xref: /openbmc/google-misc/subprojects/libcr51sign/include/libcr51sign/libcr51sign_support.h (revision 027c042e5847fd0e8bc9ab68b62d7a4f0d5efa47) 
1 /*
2  * Copyright 2021 Google LLC
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef PLATFORMS_HAVEN_LIBCR51SIGN_LIBCR51SIGN_SUPPORT_H_
18 #define PLATFORMS_HAVEN_LIBCR51SIGN_LIBCR51SIGN_SUPPORT_H_
19 
20 #include <libcr51sign/libcr51sign.h>
21 #include <openssl/sha.h>
22 #include <stdbool.h>
23 #include <stddef.h>
24 #include <stdint.h>
25 
26 #ifdef __cplusplus
27 extern "C"
28 {
29 #endif
30 
31 struct hash_ctx
32 {
33     enum hash_type hash_type;
34     union
35     {
36         SHA256_CTX sha256_ctx;
37         SHA512_CTX sha512_ctx;
38     };
39 };
40 
41 // @func hash_init get ready to compute a hash
42 //
43 // @param[in] ctx - context struct
44 // @param[in] hash_type - type of hash function to use
45 //
46 // @return nonzero on error, zero on success
47 
48 int hash_init(const void* ctx, enum hash_type type);
49 
50 // @func hash_update add data to the hash
51 //
52 // @param[in] ctx - context struct
53 // @param[in] buf - data to add to hash
54 // @param[in] count - number of bytes of data to add
55 //
56 // @return nonzero on error, zero on success
57 
58 int hash_update(void* ctx, const uint8_t* data, size_t size);
59 
60 // @func hash_final finish hash calculation
61 //
62 // @param[in] ctx - context struct
63 // @param[out] hash - buffer to write hash to (guaranteed to be big enough)
64 //
65 // @return nonzero on error, zero on success
66 
67 int hash_final(void* ctx, uint8_t* hash);
68 
69 // @func verify check that the signature is valid for given hashed data
70 //
71 // @param[in] ctx - context struct
72 // @param[in] scheme - type of signature, hash, etc.
73 // @param[in] sig - signature blob
74 // @param[in] sig_len - length of signature in bytes
75 // @param[in] data - pre-hashed data to verify
76 // @param[in] data_len - length of hashed data in bytes
77 //
78 // @return nonzero on error, zero on success
79 
80 int verify_signature(const void* ctx, enum signature_scheme sig_scheme,
81                      const uint8_t* sig, size_t sig_len, const uint8_t* data,
82                      size_t data_len);
83 
84 // @func verify the rsa signature with provided modulus and exponent.
85 //
86 // @param[in] ctx - context struct
87 // @param[in] scheme - type of signature, hash, etc.
88 // @param[in] modulus - modulus of the RSA key
89 // @param[in] modulus_len - length of modulus in bytes
90 // @param[in] exponent - exponent of the RSA key
91 // @param[in] sig - signature blob
92 // @param[in] sig_len - length of signature in bytes
93 // @param[in] digest - digest to verify
94 // @param[in] digest_len - digest size
95 //
96 // @return true if verified, otherwise false.
97 
98 __attribute__((nonnull)) bool verify_rsa_signature_with_modulus_and_exponent(
99     const void* ctx, enum signature_scheme sig_scheme, const uint8_t* modulus,
100     int modulus_len, uint32_t exponent, const uint8_t* sig, int sig_len,
101     const uint8_t* digest, int digest_len);
102 
103 #ifdef __cplusplus
104 } //  extern "C"
105 #endif
106 #endif // PLATFORMS_HAVEN_LIBCR51SIGN_LIBCR51SIGN_SUPPORT_H_
107