blob: 17ab257adebffe4b5c856d53d71d2ecf8a239e6e [file] [log] [blame]
Ethan Yonkerf1179622016-08-25 15:32:21 -05001/*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef _RECOVERY_VERIFIER_H
18#define _RECOVERY_VERIFIER_H
19
20#include "mincrypt/p256.h"
21#include "mincrypt/rsa.h"
22
23#define ASSUMED_UPDATE_BINARY_NAME "META-INF/com/google/android/update-binary"
24
25enum { INSTALL_SUCCESS, INSTALL_ERROR, INSTALL_CORRUPT };
26
27static const float VERIFICATION_PROGRESS_FRACTION = 0.25;
28
29typedef struct {
30 p256_int x;
31 p256_int y;
32} ECPublicKey;
33
34typedef struct {
35 typedef enum {
36 RSA,
37 EC,
38 } KeyType;
39
40 int hash_len; // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256)
41 KeyType key_type;
42 RSAPublicKey* rsa;
43 ECPublicKey* ec;
44} Certificate;
45
46/* addr and length define a an update package file that has been
47 * loaded (or mmap'ed, or whatever) into memory. Verify that the file
48 * is signed and the signature matches one of the given keys. Return
49 * one of the constants below.
50 */
51int verify_file(unsigned char* addr, size_t length);
52
53Certificate* load_keys(const char* filename, int* numKeys);
54
55#define VERIFY_SUCCESS 0
56#define VERIFY_FAILURE 1
57
58#endif /* _RECOVERY_VERIFIER_H */