17a33704cSNan Zhou## Cr51 Image Signature Library 27a33704cSNan Zhou 37a33704cSNan Zhou### Package `libcr51sign` 47a33704cSNan Zhou 5*25c55c54SPatrick Williams- Status: **Ready** 67a33704cSNan Zhou 77a33704cSNan ZhouLibcr51sign is a library to verify images signed in the Cr51 format which can be 87a33704cSNan Zhoushared between all systems requiring this functionality. Given an absolute start 97a33704cSNan Zhouand end offset the library would scan for and validate the signature on the 107a33704cSNan Zhouimage descriptor, if the image validates, hashes the rest of the image to verify 117a33704cSNan Zhouits integrity. Because this library will be used across many varied platforms, 127a33704cSNan Zhouit does not assume the presence of any standard libraries or operating system 137a33704cSNan Zhouinterfaces. In order to handle this, a struct containing function pointers that 147a33704cSNan Zhouimplement each piece of platform-specific functionality will be passed to the 157a33704cSNan Zhoulibrary’s functions. Interface struct should typically be static data (could put 167a33704cSNan Zhouin rodata) while the data in context is mutable. 177a33704cSNan Zhou 187a33704cSNan Zhou### Debug 197a33704cSNan Zhou 207a33704cSNan ZhouPrint will be handled via Macros. The user can define USER_PRINT or the library 217a33704cSNan Zhouwould use its default. The library will not assert on any error conditions,but 227a33704cSNan Zhouwill return error codes and expects the client to handle as deemed fit. 237a33704cSNan Zhou 247a33704cSNan Zhou``` 257a33704cSNan Zhou 267a33704cSNan Zhou#ifndef USER_PRINT 277a33704cSNan Zhou#define CPRINTS(ctx, format, args...)printf(format, ##args) 287a33704cSNan Zhou#endif 297a33704cSNan Zhou``` 307a33704cSNan Zhou 317a33704cSNan Zhou### Prod/Dev transitions 327a33704cSNan Zhou 337a33704cSNan ZhouProd --> Prod: Allowed \ 347a33704cSNan ZhouProd --> Dev: Only if allowlisted/prod_to_dev_downgrade_allowed \ 357a33704cSNan ZhouDev --> Prod: Allowed \ 367a33704cSNan ZhouDev --> Dev: Allowed 377a33704cSNan Zhou 387a33704cSNan Zhouverify_signature: The implementation should check if the signature size passed 397a33704cSNan Zhouis same as the length of the key 407a33704cSNan Zhou 417a33704cSNan ZhouNote: libcr51sign will also provide a companion library with default SW 427a33704cSNan Zhouimplementations of common functions like hash_init/final, 437a33704cSNan Zhouread_and_hash_update(). 44