1 /*
2  * Copyright (c) 2020-2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *    http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #ifndef SECURITY_APP_VERIFY_H
17 #define SECURITY_APP_VERIFY_H
18 
19 #include <stdint.h>
20 
21 #include "mbedtls/pk.h"
22 #include "app_centraldirectory.h"
23 #include "app_provision.h"
24 #include "app_verify_pub.h"
25 
26 #ifdef __cplusplus
27 #if __cplusplus
28 extern "C" {
29 #endif
30 #endif
31 
32 #define HW_SH_VERSION_LEN  4
33 #define HW_SH_RESERVE_LEN  4
34 
35 #define CONTENT_VERSION_LEN 4
36 
37 #define SHA256_SIZE (256 / 8)
38 
39 #define SHA384_SIZE (384 / 8)
40 
41 #define SHA512_SIZE (512 / 8)
42 
43 #define BUF_LEN  1024
44 
45 #define BUF_1M (1024 * 1024)
46 
47 #define MAX_PROFILE_SIZE  (1024 * 1024)
48 
49 #define MAX_BLOCK_NUM  (1024)
50 
51 #define NORMAL_HASH_SIZE 32
52 
53 #define MAX_KEY_PAIR_SIZE 4096
54 
55 #define MAX_PK_BUF (MBEDTLS_MPI_MAX_SIZE * 2 + 20)
56 
57 /* BlockHead->type */
58 typedef enum {
59     SIGNATURE_BLOCK_TYPE = 0x20000000,
60     KEY_ROTATION_BLOCK_TYPE = 0x20000001,
61     PROFILE_BLOCK_WITHSIGN_TYPE = 0x20000002,
62     PROPERTY_BLOCK_TYPE = 0x20000003,
63 } BockType;
64 
65 /* contentinfo tag */
66 typedef enum {
67     DEFAULT_TAG = 0,
68     HASH_TAG,                   /* total file */
69     HASH_ROOT_1M_TAG = 0x80,
70     HASH_ROOT_512K_TAG,
71     HASH_ROOT_256K_TAG,
72     HASH_ROOT_128K_TAG,
73     HASH_ROOT_64K_TAG,
74     HASH_ROOT_32K_TAG,
75     HASH_ROOT_16K_TAG,
76     HASH_ROOT_8K_TAG,
77     HASH_ROOT_4K_TAG,
78 } SignBlockTag;
79 
80 /* block head */
81 typedef struct {
82     uint32_t type;
83     uint32_t length;
84     uint32_t offset;
85 } BlockHead;
86 
87 /* sign content */
88 typedef struct {
89     int32_t version;  /* version */
90     int32_t blockNum;
91     int32_t size;
92     int32_t algId;
93     int32_t length;
94     char hash[NORMAL_HASH_SIZE];
95 } ContentInfo;
96 
97 #define CERT_MAX_NAME_LEN 512
98 #define CERT_TYPE_APPGALLARY  0
99 #define CERT_TYPE_SYETEM      1
100 #define CERT_TYPE_OTHER       2
101 #define CERT_MAX_DEPTH        3
102 
103 /* trusted app list */
104 typedef struct {
105     int32_t  maxCertPath;
106     char *name;
107     char *appSignCert;
108     char *profileSignCert;
109     char *profileDebugSignCert;
110     char *issueCA;
111 } TrustAppCert;
112 
113 typedef struct {
114     int32_t issuerLen;
115     char *issuer;
116     int32_t subjectLen;
117     char *subject;
118     mbedtls_pk_type_t pkType;
119     int32_t pkLen;
120     char *pkBuf;
121 } CertInfo;
122 
123 int32_t GetAppid(ProfileProf *profile);
124 int32_t CalculateHash(const unsigned char *input, int32_t len, int32_t hashAlg, unsigned char *output);
125 int32_t GetHashUnitLen(int32_t hashAlg);
126 char *GetSignBlockByType(
127     const SignatureInfo *signInfo, int32_t fp, int32_t blockType, int32_t *len, BlockHead *blockHead);
128 
129 #ifdef __cplusplus
130 #if __cplusplus
131 }
132 #endif
133 #endif
134 
135 #endif
136