1*8617a60dSAndroid Build Coastguard Worker /* Copyright 2014 The ChromiumOS Authors 2*8617a60dSAndroid Build Coastguard Worker * Use of this source code is governed by a BSD-style license that can be 3*8617a60dSAndroid Build Coastguard Worker * found in the LICENSE file. 4*8617a60dSAndroid Build Coastguard Worker * 5*8617a60dSAndroid Build Coastguard Worker * Crypto constants for verified boot 6*8617a60dSAndroid Build Coastguard Worker */ 7*8617a60dSAndroid Build Coastguard Worker 8*8617a60dSAndroid Build Coastguard Worker #ifndef VBOOT_REFERENCE_2CRYPTO_H_ 9*8617a60dSAndroid Build Coastguard Worker #define VBOOT_REFERENCE_2CRYPTO_H_ 10*8617a60dSAndroid Build Coastguard Worker 11*8617a60dSAndroid Build Coastguard Worker #include "2sysincludes.h" 12*8617a60dSAndroid Build Coastguard Worker 13*8617a60dSAndroid Build Coastguard Worker /* Verified boot crypto algorithms */ 14*8617a60dSAndroid Build Coastguard Worker enum vb2_crypto_algorithm { 15*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA1024_SHA1 = 0, 16*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA1024_SHA256 = 1, 17*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA1024_SHA512 = 2, 18*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA2048_SHA1 = 3, 19*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA2048_SHA256 = 4, 20*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA2048_SHA512 = 5, 21*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA4096_SHA1 = 6, 22*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA4096_SHA256 = 7, 23*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA4096_SHA512 = 8, 24*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA8192_SHA1 = 9, 25*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA8192_SHA256 = 10, 26*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA8192_SHA512 = 11, 27*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA2048_EXP3_SHA1 = 12, 28*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA2048_EXP3_SHA256 = 13, 29*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA2048_EXP3_SHA512 = 14, 30*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA3072_EXP3_SHA1 = 15, 31*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA3072_EXP3_SHA256 = 16, 32*8617a60dSAndroid Build Coastguard Worker VB2_ALG_RSA3072_EXP3_SHA512 = 17, 33*8617a60dSAndroid Build Coastguard Worker /* Number of algorithms */ 34*8617a60dSAndroid Build Coastguard Worker VB2_ALG_COUNT 35*8617a60dSAndroid Build Coastguard Worker }; 36*8617a60dSAndroid Build Coastguard Worker 37*8617a60dSAndroid Build Coastguard Worker /* Algorithm types for signatures */ 38*8617a60dSAndroid Build Coastguard Worker enum vb2_signature_algorithm { 39*8617a60dSAndroid Build Coastguard Worker /* Invalid or unsupported signature type */ 40*8617a60dSAndroid Build Coastguard Worker VB2_SIG_INVALID = 0, 41*8617a60dSAndroid Build Coastguard Worker 42*8617a60dSAndroid Build Coastguard Worker /* 43*8617a60dSAndroid Build Coastguard Worker * No signature algorithm. The digest is unsigned. See 44*8617a60dSAndroid Build Coastguard Worker * VB2_ID_NONE_* for key IDs to use with this algorithm. 45*8617a60dSAndroid Build Coastguard Worker */ 46*8617a60dSAndroid Build Coastguard Worker VB2_SIG_NONE = 1, 47*8617a60dSAndroid Build Coastguard Worker 48*8617a60dSAndroid Build Coastguard Worker /* RSA algorithms of the given length in bits (1024-8192) */ 49*8617a60dSAndroid Build Coastguard Worker VB2_SIG_RSA1024 = 2, /* Warning! This is likely to be deprecated! */ 50*8617a60dSAndroid Build Coastguard Worker VB2_SIG_RSA2048 = 3, 51*8617a60dSAndroid Build Coastguard Worker VB2_SIG_RSA4096 = 4, 52*8617a60dSAndroid Build Coastguard Worker VB2_SIG_RSA8192 = 5, 53*8617a60dSAndroid Build Coastguard Worker VB2_SIG_RSA2048_EXP3 = 6, 54*8617a60dSAndroid Build Coastguard Worker VB2_SIG_RSA3072_EXP3 = 7, 55*8617a60dSAndroid Build Coastguard Worker 56*8617a60dSAndroid Build Coastguard Worker /* Last index. Don't add anything below. */ 57*8617a60dSAndroid Build Coastguard Worker VB2_SIG_ALG_COUNT, 58*8617a60dSAndroid Build Coastguard Worker }; 59*8617a60dSAndroid Build Coastguard Worker 60*8617a60dSAndroid Build Coastguard Worker /* Algorithm types for hash digests */ 61*8617a60dSAndroid Build Coastguard Worker enum vb2_hash_algorithm { 62*8617a60dSAndroid Build Coastguard Worker /* Invalid or unsupported digest type */ 63*8617a60dSAndroid Build Coastguard Worker VB2_HASH_INVALID = 0, 64*8617a60dSAndroid Build Coastguard Worker /* For some applications, it's more useful that 0 means "no hash". */ 65*8617a60dSAndroid Build Coastguard Worker VB2_HASH_NONE = VB2_HASH_INVALID, 66*8617a60dSAndroid Build Coastguard Worker 67*8617a60dSAndroid Build Coastguard Worker /* SHA-1. Warning: This is likely to be deprecated soon! */ 68*8617a60dSAndroid Build Coastguard Worker VB2_HASH_SHA1 = 1, 69*8617a60dSAndroid Build Coastguard Worker 70*8617a60dSAndroid Build Coastguard Worker /* SHA-256 and SHA-512 */ 71*8617a60dSAndroid Build Coastguard Worker VB2_HASH_SHA256 = 2, 72*8617a60dSAndroid Build Coastguard Worker VB2_HASH_SHA512 = 3, 73*8617a60dSAndroid Build Coastguard Worker 74*8617a60dSAndroid Build Coastguard Worker /* SHA-224/SHA-384 are variants of SHA-256/SHA-512, respectively. */ 75*8617a60dSAndroid Build Coastguard Worker VB2_HASH_SHA224 = 4, 76*8617a60dSAndroid Build Coastguard Worker VB2_HASH_SHA384 = 5, 77*8617a60dSAndroid Build Coastguard Worker 78*8617a60dSAndroid Build Coastguard Worker /* Last index. Don't add anything below. */ 79*8617a60dSAndroid Build Coastguard Worker VB2_HASH_ALG_COUNT, 80*8617a60dSAndroid Build Coastguard Worker }; 81*8617a60dSAndroid Build Coastguard Worker 82*8617a60dSAndroid Build Coastguard Worker /* Arrays mapping signature/hash types to their string representations. */ 83*8617a60dSAndroid Build Coastguard Worker extern const char *vb2_sig_names[VB2_SIG_ALG_COUNT]; 84*8617a60dSAndroid Build Coastguard Worker extern const char *vb2_hash_names[VB2_HASH_ALG_COUNT]; 85*8617a60dSAndroid Build Coastguard Worker 86*8617a60dSAndroid Build Coastguard Worker /** 87*8617a60dSAndroid Build Coastguard Worker * Convert vb2_crypto_algorithm to vb2_signature_algorithm. 88*8617a60dSAndroid Build Coastguard Worker * 89*8617a60dSAndroid Build Coastguard Worker * @param algorithm Crypto algorithm (vb2_crypto_algorithm) 90*8617a60dSAndroid Build Coastguard Worker * 91*8617a60dSAndroid Build Coastguard Worker * @return The signature algorithm for that crypto algorithm, or 92*8617a60dSAndroid Build Coastguard Worker * VB2_SIG_INVALID if the crypto algorithm or its corresponding signature 93*8617a60dSAndroid Build Coastguard Worker * algorithm is invalid or not supported. 94*8617a60dSAndroid Build Coastguard Worker */ 95*8617a60dSAndroid Build Coastguard Worker enum vb2_signature_algorithm vb2_crypto_to_signature( 96*8617a60dSAndroid Build Coastguard Worker enum vb2_crypto_algorithm algorithm); 97*8617a60dSAndroid Build Coastguard Worker 98*8617a60dSAndroid Build Coastguard Worker /** 99*8617a60dSAndroid Build Coastguard Worker * Convert vb2_crypto_algorithm to vb2_hash_algorithm. 100*8617a60dSAndroid Build Coastguard Worker * 101*8617a60dSAndroid Build Coastguard Worker * @param algorithm Crypto algorithm (vb2_crypto_algorithm) 102*8617a60dSAndroid Build Coastguard Worker * 103*8617a60dSAndroid Build Coastguard Worker * @return The hash algorithm for that crypto algorithm, or VB2_HASH_INVALID if 104*8617a60dSAndroid Build Coastguard Worker * the crypto algorithm or its corresponding hash algorithm is invalid or not 105*8617a60dSAndroid Build Coastguard Worker * supported. 106*8617a60dSAndroid Build Coastguard Worker */ 107*8617a60dSAndroid Build Coastguard Worker enum vb2_hash_algorithm vb2_crypto_to_hash(enum vb2_crypto_algorithm algorithm); 108*8617a60dSAndroid Build Coastguard Worker 109*8617a60dSAndroid Build Coastguard Worker /** 110*8617a60dSAndroid Build Coastguard Worker * Return the name of a signature algorithm. 111*8617a60dSAndroid Build Coastguard Worker * 112*8617a60dSAndroid Build Coastguard Worker * @param sig_alg Signature algorithm to look up 113*8617a60dSAndroid Build Coastguard Worker * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match. 114*8617a60dSAndroid Build Coastguard Worker */ 115*8617a60dSAndroid Build Coastguard Worker const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg); 116*8617a60dSAndroid Build Coastguard Worker 117*8617a60dSAndroid Build Coastguard Worker /** 118*8617a60dSAndroid Build Coastguard Worker * Return the name of a hash algorithm 119*8617a60dSAndroid Build Coastguard Worker * 120*8617a60dSAndroid Build Coastguard Worker * @param alg Hash algorithm ID 121*8617a60dSAndroid Build Coastguard Worker * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match. 122*8617a60dSAndroid Build Coastguard Worker */ 123*8617a60dSAndroid Build Coastguard Worker const char *vb2_get_hash_algorithm_name(enum vb2_hash_algorithm alg); 124*8617a60dSAndroid Build Coastguard Worker 125*8617a60dSAndroid Build Coastguard Worker /** 126*8617a60dSAndroid Build Coastguard Worker * Return the name of a crypto algorithm. 127*8617a60dSAndroid Build Coastguard Worker * 128*8617a60dSAndroid Build Coastguard Worker * @param alg Crypto algorithm to look up 129*8617a60dSAndroid Build Coastguard Worker * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match. 130*8617a60dSAndroid Build Coastguard Worker */ 131*8617a60dSAndroid Build Coastguard Worker const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg); 132*8617a60dSAndroid Build Coastguard Worker 133*8617a60dSAndroid Build Coastguard Worker /** 134*8617a60dSAndroid Build Coastguard Worker * Return the name of a crypto algorithm. 135*8617a60dSAndroid Build Coastguard Worker * 136*8617a60dSAndroid Build Coastguard Worker * @param alg Crypto algorithm to look up 137*8617a60dSAndroid Build Coastguard Worker * @return The corresponding stem filename, or VB2_INVALID_ALG_NAME if no match. 138*8617a60dSAndroid Build Coastguard Worker */ 139*8617a60dSAndroid Build Coastguard Worker const char *vb2_get_crypto_algorithm_file(enum vb2_crypto_algorithm alg); 140*8617a60dSAndroid Build Coastguard Worker 141*8617a60dSAndroid Build Coastguard Worker #endif /* VBOOT_REFERENCE_2CRYPTO_H_ */ 142