xref: /aosp_15_r20/external/vboot_reference/host/lib/include/host_p11.h (revision 8617a60d3594060b7ecbd21bc622a7c14f3cf2bc) 
1 /* Copyright 2023 The ChromiumOS Authors
2  * Use of this source code is governed by a BSD-style license that can be
3  * found in the LICENSE file.
4  */
5 
6 #ifndef VBOOT_REFERENCE_HOST_P11_H_
7 #define VBOOT_REFERENCE_HOST_P11_H_
8 
9 #include "2id.h"
10 #include "2return_codes.h"
11 #include "2struct.h"
12 
13 /* Pkcs11 key for the signing */
14 struct pkcs11_key;
15 
16 /**
17  * Initialize the pkcs11 library. Note that there is only one pkcs11 module can be loaded
18  * at a time.
19  *
20  * @param pkcs11_lib	Path of the Pkcs11 library to be initialized
21  *
22  * @return VB2_SUCCESS, or non-zero if error.
23  */
24 vb2_error_t pkcs11_init(const char *pkcs11_lib);
25 
26 /**
27  * Get the pkcs11 key by the slot id and label.
28  *
29  * @param slot_id	Slot id of the pkcs11 key
30  * @param label		Label of the pkcs11 key
31  *
32  * @return Pointer to pkcs11 key, or NULL on error.
33  */
34 struct pkcs11_key *pkcs11_get_key(int slot_id, char *label);
35 
36 /**
37  * Get the signature algorithm of the pkcs11 key.
38  *
39  * @param p11_key	Pkcs11 Key
40  *
41  * @return  The hash algorithm of pkcs11 key
42  */
43 enum vb2_hash_algorithm pkcs11_get_hash_alg(struct pkcs11_key *p11_key);
44 
45 /**
46  * Get the signature algorithm of the pkcs11 key.
47  *
48  * @param p11_key	Pkcs11 Key
49  *
50  * @return  The signature algorithm of pkcs11 key
51  */
52 enum vb2_signature_algorithm pkcs11_get_sig_alg(struct pkcs11_key *p11_key);
53 
54 /**
55  * Get the signature algorithm of the pkcs11 key.
56  *
57  * @param p11_key	Pkcs11 Key
58  * @param sizeptr	Pointer of size of modulus returned.
59  *
60  * @return The modulus of the pkcs11 key. Caller must free() it.
61  */
62 uint8_t *pkcs11_get_modulus(struct pkcs11_key *p11_key, uint32_t *sizeptr);
63 
64 /**
65  * Calculate a signature for the data using pkcs11 key.
66  *
67  * @param p11_key	Private key to use to sign data
68  * @param hash_alg Hash algorithm used for pkcs11 signing
69  * @param data		Pointer to data to sign
70  * @param data_size	Size of data in bytes
71  * @param sig		Pointer to the output signature
72  * @param sig_size	Size of sig in bytes
73  *
74  * @return VB2_SUCCESS, or non-zero if error.
75  */
76 vb2_error_t pkcs11_sign(struct pkcs11_key *p11_key, enum vb2_hash_algorithm hash_alg,
77 			const uint8_t *data, int data_size, uint8_t *sig, uint32_t sig_size);
78 
79 /**
80  * Free a pkcs11 key.
81  *
82  * @param key		Pkcs11 key to free.
83  */
84 void pkcs11_free_key(struct pkcs11_key *p11_key);
85 
86 #endif /* VBOOT_REFERENCE_HOST_P11_H_ */
87