From f2f88042ed3a095819312c57d28e2d93e68d5c37 Mon Sep 17 00:00:00 2001 From: Randall Spangler Date: Wed, 15 Oct 2014 13:41:52 -0700 Subject: vboot2: Split crypto algorithms into their own header file This allows the algorithm list to be shared by code which simply needs to look at the vboot structures. No functional changes; just moving enums around and adding comments. BUG=chromium:423882 BRANCH=none TEST=make runtests; VBOOT2=1 make runtests Change-Id: Ia8cefeffb28d5eceb290540195193ea13e68e2c1 Signed-off-by: Randall Spangler Reviewed-on: https://chromium-review.googlesource.com/223541 Reviewed-by: Bill Richardson --- firmware/2lib/include/2crypto.h | 31 +++++++++++++++++++++++++++++++ firmware/2lib/include/2rsa.h | 28 +++++----------------------- firmware/2lib/include/2sha.h | 8 +++++--- firmware/2lib/include/2struct.h | 7 +++++-- 4 files changed, 46 insertions(+), 28 deletions(-) create mode 100644 firmware/2lib/include/2crypto.h (limited to 'firmware/2lib/include') diff --git a/firmware/2lib/include/2crypto.h b/firmware/2lib/include/2crypto.h new file mode 100644 index 00000000..e930de84 --- /dev/null +++ b/firmware/2lib/include/2crypto.h @@ -0,0 +1,31 @@ +/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved. + * Use of this source code is governed by a BSD-style license that can be + * found in the LICENSE file. + * + * Crypto constants for verified boot + */ + +#ifndef VBOOT_REFERENCE_VBOOT_2CRYPTO_H_ +#define VBOOT_REFERENCE_VBOOT_2CRYPTO_H_ +#include + +/* Verified boot crypto algorithms */ +enum vb2_crypto_algorithm { + VB2_ALG_RSA1024_SHA1 = 0, + VB2_ALG_RSA1024_SHA256 = 1, + VB2_ALG_RSA1024_SHA512 = 2, + VB2_ALG_RSA2048_SHA1 = 3, + VB2_ALG_RSA2048_SHA256 = 4, + VB2_ALG_RSA2048_SHA512 = 5, + VB2_ALG_RSA4096_SHA1 = 6, + VB2_ALG_RSA4096_SHA256 = 7, + VB2_ALG_RSA4096_SHA512 = 8, + VB2_ALG_RSA8192_SHA1 = 9, + VB2_ALG_RSA8192_SHA256 = 10, + VB2_ALG_RSA8192_SHA512 = 11, + + /* Number of algorithms */ + VB2_ALG_COUNT +}; + +#endif /* VBOOT_REFERENCE_VBOOT_2CRYPTO_H_ */ diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h index 1fee1922..33edd617 100644 --- a/firmware/2lib/include/2rsa.h +++ b/firmware/2lib/include/2rsa.h @@ -6,27 +6,9 @@ #ifndef VBOOT_REFERENCE_2RSA_H_ #define VBOOT_REFERENCE_2RSA_H_ -struct vb2_workbuf; - -/* Algorithms for crypto lib */ -enum vb2_crypto_algorithm { - VB2_ALG_RSA1024_SHA1 = 0, - VB2_ALG_RSA1024_SHA256, - VB2_ALG_RSA1024_SHA512, - VB2_ALG_RSA2048_SHA1, - VB2_ALG_RSA2048_SHA256, - VB2_ALG_RSA2048_SHA512, - VB2_ALG_RSA4096_SHA1, - VB2_ALG_RSA4096_SHA256, - VB2_ALG_RSA4096_SHA512, - VB2_ALG_RSA8192_SHA1, - VB2_ALG_RSA8192_SHA256, - VB2_ALG_RSA8192_SHA512, - // TODO: add algorithms for bare SHA with no RSA? +#include "2crypto.h" - /* Number of algorithms */ - VB2_ALG_COUNT -}; +struct vb2_workbuf; /* Public key structure in RAM */ struct vb2_public_key { @@ -40,7 +22,7 @@ struct vb2_public_key { /** * Return the size of a RSA signature * - * @param algorithm Key algorithm + * @param algorithm Key algorithm (enum vb2_crypto_algorithm) * @return The size of the signature, or 0 if error. */ uint32_t vb2_rsa_sig_size(uint32_t algorithm); @@ -48,7 +30,7 @@ uint32_t vb2_rsa_sig_size(uint32_t algorithm); /** * Return the size of a pre-processed RSA public key. * - * @param algorithm Key algorithm + * @param algorithm Key algorithm (enum vb2_crypto_algorithm) * @return The size of the preprocessed key, or 0 if error. */ uint32_t vb2_packed_key_size(uint32_t algorithm); @@ -57,7 +39,7 @@ uint32_t vb2_packed_key_size(uint32_t algorithm); * Check pkcs 1.5 padding bytes * * @param sig Signature to verify - * @param algorithm Key algorithm + * @param algorithm Key algorithm (enum vb2_crypto_algorithm) * @return VB2_SUCCESS, or non-zero if error. */ int vb2_check_padding(uint8_t *sig, int algorithm); diff --git a/firmware/2lib/include/2sha.h b/firmware/2lib/include/2sha.h index 83a2c624..73efd96b 100644 --- a/firmware/2lib/include/2sha.h +++ b/firmware/2lib/include/2sha.h @@ -6,6 +6,8 @@ #ifndef VBOOT_REFERENCE_2SHA_H_ #define VBOOT_REFERENCE_2SHA_H_ +#include "2crypto.h" + /* Hash algorithms may be disabled individually to save code space */ #ifndef VB2_SUPPORT_SHA1 @@ -73,7 +75,7 @@ struct vb2_digest_context { #endif }; - /* Current hash algorithms */ + /* Current hash algorithm (enum vb2_crypto_algorithm) */ uint32_t algorithm; }; @@ -116,7 +118,7 @@ void vb2_sha512_finalize(struct vb2_sha512_context *ctx, uint8_t *digest); /** * Return the size of the digest for a key algorithm. * - * @param algorithm Key algorithm + * @param algorithm Key algorithm (enum vb2_crypto_algorithm) * @return The size of the digest, or 0 if error. */ int vb2_digest_size(uint32_t algorithm); @@ -125,7 +127,7 @@ int vb2_digest_size(uint32_t algorithm); * Initialize a digest context for doing block-style digesting. * * @param dc Digest context - * @param algorithm Key algorithm + * @param algorithm Key algorithm (enum vb2_crypto_algorithm) * @return VB2_SUCCESS, or non-zero on error. */ int vb2_digest_init(struct vb2_digest_context *dc, uint32_t algorithm); diff --git a/firmware/2lib/include/2struct.h b/firmware/2lib/include/2struct.h index 560d5672..339283ef 100644 --- a/firmware/2lib/include/2struct.h +++ b/firmware/2lib/include/2struct.h @@ -27,7 +27,7 @@ struct vb2_packed_key { uint32_t key_size; uint32_t reserved1; - /* Signature algorithm used by the key */ + /* Signature algorithm used by the key (enum vb2_crypto_algorithm) */ uint32_t algorithm; uint32_t reserved2; @@ -231,7 +231,10 @@ struct vb2_shared_data { /* Flags from GBB header */ uint32_t gbb_flags; - /* Reason we are in recovery mode this boot, or 0 if we aren't */ + /* + * Reason we are in recovery mode this boot (enum vb2_nv_recovery), or + * 0 if we aren't. + */ uint32_t recovery_reason; /* Firmware slot used last boot (0=A, 1=B) */ -- cgit v1.2.1