From d641f8d74688290f4c7185c042b6973032ce2f37 Mon Sep 17 00:00:00 2001
From: Kangheui Won <khwon@chromium.org>
Date: Wed, 19 Aug 2020 19:29:20 +1000
Subject: vboot2: Add prototype for hwcrypto RSA

Introduce new prototype for HW RSA accleration. This is not used
on anywhere yet but will unblock coreboot work to support HW RSA.

BRANCH=none
BUG=b:163710320, b:161205813
TEST=make runtests; emerge-zork coreboot depthcharge

Change-Id: Ic4b93f32410efdd06bd012efe58749b6ef0692c6
Signed-off-by: Kangheui Won <khwon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2364338
Reviewed-by: Julius Werner <jwerner@chromium.org>
---
 firmware/2lib/2stub.c        |  7 +++++++
 firmware/2lib/include/2api.h | 14 ++++++++++++++
 firmware/2lib/include/2rsa.h |  1 -
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/firmware/2lib/2stub.c b/firmware/2lib/2stub.c
index c4b9bdf3..fc539fe9 100644
--- a/firmware/2lib/2stub.c
+++ b/firmware/2lib/2stub.c
@@ -60,6 +60,13 @@ vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest,
 	return VB2_ERROR_SHA_FINALIZE_ALGORITHM;  /* Should not be called. */
 }
 
+__attribute__((weak))
+vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key,
+					     const uint8_t *sig, const uint8_t *digest)
+{
+	return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
+}
+
 __attribute__((weak))
 vb2_error_t vb2ex_tpm_set_mode(enum vb2_tpm_mode mode_val)
 {
diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index c6d99bdf..c2f636e8 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h
@@ -26,6 +26,7 @@
 #include "2id.h"
 #include "2recovery_reasons.h"
 #include "2return_codes.h"
+#include "2rsa.h"
 #include "2secdata_struct.h"
 
 #define _VB2_TRY_IMPL(expr, ctx, recovery_reason, ...) do { \
@@ -952,6 +953,19 @@ vb2_error_t vb2ex_hwcrypto_digest_extend(const uint8_t *buf, uint32_t size);
 vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest,
 					   uint32_t digest_size);
 
+/**
+ * Verify a RSA PKCS1.5 signature in hardware crypto engine
+ * against an expected hash digest.
+ *
+ * @param key		Key to use in signature verification
+ * @param sig		Signature to verify (destroyed in process)
+ * @param digest	Digest of signed data
+ * @return VB2_SUCCESS, or non-zero error code (HWCRYPTO_UNSUPPORTED not fatal).
+ */
+vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key,
+					     const uint8_t *sig,
+					     const uint8_t *digest);
+
 /*
  * Abort vboot flow due to a failed assertion or broken assumption.
  *
diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h
index 0d0bf2aa..4b1febc4 100644
--- a/firmware/2lib/include/2rsa.h
+++ b/firmware/2lib/include/2rsa.h
@@ -8,7 +8,6 @@
 
 #include "2crypto.h"
 #include "2return_codes.h"
-#include "2struct.h"
 
 struct vb2_workbuf;
 
-- 
cgit v1.2.1