• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
2  * Use of this source code is governed by a BSD-style license that can be
3  * found in the LICENSE file.
4  */
5 
6 #ifndef VBOOT_REFERENCE_2RSA_H_
7 #define VBOOT_REFERENCE_2RSA_H_
8 
9 #include "2crypto.h"
10 #include "2struct.h"
11 
12 struct vb2_workbuf;
13 
14 /* Public key structure in RAM */
15 struct vb2_public_key {
16 	uint32_t arrsize;    /* Length of n[] and rr[] in number of uint32_t */
17 	uint32_t n0inv;      /* -1 / n[0] mod 2^32 */
18 	const uint32_t *n;   /* Modulus as little endian array */
19 	const uint32_t *rr;  /* R^2 as little endian array */
20 	enum vb2_signature_algorithm sig_alg;  /* Signature algorithm */
21 	enum vb2_hash_algorithm hash_alg;      /* Hash algorithm */
22 	const char *desc;            /* Description */
23 	uint32_t version;            /* Key version */
24 	const struct vb2_guid *guid; /* Key GUID */
25 };
26 
27 /**
28  * Convert vb2_crypto_algorithm to vb2_signature_algorithm.
29  *
30  * @param algorithm	Crypto algorithm (vb2_crypto_algorithm)
31  *
32  * @return The signature algorithm for that crypto algorithm, or
33  * VB2_SIG_INVALID if the crypto algorithm or its corresponding signature
34  * algorithm is invalid or not supported.
35  */
36 enum vb2_signature_algorithm vb2_crypto_to_signature(uint32_t algorithm);
37 
38 /**
39  * Return the size of a RSA signature
40  *
41  * @param sig_alg	Signature algorithm
42  * @return The size of the signature in bytes, or 0 if error.
43  */
44 uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg);
45 
46 /**
47  * Return the size of a pre-processed RSA public key.
48  *
49  * @param sig_alg	Signature algorithm
50  * @return The size of the preprocessed key in bytes, or 0 if error.
51  */
52 uint32_t vb2_packed_key_size(enum vb2_signature_algorithm sig_alg);
53 
54 /**
55  * Check pkcs 1.5 padding bytes
56  *
57  * @param sig		Signature to verify
58  * @param key		Key to take signature and hash algorithms from
59  * @return VB2_SUCCESS, or non-zero if error.
60  */
61 int vb2_check_padding(const uint8_t *sig, const struct vb2_public_key *key);
62 
63 /* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */
64 #define VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES (3 * 1024)
65 
66 /**
67  * Verify a RSA PKCS1.5 signature against an expected hash digest.
68  *
69  * @param key		Key to use in signature verification
70  * @param sig		Signature to verify (destroyed in process)
71  * @param digest	Digest of signed data
72  * @param wb		Work buffer
73  * @return VB2_SUCCESS, or non-zero if error.
74  */
75 int vb2_rsa_verify_digest(const struct vb2_public_key *key,
76 			  uint8_t *sig,
77 			  const uint8_t *digest,
78 			  const struct vb2_workbuf *wb);
79 
80 #endif  /* VBOOT_REFERENCE_2RSA_H_ */
81