1*d289c2baSAndroid Build Coastguard Worker /*
2*d289c2baSAndroid Build Coastguard Worker * Copyright (C) 2016 The Android Open Source Project
3*d289c2baSAndroid Build Coastguard Worker *
4*d289c2baSAndroid Build Coastguard Worker * Permission is hereby granted, free of charge, to any person
5*d289c2baSAndroid Build Coastguard Worker * obtaining a copy of this software and associated documentation
6*d289c2baSAndroid Build Coastguard Worker * files (the "Software"), to deal in the Software without
7*d289c2baSAndroid Build Coastguard Worker * restriction, including without limitation the rights to use, copy,
8*d289c2baSAndroid Build Coastguard Worker * modify, merge, publish, distribute, sublicense, and/or sell copies
9*d289c2baSAndroid Build Coastguard Worker * of the Software, and to permit persons to whom the Software is
10*d289c2baSAndroid Build Coastguard Worker * furnished to do so, subject to the following conditions:
11*d289c2baSAndroid Build Coastguard Worker *
12*d289c2baSAndroid Build Coastguard Worker * The above copyright notice and this permission notice shall be
13*d289c2baSAndroid Build Coastguard Worker * included in all copies or substantial portions of the Software.
14*d289c2baSAndroid Build Coastguard Worker *
15*d289c2baSAndroid Build Coastguard Worker * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16*d289c2baSAndroid Build Coastguard Worker * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17*d289c2baSAndroid Build Coastguard Worker * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18*d289c2baSAndroid Build Coastguard Worker * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19*d289c2baSAndroid Build Coastguard Worker * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20*d289c2baSAndroid Build Coastguard Worker * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21*d289c2baSAndroid Build Coastguard Worker * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22*d289c2baSAndroid Build Coastguard Worker * SOFTWARE.
23*d289c2baSAndroid Build Coastguard Worker */
24*d289c2baSAndroid Build Coastguard Worker
25*d289c2baSAndroid Build Coastguard Worker #include "avb_vbmeta_image.h"
26*d289c2baSAndroid Build Coastguard Worker #include "avb_crypto.h"
27*d289c2baSAndroid Build Coastguard Worker #include "avb_rsa.h"
28*d289c2baSAndroid Build Coastguard Worker #include "avb_sha.h"
29*d289c2baSAndroid Build Coastguard Worker #include "avb_util.h"
30*d289c2baSAndroid Build Coastguard Worker #include "avb_version.h"
31*d289c2baSAndroid Build Coastguard Worker
avb_vbmeta_image_verify(const uint8_t * data,size_t length,const uint8_t ** out_public_key_data,size_t * out_public_key_length)32*d289c2baSAndroid Build Coastguard Worker AvbVBMetaVerifyResult avb_vbmeta_image_verify(
33*d289c2baSAndroid Build Coastguard Worker const uint8_t* data,
34*d289c2baSAndroid Build Coastguard Worker size_t length,
35*d289c2baSAndroid Build Coastguard Worker const uint8_t** out_public_key_data,
36*d289c2baSAndroid Build Coastguard Worker size_t* out_public_key_length) {
37*d289c2baSAndroid Build Coastguard Worker AvbVBMetaVerifyResult ret;
38*d289c2baSAndroid Build Coastguard Worker AvbVBMetaImageHeader h;
39*d289c2baSAndroid Build Coastguard Worker uint8_t* computed_hash;
40*d289c2baSAndroid Build Coastguard Worker const AvbAlgorithmData* algorithm;
41*d289c2baSAndroid Build Coastguard Worker AvbSHA256Ctx sha256_ctx;
42*d289c2baSAndroid Build Coastguard Worker AvbSHA512Ctx sha512_ctx;
43*d289c2baSAndroid Build Coastguard Worker const uint8_t* header_block;
44*d289c2baSAndroid Build Coastguard Worker const uint8_t* authentication_block;
45*d289c2baSAndroid Build Coastguard Worker const uint8_t* auxiliary_block;
46*d289c2baSAndroid Build Coastguard Worker int verification_result;
47*d289c2baSAndroid Build Coastguard Worker
48*d289c2baSAndroid Build Coastguard Worker ret = AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER;
49*d289c2baSAndroid Build Coastguard Worker
50*d289c2baSAndroid Build Coastguard Worker if (out_public_key_data != NULL) {
51*d289c2baSAndroid Build Coastguard Worker *out_public_key_data = NULL;
52*d289c2baSAndroid Build Coastguard Worker }
53*d289c2baSAndroid Build Coastguard Worker if (out_public_key_length != NULL) {
54*d289c2baSAndroid Build Coastguard Worker *out_public_key_length = 0;
55*d289c2baSAndroid Build Coastguard Worker }
56*d289c2baSAndroid Build Coastguard Worker
57*d289c2baSAndroid Build Coastguard Worker /* Before we byteswap or compare Magic, ensure length is long enough. */
58*d289c2baSAndroid Build Coastguard Worker if (length < sizeof(AvbVBMetaImageHeader)) {
59*d289c2baSAndroid Build Coastguard Worker avb_error("Length is smaller than header.\n");
60*d289c2baSAndroid Build Coastguard Worker goto out;
61*d289c2baSAndroid Build Coastguard Worker }
62*d289c2baSAndroid Build Coastguard Worker
63*d289c2baSAndroid Build Coastguard Worker /* Ensure magic is correct. */
64*d289c2baSAndroid Build Coastguard Worker if (avb_safe_memcmp(data, AVB_MAGIC, AVB_MAGIC_LEN) != 0) {
65*d289c2baSAndroid Build Coastguard Worker avb_error("Magic is incorrect.\n");
66*d289c2baSAndroid Build Coastguard Worker goto out;
67*d289c2baSAndroid Build Coastguard Worker }
68*d289c2baSAndroid Build Coastguard Worker
69*d289c2baSAndroid Build Coastguard Worker avb_vbmeta_image_header_to_host_byte_order((const AvbVBMetaImageHeader*)data,
70*d289c2baSAndroid Build Coastguard Worker &h);
71*d289c2baSAndroid Build Coastguard Worker
72*d289c2baSAndroid Build Coastguard Worker /* Ensure we don't attempt to access any fields if we do not meet
73*d289c2baSAndroid Build Coastguard Worker * the specified minimum version of libavb.
74*d289c2baSAndroid Build Coastguard Worker */
75*d289c2baSAndroid Build Coastguard Worker if ((h.required_libavb_version_major != AVB_VERSION_MAJOR) ||
76*d289c2baSAndroid Build Coastguard Worker (h.required_libavb_version_minor > AVB_VERSION_MINOR)) {
77*d289c2baSAndroid Build Coastguard Worker avb_error("Mismatch between image version and libavb version.\n");
78*d289c2baSAndroid Build Coastguard Worker ret = AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION;
79*d289c2baSAndroid Build Coastguard Worker goto out;
80*d289c2baSAndroid Build Coastguard Worker }
81*d289c2baSAndroid Build Coastguard Worker
82*d289c2baSAndroid Build Coastguard Worker /* Ensure |release_string| ends with a NUL byte. */
83*d289c2baSAndroid Build Coastguard Worker if (h.release_string[AVB_RELEASE_STRING_SIZE - 1] != '\0') {
84*d289c2baSAndroid Build Coastguard Worker avb_error("Release string does not end with a NUL byte.\n");
85*d289c2baSAndroid Build Coastguard Worker goto out;
86*d289c2baSAndroid Build Coastguard Worker }
87*d289c2baSAndroid Build Coastguard Worker
88*d289c2baSAndroid Build Coastguard Worker /* Ensure inner block sizes are multiple of 64. */
89*d289c2baSAndroid Build Coastguard Worker if ((h.authentication_data_block_size & 0x3f) != 0 ||
90*d289c2baSAndroid Build Coastguard Worker (h.auxiliary_data_block_size & 0x3f) != 0) {
91*d289c2baSAndroid Build Coastguard Worker avb_error("Block size is not a multiple of 64.\n");
92*d289c2baSAndroid Build Coastguard Worker goto out;
93*d289c2baSAndroid Build Coastguard Worker }
94*d289c2baSAndroid Build Coastguard Worker
95*d289c2baSAndroid Build Coastguard Worker /* Ensure block sizes all add up to at most |length|. */
96*d289c2baSAndroid Build Coastguard Worker uint64_t block_total = sizeof(AvbVBMetaImageHeader);
97*d289c2baSAndroid Build Coastguard Worker if (!avb_safe_add_to(&block_total, h.authentication_data_block_size) ||
98*d289c2baSAndroid Build Coastguard Worker !avb_safe_add_to(&block_total, h.auxiliary_data_block_size)) {
99*d289c2baSAndroid Build Coastguard Worker avb_error("Overflow while computing size of boot image.\n");
100*d289c2baSAndroid Build Coastguard Worker goto out;
101*d289c2baSAndroid Build Coastguard Worker }
102*d289c2baSAndroid Build Coastguard Worker if (block_total > length) {
103*d289c2baSAndroid Build Coastguard Worker avb_error("Block sizes add up to more than given length.\n");
104*d289c2baSAndroid Build Coastguard Worker goto out;
105*d289c2baSAndroid Build Coastguard Worker }
106*d289c2baSAndroid Build Coastguard Worker
107*d289c2baSAndroid Build Coastguard Worker uintptr_t data_ptr = (uintptr_t)data;
108*d289c2baSAndroid Build Coastguard Worker /* Ensure passed in memory doesn't wrap. */
109*d289c2baSAndroid Build Coastguard Worker if (!avb_safe_add(NULL, (uint64_t)data_ptr, length)) {
110*d289c2baSAndroid Build Coastguard Worker avb_error("Boot image location and length mismatch.\n");
111*d289c2baSAndroid Build Coastguard Worker goto out;
112*d289c2baSAndroid Build Coastguard Worker }
113*d289c2baSAndroid Build Coastguard Worker
114*d289c2baSAndroid Build Coastguard Worker /* Ensure hash and signature are entirely in the Authentication data block. */
115*d289c2baSAndroid Build Coastguard Worker uint64_t hash_end;
116*d289c2baSAndroid Build Coastguard Worker if (!avb_safe_add(&hash_end, h.hash_offset, h.hash_size) ||
117*d289c2baSAndroid Build Coastguard Worker hash_end > h.authentication_data_block_size) {
118*d289c2baSAndroid Build Coastguard Worker avb_error("Hash is not entirely in its block.\n");
119*d289c2baSAndroid Build Coastguard Worker goto out;
120*d289c2baSAndroid Build Coastguard Worker }
121*d289c2baSAndroid Build Coastguard Worker uint64_t signature_end;
122*d289c2baSAndroid Build Coastguard Worker if (!avb_safe_add(&signature_end, h.signature_offset, h.signature_size) ||
123*d289c2baSAndroid Build Coastguard Worker signature_end > h.authentication_data_block_size) {
124*d289c2baSAndroid Build Coastguard Worker avb_error("Signature is not entirely in its block.\n");
125*d289c2baSAndroid Build Coastguard Worker goto out;
126*d289c2baSAndroid Build Coastguard Worker }
127*d289c2baSAndroid Build Coastguard Worker
128*d289c2baSAndroid Build Coastguard Worker /* Ensure public key is entirely in the Auxiliary data block. */
129*d289c2baSAndroid Build Coastguard Worker uint64_t pubkey_end;
130*d289c2baSAndroid Build Coastguard Worker if (!avb_safe_add(&pubkey_end, h.public_key_offset, h.public_key_size) ||
131*d289c2baSAndroid Build Coastguard Worker pubkey_end > h.auxiliary_data_block_size) {
132*d289c2baSAndroid Build Coastguard Worker avb_error("Public key is not entirely in its block.\n");
133*d289c2baSAndroid Build Coastguard Worker goto out;
134*d289c2baSAndroid Build Coastguard Worker }
135*d289c2baSAndroid Build Coastguard Worker
136*d289c2baSAndroid Build Coastguard Worker /* Ensure public key metadata (if set) is entirely in the Auxiliary
137*d289c2baSAndroid Build Coastguard Worker * data block. */
138*d289c2baSAndroid Build Coastguard Worker if (h.public_key_metadata_size > 0) {
139*d289c2baSAndroid Build Coastguard Worker uint64_t pubkey_md_end;
140*d289c2baSAndroid Build Coastguard Worker if (!avb_safe_add(&pubkey_md_end,
141*d289c2baSAndroid Build Coastguard Worker h.public_key_metadata_offset,
142*d289c2baSAndroid Build Coastguard Worker h.public_key_metadata_size) ||
143*d289c2baSAndroid Build Coastguard Worker pubkey_md_end > h.auxiliary_data_block_size) {
144*d289c2baSAndroid Build Coastguard Worker avb_error("Public key metadata is not entirely in its block.\n");
145*d289c2baSAndroid Build Coastguard Worker goto out;
146*d289c2baSAndroid Build Coastguard Worker }
147*d289c2baSAndroid Build Coastguard Worker }
148*d289c2baSAndroid Build Coastguard Worker
149*d289c2baSAndroid Build Coastguard Worker /* Bail early if there's no hash or signature. */
150*d289c2baSAndroid Build Coastguard Worker if (h.algorithm_type == AVB_ALGORITHM_TYPE_NONE) {
151*d289c2baSAndroid Build Coastguard Worker ret = AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED;
152*d289c2baSAndroid Build Coastguard Worker goto out;
153*d289c2baSAndroid Build Coastguard Worker }
154*d289c2baSAndroid Build Coastguard Worker
155*d289c2baSAndroid Build Coastguard Worker /* Ensure algorithm field is supported. */
156*d289c2baSAndroid Build Coastguard Worker algorithm = avb_get_algorithm_data(h.algorithm_type);
157*d289c2baSAndroid Build Coastguard Worker if (!algorithm) {
158*d289c2baSAndroid Build Coastguard Worker avb_error("Invalid or unknown algorithm.\n");
159*d289c2baSAndroid Build Coastguard Worker goto out;
160*d289c2baSAndroid Build Coastguard Worker }
161*d289c2baSAndroid Build Coastguard Worker
162*d289c2baSAndroid Build Coastguard Worker /* Bail if the embedded hash size doesn't match the chosen algorithm. */
163*d289c2baSAndroid Build Coastguard Worker if (h.hash_size != algorithm->hash_len) {
164*d289c2baSAndroid Build Coastguard Worker avb_error("Embedded hash has wrong size.\n");
165*d289c2baSAndroid Build Coastguard Worker goto out;
166*d289c2baSAndroid Build Coastguard Worker }
167*d289c2baSAndroid Build Coastguard Worker
168*d289c2baSAndroid Build Coastguard Worker /* No overflow checks needed from here-on after since all block
169*d289c2baSAndroid Build Coastguard Worker * sizes and offsets have been verified above.
170*d289c2baSAndroid Build Coastguard Worker */
171*d289c2baSAndroid Build Coastguard Worker
172*d289c2baSAndroid Build Coastguard Worker header_block = data;
173*d289c2baSAndroid Build Coastguard Worker authentication_block = header_block + sizeof(AvbVBMetaImageHeader);
174*d289c2baSAndroid Build Coastguard Worker auxiliary_block = authentication_block + h.authentication_data_block_size;
175*d289c2baSAndroid Build Coastguard Worker
176*d289c2baSAndroid Build Coastguard Worker switch (h.algorithm_type) {
177*d289c2baSAndroid Build Coastguard Worker /* Explicit fall-through: */
178*d289c2baSAndroid Build Coastguard Worker case AVB_ALGORITHM_TYPE_SHA256_RSA2048:
179*d289c2baSAndroid Build Coastguard Worker case AVB_ALGORITHM_TYPE_SHA256_RSA4096:
180*d289c2baSAndroid Build Coastguard Worker case AVB_ALGORITHM_TYPE_SHA256_RSA8192:
181*d289c2baSAndroid Build Coastguard Worker avb_sha256_init(&sha256_ctx);
182*d289c2baSAndroid Build Coastguard Worker avb_sha256_update(
183*d289c2baSAndroid Build Coastguard Worker &sha256_ctx, header_block, sizeof(AvbVBMetaImageHeader));
184*d289c2baSAndroid Build Coastguard Worker avb_sha256_update(
185*d289c2baSAndroid Build Coastguard Worker &sha256_ctx, auxiliary_block, h.auxiliary_data_block_size);
186*d289c2baSAndroid Build Coastguard Worker computed_hash = avb_sha256_final(&sha256_ctx);
187*d289c2baSAndroid Build Coastguard Worker break;
188*d289c2baSAndroid Build Coastguard Worker /* Explicit fall-through: */
189*d289c2baSAndroid Build Coastguard Worker case AVB_ALGORITHM_TYPE_SHA512_RSA2048:
190*d289c2baSAndroid Build Coastguard Worker case AVB_ALGORITHM_TYPE_SHA512_RSA4096:
191*d289c2baSAndroid Build Coastguard Worker case AVB_ALGORITHM_TYPE_SHA512_RSA8192:
192*d289c2baSAndroid Build Coastguard Worker avb_sha512_init(&sha512_ctx);
193*d289c2baSAndroid Build Coastguard Worker avb_sha512_update(
194*d289c2baSAndroid Build Coastguard Worker &sha512_ctx, header_block, sizeof(AvbVBMetaImageHeader));
195*d289c2baSAndroid Build Coastguard Worker avb_sha512_update(
196*d289c2baSAndroid Build Coastguard Worker &sha512_ctx, auxiliary_block, h.auxiliary_data_block_size);
197*d289c2baSAndroid Build Coastguard Worker computed_hash = avb_sha512_final(&sha512_ctx);
198*d289c2baSAndroid Build Coastguard Worker break;
199*d289c2baSAndroid Build Coastguard Worker default:
200*d289c2baSAndroid Build Coastguard Worker avb_error("Unknown algorithm.\n");
201*d289c2baSAndroid Build Coastguard Worker goto out;
202*d289c2baSAndroid Build Coastguard Worker }
203*d289c2baSAndroid Build Coastguard Worker
204*d289c2baSAndroid Build Coastguard Worker if (avb_safe_memcmp(authentication_block + h.hash_offset,
205*d289c2baSAndroid Build Coastguard Worker computed_hash,
206*d289c2baSAndroid Build Coastguard Worker h.hash_size) != 0) {
207*d289c2baSAndroid Build Coastguard Worker avb_error("Hash does not match!\n");
208*d289c2baSAndroid Build Coastguard Worker ret = AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH;
209*d289c2baSAndroid Build Coastguard Worker goto out;
210*d289c2baSAndroid Build Coastguard Worker }
211*d289c2baSAndroid Build Coastguard Worker
212*d289c2baSAndroid Build Coastguard Worker verification_result =
213*d289c2baSAndroid Build Coastguard Worker avb_rsa_verify(auxiliary_block + h.public_key_offset,
214*d289c2baSAndroid Build Coastguard Worker h.public_key_size,
215*d289c2baSAndroid Build Coastguard Worker authentication_block + h.signature_offset,
216*d289c2baSAndroid Build Coastguard Worker h.signature_size,
217*d289c2baSAndroid Build Coastguard Worker authentication_block + h.hash_offset,
218*d289c2baSAndroid Build Coastguard Worker h.hash_size,
219*d289c2baSAndroid Build Coastguard Worker algorithm->padding,
220*d289c2baSAndroid Build Coastguard Worker algorithm->padding_len);
221*d289c2baSAndroid Build Coastguard Worker
222*d289c2baSAndroid Build Coastguard Worker if (verification_result == 0) {
223*d289c2baSAndroid Build Coastguard Worker ret = AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH;
224*d289c2baSAndroid Build Coastguard Worker goto out;
225*d289c2baSAndroid Build Coastguard Worker }
226*d289c2baSAndroid Build Coastguard Worker
227*d289c2baSAndroid Build Coastguard Worker if (h.public_key_size > 0) {
228*d289c2baSAndroid Build Coastguard Worker if (out_public_key_data != NULL) {
229*d289c2baSAndroid Build Coastguard Worker *out_public_key_data = auxiliary_block + h.public_key_offset;
230*d289c2baSAndroid Build Coastguard Worker }
231*d289c2baSAndroid Build Coastguard Worker if (out_public_key_length != NULL) {
232*d289c2baSAndroid Build Coastguard Worker *out_public_key_length = h.public_key_size;
233*d289c2baSAndroid Build Coastguard Worker }
234*d289c2baSAndroid Build Coastguard Worker }
235*d289c2baSAndroid Build Coastguard Worker
236*d289c2baSAndroid Build Coastguard Worker ret = AVB_VBMETA_VERIFY_RESULT_OK;
237*d289c2baSAndroid Build Coastguard Worker
238*d289c2baSAndroid Build Coastguard Worker out:
239*d289c2baSAndroid Build Coastguard Worker return ret;
240*d289c2baSAndroid Build Coastguard Worker }
241*d289c2baSAndroid Build Coastguard Worker
avb_vbmeta_image_header_to_host_byte_order(const AvbVBMetaImageHeader * src,AvbVBMetaImageHeader * dest)242*d289c2baSAndroid Build Coastguard Worker void avb_vbmeta_image_header_to_host_byte_order(const AvbVBMetaImageHeader* src,
243*d289c2baSAndroid Build Coastguard Worker AvbVBMetaImageHeader* dest) {
244*d289c2baSAndroid Build Coastguard Worker avb_memcpy(dest, src, sizeof(AvbVBMetaImageHeader));
245*d289c2baSAndroid Build Coastguard Worker
246*d289c2baSAndroid Build Coastguard Worker dest->required_libavb_version_major =
247*d289c2baSAndroid Build Coastguard Worker avb_be32toh(dest->required_libavb_version_major);
248*d289c2baSAndroid Build Coastguard Worker dest->required_libavb_version_minor =
249*d289c2baSAndroid Build Coastguard Worker avb_be32toh(dest->required_libavb_version_minor);
250*d289c2baSAndroid Build Coastguard Worker
251*d289c2baSAndroid Build Coastguard Worker dest->authentication_data_block_size =
252*d289c2baSAndroid Build Coastguard Worker avb_be64toh(dest->authentication_data_block_size);
253*d289c2baSAndroid Build Coastguard Worker dest->auxiliary_data_block_size =
254*d289c2baSAndroid Build Coastguard Worker avb_be64toh(dest->auxiliary_data_block_size);
255*d289c2baSAndroid Build Coastguard Worker
256*d289c2baSAndroid Build Coastguard Worker dest->algorithm_type = avb_be32toh(dest->algorithm_type);
257*d289c2baSAndroid Build Coastguard Worker
258*d289c2baSAndroid Build Coastguard Worker dest->hash_offset = avb_be64toh(dest->hash_offset);
259*d289c2baSAndroid Build Coastguard Worker dest->hash_size = avb_be64toh(dest->hash_size);
260*d289c2baSAndroid Build Coastguard Worker
261*d289c2baSAndroid Build Coastguard Worker dest->signature_offset = avb_be64toh(dest->signature_offset);
262*d289c2baSAndroid Build Coastguard Worker dest->signature_size = avb_be64toh(dest->signature_size);
263*d289c2baSAndroid Build Coastguard Worker
264*d289c2baSAndroid Build Coastguard Worker dest->public_key_offset = avb_be64toh(dest->public_key_offset);
265*d289c2baSAndroid Build Coastguard Worker dest->public_key_size = avb_be64toh(dest->public_key_size);
266*d289c2baSAndroid Build Coastguard Worker
267*d289c2baSAndroid Build Coastguard Worker dest->public_key_metadata_offset =
268*d289c2baSAndroid Build Coastguard Worker avb_be64toh(dest->public_key_metadata_offset);
269*d289c2baSAndroid Build Coastguard Worker dest->public_key_metadata_size = avb_be64toh(dest->public_key_metadata_size);
270*d289c2baSAndroid Build Coastguard Worker
271*d289c2baSAndroid Build Coastguard Worker dest->descriptors_offset = avb_be64toh(dest->descriptors_offset);
272*d289c2baSAndroid Build Coastguard Worker dest->descriptors_size = avb_be64toh(dest->descriptors_size);
273*d289c2baSAndroid Build Coastguard Worker
274*d289c2baSAndroid Build Coastguard Worker dest->rollback_index = avb_be64toh(dest->rollback_index);
275*d289c2baSAndroid Build Coastguard Worker dest->flags = avb_be32toh(dest->flags);
276*d289c2baSAndroid Build Coastguard Worker dest->rollback_index_location = avb_be32toh(dest->rollback_index_location);
277*d289c2baSAndroid Build Coastguard Worker }
278*d289c2baSAndroid Build Coastguard Worker
avb_vbmeta_verify_result_to_string(AvbVBMetaVerifyResult result)279*d289c2baSAndroid Build Coastguard Worker const char* avb_vbmeta_verify_result_to_string(AvbVBMetaVerifyResult result) {
280*d289c2baSAndroid Build Coastguard Worker const char* ret = NULL;
281*d289c2baSAndroid Build Coastguard Worker
282*d289c2baSAndroid Build Coastguard Worker switch (result) {
283*d289c2baSAndroid Build Coastguard Worker case AVB_VBMETA_VERIFY_RESULT_OK:
284*d289c2baSAndroid Build Coastguard Worker ret = "OK";
285*d289c2baSAndroid Build Coastguard Worker break;
286*d289c2baSAndroid Build Coastguard Worker case AVB_VBMETA_VERIFY_RESULT_OK_NOT_SIGNED:
287*d289c2baSAndroid Build Coastguard Worker ret = "OK_NOT_SIGNED";
288*d289c2baSAndroid Build Coastguard Worker break;
289*d289c2baSAndroid Build Coastguard Worker case AVB_VBMETA_VERIFY_RESULT_INVALID_VBMETA_HEADER:
290*d289c2baSAndroid Build Coastguard Worker ret = "INVALID_VBMETA_HEADER";
291*d289c2baSAndroid Build Coastguard Worker break;
292*d289c2baSAndroid Build Coastguard Worker case AVB_VBMETA_VERIFY_RESULT_UNSUPPORTED_VERSION:
293*d289c2baSAndroid Build Coastguard Worker ret = "UNSUPPORTED_VERSION";
294*d289c2baSAndroid Build Coastguard Worker break;
295*d289c2baSAndroid Build Coastguard Worker case AVB_VBMETA_VERIFY_RESULT_HASH_MISMATCH:
296*d289c2baSAndroid Build Coastguard Worker ret = "HASH_MISMATCH";
297*d289c2baSAndroid Build Coastguard Worker break;
298*d289c2baSAndroid Build Coastguard Worker case AVB_VBMETA_VERIFY_RESULT_SIGNATURE_MISMATCH:
299*d289c2baSAndroid Build Coastguard Worker ret = "SIGNATURE_MISMATCH";
300*d289c2baSAndroid Build Coastguard Worker break;
301*d289c2baSAndroid Build Coastguard Worker /* Do not add a 'default:' case here because of -Wswitch. */
302*d289c2baSAndroid Build Coastguard Worker }
303*d289c2baSAndroid Build Coastguard Worker
304*d289c2baSAndroid Build Coastguard Worker if (ret == NULL) {
305*d289c2baSAndroid Build Coastguard Worker avb_error("Unknown AvbVBMetaVerifyResult value.\n");
306*d289c2baSAndroid Build Coastguard Worker ret = "(unknown)";
307*d289c2baSAndroid Build Coastguard Worker }
308*d289c2baSAndroid Build Coastguard Worker
309*d289c2baSAndroid Build Coastguard Worker return ret;
310*d289c2baSAndroid Build Coastguard Worker }
311