1 /* Copyright 2014 The ChromiumOS Authors 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 * 5 * Crypto constants for verified boot 6 */ 7 8 #ifndef VBOOT_REFERENCE_2CRYPTO_H_ 9 #define VBOOT_REFERENCE_2CRYPTO_H_ 10 11 #include "2sysincludes.h" 12 13 /* Verified boot crypto algorithms */ 14 enum vb2_crypto_algorithm { 15 VB2_ALG_RSA1024_SHA1 = 0, 16 VB2_ALG_RSA1024_SHA256 = 1, 17 VB2_ALG_RSA1024_SHA512 = 2, 18 VB2_ALG_RSA2048_SHA1 = 3, 19 VB2_ALG_RSA2048_SHA256 = 4, 20 VB2_ALG_RSA2048_SHA512 = 5, 21 VB2_ALG_RSA4096_SHA1 = 6, 22 VB2_ALG_RSA4096_SHA256 = 7, 23 VB2_ALG_RSA4096_SHA512 = 8, 24 VB2_ALG_RSA8192_SHA1 = 9, 25 VB2_ALG_RSA8192_SHA256 = 10, 26 VB2_ALG_RSA8192_SHA512 = 11, 27 VB2_ALG_RSA2048_EXP3_SHA1 = 12, 28 VB2_ALG_RSA2048_EXP3_SHA256 = 13, 29 VB2_ALG_RSA2048_EXP3_SHA512 = 14, 30 VB2_ALG_RSA3072_EXP3_SHA1 = 15, 31 VB2_ALG_RSA3072_EXP3_SHA256 = 16, 32 VB2_ALG_RSA3072_EXP3_SHA512 = 17, 33 /* Number of algorithms */ 34 VB2_ALG_COUNT 35 }; 36 37 /* Algorithm types for signatures */ 38 enum vb2_signature_algorithm { 39 /* Invalid or unsupported signature type */ 40 VB2_SIG_INVALID = 0, 41 42 /* 43 * No signature algorithm. The digest is unsigned. See 44 * VB2_ID_NONE_* for key IDs to use with this algorithm. 45 */ 46 VB2_SIG_NONE = 1, 47 48 /* RSA algorithms of the given length in bits (1024-8192) */ 49 VB2_SIG_RSA1024 = 2, /* Warning! This is likely to be deprecated! */ 50 VB2_SIG_RSA2048 = 3, 51 VB2_SIG_RSA4096 = 4, 52 VB2_SIG_RSA8192 = 5, 53 VB2_SIG_RSA2048_EXP3 = 6, 54 VB2_SIG_RSA3072_EXP3 = 7, 55 56 /* Last index. Don't add anything below. */ 57 VB2_SIG_ALG_COUNT, 58 }; 59 60 /* Algorithm types for hash digests */ 61 enum vb2_hash_algorithm { 62 /* Invalid or unsupported digest type */ 63 VB2_HASH_INVALID = 0, 64 /* For some applications, it's more useful that 0 means "no hash". */ 65 VB2_HASH_NONE = VB2_HASH_INVALID, 66 67 /* SHA-1. Warning: This is likely to be deprecated soon! */ 68 VB2_HASH_SHA1 = 1, 69 70 /* SHA-256 and SHA-512 */ 71 VB2_HASH_SHA256 = 2, 72 VB2_HASH_SHA512 = 3, 73 74 /* SHA-224/SHA-384 are variants of SHA-256/SHA-512, respectively. */ 75 VB2_HASH_SHA224 = 4, 76 VB2_HASH_SHA384 = 5, 77 78 /* Last index. Don't add anything below. */ 79 VB2_HASH_ALG_COUNT, 80 }; 81 82 /* Arrays mapping signature/hash types to their string representations. */ 83 extern const char *vb2_sig_names[VB2_SIG_ALG_COUNT]; 84 extern const char *vb2_hash_names[VB2_HASH_ALG_COUNT]; 85 86 /** 87 * Convert vb2_crypto_algorithm to vb2_signature_algorithm. 88 * 89 * @param algorithm Crypto algorithm (vb2_crypto_algorithm) 90 * 91 * @return The signature algorithm for that crypto algorithm, or 92 * VB2_SIG_INVALID if the crypto algorithm or its corresponding signature 93 * algorithm is invalid or not supported. 94 */ 95 enum vb2_signature_algorithm vb2_crypto_to_signature( 96 enum vb2_crypto_algorithm algorithm); 97 98 /** 99 * Convert vb2_crypto_algorithm to vb2_hash_algorithm. 100 * 101 * @param algorithm Crypto algorithm (vb2_crypto_algorithm) 102 * 103 * @return The hash algorithm for that crypto algorithm, or VB2_HASH_INVALID if 104 * the crypto algorithm or its corresponding hash algorithm is invalid or not 105 * supported. 106 */ 107 enum vb2_hash_algorithm vb2_crypto_to_hash(enum vb2_crypto_algorithm algorithm); 108 109 /** 110 * Return the name of a signature algorithm. 111 * 112 * @param sig_alg Signature algorithm to look up 113 * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match. 114 */ 115 const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg); 116 117 /** 118 * Return the name of a hash algorithm 119 * 120 * @param alg Hash algorithm ID 121 * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match. 122 */ 123 const char *vb2_get_hash_algorithm_name(enum vb2_hash_algorithm alg); 124 125 /** 126 * Return the name of a crypto algorithm. 127 * 128 * @param alg Crypto algorithm to look up 129 * @return The corresponding name, or VB2_INVALID_ALG_NAME if no match. 130 */ 131 const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg); 132 133 /** 134 * Return the name of a crypto algorithm. 135 * 136 * @param alg Crypto algorithm to look up 137 * @return The corresponding stem filename, or VB2_INVALID_ALG_NAME if no match. 138 */ 139 const char *vb2_get_crypto_algorithm_file(enum vb2_crypto_algorithm alg); 140 141 #endif /* VBOOT_REFERENCE_2CRYPTO_H_ */ 142