Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 00d5dbb1f331cdcc9be5bbbc68efb4972d80ee59 / . / pvmfw / avb / src / verify.rs
blob: 7f3ba3db95bf6a6815e0e73d82eaf9f1bfff905b [file] [log] [blame]
// Copyright 2022, The Android Open Source Project
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//! This module handles the pvmfw payload verification.
use avb_bindgen::AvbSlotVerifyResult;
use core::fmt;
/// Error code from AVB image verification.
#[derive(Clone, Debug)]
pub enum AvbImageVerifyError {
/// AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT
InvalidArgument,
/// AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA
InvalidMetadata,
/// AVB_SLOT_VERIFY_RESULT_ERROR_IO
Io,
/// AVB_SLOT_VERIFY_RESULT_ERROR_OOM
Oom,
/// AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED
PublicKeyRejected,
/// AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX
RollbackIndex,
/// AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION
UnsupportedVersion,
/// AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION
Verification,
}
impl fmt::Display for AvbImageVerifyError {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
match self {
Self::InvalidArgument => write!(f, "Invalid parameters."),
Self::InvalidMetadata => write!(f, "Invalid metadata."),
Self::Io => write!(f, "I/O error while trying to load data or get a rollback index."),
Self::Oom => write!(f, "Unable to allocate memory."),
Self::PublicKeyRejected => write!(f, "Public key rejected or data not signed."),
Self::RollbackIndex => write!(f, "Rollback index is less than its stored value."),
Self::UnsupportedVersion => write!(
f,
"Some of the metadata requires a newer version of libavb than what is in use."
),
Self::Verification => write!(f, "Data does not verify."),
}
}
}
fn to_avb_verify_result(result: AvbSlotVerifyResult) -> Result<(), AvbImageVerifyError> {
match result {
AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_OK => Ok(()),
AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_ARGUMENT => {
Err(AvbImageVerifyError::InvalidArgument)
}
AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_INVALID_METADATA => {
Err(AvbImageVerifyError::InvalidMetadata)
}
AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_IO => Err(AvbImageVerifyError::Io),
AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_OOM => Err(AvbImageVerifyError::Oom),
AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_PUBLIC_KEY_REJECTED => {
Err(AvbImageVerifyError::PublicKeyRejected)
}
AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_ROLLBACK_INDEX => {
Err(AvbImageVerifyError::RollbackIndex)
}
AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_UNSUPPORTED_VERSION => {
Err(AvbImageVerifyError::UnsupportedVersion)
}
AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_ERROR_VERIFICATION => {
Err(AvbImageVerifyError::Verification)
}
}
}
/// Verifies the payload (signed kernel + initrd) against the trusted public key.
pub fn verify_payload(_public_key: &[u8]) -> Result<(), AvbImageVerifyError> {
// TODO(b/256148034): Verify the kernel image with avb_slot_verify()
// let result = unsafe {
// avb_slot_verify(
// &mut avb_ops,
// requested_partitions.as_ptr(),
// ab_suffix.as_ptr(),
// flags,
// hashtree_error_mode,
// null_mut(),
// )
// };
let result = AvbSlotVerifyResult::AVB_SLOT_VERIFY_RESULT_OK;
to_avb_verify_result(result)
}
#[cfg(test)]
mod tests {
use super::*;
// TODO(b/256148034): Test verification succeeds with valid payload later.
#[test]
fn verification_succeeds_with_placeholder_input() {
let fake_public_key = [0u8; 2];
assert!(verify_payload(&fake_public_key).is_ok());
}
}