tequilaOS/platform_bootable_recovery
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_bootable_recovery/verifier.h
Doug Zongker 99916f0496 do verification and extraction on memory, not files 
Changes minzip and recovery's file signature verification to work on
memory regions, rather than files.

For packages which are regular files, install.cpp now mmap()s them
into memory and then passes the mapped memory to the verifier and to
the minzip library.

Support for files which are raw block maps (which will be used when we
have packages written to encrypted data partitions) is present but
largely untested so far.

Bug: 12188746
Change-Id: I12cc3e809834745a489dd9d4ceb558cbccdc3f71
2014-01-16 13:29:28 -08:00

53 lines
1.5 KiB
C
Raw Blame History

/*
* Copyright (C) 2008 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef _RECOVERY_VERIFIER_H
#define _RECOVERY_VERIFIER_H
#include "mincrypt/p256.h"
#include "mincrypt/rsa.h"
typedef struct {
p256_int x;
p256_int y;
} ECPublicKey;
typedef struct {
typedef enum {
RSA,
EC,
} KeyType;
int hash_len; // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256)
KeyType key_type;
RSAPublicKey* rsa;
ECPublicKey* ec;
} Certificate;
/* addr and length define a an update package file that has been
* loaded (or mmap'ed, or whatever) into memory. Verify that the file
* is signed and the signature matches one of the given keys. Return
* one of the constants below.
*/
int verify_file(unsigned char* addr, size_t length,
const Certificate *pKeys, unsigned int numKeys);
Certificate* load_keys(const char* filename, int* numKeys);
#define VERIFY_SUCCESS 0
#define VERIFY_FAILURE 1
#endif /* _RECOVERY_VERIFIER_H */
Reference in a new issue View git blame Copy permalink