1 /*
2  * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 #ifndef __HVB_CERT_H_
16 #define __HVB_CERT_H_
17 
18 #include "hvb_sysdeps.h"
19 #include "hvb.h"
20 #include "hvb_crypto.h"
21 
22 #ifdef __cplusplus
23 extern "C"
24 {
25 #endif
26 
27 /* Magic for the vbmeta image header. */
28 #define HVB_MAGIC                    "HVB"
29 #define HVB_MAGIC_LEN                4
30 
31 /* Maximum size of the release string including the terminating NUL byte. */
32 #define HVB_VERITY_RESERVED_SIZE     36
33 #define HVB_SIGNATURE_RESERVED_SIZE  64
34 #define VERITY_NAME_SIZE             64
35 #define HVB_SIGNATURE_MAX_SIZE       4096
36 #define HVB_CERT_MAX_SIZE            4096
37 
38 /* The version number of HVB - keep in sync with hvbtool. */
39 #define HVB_VERSION_MAJOR            1
40 #define HVB_VERSION_MINOR            1
41 
42 #define PUBKEY_MODULUS_LEN           256
43 #define PUBKEY_P_RR_LEN              256
44 #define SIGNATURE_LEN                256
45 #define HVB_SIGNATURE_FIXED_SIZE     224
46 
47 enum hvb_image_type {
48     HVB_IMAGE_TYPE_NONE,
49     HVB_IMAGE_TYPE_HASH,
50     HVB_IMAGE_TYPE_HASHTREE,
51     HVB_IMAGE_TYPE_MAX,
52 };
53 
54 struct hash_payload {
55     uint8_t *salt;
56     uint8_t *digest;
57 } HVB_ATTR_PACKED;
58 
59 struct hvb_sign_info {
60     uint64_t sig_length;
61     uint32_t algorithm;
62     uint32_t flags;
63     uint64_t pubkey_offset;
64     uint64_t pubkey_len;
65     uint64_t signature_offset;
66     uint64_t signature_len;
67     uint8_t signature_reserved[HVB_SIGNATURE_RESERVED_SIZE];
68     struct hvb_buf pubk;
69     struct hvb_buf sign;
70 } HVB_ATTR_PACKED;
71 
72 struct hvb_cert {
73     /* Three bytes equal to "HVB" (HVB_MAGIC). */
74     uint8_t magic[HVB_MAGIC_LEN];
75 
76     /* The major version of libhvb. */
77     uint32_t version_major;
78 
79     /* The minor version of libhvb. */
80     uint32_t version_minor;
81 
82     /* The release data for verity info data. */
83     uint8_t verity_reserved[HVB_VERITY_RESERVED_SIZE];
84 
85     /* The original length for image. */
86     uint64_t image_original_len;
87 
88     /* The length for image after padding zeroes. */
89     uint64_t image_len;
90 
91     /* The partition name. */
92     uint8_t image_name[VERITY_NAME_SIZE];
93 
94     /* The location of rollback value. */
95     uint64_t rollback_location;
96 
97     /* The rollback index. */
98     uint64_t rollback_index;
99 
100     /*
101      * The type of image verity.
102      * 1: hash image
103      * 2: hashtree image
104      */
105     uint32_t verity_type;
106 
107     /*
108      * The algorithm for calculated image hash.
109      * 0: ShA256
110      * 1: SHA1
111      * 2: SHA512
112      */
113     uint32_t hash_algo;
114 
115     /* The offset for salt data, it stored in hash_payload. */
116     uint64_t salt_offset;
117 
118     /* The size of salt data. */
119     uint64_t salt_size;
120 
121     /* The offset for digest, it stored in hash_payload. */
122     uint64_t digest_offset;
123 
124     /* The size of digest. */
125     uint64_t digest_size;
126 
127     /* The offset for hashtree. */
128     uint64_t hashtree_offset;
129 
130     /* The size of hashtree. */
131     uint64_t hashtree_size;
132 
133     /* The size of each block in hashtree mode (4 KB by default). */
134     uint64_t data_block_size;
135 
136     /* The size of each block for storing hash in a hashtree (4 KB by default). */
137     uint64_t hash_block_size;
138 
139     /* The device number FEC. */
140     uint64_t fec_num_roots;
141 
142     /* The offset of FEC. */
143     uint64_t fec_offset;
144 
145     /* The size of FEC. */
146     uint64_t fec_size;
147 
148     /* save the salt and digest of image. */
149     struct hash_payload hash_payload;
150 
151     /* signature info */
152     struct hvb_sign_info signature_info;
153 } HVB_ATTR_PACKED;
154 
155 enum hvb_errno cert_init_desc(struct hvb_ops *ops, const char *ptn, struct hvb_buf *cert_buf,
156                               const char *const *hash_ptn_list, struct hvb_buf *out_pubk,
157                               struct hvb_verified_data *verified_data);
158 enum hvb_errno hvb_cert_parser(struct hvb_cert *cert, struct hvb_buf *cert_buf);
159 
160 #ifdef __cplusplus
161 }
162 #endif
163 
164 #endif
165