OLD | NEW |
1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. | 1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. |
2 * Use of this source code is governed by a BSD-style license that can be | 2 * Use of this source code is governed by a BSD-style license that can be |
3 * found in the LICENSE file. | 3 * found in the LICENSE file. |
4 */ | 4 */ |
5 | 5 |
6 #ifndef VBOOT_REFERENCE_RSA_H_ | 6 #ifndef VBOOT_REFERENCE_RSA_H_ |
7 #define VBOOT_REFERENCE_RSA_H_ | 7 #define VBOOT_REFERENCE_RSA_H_ |
8 | 8 |
9 #ifndef VBOOT_REFERENCE_CRYPTOLIB_H_ | 9 #ifndef VBOOT_REFERENCE_CRYPTOLIB_H_ |
10 #error "Do not include this file directly. Use cryptolib.h instead." | 10 #error "Do not include this file directly. Use cryptolib.h instead." |
11 #endif | 11 #endif |
12 | 12 |
13 #include "sysincludes.h" | 13 #include "sysincludes.h" |
14 | 14 |
15 #define RSA1024NUMBYTES 128 /* 1024 bit key length */ | 15 #define RSA1024NUMBYTES 128 /* 1024 bit key length */ |
16 #define RSA2048NUMBYTES 256 /* 2048 bit key length */ | 16 #define RSA2048NUMBYTES 256 /* 2048 bit key length */ |
17 #define RSA4096NUMBYTES 512 /* 4096 bit key length */ | 17 #define RSA4096NUMBYTES 512 /* 4096 bit key length */ |
18 #define RSA8192NUMBYTES 1024 /* 8192 bit key length */ | 18 #define RSA8192NUMBYTES 1024 /* 8192 bit key length */ |
19 | 19 |
20 #define RSA1024NUMWORDS (RSA1024NUMBYTES / sizeof(uint32_t)) | 20 #define RSA1024NUMWORDS (RSA1024NUMBYTES / sizeof(uint32_t)) |
21 #define RSA2048NUMWORDS (RSA2048NUMBYTES / sizeof(uint32_t)) | 21 #define RSA2048NUMWORDS (RSA2048NUMBYTES / sizeof(uint32_t)) |
22 #define RSA4096NUMWORDS (RSA4096NUMBYTES / sizeof(uint32_t)) | 22 #define RSA4096NUMWORDS (RSA4096NUMBYTES / sizeof(uint32_t)) |
23 #define RSA8192NUMWORDS (RSA8192NUMBYTES / sizeof(uint32_t)) | 23 #define RSA8192NUMWORDS (RSA8192NUMBYTES / sizeof(uint32_t)) |
24 | 24 |
25 typedef struct RSAPublicKey { | 25 typedef struct RSAPublicKey { |
26 uint32_t len; /* Length of n[] in number of uint32_t */ | 26 uint32_t len; /* Length of n[] in number of uint32_t */ |
27 uint32_t n0inv; /* -1 / n[0] mod 2^32 */ | 27 uint32_t n0inv; /* -1 / n[0] mod 2^32 */ |
28 uint32_t* n; /* modulus as little endian array */ | 28 uint32_t* n; /* modulus as little endian array */ |
29 uint32_t* rr; /* R^2 as little endian array */ | 29 uint32_t* rr; /* R^2 as little endian array */ |
30 int algorithm; /* Algorithm to use when verifying binaries with the key */ | 30 unsigned int algorithm; /* Algorithm to use when verifying with the key */ |
31 } RSAPublicKey; | 31 } RSAPublicKey; |
32 | 32 |
33 /* Verify a RSA PKCS1.5 signature [sig] of [sig_type] and length [sig_len] | 33 /* Verify a RSA PKCS1.5 signature [sig] of [sig_type] and length [sig_len] |
34 * against an expected [hash] using [key]. Returns 0 on failure, 1 on success. | 34 * against an expected [hash] using [key]. Returns 0 on failure, 1 on success. |
35 */ | 35 */ |
36 int RSAVerify(const RSAPublicKey *key, | 36 int RSAVerify(const RSAPublicKey *key, |
37 const uint8_t* sig, | 37 const uint8_t* sig, |
38 const uint32_t sig_len, | 38 const uint32_t sig_len, |
39 const uint8_t sig_type, | 39 const uint8_t sig_type, |
40 const uint8_t* hash); | 40 const uint8_t* hash); |
41 | 41 |
42 /* Perform RSA signature verification on [buf] of length [len] against expected | 42 /* Perform RSA signature verification on [buf] of length [len] against expected |
43 * signature [sig] using signature algorithm [algorithm]. The public key used | 43 * signature [sig] using signature algorithm [algorithm]. The public key used |
44 * for verification can either be in the form of a pre-process key blob | 44 * for verification can either be in the form of a pre-process key blob |
45 * [key_blob] or RSAPublicKey structure [key]. One of [key_blob] or [key] must | 45 * [key_blob] or RSAPublicKey structure [key]. One of [key_blob] or [key] must |
46 * be non-NULL, and the other NULL or the function will fail. | 46 * be non-NULL, and the other NULL or the function will fail. |
47 * | 47 * |
48 * Returns 1 on verification success, 0 on verification failure or invalid | 48 * Returns 1 on verification success, 0 on verification failure or invalid |
49 * arguments. | 49 * arguments. |
50 * | 50 * |
51 * Note: This function is for use in the firmware and assumes all pointers point | 51 * Note: This function is for use in the firmware and assumes all pointers point |
52 * to areas in the memory of the right size. | 52 * to areas in the memory of the right size. |
53 * | 53 * |
54 */ | 54 */ |
55 int RSAVerifyBinary_f(const uint8_t* key_blob, | 55 int RSAVerifyBinary_f(const uint8_t* key_blob, |
56 const RSAPublicKey* key, | 56 const RSAPublicKey* key, |
57 const uint8_t* buf, | 57 const uint8_t* buf, |
58 uint64_t len, | 58 uint64_t len, |
59 const uint8_t* sig, | 59 const uint8_t* sig, |
60 int algorithm); | 60 unsigned int algorithm); |
61 | 61 |
62 /* Version of RSAVerifyBinary_f() where instead of the raw binary blob | 62 /* Version of RSAVerifyBinary_f() where instead of the raw binary blob |
63 * of data, its digest is passed as the argument. */ | 63 * of data, its digest is passed as the argument. */ |
64 int RSAVerifyBinaryWithDigest_f(const uint8_t* key_blob, | 64 int RSAVerifyBinaryWithDigest_f(const uint8_t* key_blob, |
65 const RSAPublicKey* key, | 65 const RSAPublicKey* key, |
66 const uint8_t* digest, | 66 const uint8_t* digest, |
67 const uint8_t* sig, | 67 const uint8_t* sig, |
68 int algorithm); | 68 unsigned int algorithm); |
69 | 69 |
70 | 70 |
71 /* ----Some additional utility functions for RSA.---- */ | 71 /* ----Some additional utility functions for RSA.---- */ |
72 | 72 |
73 /* Returns the size of a pre-processed RSA public key in bytes with algorithm | 73 /* Returns the size of a pre-processed RSA public key in |
74 * [algorithm]. */ | 74 * [out_size] with the algorithm [algorithm]. |
75 int RSAProcessedKeySize(int algorithm); | 75 * |
| 76 * Returns 1 on success, 0 on failure. |
| 77 */ |
| 78 int RSAProcessedKeySize(unsigned int algorithm, int* out_size); |
76 | 79 |
77 /* Allocate a new RSAPublicKey structure and initialize its pointer fields to | 80 /* Allocate a new RSAPublicKey structure and initialize its pointer fields to |
78 * NULL */ | 81 * NULL */ |
79 RSAPublicKey* RSAPublicKeyNew(void); | 82 RSAPublicKey* RSAPublicKeyNew(void); |
80 | 83 |
81 /* Deep free the contents of [key]. */ | 84 /* Deep free the contents of [key]. */ |
82 void RSAPublicKeyFree(RSAPublicKey* key); | 85 void RSAPublicKeyFree(RSAPublicKey* key); |
83 | 86 |
84 /* Create a RSAPublic key structure from binary blob [buf] of length | 87 /* Create a RSAPublic key structure from binary blob [buf] of length |
85 * [len]. | 88 * [len]. |
86 * | 89 * |
87 * Caller owns the returned key and must free it. | 90 * Caller owns the returned key and must free it. |
88 */ | 91 */ |
89 RSAPublicKey* RSAPublicKeyFromBuf(const uint8_t* buf, int len); | 92 RSAPublicKey* RSAPublicKeyFromBuf(const uint8_t* buf, int len); |
90 | 93 |
91 | 94 |
92 #endif /* VBOOT_REFERENCE_RSA_H_ */ | 95 #endif /* VBOOT_REFERENCE_RSA_H_ */ |
OLD | NEW |