1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2020 The ChromiumOS Authors
2*8617a60dSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be
3*8617a60dSAndroid Build Coastguard Worker * found in the LICENSE file.
4*8617a60dSAndroid Build Coastguard Worker *
5*8617a60dSAndroid Build Coastguard Worker * Hash and signature algorithm parsing helpers for host utilities.
6*8617a60dSAndroid Build Coastguard Worker */
7*8617a60dSAndroid Build Coastguard Worker
8*8617a60dSAndroid Build Coastguard Worker #include "2common.h"
9*8617a60dSAndroid Build Coastguard Worker #include "2crypto.h"
10*8617a60dSAndroid Build Coastguard Worker #include "2rsa.h"
11*8617a60dSAndroid Build Coastguard Worker #include "2sha.h"
12*8617a60dSAndroid Build Coastguard Worker #include "2sysincludes.h"
13*8617a60dSAndroid Build Coastguard Worker
14*8617a60dSAndroid Build Coastguard Worker /*
15*8617a60dSAndroid Build Coastguard Worker * These two need to be exported for host/lib/crypto.c, but they also need to be
16*8617a60dSAndroid Build Coastguard Worker * in .rodata to make coreboot XIP stages happy. We know they are immutable but
17*8617a60dSAndroid Build Coastguard Worker * there is no C language way to guarantee that, so we have to manually force
18*8617a60dSAndroid Build Coastguard Worker * the compiler to place them in .rodata. Also inject custom section flags so
19*8617a60dSAndroid Build Coastguard Worker * they are only allocatable (a) but not writeable (w).
20*8617a60dSAndroid Build Coastguard Worker */
21*8617a60dSAndroid Build Coastguard Worker
22*8617a60dSAndroid Build Coastguard Worker #ifndef CHROMEOS_ENVIRONMENT
23*8617a60dSAndroid Build Coastguard Worker __attribute__((section(".rodata.vb2_sig_names,\"a\"\n# ")))
24*8617a60dSAndroid Build Coastguard Worker #endif
25*8617a60dSAndroid Build Coastguard Worker const char *vb2_sig_names[VB2_SIG_ALG_COUNT] = {
26*8617a60dSAndroid Build Coastguard Worker [VB2_SIG_NONE] = "none",
27*8617a60dSAndroid Build Coastguard Worker [VB2_SIG_RSA1024] = "RSA1024",
28*8617a60dSAndroid Build Coastguard Worker [VB2_SIG_RSA2048] = "RSA2048",
29*8617a60dSAndroid Build Coastguard Worker [VB2_SIG_RSA4096] = "RSA4096",
30*8617a60dSAndroid Build Coastguard Worker [VB2_SIG_RSA8192] = "RSA8192",
31*8617a60dSAndroid Build Coastguard Worker [VB2_SIG_RSA2048_EXP3] = "RSA2048EXP3",
32*8617a60dSAndroid Build Coastguard Worker [VB2_SIG_RSA3072_EXP3] = "RSA3072EXP3",
33*8617a60dSAndroid Build Coastguard Worker };
34*8617a60dSAndroid Build Coastguard Worker
35*8617a60dSAndroid Build Coastguard Worker #ifndef CHROMEOS_ENVIRONMENT
36*8617a60dSAndroid Build Coastguard Worker __attribute__((section(".rodata.vb2_hash_names,\"a\"\n# ")))
37*8617a60dSAndroid Build Coastguard Worker #endif
38*8617a60dSAndroid Build Coastguard Worker const char *vb2_hash_names[VB2_HASH_ALG_COUNT] = {
39*8617a60dSAndroid Build Coastguard Worker [VB2_HASH_NONE] = "none",
40*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA1
41*8617a60dSAndroid Build Coastguard Worker [VB2_HASH_SHA1] = VB2_SHA1_ALG_NAME,
42*8617a60dSAndroid Build Coastguard Worker #endif
43*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA256
44*8617a60dSAndroid Build Coastguard Worker [VB2_HASH_SHA224] = VB2_SHA224_ALG_NAME,
45*8617a60dSAndroid Build Coastguard Worker [VB2_HASH_SHA256] = VB2_SHA256_ALG_NAME,
46*8617a60dSAndroid Build Coastguard Worker #endif
47*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA512
48*8617a60dSAndroid Build Coastguard Worker [VB2_HASH_SHA384] = VB2_SHA384_ALG_NAME,
49*8617a60dSAndroid Build Coastguard Worker [VB2_HASH_SHA512] = VB2_SHA512_ALG_NAME,
50*8617a60dSAndroid Build Coastguard Worker #endif
51*8617a60dSAndroid Build Coastguard Worker };
52*8617a60dSAndroid Build Coastguard Worker
53*8617a60dSAndroid Build Coastguard Worker /* The others are internal to this file. */
54*8617a60dSAndroid Build Coastguard Worker
55*8617a60dSAndroid Build Coastguard Worker static const char *crypto_names[] = {
56*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA1
57*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA1024_SHA1] = "RSA1024 SHA1",
58*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_SHA1] = "RSA2048 SHA1",
59*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA4096_SHA1] = "RSA4096 SHA1",
60*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA8192_SHA1] = "RSA8192 SHA1",
61*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_EXP3_SHA1] = "RSA2048 EXP3 SHA1",
62*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA3072_EXP3_SHA1] = "RSA3072 EXP3 SHA1",
63*8617a60dSAndroid Build Coastguard Worker #endif
64*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA256
65*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA1024_SHA256] = "RSA1024 SHA256",
66*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_SHA256] = "RSA2048 SHA256",
67*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA4096_SHA256] = "RSA4096 SHA256",
68*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA8192_SHA256] = "RSA8192 SHA256",
69*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_EXP3_SHA256] = "RSA2048 EXP3 SHA256",
70*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA3072_EXP3_SHA256] = "RSA3072 EXP3 SHA256",
71*8617a60dSAndroid Build Coastguard Worker #endif
72*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA512
73*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA1024_SHA512] = "RSA1024 SHA512",
74*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_SHA512] = "RSA2048 SHA512",
75*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA4096_SHA512] = "RSA4096 SHA512",
76*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA8192_SHA512] = "RSA8192 SHA512",
77*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_EXP3_SHA512] = "RSA2048 EXP3 SHA512",
78*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA3072_EXP3_SHA512] = "RSA3072 EXP3 SHA512",
79*8617a60dSAndroid Build Coastguard Worker #endif
80*8617a60dSAndroid Build Coastguard Worker };
81*8617a60dSAndroid Build Coastguard Worker
82*8617a60dSAndroid Build Coastguard Worker static const char *crypto_filenames[] = {
83*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA1
84*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA1024_SHA1] = "rsa1024",
85*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_SHA1] = "rsa2048",
86*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA4096_SHA1] = "rsa4096",
87*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA8192_SHA1] = "rsa8192",
88*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_EXP3_SHA1] = "rsa2048_exp3",
89*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA3072_EXP3_SHA1] = "rsa3072_exp3",
90*8617a60dSAndroid Build Coastguard Worker #endif
91*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA256
92*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA1024_SHA256] = "rsa1024",
93*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_SHA256] = "rsa2048",
94*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA4096_SHA256] = "rsa4096",
95*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA8192_SHA256] = "rsa8192",
96*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_EXP3_SHA256] = "rsa2048_exp3",
97*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA3072_EXP3_SHA256] = "rsa3072_exp3",
98*8617a60dSAndroid Build Coastguard Worker #endif
99*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA512
100*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA1024_SHA512] = "rsa1024",
101*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_SHA512] = "rsa2048",
102*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA4096_SHA512] = "rsa4096",
103*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA8192_SHA512] = "rsa8192",
104*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_EXP3_SHA512] = "rsa2048_exp3",
105*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA3072_EXP3_SHA512] = "rsa3072_exp3",
106*8617a60dSAndroid Build Coastguard Worker #endif
107*8617a60dSAndroid Build Coastguard Worker };
108*8617a60dSAndroid Build Coastguard Worker
109*8617a60dSAndroid Build Coastguard Worker static const uint8_t crypto_to_sig[] = {
110*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA1
111*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA1024_SHA1] = VB2_SIG_RSA1024,
112*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_SHA1] = VB2_SIG_RSA2048,
113*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA4096_SHA1] = VB2_SIG_RSA4096,
114*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA8192_SHA1] = VB2_SIG_RSA8192,
115*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_EXP3_SHA1] = VB2_SIG_RSA2048_EXP3,
116*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA3072_EXP3_SHA1] = VB2_SIG_RSA3072_EXP3,
117*8617a60dSAndroid Build Coastguard Worker #endif
118*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA256
119*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA1024_SHA256] = VB2_SIG_RSA1024,
120*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_SHA256] = VB2_SIG_RSA2048,
121*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA4096_SHA256] = VB2_SIG_RSA4096,
122*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA8192_SHA256] = VB2_SIG_RSA8192,
123*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_EXP3_SHA256] = VB2_SIG_RSA2048_EXP3,
124*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA3072_EXP3_SHA256] = VB2_SIG_RSA3072_EXP3,
125*8617a60dSAndroid Build Coastguard Worker #endif
126*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA512
127*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA1024_SHA512] = VB2_SIG_RSA1024,
128*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_SHA512] = VB2_SIG_RSA2048,
129*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA4096_SHA512] = VB2_SIG_RSA4096,
130*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA8192_SHA512] = VB2_SIG_RSA8192,
131*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_EXP3_SHA512] = VB2_SIG_RSA2048_EXP3,
132*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA3072_EXP3_SHA512] = VB2_SIG_RSA3072_EXP3,
133*8617a60dSAndroid Build Coastguard Worker #endif
134*8617a60dSAndroid Build Coastguard Worker };
135*8617a60dSAndroid Build Coastguard Worker
136*8617a60dSAndroid Build Coastguard Worker static const uint8_t crypto_to_hash[] = {
137*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA1
138*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA1024_SHA1] = VB2_HASH_SHA1,
139*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_SHA1] = VB2_HASH_SHA1,
140*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA4096_SHA1] = VB2_HASH_SHA1,
141*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA8192_SHA1] = VB2_HASH_SHA1,
142*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_EXP3_SHA1] = VB2_HASH_SHA1,
143*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA3072_EXP3_SHA1] = VB2_HASH_SHA1,
144*8617a60dSAndroid Build Coastguard Worker #endif
145*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA256
146*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA1024_SHA256] = VB2_HASH_SHA256,
147*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_SHA256] = VB2_HASH_SHA256,
148*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA4096_SHA256] = VB2_HASH_SHA256,
149*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA8192_SHA256] = VB2_HASH_SHA256,
150*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_EXP3_SHA256] = VB2_HASH_SHA256,
151*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA3072_EXP3_SHA256] = VB2_HASH_SHA256,
152*8617a60dSAndroid Build Coastguard Worker #endif
153*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA512
154*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA1024_SHA512] = VB2_HASH_SHA512,
155*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_SHA512] = VB2_HASH_SHA512,
156*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA4096_SHA512] = VB2_HASH_SHA512,
157*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA8192_SHA512] = VB2_HASH_SHA512,
158*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA2048_EXP3_SHA512] = VB2_HASH_SHA512,
159*8617a60dSAndroid Build Coastguard Worker [VB2_ALG_RSA3072_EXP3_SHA512] = VB2_HASH_SHA512,
160*8617a60dSAndroid Build Coastguard Worker #endif
161*8617a60dSAndroid Build Coastguard Worker };
162*8617a60dSAndroid Build Coastguard Worker
163*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA512
164*8617a60dSAndroid Build Coastguard Worker _Static_assert(ARRAY_SIZE(crypto_names) == VB2_ALG_COUNT, "");
165*8617a60dSAndroid Build Coastguard Worker _Static_assert(ARRAY_SIZE(crypto_filenames) == VB2_ALG_COUNT, "");
166*8617a60dSAndroid Build Coastguard Worker _Static_assert(ARRAY_SIZE(crypto_to_sig) == VB2_ALG_COUNT, "");
167*8617a60dSAndroid Build Coastguard Worker _Static_assert(ARRAY_SIZE(crypto_to_hash) == VB2_ALG_COUNT, "");
168*8617a60dSAndroid Build Coastguard Worker #endif
169*8617a60dSAndroid Build Coastguard Worker
vb2_get_hash_algorithm_name(enum vb2_hash_algorithm hash_alg)170*8617a60dSAndroid Build Coastguard Worker const char *vb2_get_hash_algorithm_name(enum vb2_hash_algorithm hash_alg)
171*8617a60dSAndroid Build Coastguard Worker { if (hash_alg < ARRAY_SIZE(vb2_hash_names) && vb2_hash_names[hash_alg])
172*8617a60dSAndroid Build Coastguard Worker return vb2_hash_names[hash_alg];
173*8617a60dSAndroid Build Coastguard Worker else
174*8617a60dSAndroid Build Coastguard Worker return VB2_INVALID_ALG_NAME;
175*8617a60dSAndroid Build Coastguard Worker }
176*8617a60dSAndroid Build Coastguard Worker
vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg)177*8617a60dSAndroid Build Coastguard Worker const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg)
178*8617a60dSAndroid Build Coastguard Worker {
179*8617a60dSAndroid Build Coastguard Worker if (sig_alg < ARRAY_SIZE(vb2_sig_names) && vb2_sig_names[sig_alg])
180*8617a60dSAndroid Build Coastguard Worker return vb2_sig_names[sig_alg];
181*8617a60dSAndroid Build Coastguard Worker else
182*8617a60dSAndroid Build Coastguard Worker return VB2_INVALID_ALG_NAME;
183*8617a60dSAndroid Build Coastguard Worker }
184*8617a60dSAndroid Build Coastguard Worker
vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg)185*8617a60dSAndroid Build Coastguard Worker const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg)
186*8617a60dSAndroid Build Coastguard Worker {
187*8617a60dSAndroid Build Coastguard Worker if (alg < ARRAY_SIZE(crypto_names) && crypto_names[alg])
188*8617a60dSAndroid Build Coastguard Worker return crypto_names[alg];
189*8617a60dSAndroid Build Coastguard Worker else
190*8617a60dSAndroid Build Coastguard Worker return VB2_INVALID_ALG_NAME;
191*8617a60dSAndroid Build Coastguard Worker }
192*8617a60dSAndroid Build Coastguard Worker
vb2_get_crypto_algorithm_file(enum vb2_crypto_algorithm alg)193*8617a60dSAndroid Build Coastguard Worker const char *vb2_get_crypto_algorithm_file(enum vb2_crypto_algorithm alg)
194*8617a60dSAndroid Build Coastguard Worker {
195*8617a60dSAndroid Build Coastguard Worker if (alg < ARRAY_SIZE(crypto_filenames) && crypto_filenames[alg])
196*8617a60dSAndroid Build Coastguard Worker return crypto_filenames[alg];
197*8617a60dSAndroid Build Coastguard Worker else
198*8617a60dSAndroid Build Coastguard Worker return VB2_INVALID_ALG_NAME;
199*8617a60dSAndroid Build Coastguard Worker }
200*8617a60dSAndroid Build Coastguard Worker
vb2_crypto_to_signature(enum vb2_crypto_algorithm algorithm)201*8617a60dSAndroid Build Coastguard Worker enum vb2_signature_algorithm vb2_crypto_to_signature(
202*8617a60dSAndroid Build Coastguard Worker enum vb2_crypto_algorithm algorithm)
203*8617a60dSAndroid Build Coastguard Worker {
204*8617a60dSAndroid Build Coastguard Worker if (algorithm < ARRAY_SIZE(crypto_to_sig))
205*8617a60dSAndroid Build Coastguard Worker return crypto_to_sig[algorithm];
206*8617a60dSAndroid Build Coastguard Worker else
207*8617a60dSAndroid Build Coastguard Worker return VB2_SIG_INVALID;
208*8617a60dSAndroid Build Coastguard Worker }
209*8617a60dSAndroid Build Coastguard Worker
vb2_crypto_to_hash(enum vb2_crypto_algorithm algorithm)210*8617a60dSAndroid Build Coastguard Worker enum vb2_hash_algorithm vb2_crypto_to_hash(enum vb2_crypto_algorithm algorithm)
211*8617a60dSAndroid Build Coastguard Worker {
212*8617a60dSAndroid Build Coastguard Worker if (algorithm < ARRAY_SIZE(crypto_to_hash))
213*8617a60dSAndroid Build Coastguard Worker return crypto_to_hash[algorithm];
214*8617a60dSAndroid Build Coastguard Worker else
215*8617a60dSAndroid Build Coastguard Worker return VB2_HASH_INVALID;
216*8617a60dSAndroid Build Coastguard Worker }
217