121e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen/*
221e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen * Copyright (C) 2016 The Android Open Source Project
321e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen *
4c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * Permission is hereby granted, free of charge, to any person
5c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * obtaining a copy of this software and associated documentation
6c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * files (the "Software"), to deal in the Software without
7c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * restriction, including without limitation the rights to use, copy,
8c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * modify, merge, publish, distribute, sublicense, and/or sell copies
9c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * of the Software, and to permit persons to whom the Software is
10c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * furnished to do so, subject to the following conditions:
1121e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen *
12c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * The above copyright notice and this permission notice shall be
13c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * included in all copies or substantial portions of the Software.
1421e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen *
15c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22c612e2e353444f6ad714e43702c2afd057516254David Zeuthen * SOFTWARE.
2321e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen */
2421e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen
2521e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen#if !defined(AVB_INSIDE_LIBAVB_H) && !defined(AVB_COMPILATION)
2621e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen#error "Never include this file directly, include libavb.h instead."
2721e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen#endif
2821e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen
2921e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen#ifndef AVB_HASH_DESCRIPTOR_H_
3021e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen#define AVB_HASH_DESCRIPTOR_H_
3121e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen
3221e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen#include "avb_descriptor.h"
3321e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen
3421e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen#ifdef __cplusplus
3521e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthenextern "C" {
3621e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen#endif
3721e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen
38fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn/* Flags for hash descriptors.
39fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn *
40fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn * AVB_HASH_DESCRIPTOR_FLAGS_DO_NOT_USE_AB: Do not apply the default A/B
41fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn *   partition logic to this partition. This is intentionally a negative boolean
42fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn *   because A/B should be both the default and most used in practice.
43fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn */
44fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahntypedef enum {
45fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn  AVB_HASH_DESCRIPTOR_FLAGS_DO_NOT_USE_AB = (1 << 0),
46fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn} AvbHashDescriptorFlags;
47fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn
4821e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen/* A descriptor containing information about hash for an image.
4921e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen *
5021e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen * This descriptor is typically used for boot partitions to verify the
5121e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen * entire kernel+initramfs image before executing it.
5221e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen *
5321e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen * Following this struct are |partition_name_len| bytes of the
5421e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen * partition name (UTF-8 encoded), |salt_len| bytes of salt, and then
5521e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen * |digest_len| bytes of the digest.
565cb2db99e2bd7ea889a91f22d3c104118ff199b7David Zeuthen *
575cb2db99e2bd7ea889a91f22d3c104118ff199b7David Zeuthen * The |reserved| field is for future expansion and must be set to NUL
585cb2db99e2bd7ea889a91f22d3c104118ff199b7David Zeuthen * bytes.
59fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn *
60fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn * Changes in v1.1:
61fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn *   - flags field is added which supports AVB_HASH_DESCRIPTOR_FLAGS_USE_AB
62fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn *   - digest_len may be zero, which indicates the use of a persistent digest
6321e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen */
6421e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthentypedef struct AvbHashDescriptor {
6521e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen  AvbDescriptor parent_descriptor;
6621e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen  uint64_t image_size;
6721e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen  uint8_t hash_algorithm[32];
6821e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen  uint32_t partition_name_len;
6921e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen  uint32_t salt_len;
7021e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen  uint32_t digest_len;
71fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn  uint32_t flags;
72fd0ba0d49101461dbb493cfb28c3a0a2158559b9Darren Krahn  uint8_t reserved[60];
7321e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen} AVB_ATTR_PACKED AvbHashDescriptor;
7421e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen
7521e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen/* Copies |src| to |dest| and validates, byte-swapping fields in the
7621e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen * process if needed. Returns true if valid, false if invalid.
7721e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen *
7821e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen * Data following the struct is not validated nor copied.
7921e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen */
8021e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthenbool avb_hash_descriptor_validate_and_byteswap(const AvbHashDescriptor* src,
8121e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen                                               AvbHashDescriptor* dest)
8221e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen    AVB_ATTR_WARN_UNUSED_RESULT;
8321e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen
8421e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen#ifdef __cplusplus
8521e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen}
8621e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen#endif
8721e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen
8821e95266704e572ced1c633bbc4aea9f42afa0a5David Zeuthen#endif /* AVB_HASH_DESCRIPTOR_H_ */
89