summaryrefslogtreecommitdiffstats
path: root/verifier.h
diff options
context:
space:
mode:
Diffstat (limited to 'verifier.h')
-rw-r--r--verifier.h25
1 files changed, 21 insertions, 4 deletions
diff --git a/verifier.h b/verifier.h
index d70417340..43fd5adcd 100644
--- a/verifier.h
+++ b/verifier.h
@@ -17,6 +17,7 @@
#ifndef _RECOVERY_VERIFIER_H
#define _RECOVERY_VERIFIER_H
+#include "mincrypt/p256.h"
#include "mincrypt/rsa.h"
#define ASSUMED_UPDATE_BINARY_NAME "META-INF/com/google/android/update-binary"
@@ -26,14 +27,30 @@ enum { INSTALL_SUCCESS, INSTALL_ERROR, INSTALL_CORRUPT };
static const float VERIFICATION_PROGRESS_FRACTION = 0.25;
typedef struct Certificate {
+
+typedef struct {
+ p256_int x;
+ p256_int y;
+} ECPublicKey;
+
+typedef struct {
+ typedef enum {
+ RSA,
+ EC,
+ } KeyType;
+
int hash_len; // SHA_DIGEST_SIZE (SHA-1) or SHA256_DIGEST_SIZE (SHA-256)
- RSAPublicKey* public_key;
+ KeyType key_type;
+ RSAPublicKey* rsa;
+ ECPublicKey* ec;
} Certificate;
-/* Look in the file for a signature footer, and verify that it
- * matches one of the given keys. Return one of the constants below.
+/* addr and length define a an update package file that has been
+ * loaded (or mmap'ed, or whatever) into memory. Verify that the file
+ * is signed and the signature matches one of the given keys. Return
+ * one of the constants below.
*/
-int verify_file(const char* path);
+int verify_file(unsigned char* addr, size_t length);
Certificate* load_keys(const char* filename, int* numKeys);