vboot2: Split crypto algorithms into their own header file

This allows the algorithm list to be shared by code which simply needs
to look at the vboot structures.

No functional changes; just moving enums around and adding comments.

BUG=chromium:423882
BRANCH=none
TEST=make runtests; VBOOT2=1 make runtests

Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/223541
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
(cherry picked from commit f2f88042ed3a095819312c57d28e2d93e68d5c37)
Signed-off-by: Duncan Laurie <dlaurie@chromium.org>

Change-Id: Ia8cefeffb28d5eceb290540195193ea13e68e2c1
Reviewed-on: https://chromium-review.googlesource.com/224400
Tested-by: Duncan Laurie <dlaurie@chromium.org>
Reviewed-by: Duncan Laurie <dlaurie@chromium.org>
Commit-Queue: Duncan Laurie <dlaurie@chromium.org>

4 files changed, 46 insertions, 28 deletions

diff --git a/firmware/2lib/include/2crypto.h b/firmware/2lib/include/2crypto.h
new file mode 100644
index 00000000..e930de84
--- /dev/null
+++ b/firmware/2lib/include/2crypto.h
@@ -0,0 +1,31 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Crypto constants for verified boot
+ */
+
+#ifndef VBOOT_REFERENCE_VBOOT_2CRYPTO_H_
+#define VBOOT_REFERENCE_VBOOT_2CRYPTO_H_
+#include <stdint.h>
+
+/* Verified boot crypto algorithms */
+enum vb2_crypto_algorithm {
+	VB2_ALG_RSA1024_SHA1   = 0,
+	VB2_ALG_RSA1024_SHA256 = 1,
+	VB2_ALG_RSA1024_SHA512 = 2,
+	VB2_ALG_RSA2048_SHA1   = 3,
+	VB2_ALG_RSA2048_SHA256 = 4,
+	VB2_ALG_RSA2048_SHA512 = 5,
+	VB2_ALG_RSA4096_SHA1   = 6,
+	VB2_ALG_RSA4096_SHA256 = 7,
+	VB2_ALG_RSA4096_SHA512 = 8,
+	VB2_ALG_RSA8192_SHA1   = 9,
+	VB2_ALG_RSA8192_SHA256 = 10,
+	VB2_ALG_RSA8192_SHA512 = 11,
+
+	/* Number of algorithms */
+	VB2_ALG_COUNT
+};
+
+#endif /* VBOOT_REFERENCE_VBOOT_2CRYPTO_H_ */
diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h
index 1fee1922..33edd617 100644
--- a/firmware/2lib/include/2rsa.h
+++ b/firmware/2lib/include/2rsa.h
@@ -6,27 +6,9 @@
 #ifndef VBOOT_REFERENCE_2RSA_H_
 #define VBOOT_REFERENCE_2RSA_H_
 
-struct vb2_workbuf;
-
-/* Algorithms for crypto lib */
-enum vb2_crypto_algorithm {
-	VB2_ALG_RSA1024_SHA1 = 0,
-	VB2_ALG_RSA1024_SHA256,
-	VB2_ALG_RSA1024_SHA512,
-	VB2_ALG_RSA2048_SHA1,
-	VB2_ALG_RSA2048_SHA256,
-	VB2_ALG_RSA2048_SHA512,
-	VB2_ALG_RSA4096_SHA1,
-	VB2_ALG_RSA4096_SHA256,
-	VB2_ALG_RSA4096_SHA512,
-	VB2_ALG_RSA8192_SHA1,
-	VB2_ALG_RSA8192_SHA256,
-	VB2_ALG_RSA8192_SHA512,
-	// TODO: add algorithms for bare SHA with no RSA?
+#include "2crypto.h"
 
-	/* Number of algorithms */
-	VB2_ALG_COUNT
-};
+struct vb2_workbuf;
 
 /* Public key structure in RAM */
 struct vb2_public_key {
@@ -40,7 +22,7 @@ struct vb2_public_key {
 /**
  * Return the size of a RSA signature
  *
- * @param algorithm	Key algorithm
+ * @param algorithm	Key algorithm (enum vb2_crypto_algorithm)
  * @return The size of the signature, or 0 if error.
  */
 uint32_t vb2_rsa_sig_size(uint32_t algorithm);
@@ -48,7 +30,7 @@ uint32_t vb2_rsa_sig_size(uint32_t algorithm);
 /**
  * Return the size of a pre-processed RSA public key.
  *
- * @param algorithm	Key algorithm
+ * @param algorithm	Key algorithm (enum vb2_crypto_algorithm)
  * @return The size of the preprocessed key, or 0 if error.
  */
 uint32_t vb2_packed_key_size(uint32_t algorithm);
@@ -57,7 +39,7 @@ uint32_t vb2_packed_key_size(uint32_t algorithm);
  * Check pkcs 1.5 padding bytes
  *
  * @param sig		Signature to verify
- * @param algorithm	Key algorithm
+ * @param algorithm	Key algorithm (enum vb2_crypto_algorithm)
  * @return VB2_SUCCESS, or non-zero if error.
  */
 int vb2_check_padding(uint8_t *sig, int algorithm);
diff --git a/firmware/2lib/include/2sha.h b/firmware/2lib/include/2sha.h
index 83a2c624..73efd96b 100644
--- a/firmware/2lib/include/2sha.h
+++ b/firmware/2lib/include/2sha.h
@@ -6,6 +6,8 @@
 #ifndef VBOOT_REFERENCE_2SHA_H_
 #define VBOOT_REFERENCE_2SHA_H_
 
+#include "2crypto.h"
+
 /* Hash algorithms may be disabled individually to save code space */
 
 #ifndef VB2_SUPPORT_SHA1
@@ -73,7 +75,7 @@ struct vb2_digest_context {
 #endif
 	};
 
-	/* Current hash algorithms */
+	/* Current hash algorithm (enum vb2_crypto_algorithm) */
 	uint32_t algorithm;
 };
 
@@ -116,7 +118,7 @@ void vb2_sha512_finalize(struct vb2_sha512_context *ctx, uint8_t *digest);
 /**
  * Return the size of the digest for a key algorithm.
  *
- * @param algorithm	Key algorithm
+ * @param algorithm	Key algorithm (enum vb2_crypto_algorithm)
  * @return The size of the digest, or 0 if error.
  */
 int vb2_digest_size(uint32_t algorithm);
@@ -125,7 +127,7 @@ int vb2_digest_size(uint32_t algorithm);
  * Initialize a digest context for doing block-style digesting.
  *
  * @param dc		Digest context
- * @param algorithm	Key algorithm
+ * @param algorithm	Key algorithm (enum vb2_crypto_algorithm)
  * @return VB2_SUCCESS, or non-zero on error.
  */
 int vb2_digest_init(struct vb2_digest_context *dc, uint32_t algorithm);
diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h
index 560d5672..339283ef 100644
--- a/firmware/2lib/include/2struct.h
+++ b/firmware/2lib/include/2struct.h
@@ -27,7 +27,7 @@ struct vb2_packed_key {
 	uint32_t key_size;
 	uint32_t reserved1;
 
-	/* Signature algorithm used by the key */
+	/* Signature algorithm used by the key (enum vb2_crypto_algorithm) */
 	uint32_t algorithm;
 	uint32_t reserved2;
 
@@ -231,7 +231,10 @@ struct vb2_shared_data {
 	/* Flags from GBB header */
 	uint32_t gbb_flags;
 
-	/* Reason we are in recovery mode this boot, or 0 if we aren't */
+	/*
+	 * Reason we are in recovery mode this boot (enum vb2_nv_recovery), or
+	 * 0 if we aren't.
+	 */
 	uint32_t recovery_reason;
 
 	/* Firmware slot used last boot (0=A, 1=B) */