1 /* Copyright (c) 2010 The Chromium OS Authors. All rights reserved. 2 * Use of this source code is governed by a BSD-style license that can be 3 * found in the LICENSE file. 4 */ 5 6 #ifndef VBOOT_REFERENCE_RSA_H_ 7 #define VBOOT_REFERENCE_RSA_H_ 8 9 #ifndef VBOOT_REFERENCE_CRYPTOLIB_H_ 10 #error "Do not include this file directly. Use cryptolib.h instead." 11 #endif 12 13 #include "sysincludes.h" 14 15 #define RSA1024NUMBYTES 128 /* 1024 bit key length */ 16 #define RSA2048NUMBYTES 256 /* 2048 bit key length */ 17 #define RSA4096NUMBYTES 512 /* 4096 bit key length */ 18 #define RSA8192NUMBYTES 1024 /* 8192 bit key length */ 19 20 #define RSA1024NUMWORDS (RSA1024NUMBYTES / sizeof(uint32_t)) 21 #define RSA2048NUMWORDS (RSA2048NUMBYTES / sizeof(uint32_t)) 22 #define RSA4096NUMWORDS (RSA4096NUMBYTES / sizeof(uint32_t)) 23 #define RSA8192NUMWORDS (RSA8192NUMBYTES / sizeof(uint32_t)) 24 25 typedef struct RSAPublicKey { 26 uint32_t len; /* Length of n[] in number of uint32_t */ 27 uint32_t n0inv; /* -1 / n[0] mod 2^32 */ 28 uint32_t* n; /* modulus as little endian array */ 29 uint32_t* rr; /* R^2 as little endian array */ 30 unsigned int algorithm; /* Algorithm to use when verifying with the key */ 31 } RSAPublicKey; 32 33 /* Verify a RSA PKCS1.5 signature [sig] of [sig_type] and length [sig_len] 34 * against an expected [hash] using [key]. Returns 0 on failure, 1 on success. 35 */ 36 int RSAVerify(const RSAPublicKey *key, 37 const uint8_t* sig, 38 const uint32_t sig_len, 39 const uint8_t sig_type, 40 const uint8_t* hash); 41 42 /* Perform RSA signature verification on [buf] of length [len] against expected 43 * signature [sig] using signature algorithm [algorithm]. The public key used 44 * for verification can either be in the form of a pre-process key blob 45 * [key_blob] or RSAPublicKey structure [key]. One of [key_blob] or [key] must 46 * be non-NULL, and the other NULL or the function will fail. 47 * 48 * Returns 1 on verification success, 0 on verification failure or invalid 49 * arguments. 50 * 51 * Note: This function is for use in the firmware and assumes all pointers point 52 * to areas in the memory of the right size. 53 * 54 */ 55 int RSAVerifyBinary_f(const uint8_t* key_blob, 56 const RSAPublicKey* key, 57 const uint8_t* buf, 58 uint64_t len, 59 const uint8_t* sig, 60 unsigned int algorithm); 61 62 /* Version of RSAVerifyBinary_f() where instead of the raw binary blob 63 * of data, its digest is passed as the argument. */ 64 int RSAVerifyBinaryWithDigest_f(const uint8_t* key_blob, 65 const RSAPublicKey* key, 66 const uint8_t* digest, 67 const uint8_t* sig, 68 unsigned int algorithm); 69 70 71 /* ----Some additional utility functions for RSA.---- */ 72 73 /* Returns the size of a pre-processed RSA public key in 74 * [out_size] with the algorithm [algorithm]. 75 * 76 * Returns 1 on success, 0 on failure. 77 */ 78 uint64_t RSAProcessedKeySize(uint64_t algorithm, uint64_t* out_size); 79 80 /* Allocate a new RSAPublicKey structure and initialize its pointer fields to 81 * NULL */ 82 RSAPublicKey* RSAPublicKeyNew(void); 83 84 /* Deep free the contents of [key]. */ 85 void RSAPublicKeyFree(RSAPublicKey* key); 86 87 /* Create a RSAPublic key structure from binary blob [buf] of length 88 * [len]. 89 * 90 * Caller owns the returned key and must free it. 91 */ 92 RSAPublicKey* RSAPublicKeyFromBuf(const uint8_t* buf, uint64_t len); 93 94 95 #endif /* VBOOT_REFERENCE_RSA_H_ */ 96
