No Description

verifier.h 2.2KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576
  1. /*
  2. * Copyright (C) 2008 The Android Open Source Project
  3. *
  4. * Licensed under the Apache License, Version 2.0 (the "License");
  5. * you may not use this file except in compliance with the License.
  6. * You may obtain a copy of the License at
  7. *
  8. * http://www.apache.org/licenses/LICENSE-2.0
  9. *
  10. * Unless required by applicable law or agreed to in writing, software
  11. * distributed under the License is distributed on an "AS IS" BASIS,
  12. * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13. * See the License for the specific language governing permissions and
  14. * limitations under the License.
  15. */
  16. #ifndef _RECOVERY_VERIFIER_H
  17. #define _RECOVERY_VERIFIER_H
  18. #include <functional>
  19. #include <memory>
  20. #include <vector>
  21. #include <openssl/ec_key.h>
  22. #include <openssl/rsa.h>
  23. #include <openssl/sha.h>
  24. struct RSADeleter {
  25. void operator()(RSA* rsa) const {
  26. RSA_free(rsa);
  27. }
  28. };
  29. struct ECKEYDeleter {
  30. void operator()(EC_KEY* ec_key) const {
  31. EC_KEY_free(ec_key);
  32. }
  33. };
  34. struct Certificate {
  35. typedef enum {
  36. KEY_TYPE_RSA,
  37. KEY_TYPE_EC,
  38. } KeyType;
  39. Certificate(int hash_len_,
  40. KeyType key_type_,
  41. std::unique_ptr<RSA, RSADeleter>&& rsa_,
  42. std::unique_ptr<EC_KEY, ECKEYDeleter>&& ec_)
  43. : hash_len(hash_len_),
  44. key_type(key_type_),
  45. rsa(std::move(rsa_)),
  46. ec(std::move(ec_)) {}
  47. // SHA_DIGEST_LENGTH (SHA-1) or SHA256_DIGEST_LENGTH (SHA-256)
  48. int hash_len;
  49. KeyType key_type;
  50. std::unique_ptr<RSA, RSADeleter> rsa;
  51. std::unique_ptr<EC_KEY, ECKEYDeleter> ec;
  52. };
  53. /*
  54. * 'addr' and 'length' define an update package file that has been loaded (or mmap'ed, or
  55. * whatever) into memory. Verifies that the file is signed and the signature matches one of the
  56. * given keys. It optionally accepts a callback function for posting the progress to. Returns one
  57. * of the constants of VERIFY_SUCCESS and VERIFY_FAILURE.
  58. */
  59. int verify_file(const unsigned char* addr, size_t length, const std::vector<Certificate>& keys,
  60. const std::function<void(float)>& set_progress = nullptr);
  61. bool load_keys(const char* filename, std::vector<Certificate>& certs);
  62. #define VERIFY_SUCCESS 0
  63. #define VERIFY_FAILURE 1
  64. #endif /* _RECOVERY_VERIFIER_H */