1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
|
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Crypto constants for verified boot
*/
#ifndef VBOOT_REFERENCE_2CRYPTO_H_
#define VBOOT_REFERENCE_2CRYPTO_H_
#include "2sysincludes.h"
/* Verified boot crypto algorithms */
enum vb2_crypto_algorithm {
VB2_ALG_RSA1024_SHA1 = 0,
VB2_ALG_RSA1024_SHA256 = 1,
VB2_ALG_RSA1024_SHA512 = 2,
VB2_ALG_RSA2048_SHA1 = 3,
VB2_ALG_RSA2048_SHA256 = 4,
VB2_ALG_RSA2048_SHA512 = 5,
VB2_ALG_RSA4096_SHA1 = 6,
VB2_ALG_RSA4096_SHA256 = 7,
VB2_ALG_RSA4096_SHA512 = 8,
VB2_ALG_RSA8192_SHA1 = 9,
VB2_ALG_RSA8192_SHA256 = 10,
VB2_ALG_RSA8192_SHA512 = 11,
VB2_ALG_RSA2048_EXP3_SHA1 = 12,
VB2_ALG_RSA2048_EXP3_SHA256 = 13,
VB2_ALG_RSA2048_EXP3_SHA512 = 14,
VB2_ALG_RSA3072_EXP3_SHA1 = 15,
VB2_ALG_RSA3072_EXP3_SHA256 = 16,
VB2_ALG_RSA3072_EXP3_SHA512 = 17,
/* Number of algorithms */
VB2_ALG_COUNT
};
/* Algorithm types for signatures */
enum vb2_signature_algorithm {
/* Invalid or unsupported signature type */
VB2_SIG_INVALID = 0,
/*
* No signature algorithm. The digest is unsigned. See
* VB2_ID_NONE_* for key IDs to use with this algorithm.
*/
VB2_SIG_NONE = 1,
/* RSA algorithms of the given length in bits (1024-8192) */
VB2_SIG_RSA1024 = 2, /* Warning! This is likely to be deprecated! */
VB2_SIG_RSA2048 = 3,
VB2_SIG_RSA4096 = 4,
VB2_SIG_RSA8192 = 5,
VB2_SIG_RSA2048_EXP3 = 6,
VB2_SIG_RSA3072_EXP3 = 7,
/* Last index. Don't add anything below. */
VB2_SIG_ALG_COUNT,
};
/* Algorithm types for hash digests */
enum vb2_hash_algorithm {
/* Invalid or unsupported digest type */
VB2_HASH_INVALID = 0,
/* For some applications, it's more useful that 0 means "no hash". */
VB2_HASH_NONE = VB2_HASH_INVALID,
/* SHA-1. Warning: This is likely to be deprecated soon! */
VB2_HASH_SHA1 = 1,
/* SHA-256 and SHA-512 */
VB2_HASH_SHA256 = 2,
VB2_HASH_SHA512 = 3,
/* SHA-224/SHA-384 are variants of SHA-256/SHA-512, respectively. */
VB2_HASH_SHA224 = 4,
VB2_HASH_SHA384 = 5,
/* Last index. Don't add anything below. */
VB2_HASH_ALG_COUNT,
};
/* Arrays mapping signature/hash types to their string representations. */
extern const char *vb2_sig_names[VB2_SIG_ALG_COUNT];
extern const char *vb2_hash_names[VB2_HASH_ALG_COUNT];
/**
* Convert vb2_crypto_algorithm to vb2_signature_algorithm.
*
* @param algorithm Crypto algorithm (vb2_crypto_algorithm)
*
* @return The signature algorithm for that crypto algorithm, or
* VB2_SIG_INVALID if the crypto algorithm or its corresponding signature
* algorithm is invalid or not supported.
*/
enum vb2_signature_algorithm vb2_crypto_to_signature(
enum vb2_crypto_algorithm algorithm);
/**
* Convert vb2_crypto_algorithm to vb2_hash_algorithm.
*
* @param algorithm Crypto algorithm (vb2_crypto_algorithm)
*
* @return The hash algorithm for that crypto algorithm, or VB2_HASH_INVALID if
* the crypto algorithm or its corresponding hash algorithm is invalid or not
* supported.
*/
enum vb2_hash_algorithm vb2_crypto_to_hash(enum vb2_crypto_algorithm algorithm);
/**
* Return the name of a signature algorithm.
*
* @param sig_alg Signature algorithm to look up
* @return The corresponding name, or VB2_INVALID_ALG_NAME if no match.
*/
const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg);
/**
* Return the name of a hash algorithm
*
* @param alg Hash algorithm ID
* @return The corresponding name, or VB2_INVALID_ALG_NAME if no match.
*/
const char *vb2_get_hash_algorithm_name(enum vb2_hash_algorithm alg);
/**
* Return the name of a crypto algorithm.
*
* @param alg Crypto algorithm to look up
* @return The corresponding name, or VB2_INVALID_ALG_NAME if no match.
*/
const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg);
/**
* Return the name of a crypto algorithm.
*
* @param alg Crypto algorithm to look up
* @return The corresponding stem filename, or VB2_INVALID_ALG_NAME if no match.
*/
const char *vb2_get_crypto_algorithm_file(enum vb2_crypto_algorithm alg);
#endif /* VBOOT_REFERENCE_2CRYPTO_H_ */
|
