1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2014 The ChromiumOS Authors 2*8617a60dSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be 3*8617a60dSAndroid Build Coastguard Worker * found in the LICENSE file. 4*8617a60dSAndroid Build Coastguard Worker * 5*8617a60dSAndroid Build Coastguard Worker * These APIs may be called by external firmware as well as vboot. External 6*8617a60dSAndroid Build Coastguard Worker * firmware must NOT include this header file directly; instead, import 7*8617a60dSAndroid Build Coastguard Worker * the external-facing vb2_sha.h. This is permissible because the 8*8617a60dSAndroid Build Coastguard Worker * SHA library routines below don't interact with the rest of vboot. 9*8617a60dSAndroid Build Coastguard Worker */ 10*8617a60dSAndroid Build Coastguard Worker 11*8617a60dSAndroid Build Coastguard Worker #ifndef VBOOT_REFERENCE_2SHA_H_ 12*8617a60dSAndroid Build Coastguard Worker #define VBOOT_REFERENCE_2SHA_H_ 13*8617a60dSAndroid Build Coastguard Worker 14*8617a60dSAndroid Build Coastguard Worker #include "2crypto.h" 15*8617a60dSAndroid Build Coastguard Worker #include "2return_codes.h" 16*8617a60dSAndroid Build Coastguard Worker 17*8617a60dSAndroid Build Coastguard Worker /* Hash algorithms may be disabled individually to save code space */ 18*8617a60dSAndroid Build Coastguard Worker 19*8617a60dSAndroid Build Coastguard Worker #ifndef VB2_SUPPORT_SHA1 20*8617a60dSAndroid Build Coastguard Worker #define VB2_SUPPORT_SHA1 1 21*8617a60dSAndroid Build Coastguard Worker #endif 22*8617a60dSAndroid Build Coastguard Worker 23*8617a60dSAndroid Build Coastguard Worker #ifndef VB2_SUPPORT_SHA256 24*8617a60dSAndroid Build Coastguard Worker #define VB2_SUPPORT_SHA256 1 25*8617a60dSAndroid Build Coastguard Worker #endif 26*8617a60dSAndroid Build Coastguard Worker 27*8617a60dSAndroid Build Coastguard Worker #ifndef VB2_SUPPORT_SHA512 28*8617a60dSAndroid Build Coastguard Worker #define VB2_SUPPORT_SHA512 1 29*8617a60dSAndroid Build Coastguard Worker #endif 30*8617a60dSAndroid Build Coastguard Worker 31*8617a60dSAndroid Build Coastguard Worker /* These are set to the biggest values among the supported hash algorithms. 32*8617a60dSAndroid Build Coastguard Worker * They have to be updated as we add new hash algorithms */ 33*8617a60dSAndroid Build Coastguard Worker #define VB2_MAX_DIGEST_SIZE VB2_SHA512_DIGEST_SIZE 34*8617a60dSAndroid Build Coastguard Worker #define VB2_MAX_BLOCK_SIZE VB2_SHA512_BLOCK_SIZE 35*8617a60dSAndroid Build Coastguard Worker #define VB2_INVALID_ALG_NAME "INVALID" 36*8617a60dSAndroid Build Coastguard Worker 37*8617a60dSAndroid Build Coastguard Worker #define VB2_SHA1_DIGEST_SIZE 20 38*8617a60dSAndroid Build Coastguard Worker #define VB2_SHA1_BLOCK_SIZE 64 39*8617a60dSAndroid Build Coastguard Worker #define VB2_SHA1_ALG_NAME "SHA1" 40*8617a60dSAndroid Build Coastguard Worker 41*8617a60dSAndroid Build Coastguard Worker /* Context structs for hash algorithms */ 42*8617a60dSAndroid Build Coastguard Worker 43*8617a60dSAndroid Build Coastguard Worker struct vb2_sha1_context { 44*8617a60dSAndroid Build Coastguard Worker uint32_t count; 45*8617a60dSAndroid Build Coastguard Worker uint32_t state[5]; 46*8617a60dSAndroid Build Coastguard Worker #if defined(HAVE_ENDIAN_H) && defined(HAVE_LITTLE_ENDIAN) 47*8617a60dSAndroid Build Coastguard Worker union { 48*8617a60dSAndroid Build Coastguard Worker uint8_t b[VB2_SHA1_BLOCK_SIZE]; 49*8617a60dSAndroid Build Coastguard Worker uint32_t w[VB2_SHA1_BLOCK_SIZE / sizeof(uint32_t)]; 50*8617a60dSAndroid Build Coastguard Worker } buf; 51*8617a60dSAndroid Build Coastguard Worker #else 52*8617a60dSAndroid Build Coastguard Worker uint8_t buf[VB2_SHA1_BLOCK_SIZE]; 53*8617a60dSAndroid Build Coastguard Worker #endif 54*8617a60dSAndroid Build Coastguard Worker }; 55*8617a60dSAndroid Build Coastguard Worker 56*8617a60dSAndroid Build Coastguard Worker #define VB2_SHA256_DIGEST_SIZE 32 57*8617a60dSAndroid Build Coastguard Worker #define VB2_SHA256_BLOCK_SIZE 64 58*8617a60dSAndroid Build Coastguard Worker #define VB2_SHA256_ALG_NAME "SHA256" 59*8617a60dSAndroid Build Coastguard Worker 60*8617a60dSAndroid Build Coastguard Worker struct vb2_sha256_context { 61*8617a60dSAndroid Build Coastguard Worker uint32_t h[8]; 62*8617a60dSAndroid Build Coastguard Worker uint32_t total_size; 63*8617a60dSAndroid Build Coastguard Worker uint32_t size; 64*8617a60dSAndroid Build Coastguard Worker uint8_t block[2 * VB2_SHA256_BLOCK_SIZE]; 65*8617a60dSAndroid Build Coastguard Worker }; 66*8617a60dSAndroid Build Coastguard Worker 67*8617a60dSAndroid Build Coastguard Worker #define VB2_SHA512_DIGEST_SIZE 64 68*8617a60dSAndroid Build Coastguard Worker #define VB2_SHA512_BLOCK_SIZE 128 69*8617a60dSAndroid Build Coastguard Worker #define VB2_SHA512_ALG_NAME "SHA512" 70*8617a60dSAndroid Build Coastguard Worker 71*8617a60dSAndroid Build Coastguard Worker struct vb2_sha512_context { 72*8617a60dSAndroid Build Coastguard Worker uint64_t h[8]; 73*8617a60dSAndroid Build Coastguard Worker uint32_t total_size; 74*8617a60dSAndroid Build Coastguard Worker uint32_t size; 75*8617a60dSAndroid Build Coastguard Worker uint8_t block[2 * VB2_SHA512_BLOCK_SIZE]; 76*8617a60dSAndroid Build Coastguard Worker }; 77*8617a60dSAndroid Build Coastguard Worker 78*8617a60dSAndroid Build Coastguard Worker /* 79*8617a60dSAndroid Build Coastguard Worker * SHA224/SHA384 are variants of SHA256/SHA512 that use almost all the same code 80*8617a60dSAndroid Build Coastguard Worker * (and the same context structures), so no separate "SUPPORT" flags for them. 81*8617a60dSAndroid Build Coastguard Worker */ 82*8617a60dSAndroid Build Coastguard Worker #define VB2_SHA224_DIGEST_SIZE 28 83*8617a60dSAndroid Build Coastguard Worker #define VB2_SHA224_ALG_NAME "SHA224" 84*8617a60dSAndroid Build Coastguard Worker #define VB2_SHA384_DIGEST_SIZE 48 85*8617a60dSAndroid Build Coastguard Worker #define VB2_SHA384_ALG_NAME "SHA384" 86*8617a60dSAndroid Build Coastguard Worker 87*8617a60dSAndroid Build Coastguard Worker /* Hash algorithm independent digest context; includes all of the above. */ 88*8617a60dSAndroid Build Coastguard Worker struct vb2_digest_context { 89*8617a60dSAndroid Build Coastguard Worker /* Context union for all algorithms */ 90*8617a60dSAndroid Build Coastguard Worker union { 91*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA1 92*8617a60dSAndroid Build Coastguard Worker struct vb2_sha1_context sha1; 93*8617a60dSAndroid Build Coastguard Worker #endif 94*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA256 95*8617a60dSAndroid Build Coastguard Worker struct vb2_sha256_context sha256; 96*8617a60dSAndroid Build Coastguard Worker #endif 97*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA512 98*8617a60dSAndroid Build Coastguard Worker struct vb2_sha512_context sha512; 99*8617a60dSAndroid Build Coastguard Worker #endif 100*8617a60dSAndroid Build Coastguard Worker }; 101*8617a60dSAndroid Build Coastguard Worker 102*8617a60dSAndroid Build Coastguard Worker /* Current hash algorithm */ 103*8617a60dSAndroid Build Coastguard Worker enum vb2_hash_algorithm hash_alg; 104*8617a60dSAndroid Build Coastguard Worker 105*8617a60dSAndroid Build Coastguard Worker /* `true` if digest is computed with vb2ex_hwcrypto routines */ 106*8617a60dSAndroid Build Coastguard Worker bool using_hwcrypto; 107*8617a60dSAndroid Build Coastguard Worker }; 108*8617a60dSAndroid Build Coastguard Worker 109*8617a60dSAndroid Build Coastguard Worker /* 110*8617a60dSAndroid Build Coastguard Worker * Serializable data structure that can store any vboot hash. Layout used in 111*8617a60dSAndroid Build Coastguard Worker * CBFS attributes that need to be backwards-compatible -- do not change! 112*8617a60dSAndroid Build Coastguard Worker * When serializing/deserizaling this, you should store/load (offsetof(raw) + 113*8617a60dSAndroid Build Coastguard Worker * vb2_digest_size(algo)), not the full size of this structure. vboot functions 114*8617a60dSAndroid Build Coastguard Worker * taking a pointer to this should only access the |raw| array up to 115*8617a60dSAndroid Build Coastguard Worker * vb2_digest_size(algo) and not assume that the whole structure is accessible. 116*8617a60dSAndroid Build Coastguard Worker */ 117*8617a60dSAndroid Build Coastguard Worker struct vb2_hash { 118*8617a60dSAndroid Build Coastguard Worker /* Padding to match existing 4-byte big-endian from CBFS. 119*8617a60dSAndroid Build Coastguard Worker Could be reused for other stuff later (e.g. flags or something). */ 120*8617a60dSAndroid Build Coastguard Worker uint8_t reserved[3]; 121*8617a60dSAndroid Build Coastguard Worker /* enum vb2_hash_algorithm. Single byte to avoid endianness issues. */ 122*8617a60dSAndroid Build Coastguard Worker uint8_t algo; 123*8617a60dSAndroid Build Coastguard Worker /* The actual digest. Can add new types here as required. */ 124*8617a60dSAndroid Build Coastguard Worker union { 125*8617a60dSAndroid Build Coastguard Worker uint8_t raw[0]; 126*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA1 127*8617a60dSAndroid Build Coastguard Worker uint8_t sha1[VB2_SHA1_DIGEST_SIZE]; 128*8617a60dSAndroid Build Coastguard Worker #endif 129*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA256 130*8617a60dSAndroid Build Coastguard Worker uint8_t sha256[VB2_SHA256_DIGEST_SIZE]; 131*8617a60dSAndroid Build Coastguard Worker #endif 132*8617a60dSAndroid Build Coastguard Worker #if VB2_SUPPORT_SHA512 133*8617a60dSAndroid Build Coastguard Worker uint8_t sha512[VB2_SHA512_DIGEST_SIZE]; 134*8617a60dSAndroid Build Coastguard Worker #endif 135*8617a60dSAndroid Build Coastguard Worker }; 136*8617a60dSAndroid Build Coastguard Worker }; 137*8617a60dSAndroid Build Coastguard Worker _Static_assert(sizeof(struct vb2_hash) - offsetof(struct vb2_hash, raw) 138*8617a60dSAndroid Build Coastguard Worker <= VB2_MAX_DIGEST_SIZE, "Update VB2_MAX_DIGEST_SIZE for new digests!"); 139*8617a60dSAndroid Build Coastguard Worker _Static_assert(VB2_HASH_ALG_COUNT <= UINT8_MAX, "vb2_hash.algo overflow!"); 140*8617a60dSAndroid Build Coastguard Worker 141*8617a60dSAndroid Build Coastguard Worker /** 142*8617a60dSAndroid Build Coastguard Worker * Initialize a hash context. 143*8617a60dSAndroid Build Coastguard Worker * 144*8617a60dSAndroid Build Coastguard Worker * @param ctx Hash context 145*8617a60dSAndroid Build Coastguard Worker * @param algo Hash algorithm (only for overloaded functions) 146*8617a60dSAndroid Build Coastguard Worker */ 147*8617a60dSAndroid Build Coastguard Worker void vb2_sha1_init(struct vb2_sha1_context *ctx); 148*8617a60dSAndroid Build Coastguard Worker void vb2_sha256_init(struct vb2_sha256_context *ctx, 149*8617a60dSAndroid Build Coastguard Worker enum vb2_hash_algorithm algo); 150*8617a60dSAndroid Build Coastguard Worker void vb2_sha512_init(struct vb2_sha512_context *ctx, 151*8617a60dSAndroid Build Coastguard Worker enum vb2_hash_algorithm algo); 152*8617a60dSAndroid Build Coastguard Worker 153*8617a60dSAndroid Build Coastguard Worker /** 154*8617a60dSAndroid Build Coastguard Worker * Update (extend) a hash. 155*8617a60dSAndroid Build Coastguard Worker * 156*8617a60dSAndroid Build Coastguard Worker * @param ctx Hash context 157*8617a60dSAndroid Build Coastguard Worker * @param data Data to hash 158*8617a60dSAndroid Build Coastguard Worker * @param size Length of data in bytes 159*8617a60dSAndroid Build Coastguard Worker */ 160*8617a60dSAndroid Build Coastguard Worker void vb2_sha1_update(struct vb2_sha1_context *ctx, 161*8617a60dSAndroid Build Coastguard Worker const uint8_t *data, 162*8617a60dSAndroid Build Coastguard Worker uint32_t size); 163*8617a60dSAndroid Build Coastguard Worker void vb2_sha256_update(struct vb2_sha256_context *ctx, 164*8617a60dSAndroid Build Coastguard Worker const uint8_t *data, 165*8617a60dSAndroid Build Coastguard Worker uint32_t size); 166*8617a60dSAndroid Build Coastguard Worker void vb2_sha512_update(struct vb2_sha512_context *ctx, 167*8617a60dSAndroid Build Coastguard Worker const uint8_t *data, 168*8617a60dSAndroid Build Coastguard Worker uint32_t size); 169*8617a60dSAndroid Build Coastguard Worker 170*8617a60dSAndroid Build Coastguard Worker /** 171*8617a60dSAndroid Build Coastguard Worker * Finalize a hash digest. 172*8617a60dSAndroid Build Coastguard Worker * 173*8617a60dSAndroid Build Coastguard Worker * @param ctx Hash context 174*8617a60dSAndroid Build Coastguard Worker * @param digest Destination for hash; must be VB_SHA*_DIGEST_SIZE bytes 175*8617a60dSAndroid Build Coastguard Worker * @param algo Hash algorithm (only for overloaded functions) 176*8617a60dSAndroid Build Coastguard Worker */ 177*8617a60dSAndroid Build Coastguard Worker void vb2_sha1_finalize(struct vb2_sha1_context *ctx, uint8_t *digest); 178*8617a60dSAndroid Build Coastguard Worker void vb2_sha256_finalize(struct vb2_sha256_context *ctx, uint8_t *digest, 179*8617a60dSAndroid Build Coastguard Worker enum vb2_hash_algorithm algo); 180*8617a60dSAndroid Build Coastguard Worker void vb2_sha512_finalize(struct vb2_sha512_context *ctx, uint8_t *digest, 181*8617a60dSAndroid Build Coastguard Worker enum vb2_hash_algorithm algo); 182*8617a60dSAndroid Build Coastguard Worker 183*8617a60dSAndroid Build Coastguard Worker /** 184*8617a60dSAndroid Build Coastguard Worker * Hash-extend data 185*8617a60dSAndroid Build Coastguard Worker * 186*8617a60dSAndroid Build Coastguard Worker * @param from Hash to be extended. It has to be the hash size. 187*8617a60dSAndroid Build Coastguard Worker * @param by Block to be extended by. It has to be the hash block size. 188*8617a60dSAndroid Build Coastguard Worker * @param to Destination for extended data 189*8617a60dSAndroid Build Coastguard Worker */ 190*8617a60dSAndroid Build Coastguard Worker void vb2_sha256_extend(const uint8_t *from, const uint8_t *by, uint8_t *to); 191*8617a60dSAndroid Build Coastguard Worker 192*8617a60dSAndroid Build Coastguard Worker /** 193*8617a60dSAndroid Build Coastguard Worker * Return the size of the digest for a hash algorithm. 194*8617a60dSAndroid Build Coastguard Worker * 195*8617a60dSAndroid Build Coastguard Worker * @param hash_alg Hash algorithm 196*8617a60dSAndroid Build Coastguard Worker * @return The size of the digest, or 0 if error. 197*8617a60dSAndroid Build Coastguard Worker */ 198*8617a60dSAndroid Build Coastguard Worker size_t vb2_digest_size(enum vb2_hash_algorithm hash_alg); 199*8617a60dSAndroid Build Coastguard Worker 200*8617a60dSAndroid Build Coastguard Worker /** 201*8617a60dSAndroid Build Coastguard Worker * Return the block size of a hash algorithm. 202*8617a60dSAndroid Build Coastguard Worker * 203*8617a60dSAndroid Build Coastguard Worker * @param hash_alg Hash algorithm 204*8617a60dSAndroid Build Coastguard Worker * @return The block size of the algorithm, or 0 if error. 205*8617a60dSAndroid Build Coastguard Worker */ 206*8617a60dSAndroid Build Coastguard Worker size_t vb2_hash_block_size(enum vb2_hash_algorithm alg); 207*8617a60dSAndroid Build Coastguard Worker 208*8617a60dSAndroid Build Coastguard Worker /** 209*8617a60dSAndroid Build Coastguard Worker * Initialize a digest context for doing block-style digesting, potentially 210*8617a60dSAndroid Build Coastguard Worker * making use of the vb2ex_hwcrypto APIs. Whether HW crypto is allowed by policy 211*8617a60dSAndroid Build Coastguard Worker * in the current context depends on the caller and can be passed in. If HW 212*8617a60dSAndroid Build Coastguard Worker * crypto is not allowed or not supported, will automatically fall back to SW. 213*8617a60dSAndroid Build Coastguard Worker * 214*8617a60dSAndroid Build Coastguard Worker * @param dc Digest context 215*8617a60dSAndroid Build Coastguard Worker * @param allow_hwcrypto false to forbid HW crypto by policy; true to allow. 216*8617a60dSAndroid Build Coastguard Worker * @param algo Hash algorithm 217*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero on error. 218*8617a60dSAndroid Build Coastguard Worker */ 219*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_digest_init(struct vb2_digest_context *dc, bool allow_hwcrypto, 220*8617a60dSAndroid Build Coastguard Worker enum vb2_hash_algorithm algo, uint32_t data_size); 221*8617a60dSAndroid Build Coastguard Worker 222*8617a60dSAndroid Build Coastguard Worker /** 223*8617a60dSAndroid Build Coastguard Worker * Extend a digest's hash with another block of data. 224*8617a60dSAndroid Build Coastguard Worker * 225*8617a60dSAndroid Build Coastguard Worker * @param dc Digest context 226*8617a60dSAndroid Build Coastguard Worker * @param buf Data to hash 227*8617a60dSAndroid Build Coastguard Worker * @param size Length of data in bytes 228*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero on error. 229*8617a60dSAndroid Build Coastguard Worker */ 230*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_digest_extend(struct vb2_digest_context *dc, const uint8_t *buf, 231*8617a60dSAndroid Build Coastguard Worker uint32_t size); 232*8617a60dSAndroid Build Coastguard Worker 233*8617a60dSAndroid Build Coastguard Worker /** 234*8617a60dSAndroid Build Coastguard Worker * Finalize a digest and store the result. 235*8617a60dSAndroid Build Coastguard Worker * 236*8617a60dSAndroid Build Coastguard Worker * The destination digest should be at least vb2_digest_size(algorithm). 237*8617a60dSAndroid Build Coastguard Worker * 238*8617a60dSAndroid Build Coastguard Worker * @param dc Digest context 239*8617a60dSAndroid Build Coastguard Worker * @param digest Destination for digest 240*8617a60dSAndroid Build Coastguard Worker * @param digest_size Length of digest buffer in bytes. 241*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero on error. 242*8617a60dSAndroid Build Coastguard Worker */ 243*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_digest_finalize(struct vb2_digest_context *dc, 244*8617a60dSAndroid Build Coastguard Worker uint8_t *digest, uint32_t digest_size); 245*8617a60dSAndroid Build Coastguard Worker 246*8617a60dSAndroid Build Coastguard Worker /** 247*8617a60dSAndroid Build Coastguard Worker * Fill a vb2_hash structure with the hash of a buffer. 248*8617a60dSAndroid Build Coastguard Worker * 249*8617a60dSAndroid Build Coastguard Worker * @param allow_hwcrypto false to forbid HW crypto by policy; true to allow. 250*8617a60dSAndroid Build Coastguard Worker * @param buf Buffer to hash 251*8617a60dSAndroid Build Coastguard Worker * @param size Size of |buf| in bytes 252*8617a60dSAndroid Build Coastguard Worker * @param algo The hash algorithm to use (and store in |hash|) 253*8617a60dSAndroid Build Coastguard Worker * @param hash vb2_hash structure to fill with the hash of |buf| 254*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS, or non-zero on error. 255*8617a60dSAndroid Build Coastguard Worker */ 256*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_hash_calculate(bool allow_hwcrypto, const void *buf, 257*8617a60dSAndroid Build Coastguard Worker uint32_t size, enum vb2_hash_algorithm algo, 258*8617a60dSAndroid Build Coastguard Worker struct vb2_hash *hash); 259*8617a60dSAndroid Build Coastguard Worker 260*8617a60dSAndroid Build Coastguard Worker /** 261*8617a60dSAndroid Build Coastguard Worker * Verify that a vb2_hash matches a buffer. 262*8617a60dSAndroid Build Coastguard Worker * 263*8617a60dSAndroid Build Coastguard Worker * @param allow_hwcrypto false to forbid HW crypto by policy; true to allow. 264*8617a60dSAndroid Build Coastguard Worker * @param buf Buffer to hash and match to |hash| 265*8617a60dSAndroid Build Coastguard Worker * @param size Size of |buf| in bytes 266*8617a60dSAndroid Build Coastguard Worker * @param hash Hash to compare to the buffer 267*8617a60dSAndroid Build Coastguard Worker * @return VB2_SUCCESS if hash matches, VB2_ERROR_SHA_MISMATCH if hash doesn't 268*8617a60dSAndroid Build Coastguard Worker * match, or non-zero on other error. 269*8617a60dSAndroid Build Coastguard Worker */ 270*8617a60dSAndroid Build Coastguard Worker vb2_error_t vb2_hash_verify(bool allow_hwcrypto, const void *buf, uint32_t size, 271*8617a60dSAndroid Build Coastguard Worker const struct vb2_hash *hash); 272*8617a60dSAndroid Build Coastguard Worker 273*8617a60dSAndroid Build Coastguard Worker #endif /* VBOOT_REFERENCE_2SHA_H_ */ 274