diff options
Diffstat (limited to 'firmware/lib/cryptolib/include/rsa.h')
-rw-r--r-- | firmware/lib/cryptolib/include/rsa.h | 92 |
1 files changed, 92 insertions, 0 deletions
diff --git a/firmware/lib/cryptolib/include/rsa.h b/firmware/lib/cryptolib/include/rsa.h new file mode 100644 index 00000000..2d3ee955 --- /dev/null +++ b/firmware/lib/cryptolib/include/rsa.h @@ -0,0 +1,92 @@ +/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + */ + +#ifndef VBOOT_REFERENCE_RSA_H_ +#define VBOOT_REFERENCE_RSA_H_ + +#ifndef VBOOT_REFERENCE_CRYPTOLIB_H_ +#error "Do not include this file directly. Use cryptolib.h instead." +#endif + +#include "sysincludes.h" + +#define RSA1024NUMBYTES 128 /* 1024 bit key length */ +#define RSA2048NUMBYTES 256 /* 2048 bit key length */ +#define RSA4096NUMBYTES 512 /* 4096 bit key length */ +#define RSA8192NUMBYTES 1024 /* 8192 bit key length */ + +#define RSA1024NUMWORDS (RSA1024NUMBYTES / sizeof(uint32_t)) +#define RSA2048NUMWORDS (RSA2048NUMBYTES / sizeof(uint32_t)) +#define RSA4096NUMWORDS (RSA4096NUMBYTES / sizeof(uint32_t)) +#define RSA8192NUMWORDS (RSA8192NUMBYTES / sizeof(uint32_t)) + +typedef struct RSAPublicKey { + uint32_t len; /* Length of n[] in number of uint32_t */ + uint32_t n0inv; /* -1 / n[0] mod 2^32 */ + uint32_t* n; /* modulus as little endian array */ + uint32_t* rr; /* R^2 as little endian array */ + int algorithm; /* Algorithm to use when verifying binaries with the key */ +} RSAPublicKey; + +/* Verify a RSA PKCS1.5 signature [sig] of [sig_type] and length [sig_len] + * against an expected [hash] using [key]. Returns 0 on failure, 1 on success. + */ +int RSAVerify(const RSAPublicKey *key, + const uint8_t* sig, + const int sig_len, + const uint8_t sig_type, + const uint8_t* hash); + +/* Perform RSA signature verification on [buf] of length [len] against expected + * signature [sig] using signature algorithm [algorithm]. The public key used + * for verification can either be in the form of a pre-process key blob + * [key_blob] or RSAPublicKey structure [key]. One of [key_blob] or [key] must + * be non-NULL, and the other NULL or the function will fail. + * + * Returns 1 on verification success, 0 on verification failure or invalid + * arguments. + * + * Note: This function is for use in the firmware and assumes all pointers point + * to areas in the memory of the right size. + * + */ +int RSAVerifyBinary_f(const uint8_t* key_blob, + const RSAPublicKey* key, + const uint8_t* buf, + uint64_t len, + const uint8_t* sig, + int algorithm); + +/* Version of RSAVerifyBinary_f() where instead of the raw binary blob + * of data, its digest is passed as the argument. */ +int RSAVerifyBinaryWithDigest_f(const uint8_t* key_blob, + const RSAPublicKey* key, + const uint8_t* digest, + const uint8_t* sig, + int algorithm); + + +/* ----Some additional utility functions for RSA.---- */ + +/* Returns the size of a pre-processed RSA public key in bytes with algorithm + * [algorithm]. */ +int RSAProcessedKeySize(int algorithm); + +/* Allocate a new RSAPublicKey structure and initialize its pointer fields to + * NULL */ +RSAPublicKey* RSAPublicKeyNew(void); + +/* Deep free the contents of [key]. */ +void RSAPublicKeyFree(RSAPublicKey* key); + +/* Create a RSAPublic key structure from binary blob [buf] of length + * [len]. + * + * Caller owns the returned key and must free it. + */ +RSAPublicKey* RSAPublicKeyFromBuf(const uint8_t* buf, int len); + + +#endif /* VBOOT_REFERENCE_RSA_H_ */ |