1 /*
2  * Copyright (C) 2020 The Android Open Source Project
3  *
4  * Permission is hereby granted, free of charge, to any person
5  * obtaining a copy of this software and associated documentation
6  * files (the "Software"), to deal in the Software without
7  * restriction, including without limitation the rights to use, copy,
8  * modify, merge, publish, distribute, sublicense, and/or sell copies
9  * of the Software, and to permit persons to whom the Software is
10  * furnished to do so, subject to the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24 #if !defined(AVB_INSIDE_LIBAVB_AFTL_H) && !defined(AVB_COMPILATION)
25 #error "Never include this file directly, include libavb_aftl.h instead."
26 #endif
27 
28 #ifndef AVB_AFTL_VERIFY_H_
29 #define AVB_AFTL_VERIFY_H_
30 
31 #include <libavb/libavb.h>
32 
33 #ifdef __cplusplus
34 extern "C" {
35 #endif
36 
37 typedef enum {
38   // When the verification succeeded.
39   AFTL_SLOT_VERIFY_RESULT_OK,
40 
41   // If at some point during the verification, a memory allocation failed. This
42   // could be the case when handling a large number of log keys or inclusion
43   // proofs.
44   AFTL_SLOT_VERIFY_RESULT_ERROR_OOM,
45 
46   // If at some point during the verification, we were not able to access some
47   // devices. This can be the case when reading the AftlImage from the
48   // partition.
49   AFTL_SLOT_VERIFY_RESULT_ERROR_IO,
50 
51   // The VBMeta hash in the inclusion proof is not matching the VBMeta image
52   // hash.
53   AFTL_SLOT_VERIFY_RESULT_ERROR_VBMETA_HASH_MISMATCH,
54 
55   // The root hash of the reconstructed tree do not match the value contained in
56   // the inclusion proof.
57   AFTL_SLOT_VERIFY_RESULT_ERROR_TREE_HASH_MISMATCH,
58 
59   // The inclusion proof signature cannot be verified by the given key.
60   AFTL_SLOT_VERIFY_RESULT_ERROR_INVALID_PROOF_SIGNATURE,
61 
62   // A generic error occurred during the verification.
63   AFTL_SLOT_VERIFY_RESULT_ERROR_VERIFICATION,
64 
65   // At least one of the VBMetas did not have an AftlImage attached.
66   AFTL_SLOT_VERIFY_RESULT_ERROR_IMAGE_NOT_FOUND,
67 
68   // Some content of one of the AFTLImages was found corrupted.
69   AFTL_SLOT_VERIFY_RESULT_ERROR_INVALID_IMAGE,
70 
71   // Returned if the caller passed invalid parameters, for example if the prior
72   // call to avb_slot_verify failed.
73   AFTL_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT
74 
75 } AftlSlotVerifyResult;
76 
77 /* The entry point of AFTL validation. It uses the AvbSlotVerifyData structure,
78  * |slot_verify_data|, generated by a prior call to the avb_slot_verify
79  * function, and a transparency log key to validate the inclusion proof(s)
80  * attached to each VBMeta images.
81  *
82  * The caller is responsible for ensuring that the previous call to
83  * avb_slot_verify succeeded. If |slot_verify_data| is incomplete or NULL,
84  * AFTL_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT will be returned.
85  *
86  * The AftlImage structure is located after the VBMetaImage structure. Uses
87  * |ops| to read the partition where the VBMeta was loaded from.
88  *
89  * For each inclusion proof found, the following three validation steps are
90  * performed:
91  *   1. Match the VBMeta image hash with the hash in the tree leaf.
92  *   2. Match the root hash of the Merkle tree with the hash in the proof.
93  *   3. Verify the signature of the proof using the transparency log public key.
94  * See the definition of AftlSlotVerifyResult for all the possible return
95  * values.
96  */
97 
98 AftlSlotVerifyResult aftl_slot_verify(AvbOps* ops,
99                                       AvbSlotVerifyData* slot_verify_data,
100                                       uint8_t* key_bytes,
101                                       size_t key_size);
102 #ifdef __cplusplus
103 }
104 #endif
105 
106 #endif /* AVB_AFTL_VERIFY_H_ */
107