xref: /aosp_15_r20/external/vboot_reference/host/lib21/include/host_common21.h (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1 /* Copyright 2014 The ChromiumOS Authors
2  * Use of this source code is governed by a BSD-style license that can be
3  * found in the LICENSE file.
4  *
5  * Common functions between firmware and kernel verified boot.
6  */
7 
8 #ifndef VBOOT_REFERENCE_VB21_COMMON_H_
9 #define VBOOT_REFERENCE_VB21_COMMON_H_
10 
11 #include "2common.h"
12 #include "2return_codes.h"
13 #include "2struct.h"
14 #include "host_struct21.h"
15 
16 #ifdef __cplusplus
17 extern "C" {
18 #endif  /* __cplusplus */
19 
20 /**
21  * Return the description of an object starting with a vb21_struct_common
22  * header.
23  *
24  * Does not validity-check the buffer; merely returns the pointer.
25  *
26  * @param buf		Pointer to common object
27  * @return A pointer to description or an empty string if none.
28  */
29 const char *vb21_common_desc(const void *buf);
30 
31 /**
32  * Verify the common struct header is fully contained in its parent data
33  *
34  * Also verifies the description is either zero-length or null-terminated.
35  *
36  * @param parent	Parent data
37  * @param parent_size	Parent size in bytes
38  * @return VB2_SUCCESS, or non-zero if error.
39  */
40 vb2_error_t vb21_verify_common_header(const void *parent, uint32_t parent_size);
41 
42 /**
43  * Verify a member is within the data for a parent object
44  *
45  * @param parent	Parent data (starts with struct vb21_struct_common)
46  * @param min_offset	Pointer to minimum offset where member can be located.
47  *			If this offset is 0 on input, uses the size of the
48  *			fixed header (and description, if any).  This will be
49  *			updated on return to the end of the passed member.  On
50  *			error, the value of min_offset is undefined.
51  * @param member_offset Offset of member data from start of parent, in bytes
52  * @param member_size	Size of member data, in bytes
53  * @return VB2_SUCCESS, or non-zero if error.
54  */
55 vb2_error_t vb21_verify_common_member(const void *parent, uint32_t *min_offset,
56 				      uint32_t member_offset,
57 				      uint32_t member_size);
58 
59 /**
60  * Verify a member which starts with a common header is within the parent
61  *
62  * This does not verify the contents of the member or its header, only that the
63  * member's claimed total size fits within the parent's claimed total size at
64  * the specified offset.
65  *
66  * @param parent	Parent data (starts with struct vb21_struct_common)
67  * @param min_offset	Pointer to minimum offset where member can be located.
68  *			If this offset is 0 on input, uses the size of the
69  *			fixed header (and description, if any).  This will be
70  *			updated on return to the end of the passed member.  On
71  *			error, the value of min_offset is undefined.
72  * @param member_offset Offset of member data from start of parent, in bytes.
73  *                      This should be the start of the common header of the
74  *                      member.
75  * @return VB2_SUCCESS, or non-zero if error.
76  */
77 vb2_error_t vb21_verify_common_subobject(const void *parent,
78 					 uint32_t *min_offset,
79 					 uint32_t member_offset);
80 
81 /**
82  * Verify the integrity of a signature struct
83  * @param sig		Signature struct
84  * @param size		Size of buffer containing signature struct
85  * @return VB2_SUCCESS, or non-zero if error.
86  */
87 vb2_error_t vb21_verify_signature(const struct vb21_signature *sig,
88 				  uint32_t size);
89 
90 /**
91  * Verify a signature against an expected hash digest.
92  *
93  * @param key		Key to use in signature verification
94  * @param sig		Signature to verify (may be destroyed in process)
95  * @param digest	Digest of signed data
96  * @param wb		Work buffer
97  * @return VB2_SUCCESS, or non-zero if error.
98  */
99 vb2_error_t vb21_verify_digest(const struct vb2_public_key *key,
100 			       struct vb21_signature *sig,
101 			       const uint8_t *digest,
102 			       const struct vb2_workbuf *wb);
103 
104 /**
105  * Verify data matches signature.
106  *
107  * @param data		Data to verify
108  * @param size		Size of data buffer.  Note that amount of data to
109  *			actually validate is contained in sig->data_size.
110  * @param sig		Signature of data (destroyed in process)
111  * @param key		Key to use to validate signature
112  * @param wb		Work buffer
113  * @return VB2_SUCCESS, or non-zero error code if error.
114  */
115 vb2_error_t vb21_verify_data(const void *data, uint32_t size,
116 			     struct vb21_signature *sig,
117 			     const struct vb2_public_key *key,
118 			     const struct vb2_workbuf *wb);
119 
120 #ifdef __cplusplus
121 }
122 #endif  /* __cplusplus */
123 
124 #endif  /* VBOOT_REFERENCE_VB21_COMMON_H_ */
125