 #define AVB_AFTL_MAX_AFTL_IMAGE_SIZE 65536ul
49 /* Limit version.incremental size to 256 characters. */
50 #define AVB_AFTL_MAX_VERSION_INCREMENTAL_SIZE 256ul
51 /* AFTL trees require at most 64 hashes to reconstruct the root */
52 #define AVB_AFTL_MAX_PROOF_SIZE 64 * AVB_AFTL_HASH_SIZE
53 /* Max URL limit. */
54 #define AVB_AFTL_MAX_URL_SIZE 2048ul
55 /* Minimum valid size for an Annotation leaf. */
56 #define AVB_AFTL_MIN_ANNOTATION_SIZE 18ul
57 /* Minimum valid size for a TrillianLogRootDescriptor. See the
58    TrillianLogRootDescriptor struct for details. The values here cover:
59    version: sizeof(uint16_t)
60    tree_size: sizeof(uint64_t)
61    root_hash_size: sizeof(uint8_t)
62    root_hash: AVB_AFTL_HASH_SIZE
63    timestamp; sizeof(uint64_t)
64    revision; sizeof(uint64_t)
65    metadata_size: sizeof(uint16_t)
66    metadata is optional, so it's not required for the minimum size. */
67 #define AVB_AFTL_MIN_TLRD_SIZE                                \
68   (sizeof(uint16_t) + sizeof(uint64_t) + sizeof(uint8_t) +    \
69    AVB_AFTL_HASH_SIZE + sizeof(uint64_t) + sizeof(uint64_t) + \
70    sizeof(uint16_t))
71 /* Minimum valid size for an AftlIcpEntry structure. See the
72    AftlIcpEntry struct for details. The values here cover:
73    log_url_size: sizeof(uint32_t)
74    leaf_index: sizeof(uint64_t)
75    log_root_descriptor_size: sizeof(uint32_t)
76    annotation_leaf_size: sizeof(uint32_t)
77    log_root_sig_size: sizeof(uint32_t)
78    proof_hash_count: sizeof(uint8_t)
79    inc_proof_size: sizeof(uint32_t)
80    log_url: 4 (shortest practical URL)
81    log_root_descriptor: AVB_AFTL_MIN_TLRD_SIZE
82    annotation_leaf: AVB_AFTL_MIN_ANNOTATION_SIZE
83    log_root_signature: AVB_AFTL_SIGNATURE_SIZE
84    proofs: AVB_AFTL_HASH_SIZE as there must be at least one hash. */
85 #define AVB_AFTL_MIN_AFTL_ICP_ENTRY_SIZE                                       \
86   (sizeof(uint32_t) + sizeof(uint64_t) + sizeof(uint32_t) + sizeof(uint32_t) + \
87    sizeof(uint32_t) + sizeof(uint8_t) + sizeof(uint32_t) + 4 +                 \
88    AVB_AFTL_MIN_TLRD_SIZE + AVB_AFTL_MIN_ANNOTATION_SIZE +                     \
89    AVB_AFTL_SIGNATURE_SIZE + AVB_AFTL_HASH_SIZE)
90 /* The maximum AftlIcpEntrySize is the max AftlImage size minus the size
91    of the AftlImageHeader. */
92 #define AVB_AFTL_MAX_AFTL_ICP_ENTRY_SIZE \
93   (AVB_AFTL_MAX_AFTL_IMAGE_SIZE - sizeof(AftlImageHeader))
94 /* The maximum Annotation size is the max AftlImage size minus the
95    size of the smallest valid AftlIcpEntry. */
96 #define AVB_AFTL_MAX_ANNOTATION_SIZE \
97   (AVB_AFTL_MAX_AFTL_IMAGE_SIZE - AVB_AFTL_MIN_AFTL_ICP_ENTRY_SIZE)
98 /* The maximum metadata size in a TrillianLogRootDescriptor for AFTL is the
99    max AftlImage size minus the smallest valid AftlIcpEntry size. */
100 #define AVB_AFTL_MAX_METADATA_SIZE \
101   (AVB_AFTL_MAX_AFTL_IMAGE_SIZE - AVB_AFTL_MIN_AFTL_ICP_ENTRY_SIZE)
102 /* The maximum TrillianLogRootDescriptor is the size of the smallest valid
103 TrillianLogRootDescriptor + the largest possible metadata size. */
104 #define AVB_AFTL_MAX_TLRD_SIZE \
105   (AVB_AFTL_MIN_TLRD_SIZE + AVB_AFTL_MAX_METADATA_SIZE)
106 
107 /* Data structure containing a Trillian LogRootDescriptor, from
108    https://github.com/google/trillian/blob/master/trillian.proto#L255
109    The log_root_signature is calculated over this structure. */
110 typedef struct TrillianLogRootDescriptor {
111   uint16_t version;
112   uint64_t tree_size;
113   uint8_t root_hash_size;
114   uint8_t* root_hash;
115   uint64_t timestamp;
116   uint64_t revision;
117   uint16_t metadata_size;
118   uint8_t* metadata;
119 } TrillianLogRootDescriptor;
120 
121 typedef enum {
122   AVB_AFTL_HASH_SHA256,
123   _AVB_AFTL_HASH_ALGORITHM_NUM
124 } HashAlgorithm;
125 
126 typedef enum {
127   AVB_AFTL_SIGNATURE_RSA,    // RSA with PKCS1v15
128   AVB_AFTL_SIGNATURE_ECDSA,  // ECDSA with P256 curve
129   _AVB_AFTL_SIGNATURE_ALGORITHM_NUM
130 } SignatureAlgorithm;
131 
132 /* Data structure containing the signature within a leaf of the VBMeta
133  * annotation. This signature is made using the manufacturer key which is
134  * generally not available at boot time. Therefore, this structure is not
135  * verified by the bootloader. */
136 typedef struct {
137   uint8_t hash_algorithm;
138   uint8_t signature_algorithm;
139   uint16_t signature_size;
140   uint8_t* signature;
141 } Signature;
142 
143 /* Data structure containing the VBMeta annotation. */
144 typedef struct {
145   uint8_t vbmeta_hash_size;
146   uint8_t* vbmeta_hash;
147   uint8_t version_incremental_size;
148   uint8_t* version_incremental;
149   uint8_t manufacturer_key_hash_size;
150   uint8_t* manufacturer_key_hash;
151   uint16_t description_size;
152   uint8_t* description;
153 } VBMetaPrimaryAnnotation;
154 
155 #define AVB_AFTL_VBMETA_LEAF 0
156 #define AVB_AFTL_SIGNED_VBMETA_PRIMARY_ANNOTATION_LEAF 1
157 
158 /* Data structure containing the leaf that is stored in the
159    transparency log. */
160 typedef struct {
161   uint8_t version;
162   uint64_t timestamp;
163   uint8_t leaf_type;
164   Signature* signature;
165   VBMetaPrimaryAnnotation* annotation;
166 } SignedVBMetaPrimaryAnnotationLeaf;
167 
168 /* Data structure containing AFTL inclusion proof data from a single
169    transparency log. */
170 typedef struct AftlIcpEntry {
171   uint32_t log_url_size;
172   uint64_t leaf_index;
173   uint32_t log_root_descriptor_size;
174   uint32_t annotation_leaf_size;
175   uint16_t log_root_sig_size;
176   uint8_t proof_hash_count;
177   uint32_t inc_proof_size;
178   uint8_t* log_url;
179   TrillianLogRootDescriptor log_root_descriptor;
180   uint8_t* log_root_descriptor_raw;
181   SignedVBMetaPrimaryAnnotationLeaf* annotation_leaf;
182   uint8_t* annotation_leaf_raw;
183   uint8_t* log_root_signature;
184   uint8_t (*proofs)[AVB_AFTL_HASH_SIZE];
185 } AftlIcpEntry;
186 
187 /* Data structure containing AFTL header information. */
188 typedef struct AftlImageHeader {
189   uint32_t magic;
190   uint32_t required_icp_version_major;
191   uint32_t required_icp_version_minor;
192   uint32_t image_size; /* Total size of the AftlImage, including this header */
193   uint16_t icp_count;
194 } AVB_ATTR_PACKED AftlImageHeader;
195 
196 /* Main data structure for an AFTL image. */
197 typedef struct AftlImage {
198   AftlImageHeader header;
199   AftlIcpEntry** entries;
200 } AftlImage;
201 
202 #ifdef __cplusplus
203 }
204 #endif
205 
206 #endif /* AVB_AFTL_TYPES_H_ */
207