1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2014 The ChromiumOS Authors 2*8617a60dSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be 3*8617a60dSAndroid Build Coastguard Worker * found in the LICENSE file. 4*8617a60dSAndroid Build Coastguard Worker */ 5*8617a60dSAndroid Build Coastguard Worker 6*8617a60dSAndroid Build Coastguard Worker #ifndef VBOOT_REFERENCE_2RSA_H_ 7*8617a60dSAndroid Build Coastguard Worker #define VBOOT_REFERENCE_2RSA_H_ 8*8617a60dSAndroid Build Coastguard Worker 9*8617a60dSAndroid Build Coastguard Worker #include "2crypto.h" 10*8617a60dSAndroid Build Coastguard Worker #include "2return_codes.h" 11*8617a60dSAndroid Build Coastguard Worker 12*8617a60dSAndroid Build Coastguard Worker struct vb2_workbuf; 13*8617a60dSAndroid Build Coastguard Worker 14*8617a60dSAndroid Build Coastguard Worker /* Public key structure in RAM */ 15*8617a60dSAndroid Build Coastguard Worker struct vb2_public_key { 16*8617a60dSAndroid Build Coastguard Worker uint32_t arrsize; /* Length of n[] and rr[] in number of uint32_t */ 17*8617a60dSAndroid Build Coastguard Worker uint32_t n0inv; /* -1 / n[0] mod 2^32 */ 18*8617a60dSAndroid Build Coastguard Worker const uint32_t *n; /* Modulus as little endian array */ 19*8617a60dSAndroid Build Coastguard Worker const uint32_t *rr; /* R^2 as little endian array */ 20*8617a60dSAndroid Build Coastguard Worker enum vb2_signature_algorithm sig_alg; /* Signature algorithm */ 21*8617a60dSAndroid Build Coastguard Worker enum vb2_hash_algorithm hash_alg; /* Hash algorithm */ 22*8617a60dSAndroid Build Coastguard Worker const char *desc; /* Description */ 23*8617a60dSAndroid Build Coastguard Worker uint32_t version; /* Key version */ 24*8617a60dSAndroid Build Coastguard Worker const struct vb2_id *id; /* Key ID */ 25*8617a60dSAndroid Build Coastguard Worker bool allow_hwcrypto; /* Is hwcrypto allowed for key */ 26*8617a60dSAndroid Build Coastguard Worker }; 27*8617a60dSAndroid Build Coastguard Worker 28*8617a60dSAndroid Build Coastguard Worker /** 29*8617a60dSAndroid Build Coastguard Worker * Return the size of a RSA signature 30*8617a60dSAndroid Build Coastguard Worker * 31*8617a60dSAndroid Build Coastguard Worker * @param sig_alg Signature algorithm 32*8617a60dSAndroid Build Coastguard Worker * @return The size of the signature in bytes, or 0 if error. 33*8617a60dSAndroid Build Coastguard Worker */ 34*8617a60dSAndroid Build Coastguard Worker uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg); 35*8617a60dSAndroid Build Coastguard Worker 36*8617a60dSAndroid Build Coastguard Worker /** 37*8617a60dSAndroid Build Coastguard Worker * Return the size of a pre-processed RSA public key. 38*8617a60dSAndroid Build Coastguard Worker * 39*8617a60dSAndroid Build Coastguard Worker * @param sig_alg Signature algorithm 40*8617a60dSAndroid Build Coastguard Worker * @return The size of the preprocessed key in bytes, or 0 if error. 41*8617a60dSAndroid Build Coastguard Worker */ 42*8617a60dSAndroid Build Coastguard Worker uint32_t vb2_packed_key_size(enum vb2_signature_algorithm sig_alg); 43*8617a60dSAndroid Build Coastguard Worker 44*8617a60dSAndroid Build Coastguard Worker /* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */ 45*8617a60dSAndroid Build Coastguard Worker #if defined(ENABLE_HWCRYPTO_RSA_TESTS) 46*8617a60dSAndroid Build Coastguard Worker #define VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES ((11 * 1024) + 8) 47*8617a60dSAndroid Build Coastguard Worker #else 48*8617a60dSAndroid Build Coastguard Worker #define VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES (3 * 1024) 49*8617a60dSAndroid Build Coastguard Worker #endif 50*8617a60dSAndroid Build Coastguard Worker 51*8617a60dSAndroid Build Coastguard Worker /** 52*8617a60dSAndroid Build Coastguard Worker * Verify a RSA PKCS1.5 signature against an expected hash digest. 53*8617a60dSAndroid Build Coastguard Worker * 54*8617a60dSAndroid Build Coastguard Worker * @param key Key to use in signature verification 55*8617a60dSAndroid Build Coastguard Worker * @param sig Signature to verify (destroyed in process) 56*8617a60dSAndroid Build Coastguard Worker * @param digest Digest of signed data 57*8617a60dSAndroid Build Coastguard Worker * @param wb Work buffer 58*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero if error. 59*8617a60dSAndroid Build Coastguard Worker */ 60*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_rsa_verify_digest(const struct vb2_public_key *key, 61*8617a60dSAndroid Build Coastguard Worker uint8_t *sig, const uint8_t *digest, 62*8617a60dSAndroid Build Coastguard Worker const struct vb2_workbuf *wb); 63*8617a60dSAndroid Build Coastguard Worker 64*8617a60dSAndroid Build Coastguard Worker /** 65*8617a60dSAndroid Build Coastguard Worker * In-place public exponentiation. 66*8617a60dSAndroid Build Coastguard Worker * 67*8617a60dSAndroid Build Coastguard Worker * @param key Key to use in signing 68*8617a60dSAndroid Build Coastguard Worker * @param inout Input and output big-endian byte array 69*8617a60dSAndroid Build Coastguard Worker * @param workbuf Work buffer; caller must verify this is 70*8617a60dSAndroid Build Coastguard Worker * (3 * key->arrsize) elements long. 71*8617a60dSAndroid Build Coastguard Worker * @param exp RSA public exponent: either 65537 (F4) or 3 72*8617a60dSAndroid Build Coastguard Worker */ 73*8617a60dSAndroid Build Coastguard Worker void vb2_modexp(const struct vb2_public_key *key, uint8_t *inout, 74*8617a60dSAndroid Build Coastguard Worker void *workbuf, int exp); 75*8617a60dSAndroid Build Coastguard Worker 76*8617a60dSAndroid Build Coastguard Worker #endif /* VBOOT_REFERENCE_2RSA_H_ */ 77