1 #ifndef AKTUALIZR_UPTANE_TUF_H_ 2 #define AKTUALIZR_UPTANE_TUF_H_ 11 #include "uptane/exceptions.h" 13 #include "crypto/crypto.h" 22 using KeyId = std::string;
31 static Role Timestamp() {
return Role{RoleEnum::kTimestamp}; }
32 static Role InvalidRole() {
return Role{RoleEnum::kInvalidRole}; }
35 explicit Role(
const std::string & );
36 std::string ToString()
const;
37 int ToInt()
const {
return static_cast<int>(role_); }
38 bool operator==(
const Role &other)
const {
return role_ == other.role_; }
39 bool operator!=(
const Role &other)
const {
return !(*
this == other); }
40 bool operator<(
const Role &other)
const {
return role_ < other.role_; }
42 friend std::ostream &operator<<(std::ostream &os,
const Role &t);
46 enum class RoleEnum { kRoot = 0, kSnapshot = 1, kTargets = 2, kTimestamp = 3, kInvalidRole = -1 };
48 explicit Role(RoleEnum role) : role_(role) {}
53 std::ostream &operator<<(std::ostream &os,
const Role &t);
60 Version() : version_(ANY_VERSION) {}
61 explicit Version(
int v) : version_(v) {}
62 std::string RoleFileName(
Role role)
const;
63 int version() {
return version_; }
66 static const int ANY_VERSION = -1;
68 friend std::ostream &operator<<(std::ostream &os,
const Version &v);
71 std::ostream &operator<<(std::ostream &os,
const Version &v);
76 static const int kMinLength = 0;
77 static const int kMaxLength = 200;
84 if (kMaxLength < hwid.length()) {
85 throw std::out_of_range(
"Hardware Identifier too long");
89 std::string ToString()
const {
return hwid_; }
102 std::ostream &operator<<(std::ostream &os, const HardwareIdentifier &hwid);
107 static const int kMinLength = 1;
108 static const int kMaxLength = 64;
110 static EcuSerial Unknown() { return EcuSerial("Unknown"); }
111 explicit EcuSerial(const std::string &ecu_serial) : ecu_serial_(ecu_serial) {
112 if (ecu_serial.length() < kMinLength) {
113 throw std::out_of_range("Ecu serial identifier is too short");
115 if (kMaxLength < ecu_serial.length()) {
116 throw std::out_of_range("Ecu serial identifier is too long");
120 std::string ToString() const { return ecu_serial_; }
122 bool operator==(const EcuSerial &rhs) const { return ecu_serial_ == rhs.ecu_serial_; }
123 bool operator!=(const EcuSerial &rhs) const { return !(*this == rhs); }
125 bool operator<(const EcuSerial &rhs) const { return ecu_serial_ < rhs.ecu_serial_; }
126 friend std::ostream &operator<<(std::ostream &os, const EcuSerial &ecu_serial);
127 friend struct std::hash<Uptane::EcuSerial>;
130 std::string ecu_serial_;
133 std::ostream &operator<<(std::ostream &os, const EcuSerial &ecu_serial);
142 enum class Type { kSha256, kSha512, kUnknownAlgorithm };
144 Hash(const std::string &type, const std::string &hash);
145 Hash(Type type, const std::string &hash);
147 bool HaveAlgorithm() const { return type_ != Type::kUnknownAlgorithm; }
148 bool operator==(const Hash &other) const;
149 bool operator!=(const Hash &other) const { return !operator==(other); }
150 std::string TypeString() const;
152 std::string HashString() const { return hash_; }
153 friend std::ostream &operator<<(std::ostream &os, const Hash &h);
160 std::ostream &operator<<(std::ostream &os, const Hash &h);
164 Target(std::string filename, const Json::Value &content);
166 const std::map<EcuSerial, HardwareIdentifier> &ecus() const { return ecus_; }
167 std::string filename() const { return filename_; }
168 std::string sha256Hash() const;
169 std::vector<Hash> hashes() const { return hashes_; };
171 bool MatchWith(const Hash &hash) const;
173 int64_t length() const { return length_; }
175 bool IsForSecondary(const EcuSerial &ecuIdentifier) const {
176 return (std::find_if(ecus_.cbegin(), ecus_.cend(), [&ecuIdentifier](std::pair<EcuSerial, HardwareIdentifier> pair) {
177 return pair.first == ecuIdentifier;
187 bool IsOstree() const;
189 bool operator==(const Target &t2) const {
191 if (filename_ != t2.filename_) {
194 if (length_ != t2.length_) {
201 bool oneMatchingHash = false;
202 for (const Hash &hash : hashes_) {
203 for (const Hash &hash2 : t2.hashes_) {
204 if (hash.type() == hash2.type() && !(hash == hash2)) {
208 oneMatchingHash = true;
212 return oneMatchingHash;
215 Json::Value toDebugJson() const;
216 friend std::ostream &operator<<(std::ostream &os, const Target &t);
219 std::string filename_;
221 std::map<EcuSerial, HardwareIdentifier> ecus_;
222 std::vector<Hash> hashes_;
226 std::ostream &operator<<(std::ostream &os, const Target &t);
232 BaseMeta() = default;
233 explicit BaseMeta(const Json::Value &json);
234 BaseMeta(RepositoryType repo, const Json::Value &json, Root &root);
235 int version() const { return version_; }
236 TimeStamp expiry() const { return expiry_; }
237 bool isExpired(const TimeStamp &now) const { return expiry_.IsExpiredAt(now); }
238 Json::Value original() const { return original_object_; }
240 bool operator==(const BaseMeta &rhs) const { return version_ == rhs.version() && expiry_ == rhs.expiry(); }
245 Json::Value original_object_;
248 void init(const Json::Value &json);
252 class Root : public BaseMeta {
254 enum class Policy { kRejectAll, kAcceptAll, kCheck };
258 explicit Root(Policy policy = Policy::kRejectAll) : policy_(policy) { version_ = 0; }
264 Root(RepositoryType repo, const Json::Value &json);
265 Root(RepositoryType repo, const Json::Value &json, Root &root);
280 void UnpackSignedObject(RepositoryType repo, const Json::Value &signed_object);
281 bool operator==(const Root &rhs) const {
282 return version_ == rhs.version_ && expiry_ == rhs.expiry_ && keys_ == rhs.keys_ &&
283 keys_for_role_ == rhs.keys_for_role_ && thresholds_for_role_ == rhs.thresholds_for_role_ &&
284 policy_ == rhs.policy_;
288 static const int64_t kMinSignatures = 1;
289 static const int64_t kMaxSignatures = 1000;
292 std::map<KeyId, PublicKey> keys_;
293 std::set<std::pair<Role, KeyId> > keys_for_role_;
294 std::map<Role, int64_t> thresholds_for_role_;
297 class Targets : public BaseMeta {
299 explicit Targets(const Json::Value &json);
300 Targets(RepositoryType repo, const Json::Value &json, Root &root);
303 std::vector<Uptane::Target> targets;
304 bool operator==(const Targets &rhs) const {
305 return version_ == rhs.version() && expiry_ == rhs.expiry() && targets == rhs.targets;
307 const std::string &correlation_id() const { return correlation_id_; }
310 void init(const Json::Value &json);
312 std::string correlation_id_;
315 class TimestampMeta : public BaseMeta {
317 explicit TimestampMeta(const Json::Value &json);
318 TimestampMeta(RepositoryType repo, const Json::Value &json, Root &root);
319 TimestampMeta() = default;
320 std::vector<Hash> snapshot_hashes() const { return snapshot_hashes_; };
321 int64_t snapshot_size() const { return snapshot_size_; };
322 int snapshot_version() const { return snapshot_version_; };
325 void init(const Json::Value &json);
327 std::vector<Hash> snapshot_hashes_;
328 int64_t snapshot_size_{0};
329 int snapshot_version_{-1};
332 class Snapshot : public BaseMeta {
334 explicit Snapshot(const Json::Value &json);
335 Snapshot(RepositoryType repo, const Json::Value &json, Root &root);
336 Snapshot() = default;
337 std::vector<Hash> targets_hashes() const { return targets_hashes_; };
338 int64_t targets_size() const { return targets_size_; };
339 int targets_version() const { return targets_version_; };
340 bool operator==(const Snapshot &rhs) const {
341 return version_ == rhs.version() && expiry_ == rhs.expiry() && targets_size_ == rhs.targets_size_ &&
342 targets_version_ == rhs.targets_version_ && targets_hashes_ == rhs.targets_hashes_;
346 void init(const Json::Value &json);
347 int64_t targets_size_{0};
348 int targets_version_{-1};
349 std::vector<Hash> targets_hashes_;
354 Targets director_targets;
356 Targets image_targets;
357 TimestampMeta image_timestamp;
358 Snapshot image_snapshot;
359 bool isConsistent() const;
363 std::string director_root;
364 std::string director_targets;
365 std::string image_root;
366 std::string image_targets;
367 std::string image_timestamp;
368 std::string image_snapshot;
371 int extractVersionUntrusted(const std::string &meta);
377 struct hash<Uptane::HardwareIdentifier> {
378 size_t operator()(const Uptane::HardwareIdentifier &hwid) const { return std::hash<std::string>()(hwid.hwid_); }
382 struct hash<Uptane::EcuSerial> {
383 size_t operator()(const Uptane::EcuSerial &ecu_serial) const {
384 return std::hash<std::string>()(ecu_serial.ecu_serial_);
Metadata version numbers.
RepositoryType
This must match the repo_type table in sqlstorage.
Base data types that are used in The Update Framework (TUF), part of UPTANE.