1 files changed, 284 insertions, 0 deletions
diff --git a/host/lib21/include/host_key21.h b/host/lib21/include/host_key21.h
new file mode 100644
index 00000000..219e98ab
--- /dev/null
+++ b/host/lib21/include/host_key21.h
@@ -0,0 +1,284 @@
+/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ *
+ * Host-side functions for verified boot key structures
+ */
+
+#ifndef VBOOT_REFERENCE_HOST_KEY2_H_
+#define VBOOT_REFERENCE_HOST_KEY2_H_
+
+#include "2id.h"
+#include "2return_codes.h"
+#include "2struct.h"
+
+struct vb2_public_key;
+struct vb21_packed_key;
+
+/* Private key data, in-memory format for use in signing calls. */
+struct vb2_private_key {
+	struct rsa_st *rsa_private_key;		/* Private key data */
+	enum vb2_hash_algorithm hash_alg;	/* Hash algorithm */
+	enum vb2_signature_algorithm sig_alg;	/* Signature algorithm */
+	char *desc;				/* Description */
+	struct vb2_id id;			/* Key ID */
+};
+
+struct vb2_packed_private_key {
+	/* Signature algorithm used by the key (enum vb2_crypto_algorithm) */
+	uint32_t algorithm;
+	uint32_t reserved2;
+	/* Key data formatted for d2i_RSAPrivateKey() */
+	uint8_t key_data[0];
+};
+
+/* Convert between enums and human-readable form. Terminated with {0, 0}. */
+struct vb2_text_vs_enum {
+	const char *name;
+	unsigned int num;
+};
+
+/**
+ * @param table         Table to search
+ * @param num           Enum value to search for
+ * @return pointer to table entry or NULL if no match
+ */
+const struct vb2_text_vs_enum *vb2_lookup_by_num(
+	const struct vb2_text_vs_enum *table,
+	const unsigned int num);
+
+/**
+ * @param table         Table to search
+ * @param name          String value to search for
+ * @return pointer to table entry or NULL if no match
+ */
+const struct vb2_text_vs_enum *vb2_lookup_by_name(
+	const struct vb2_text_vs_enum *table,
+	const char *name);
+
+extern const struct vb2_text_vs_enum vb2_text_vs_sig[];
+extern const struct vb2_text_vs_enum vb2_text_vs_hash[];
+
+/**
+ * Return the name of a signature algorithm.
+ *
+ * @param sig_alg	Signature algorithm to look up
+ * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match.
+ */
+const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg);
+
+/**
+ * Return the name of a crypto algorithm.
+ *
+ * @param alg		Crypto algorithm to look up
+ * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match.
+ */
+const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg);
+
+/**
+ * Return the name of a crypto algorithm.
+ *
+ * @param alg		Crypto algorithm to look up
+ * @return The corresponding stem filename, or VB2_INVALID_ALG_NAME if no match.
+ */
+const char *vb2_get_crypto_algorithm_file(enum vb2_crypto_algorithm alg);
+
+/**
+ * Free a private key.
+ *
+ * @param key		Key containing internal data to free.
+ */
+void vb2_private_key_free(struct vb2_private_key *key);
+
+/**
+ * Unpack a private key from vb21_packed_private_key format.
+ *
+ * @param key_ptr	Destination for newly allocated key; this must be
+ *			freed with vb2_private_key_free().
+ * @param buf		Source buffer containing packed key
+ * @param size		Size of buffer in bytes
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb21_private_key_unpack(struct vb2_private_key **key_ptr,
+				    const uint8_t *buf, uint32_t size);
+
+/**
+ * Read a private key from vb21_packed_private_key format.
+ *
+ * @param key_ptr	Destination for newly allocated key; this must be
+ *			freed with vb2_private_key_free().
+ * @param filename	File to read key data from.
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb21_private_key_read(struct vb2_private_key **key_ptr,
+				  const char *filename);
+
+/**
+ * Read a private key from a .pem file.
+ *
+ * This only reads the internal data for the key.  It does not set any of the
+ * other fields in *key_ptr, since those are not contained in the .pem file.
+ *
+ * @param key_ptr	Destination for newly allocated key; this must be
+ *			freed with vb2_private_key_free().
+ * @param filename	File to read key data from.
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb2_private_key_read_pem(struct vb2_private_key **key_ptr,
+				     const char *filename);
+
+/**
+ * Set the description of a private key.
+ *
+ * @param key		Key to set description for
+ * @param desc		Description string, or NULL if no description.
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb2_private_key_set_desc(struct vb2_private_key *key,
+				     const char *desc);
+
+/**
+ * Write a private key to vb21_packed_private_key format.
+ *
+ * @param key		Key to write
+ * @param filename	File to write key data to.
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb21_private_key_write(const struct vb2_private_key *key,
+				   const char *filename);
+
+/**
+ * Get a private key for an unsigned hash
+ *
+ * @param key_ptr	Destination for pointer to key.  The key is statically
+ *			allocated and must not be freed.
+ * @param hash_alg	Hash algorithm to use
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb2_private_key_hash(const struct vb2_private_key **key_ptr,
+				 enum vb2_hash_algorithm hash_alg);
+
+/**
+ * Allocate a public key buffer of sufficient size for the signature algorithm.
+ *
+ * This only initializes the sig_alg field and the id field to an empty
+ * id.  It does not set any of the other fields in *key_ptr.
+ *
+ * @param key_ptr	Destination for newly allocated key; this must be
+ *			freed with vb2_public_key_free().
+ * @param sig_alg	Signature algorithm for key.
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb2_public_key_alloc(struct vb2_public_key **key_ptr,
+				 enum vb2_signature_algorithm sig_alg);
+
+/**
+ * Return the packed data for a key allocated with vb2_public_key_alloc().
+ *
+ * The packed data is in the same buffer, following the key struct and ID.
+ */
+uint8_t *vb2_public_key_packed_data(struct vb2_public_key *key);
+
+/**
+ * Free a public key allocated by one of the functions below.
+ *
+ * Note that this should ONLY be called for public keys allocated via one
+ * of those functions; public keys created or filled in other ways (such as
+ * vb21_unpack_key()) do not allocate memory for sub-fields in the same way.
+ *
+ * @param key		Key to free
+ */
+void vb2_public_key_free(struct vb2_public_key *key);
+
+/**
+ * Read a public key from a .keyb file.
+ *
+ * Guesses the signature algorithm based on the size of the .keyb file.  Does
+ * not set the hash_alg, id, or desc fields, since those are not contained in
+ * the .keyb file.
+ *
+ * @param key_ptr	Destination for newly allocated key; this must be
+ *			freed with vb2_public_key_free().
+ * @param filename	File to read key from.
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+
+vb2_error_t vb2_public_key_read_keyb(struct vb2_public_key **key_ptr,
+				     const char *filename);
+
+/**
+ * Set the description of a public key.
+ *
+ * @param key		Key to set description for
+ * @param desc		Description string, or NULL if no description.
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb2_public_key_set_desc(struct vb2_public_key *key,
+				    const char *desc);
+
+/**
+ * Read a public key in vb21_packed_key format.
+ *
+ * @param key_ptr	On success, points to the newly allocated key buffer.
+ *			Caller is responsible for calling free() on this.
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+vb2_error_t vb21_packed_key_read(struct vb21_packed_key **key_ptr,
+				 const char *filename);
+
+/**
+ * Pack a public key into vb21_packed_key format.
+ *
+ * @param pubk		Public key to pack
+ * @param key_ptr	On success, points to a newly allocated packed key
+ *			buffer.  Caller is responsible for calling free() on
+ *			this.
+ * @return VB2_SUCCESS, or non-zero if error.
+ */
+vb2_error_t vb21_public_key_pack(struct vb21_packed_key **key_ptr,
+				 const struct vb2_public_key *pubk);
+
+/**
+ * Get a public key for an unsigned hash.
+ *
+ * @param key		Destination for key data.
+ * @param hash_alg	Hash algorithm to use
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb2_public_key_hash(struct vb2_public_key *key,
+				enum vb2_hash_algorithm hash_alg);
+
+
+/**
+ * Return the signature algorithm implied by the bit length of an RSA key
+ *
+ * @param rsa		RSA key
+ * @return vb2 signature algorithm
+ */
+enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa);
+
+/**
+ * Write a public key to the vb21_packed_key format.
+ *
+ * @param key		Key to write
+ * @param filename	File to write key data to.
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb21_public_key_write(const struct vb2_public_key *key,
+				  const char *filename);
+
+/**
+ * Unpack a key for use in verification
+ *
+ * The elements of the unpacked key will point into the source buffer, so don't
+ * free the source buffer until you're done with the key.
+ *
+ * @param key		Destintion for unpacked key
+ * @param buf		Source buffer containing packed key
+ * @param size		Size of buffer in bytes
+ * @return VB2_SUCCESS, or non-zero error code if error.
+ */
+vb2_error_t vb21_unpack_key(struct vb2_public_key *key, const uint8_t *buf,
+			    uint32_t size);
+
+#endif  /* VBOOT_REFERENCE_HOST_KEY2_H_ */