xref: /aosp_15_r20/external/vboot_reference/firmware/2lib/include/2rsa.h (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1 /* Copyright 2014 The ChromiumOS Authors
2  * Use of this source code is governed by a BSD-style license that can be
3  * found in the LICENSE file.
4  */
5 
6 #ifndef VBOOT_REFERENCE_2RSA_H_
7 #define VBOOT_REFERENCE_2RSA_H_
8 
9 #include "2crypto.h"
10 #include "2return_codes.h"
11 
12 struct vb2_workbuf;
13 
14 /* Public key structure in RAM */
15 struct vb2_public_key {
16 	uint32_t arrsize;    /* Length of n[] and rr[] in number of uint32_t */
17 	uint32_t n0inv;      /* -1 / n[0] mod 2^32 */
18 	const uint32_t *n;   /* Modulus as little endian array */
19 	const uint32_t *rr;  /* R^2 as little endian array */
20 	enum vb2_signature_algorithm sig_alg;	/* Signature algorithm */
21 	enum vb2_hash_algorithm hash_alg;	/* Hash algorithm */
22 	const char *desc;			/* Description */
23 	uint32_t version;			/* Key version */
24 	const struct vb2_id *id;		/* Key ID */
25 	bool allow_hwcrypto;			/* Is hwcrypto allowed for key */
26 };
27 
28 /**
29  * Return the size of a RSA signature
30  *
31  * @param sig_alg	Signature algorithm
32  * @return The size of the signature in bytes, or 0 if error.
33  */
34 uint32_t vb2_rsa_sig_size(enum vb2_signature_algorithm sig_alg);
35 
36 /**
37  * Return the size of a pre-processed RSA public key.
38  *
39  * @param sig_alg	Signature algorithm
40  * @return The size of the preprocessed key in bytes, or 0 if error.
41  */
42 uint32_t vb2_packed_key_size(enum vb2_signature_algorithm sig_alg);
43 
44 /* Size of work buffer sufficient for vb2_rsa_verify_digest() worst case */
45 #if defined(ENABLE_HWCRYPTO_RSA_TESTS)
46 #define VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES ((11 * 1024) + 8)
47 #else
48 #define VB2_VERIFY_RSA_DIGEST_WORKBUF_BYTES (3 * 1024)
49 #endif
50 
51 /**
52  * Verify a RSA PKCS1.5 signature against an expected hash digest.
53  *
54  * @param key		Key to use in signature verification
55  * @param sig		Signature to verify (destroyed in process)
56  * @param digest	Digest of signed data
57  * @param wb		Work buffer
58  * @return VB2_SUCCESS, or non-zero if error.
59  */
60 vb2_error_t vb2_rsa_verify_digest(const struct vb2_public_key *key,
61 				  uint8_t *sig, const uint8_t *digest,
62 				  const struct vb2_workbuf *wb);
63 
64 /**
65  * In-place public exponentiation.
66  *
67  * @param key		Key to use in signing
68  * @param inout		Input and output big-endian byte array
69  * @param workbuf	Work buffer; caller must verify this is
70  *			(3 * key->arrsize) elements long.
71  * @param exp		RSA public exponent: either 65537 (F4) or 3
72  */
73 void vb2_modexp(const struct vb2_public_key *key, uint8_t *inout,
74 		void *workbuf, int exp);
75 
76 #endif  /* VBOOT_REFERENCE_2RSA_H_ */
77