1 /* Copyright 2020 The ChromiumOS Authors
2 * Use of this source code is governed by a BSD-style license that can be
3 * found in the LICENSE file.
4 *
5 * Hash and signature algorithm parsing helpers for host utilities.
6 */
7
8 #include "2common.h"
9 #include "2crypto.h"
10 #include "2rsa.h"
11 #include "2sha.h"
12 #include "2sysincludes.h"
13
14 /*
15 * These two need to be exported for host/lib/crypto.c, but they also need to be
16 * in .rodata to make coreboot XIP stages happy. We know they are immutable but
17 * there is no C language way to guarantee that, so we have to manually force
18 * the compiler to place them in .rodata. Also inject custom section flags so
19 * they are only allocatable (a) but not writeable (w).
20 */
21
22 #ifndef CHROMEOS_ENVIRONMENT
23 __attribute__((section(".rodata.vb2_sig_names,\"a\"\n# ")))
24 #endif
25 const char *vb2_sig_names[VB2_SIG_ALG_COUNT] = {
26 [VB2_SIG_NONE] = "none",
27 [VB2_SIG_RSA1024] = "RSA1024",
28 [VB2_SIG_RSA2048] = "RSA2048",
29 [VB2_SIG_RSA4096] = "RSA4096",
30 [VB2_SIG_RSA8192] = "RSA8192",
31 [VB2_SIG_RSA2048_EXP3] = "RSA2048EXP3",
32 [VB2_SIG_RSA3072_EXP3] = "RSA3072EXP3",
33 };
34
35 #ifndef CHROMEOS_ENVIRONMENT
36 __attribute__((section(".rodata.vb2_hash_names,\"a\"\n# ")))
37 #endif
38 const char *vb2_hash_names[VB2_HASH_ALG_COUNT] = {
39 [VB2_HASH_NONE] = "none",
40 #if VB2_SUPPORT_SHA1
41 [VB2_HASH_SHA1] = VB2_SHA1_ALG_NAME,
42 #endif
43 #if VB2_SUPPORT_SHA256
44 [VB2_HASH_SHA224] = VB2_SHA224_ALG_NAME,
45 [VB2_HASH_SHA256] = VB2_SHA256_ALG_NAME,
46 #endif
47 #if VB2_SUPPORT_SHA512
48 [VB2_HASH_SHA384] = VB2_SHA384_ALG_NAME,
49 [VB2_HASH_SHA512] = VB2_SHA512_ALG_NAME,
50 #endif
51 };
52
53 /* The others are internal to this file. */
54
55 static const char *crypto_names[] = {
56 #if VB2_SUPPORT_SHA1
57 [VB2_ALG_RSA1024_SHA1] = "RSA1024 SHA1",
58 [VB2_ALG_RSA2048_SHA1] = "RSA2048 SHA1",
59 [VB2_ALG_RSA4096_SHA1] = "RSA4096 SHA1",
60 [VB2_ALG_RSA8192_SHA1] = "RSA8192 SHA1",
61 [VB2_ALG_RSA2048_EXP3_SHA1] = "RSA2048 EXP3 SHA1",
62 [VB2_ALG_RSA3072_EXP3_SHA1] = "RSA3072 EXP3 SHA1",
63 #endif
64 #if VB2_SUPPORT_SHA256
65 [VB2_ALG_RSA1024_SHA256] = "RSA1024 SHA256",
66 [VB2_ALG_RSA2048_SHA256] = "RSA2048 SHA256",
67 [VB2_ALG_RSA4096_SHA256] = "RSA4096 SHA256",
68 [VB2_ALG_RSA8192_SHA256] = "RSA8192 SHA256",
69 [VB2_ALG_RSA2048_EXP3_SHA256] = "RSA2048 EXP3 SHA256",
70 [VB2_ALG_RSA3072_EXP3_SHA256] = "RSA3072 EXP3 SHA256",
71 #endif
72 #if VB2_SUPPORT_SHA512
73 [VB2_ALG_RSA1024_SHA512] = "RSA1024 SHA512",
74 [VB2_ALG_RSA2048_SHA512] = "RSA2048 SHA512",
75 [VB2_ALG_RSA4096_SHA512] = "RSA4096 SHA512",
76 [VB2_ALG_RSA8192_SHA512] = "RSA8192 SHA512",
77 [VB2_ALG_RSA2048_EXP3_SHA512] = "RSA2048 EXP3 SHA512",
78 [VB2_ALG_RSA3072_EXP3_SHA512] = "RSA3072 EXP3 SHA512",
79 #endif
80 };
81
82 static const char *crypto_filenames[] = {
83 #if VB2_SUPPORT_SHA1
84 [VB2_ALG_RSA1024_SHA1] = "rsa1024",
85 [VB2_ALG_RSA2048_SHA1] = "rsa2048",
86 [VB2_ALG_RSA4096_SHA1] = "rsa4096",
87 [VB2_ALG_RSA8192_SHA1] = "rsa8192",
88 [VB2_ALG_RSA2048_EXP3_SHA1] = "rsa2048_exp3",
89 [VB2_ALG_RSA3072_EXP3_SHA1] = "rsa3072_exp3",
90 #endif
91 #if VB2_SUPPORT_SHA256
92 [VB2_ALG_RSA1024_SHA256] = "rsa1024",
93 [VB2_ALG_RSA2048_SHA256] = "rsa2048",
94 [VB2_ALG_RSA4096_SHA256] = "rsa4096",
95 [VB2_ALG_RSA8192_SHA256] = "rsa8192",
96 [VB2_ALG_RSA2048_EXP3_SHA256] = "rsa2048_exp3",
97 [VB2_ALG_RSA3072_EXP3_SHA256] = "rsa3072_exp3",
98 #endif
99 #if VB2_SUPPORT_SHA512
100 [VB2_ALG_RSA1024_SHA512] = "rsa1024",
101 [VB2_ALG_RSA2048_SHA512] = "rsa2048",
102 [VB2_ALG_RSA4096_SHA512] = "rsa4096",
103 [VB2_ALG_RSA8192_SHA512] = "rsa8192",
104 [VB2_ALG_RSA2048_EXP3_SHA512] = "rsa2048_exp3",
105 [VB2_ALG_RSA3072_EXP3_SHA512] = "rsa3072_exp3",
106 #endif
107 };
108
109 static const uint8_t crypto_to_sig[] = {
110 #if VB2_SUPPORT_SHA1
111 [VB2_ALG_RSA1024_SHA1] = VB2_SIG_RSA1024,
112 [VB2_ALG_RSA2048_SHA1] = VB2_SIG_RSA2048,
113 [VB2_ALG_RSA4096_SHA1] = VB2_SIG_RSA4096,
114 [VB2_ALG_RSA8192_SHA1] = VB2_SIG_RSA8192,
115 [VB2_ALG_RSA2048_EXP3_SHA1] = VB2_SIG_RSA2048_EXP3,
116 [VB2_ALG_RSA3072_EXP3_SHA1] = VB2_SIG_RSA3072_EXP3,
117 #endif
118 #if VB2_SUPPORT_SHA256
119 [VB2_ALG_RSA1024_SHA256] = VB2_SIG_RSA1024,
120 [VB2_ALG_RSA2048_SHA256] = VB2_SIG_RSA2048,
121 [VB2_ALG_RSA4096_SHA256] = VB2_SIG_RSA4096,
122 [VB2_ALG_RSA8192_SHA256] = VB2_SIG_RSA8192,
123 [VB2_ALG_RSA2048_EXP3_SHA256] = VB2_SIG_RSA2048_EXP3,
124 [VB2_ALG_RSA3072_EXP3_SHA256] = VB2_SIG_RSA3072_EXP3,
125 #endif
126 #if VB2_SUPPORT_SHA512
127 [VB2_ALG_RSA1024_SHA512] = VB2_SIG_RSA1024,
128 [VB2_ALG_RSA2048_SHA512] = VB2_SIG_RSA2048,
129 [VB2_ALG_RSA4096_SHA512] = VB2_SIG_RSA4096,
130 [VB2_ALG_RSA8192_SHA512] = VB2_SIG_RSA8192,
131 [VB2_ALG_RSA2048_EXP3_SHA512] = VB2_SIG_RSA2048_EXP3,
132 [VB2_ALG_RSA3072_EXP3_SHA512] = VB2_SIG_RSA3072_EXP3,
133 #endif
134 };
135
136 static const uint8_t crypto_to_hash[] = {
137 #if VB2_SUPPORT_SHA1
138 [VB2_ALG_RSA1024_SHA1] = VB2_HASH_SHA1,
139 [VB2_ALG_RSA2048_SHA1] = VB2_HASH_SHA1,
140 [VB2_ALG_RSA4096_SHA1] = VB2_HASH_SHA1,
141 [VB2_ALG_RSA8192_SHA1] = VB2_HASH_SHA1,
142 [VB2_ALG_RSA2048_EXP3_SHA1] = VB2_HASH_SHA1,
143 [VB2_ALG_RSA3072_EXP3_SHA1] = VB2_HASH_SHA1,
144 #endif
145 #if VB2_SUPPORT_SHA256
146 [VB2_ALG_RSA1024_SHA256] = VB2_HASH_SHA256,
147 [VB2_ALG_RSA2048_SHA256] = VB2_HASH_SHA256,
148 [VB2_ALG_RSA4096_SHA256] = VB2_HASH_SHA256,
149 [VB2_ALG_RSA8192_SHA256] = VB2_HASH_SHA256,
150 [VB2_ALG_RSA2048_EXP3_SHA256] = VB2_HASH_SHA256,
151 [VB2_ALG_RSA3072_EXP3_SHA256] = VB2_HASH_SHA256,
152 #endif
153 #if VB2_SUPPORT_SHA512
154 [VB2_ALG_RSA1024_SHA512] = VB2_HASH_SHA512,
155 [VB2_ALG_RSA2048_SHA512] = VB2_HASH_SHA512,
156 [VB2_ALG_RSA4096_SHA512] = VB2_HASH_SHA512,
157 [VB2_ALG_RSA8192_SHA512] = VB2_HASH_SHA512,
158 [VB2_ALG_RSA2048_EXP3_SHA512] = VB2_HASH_SHA512,
159 [VB2_ALG_RSA3072_EXP3_SHA512] = VB2_HASH_SHA512,
160 #endif
161 };
162
163 #if VB2_SUPPORT_SHA512
164 _Static_assert(ARRAY_SIZE(crypto_names) == VB2_ALG_COUNT, "");
165 _Static_assert(ARRAY_SIZE(crypto_filenames) == VB2_ALG_COUNT, "");
166 _Static_assert(ARRAY_SIZE(crypto_to_sig) == VB2_ALG_COUNT, "");
167 _Static_assert(ARRAY_SIZE(crypto_to_hash) == VB2_ALG_COUNT, "");
168 #endif
169
vb2_get_hash_algorithm_name(enum vb2_hash_algorithm hash_alg)170 const char *vb2_get_hash_algorithm_name(enum vb2_hash_algorithm hash_alg)
171 { if (hash_alg < ARRAY_SIZE(vb2_hash_names) && vb2_hash_names[hash_alg])
172 return vb2_hash_names[hash_alg];
173 else
174 return VB2_INVALID_ALG_NAME;
175 }
176
vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg)177 const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg)
178 {
179 if (sig_alg < ARRAY_SIZE(vb2_sig_names) && vb2_sig_names[sig_alg])
180 return vb2_sig_names[sig_alg];
181 else
182 return VB2_INVALID_ALG_NAME;
183 }
184
vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg)185 const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg)
186 {
187 if (alg < ARRAY_SIZE(crypto_names) && crypto_names[alg])
188 return crypto_names[alg];
189 else
190 return VB2_INVALID_ALG_NAME;
191 }
192
vb2_get_crypto_algorithm_file(enum vb2_crypto_algorithm alg)193 const char *vb2_get_crypto_algorithm_file(enum vb2_crypto_algorithm alg)
194 {
195 if (alg < ARRAY_SIZE(crypto_filenames) && crypto_filenames[alg])
196 return crypto_filenames[alg];
197 else
198 return VB2_INVALID_ALG_NAME;
199 }
200
vb2_crypto_to_signature(enum vb2_crypto_algorithm algorithm)201 enum vb2_signature_algorithm vb2_crypto_to_signature(
202 enum vb2_crypto_algorithm algorithm)
203 {
204 if (algorithm < ARRAY_SIZE(crypto_to_sig))
205 return crypto_to_sig[algorithm];
206 else
207 return VB2_SIG_INVALID;
208 }
209
vb2_crypto_to_hash(enum vb2_crypto_algorithm algorithm)210 enum vb2_hash_algorithm vb2_crypto_to_hash(enum vb2_crypto_algorithm algorithm)
211 {
212 if (algorithm < ARRAY_SIZE(crypto_to_hash))
213 return crypto_to_hash[algorithm];
214 else
215 return VB2_HASH_INVALID;
216 }
217