1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
|
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#ifndef VBOOT_REFERENCE_2RSA_H_
#define VBOOT_REFERENCE_2RSA_H_
struct vb2_workbuf;
/* Algorithms for crypto lib */
enum vb2_crypto_algorithm {
VB2_ALG_RSA1024_SHA1 = 0,
VB2_ALG_RSA1024_SHA256,
VB2_ALG_RSA1024_SHA512,
VB2_ALG_RSA2048_SHA1,
VB2_ALG_RSA2048_SHA256,
VB2_ALG_RSA2048_SHA512,
VB2_ALG_RSA4096_SHA1,
VB2_ALG_RSA4096_SHA256,
VB2_ALG_RSA4096_SHA512,
VB2_ALG_RSA8192_SHA1,
VB2_ALG_RSA8192_SHA256,
VB2_ALG_RSA8192_SHA512,
// TODO: add algorithms for bare SHA with no RSA?
/* Number of algorithms */
VB2_ALG_COUNT
};
/* Public key structure in RAM */
struct vb2_public_key {
uint32_t arrsize; /* Length of n[] and rr[] in number of uint32_t */
uint32_t n0inv; /* -1 / n[0] mod 2^32 */
const uint32_t *n; /* Modulus as little endian array */
const uint32_t *rr; /* R^2 as little endian array */
uint32_t algorithm; /* Algorithm to use when verifying with the key */
};
/**
* Return the size of a RSA signature
*
* @param algorithm Key algorithm
* @return The size of the signature, or 0 if error.
*/
uint32_t vb2_rsa_sig_size(uint32_t algorithm);
/**
* Return the size of a pre-processed RSA public key.
*
* @param algorithm Key algorithm
* @return The size of the preprocessed key, or 0 if error.
*/
uint32_t vb2_packed_key_size(uint32_t algorithm);
/**
* Check pkcs 1.5 padding bytes
*
* @param sig Signature to verify
* @param algorithm Key algorithm
* @return VB2_SUCCESS, or non-zero if error.
*/
int vb2_check_padding(uint8_t *sig, int algorithm);
/* Size of work buffer sufficient for vb2_verify_digest() worst case */
#define VB2_VERIFY_DIGEST_WORKBUF_BYTES (3 * 1024)
/**
* Verify a RSA PKCS1.5 signature against an expected hash digest.
*
* @param key Key to use in signature verification
* @param sig Signature to verify (destroyed in process)
* @param digest Digest of signed data
* @param wb Work buffer
* @return VB2_SUCCESS, or non-zero if error.
*/
int vb2_verify_digest(const struct vb2_public_key *key,
uint8_t *sig,
const uint8_t *digest,
struct vb2_workbuf *wb);
#endif /* VBOOT_REFERENCE_2RSA_H_ */
|
