The Android Open Source Project | c24a8e6 | 2009-03-03 19:28:42 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2008 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #ifndef _RECOVERY_VERIFIER_H |
| 18 | #define _RECOVERY_VERIFIER_H |
| 19 | |
Tianjie Xu | 8256698 | 2018-10-10 15:44:17 -0700 | [diff] [blame] | 20 | #include <stdint.h> |
| 21 | |
Tao Bao | 5e53501 | 2017-03-16 17:37:38 -0700 | [diff] [blame] | 22 | #include <functional> |
Tao Bao | 71e3e09 | 2016-02-02 14:02:27 -0800 | [diff] [blame] | 23 | #include <memory> |
| 24 | #include <vector> |
| 25 | |
Mattias Nissler | 452df6d | 2016-04-04 16:17:01 +0200 | [diff] [blame] | 26 | #include <openssl/ec_key.h> |
| 27 | #include <openssl/rsa.h> |
| 28 | #include <openssl/sha.h> |
The Android Open Source Project | c24a8e6 | 2009-03-03 19:28:42 -0800 | [diff] [blame] | 29 | |
Mattias Nissler | 452df6d | 2016-04-04 16:17:01 +0200 | [diff] [blame] | 30 | struct RSADeleter { |
Mikhail Lappo | b49767c | 2017-03-23 21:44:26 +0100 | [diff] [blame] | 31 | void operator()(RSA* rsa) const { |
Mattias Nissler | 452df6d | 2016-04-04 16:17:01 +0200 | [diff] [blame] | 32 | RSA_free(rsa); |
| 33 | } |
| 34 | }; |
| 35 | |
| 36 | struct ECKEYDeleter { |
Mikhail Lappo | b49767c | 2017-03-23 21:44:26 +0100 | [diff] [blame] | 37 | void operator()(EC_KEY* ec_key) const { |
Mattias Nissler | 452df6d | 2016-04-04 16:17:01 +0200 | [diff] [blame] | 38 | EC_KEY_free(ec_key); |
| 39 | } |
| 40 | }; |
Kenny Root | 7a4adb5 | 2013-10-09 10:14:35 -0700 | [diff] [blame] | 41 | |
Tao Bao | 71e3e09 | 2016-02-02 14:02:27 -0800 | [diff] [blame] | 42 | struct Certificate { |
Kenny Root | 7a4adb5 | 2013-10-09 10:14:35 -0700 | [diff] [blame] | 43 | typedef enum { |
Mattias Nissler | 452df6d | 2016-04-04 16:17:01 +0200 | [diff] [blame] | 44 | KEY_TYPE_RSA, |
| 45 | KEY_TYPE_EC, |
Kenny Root | 7a4adb5 | 2013-10-09 10:14:35 -0700 | [diff] [blame] | 46 | } KeyType; |
| 47 | |
Mattias Nissler | 452df6d | 2016-04-04 16:17:01 +0200 | [diff] [blame] | 48 | Certificate(int hash_len_, |
| 49 | KeyType key_type_, |
| 50 | std::unique_ptr<RSA, RSADeleter>&& rsa_, |
| 51 | std::unique_ptr<EC_KEY, ECKEYDeleter>&& ec_) |
| 52 | : hash_len(hash_len_), |
| 53 | key_type(key_type_), |
| 54 | rsa(std::move(rsa_)), |
| 55 | ec(std::move(ec_)) {} |
Tao Bao | 71e3e09 | 2016-02-02 14:02:27 -0800 | [diff] [blame] | 56 | |
Mattias Nissler | 452df6d | 2016-04-04 16:17:01 +0200 | [diff] [blame] | 57 | // SHA_DIGEST_LENGTH (SHA-1) or SHA256_DIGEST_LENGTH (SHA-256) |
| 58 | int hash_len; |
Kenny Root | 7a4adb5 | 2013-10-09 10:14:35 -0700 | [diff] [blame] | 59 | KeyType key_type; |
Mattias Nissler | 452df6d | 2016-04-04 16:17:01 +0200 | [diff] [blame] | 60 | std::unique_ptr<RSA, RSADeleter> rsa; |
| 61 | std::unique_ptr<EC_KEY, ECKEYDeleter> ec; |
Tao Bao | 71e3e09 | 2016-02-02 14:02:27 -0800 | [diff] [blame] | 62 | }; |
Doug Zongker | 30362a6 | 2013-04-10 11:32:17 -0700 | [diff] [blame] | 63 | |
Tao Bao | 5e53501 | 2017-03-16 17:37:38 -0700 | [diff] [blame] | 64 | /* |
| 65 | * 'addr' and 'length' define an update package file that has been loaded (or mmap'ed, or |
| 66 | * whatever) into memory. Verifies that the file is signed and the signature matches one of the |
| 67 | * given keys. It optionally accepts a callback function for posting the progress to. Returns one |
| 68 | * of the constants of VERIFY_SUCCESS and VERIFY_FAILURE. |
The Android Open Source Project | c24a8e6 | 2009-03-03 19:28:42 -0800 | [diff] [blame] | 69 | */ |
Tao Bao | 76fdb24 | 2017-03-20 17:09:13 -0700 | [diff] [blame] | 70 | int verify_file(const unsigned char* addr, size_t length, const std::vector<Certificate>& keys, |
Tao Bao | 5e53501 | 2017-03-16 17:37:38 -0700 | [diff] [blame] | 71 | const std::function<void(float)>& set_progress = nullptr); |
Doug Zongker | 60151a2 | 2009-08-12 18:30:03 -0700 | [diff] [blame] | 72 | |
Tao Bao | 71e3e09 | 2016-02-02 14:02:27 -0800 | [diff] [blame] | 73 | bool load_keys(const char* filename, std::vector<Certificate>& certs); |
Doug Zongker | 6c249f7 | 2012-11-02 15:04:05 -0700 | [diff] [blame] | 74 | |
Tianjie Xu | 8256698 | 2018-10-10 15:44:17 -0700 | [diff] [blame] | 75 | // Parses a PEM-encoded x509 certificate from the given buffer and saves it into |cert|. Returns |
| 76 | // false if there is a parsing failure or the signature's encryption algorithm is not supported. |
| 77 | bool LoadCertificateFromBuffer(const std::vector<uint8_t>& pem_content, Certificate* cert); |
| 78 | |
Tianjie Xu | 0dd9685 | 2018-10-15 11:44:14 -0700 | [diff] [blame] | 79 | // Iterates over the zip entries with the suffix "x509.pem" and returns a list of recognized |
| 80 | // certificates. Returns an empty list if we fail to parse any of the entries. |
| 81 | std::vector<Certificate> LoadKeysFromZipfile(const std::string& zip_name); |
| 82 | |
Doug Zongker | 60151a2 | 2009-08-12 18:30:03 -0700 | [diff] [blame] | 83 | #define VERIFY_SUCCESS 0 |
| 84 | #define VERIFY_FAILURE 1 |
The Android Open Source Project | c24a8e6 | 2009-03-03 19:28:42 -0800 | [diff] [blame] | 85 | |
| 86 | #endif /* _RECOVERY_VERIFIER_H */ |