VBoot Reference: Refactor Part 2 - Crypto Libraries

src/platform/vboot_reference/include/rsa.h

Index: src/platform/vboot_reference/include/rsa.h
diff --git a/src/platform/vboot_reference/include/rsa.h b/src/platform/vboot_reference/include/rsa.h
index 8f2ede8a6adbe0beec94e892237bcf5c47e4c4f9..1a45803717e78fcc308ac146bdf361791e0403ba 100644
--- a/src/platform/vboot_reference/include/rsa.h
+++ b/src/platform/vboot_reference/include/rsa.h
@@ -6,7 +6,11 @@
 #ifndef VBOOT_REFERENCE_RSA_H_
 #define VBOOT_REFERENCE_RSA_H_
 
-#include <inttypes.h>
+#ifndef VBOOT_REFERENCE_CRYPTOLIB_H_
+#error "Do not include this file directly. Use cryptolib.h instead."
+#endif
+
+#include <stdint.h>
 
 #define RSA1024NUMBYTES 128  /* 1024 bit key length */
 #define RSA2048NUMBYTES 256  /* 2048 bit key length */
@@ -29,9 +33,59 @@ typedef struct RSAPublicKey {
  * against an expected [hash] using [key]. Returns 0 on failure, 1 on success.
  */
 int RSAVerify(const RSAPublicKey *key,
-               const uint8_t* sig,
-               const int sig_len,
-               const uint8_t sig_type,
-               const uint8_t* hash);
+              const uint8_t* sig,
+              const int sig_len,
+              const uint8_t sig_type,
+              const uint8_t* hash);
+
+/* Perform RSA signature verification on [buf] of length [len] against expected
+ * signature [sig] using signature algorithm [algorithm]. The public key used
+ * for verification can either be in the form of a pre-process key blob
+ * [key_blob] or RSAPublicKey structure [key]. One of [key_blob] or [key] must
+ * be non-NULL, and the other NULL or the function will fail.
+ *
+ * Returns 1 on verification success, 0 on verification failure or invalid
+ * arguments.
+ *
+ * Note: This function is for use in the firmware and assumes all pointers point
+ * to areas in the memory of the right size.
+ *
+ */
+int RSAVerifyBinary_f(const uint8_t* key_blob,
+                      const RSAPublicKey* key,
+                      const uint8_t* buf,
+                      uint64_t len,
+                      const uint8_t* sig,
+                      int algorithm);
+
+/* Version of RSAVerifyBinary_f() where instead of the raw binary blob
+ * of data, its digest is passed as the argument. */
+int RSAVerifyBinaryWithDigest_f(const uint8_t* key_blob,
+                                const RSAPublicKey* key,
+                                const uint8_t* digest,
+                                const uint8_t* sig,
+                                int algorithm);
+
+
+/* ----Some additional utility functions for RSA.---- */
+
+/* Returns the size of a pre-processed RSA public key in bytes with algorithm
+ * [algorithm]. */
+int RSAProcessedKeySize(int algorithm);
+
+/* Allocate a new RSAPublicKey structure and initialize its pointer fields to
+ * NULL */
+RSAPublicKey* RSAPublicKeyNew(void);
+
+/* Deep free the contents of [key]. */
+void RSAPublicKeyFree(RSAPublicKey* key);
+
+/* Create a RSAPublic key structure from binary blob [buf] of length
+ * [len].
+ *
+ * Caller owns the returned key and must free it.
+ */
+RSAPublicKey* RSAPublicKeyFromBuf(const uint8_t* buf, int len);
+
 
 #endif  /* VBOOT_REFERENCE_RSA_H_ */