1*897a1d94STom Rini /* SPDX-License-Identifier: MIT */ 2d8f9d2afSIgor Opaniuk /* 3d8f9d2afSIgor Opaniuk * Copyright (C) 2016 The Android Open Source Project 4d8f9d2afSIgor Opaniuk */ 5d8f9d2afSIgor Opaniuk 6d8f9d2afSIgor Opaniuk #if !defined(AVB_INSIDE_LIBAVB_H) && !defined(AVB_COMPILATION) 7d8f9d2afSIgor Opaniuk #error "Never include this file directly, include libavb.h instead." 8d8f9d2afSIgor Opaniuk #endif 9d8f9d2afSIgor Opaniuk 10d8f9d2afSIgor Opaniuk #ifndef AVB_CRYPTO_H_ 11d8f9d2afSIgor Opaniuk #define AVB_CRYPTO_H_ 12d8f9d2afSIgor Opaniuk 13d8f9d2afSIgor Opaniuk #include "avb_sysdeps.h" 14d8f9d2afSIgor Opaniuk 15d8f9d2afSIgor Opaniuk #ifdef __cplusplus 16d8f9d2afSIgor Opaniuk extern "C" { 17d8f9d2afSIgor Opaniuk #endif 18d8f9d2afSIgor Opaniuk 19d8f9d2afSIgor Opaniuk /* Size of a RSA-2048 signature. */ 20d8f9d2afSIgor Opaniuk #define AVB_RSA2048_NUM_BYTES 256 21d8f9d2afSIgor Opaniuk 22d8f9d2afSIgor Opaniuk /* Size of a RSA-4096 signature. */ 23d8f9d2afSIgor Opaniuk #define AVB_RSA4096_NUM_BYTES 512 24d8f9d2afSIgor Opaniuk 25d8f9d2afSIgor Opaniuk /* Size of a RSA-8192 signature. */ 26d8f9d2afSIgor Opaniuk #define AVB_RSA8192_NUM_BYTES 1024 27d8f9d2afSIgor Opaniuk 28d8f9d2afSIgor Opaniuk /* Size in bytes of a SHA-1 digest. */ 29d8f9d2afSIgor Opaniuk #define AVB_SHA1_DIGEST_SIZE 20 30d8f9d2afSIgor Opaniuk 31d8f9d2afSIgor Opaniuk /* Size in bytes of a SHA-256 digest. */ 32d8f9d2afSIgor Opaniuk #define AVB_SHA256_DIGEST_SIZE 32 33d8f9d2afSIgor Opaniuk 34d8f9d2afSIgor Opaniuk /* Size in bytes of a SHA-512 digest. */ 35d8f9d2afSIgor Opaniuk #define AVB_SHA512_DIGEST_SIZE 64 36d8f9d2afSIgor Opaniuk 37d8f9d2afSIgor Opaniuk /* Possible digest types supported by libavb routines. */ 38d8f9d2afSIgor Opaniuk typedef enum { 39d8f9d2afSIgor Opaniuk AVB_DIGEST_TYPE_SHA256, 40d8f9d2afSIgor Opaniuk AVB_DIGEST_TYPE_SHA512, 41d8f9d2afSIgor Opaniuk } AvbDigestType; 42d8f9d2afSIgor Opaniuk 43d8f9d2afSIgor Opaniuk /* Algorithms that can be used in the vbmeta image for 44d8f9d2afSIgor Opaniuk * verification. An algorithm consists of a hash type and a signature 45d8f9d2afSIgor Opaniuk * type. 46d8f9d2afSIgor Opaniuk * 47d8f9d2afSIgor Opaniuk * The data used to calculate the hash is the three blocks mentioned 48d8f9d2afSIgor Opaniuk * in the documentation for |AvbVBMetaImageHeader| except for the data 49d8f9d2afSIgor Opaniuk * in the "Authentication data" block. 50d8f9d2afSIgor Opaniuk * 51d8f9d2afSIgor Opaniuk * For signatures with RSA keys, PKCS v1.5 padding is used. The public 52d8f9d2afSIgor Opaniuk * key data is stored in the auxiliary data block, see 53d8f9d2afSIgor Opaniuk * |AvbRSAPublicKeyHeader| for the serialization format. 54d8f9d2afSIgor Opaniuk * 55d8f9d2afSIgor Opaniuk * Each algorithm type is described below: 56d8f9d2afSIgor Opaniuk * 57d8f9d2afSIgor Opaniuk * AVB_ALGORITHM_TYPE_NONE: There is no hash, no signature of the 58d8f9d2afSIgor Opaniuk * data, and no public key. The data cannot be verified. The fields 59d8f9d2afSIgor Opaniuk * |hash_size|, |signature_size|, and |public_key_size| must be zero. 60d8f9d2afSIgor Opaniuk * 61d8f9d2afSIgor Opaniuk * AVB_ALGORITHM_TYPE_SHA256_RSA2048: The hash function used is 62d8f9d2afSIgor Opaniuk * SHA-256, resulting in 32 bytes of hash digest data. This hash is 63d8f9d2afSIgor Opaniuk * signed with a 2048-bit RSA key. The field |hash_size| must be 32, 64d8f9d2afSIgor Opaniuk * |signature_size| must be 256, and the public key data must have 65d8f9d2afSIgor Opaniuk * |key_num_bits| set to 2048. 66d8f9d2afSIgor Opaniuk * 67d8f9d2afSIgor Opaniuk * AVB_ALGORITHM_TYPE_SHA256_RSA4096: Like above, but only with 68d8f9d2afSIgor Opaniuk * a 4096-bit RSA key and |signature_size| set to 512. 69d8f9d2afSIgor Opaniuk * 70d8f9d2afSIgor Opaniuk * AVB_ALGORITHM_TYPE_SHA256_RSA8192: Like above, but only with 71d8f9d2afSIgor Opaniuk * a 8192-bit RSA key and |signature_size| set to 1024. 72d8f9d2afSIgor Opaniuk * 73d8f9d2afSIgor Opaniuk * AVB_ALGORITHM_TYPE_SHA512_RSA2048: The hash function used is 74d8f9d2afSIgor Opaniuk * SHA-512, resulting in 64 bytes of hash digest data. This hash is 75d8f9d2afSIgor Opaniuk * signed with a 2048-bit RSA key. The field |hash_size| must be 64, 76d8f9d2afSIgor Opaniuk * |signature_size| must be 256, and the public key data must have 77d8f9d2afSIgor Opaniuk * |key_num_bits| set to 2048. 78d8f9d2afSIgor Opaniuk * 79d8f9d2afSIgor Opaniuk * AVB_ALGORITHM_TYPE_SHA512_RSA4096: Like above, but only with 80d8f9d2afSIgor Opaniuk * a 4096-bit RSA key and |signature_size| set to 512. 81d8f9d2afSIgor Opaniuk * 82d8f9d2afSIgor Opaniuk * AVB_ALGORITHM_TYPE_SHA512_RSA8192: Like above, but only with 83d8f9d2afSIgor Opaniuk * a 8192-bit RSA key and |signature_size| set to 1024. 84d8f9d2afSIgor Opaniuk */ 85d8f9d2afSIgor Opaniuk typedef enum { 86d8f9d2afSIgor Opaniuk AVB_ALGORITHM_TYPE_NONE, 87d8f9d2afSIgor Opaniuk AVB_ALGORITHM_TYPE_SHA256_RSA2048, 88d8f9d2afSIgor Opaniuk AVB_ALGORITHM_TYPE_SHA256_RSA4096, 89d8f9d2afSIgor Opaniuk AVB_ALGORITHM_TYPE_SHA256_RSA8192, 90d8f9d2afSIgor Opaniuk AVB_ALGORITHM_TYPE_SHA512_RSA2048, 91d8f9d2afSIgor Opaniuk AVB_ALGORITHM_TYPE_SHA512_RSA4096, 92d8f9d2afSIgor Opaniuk AVB_ALGORITHM_TYPE_SHA512_RSA8192, 93d8f9d2afSIgor Opaniuk _AVB_ALGORITHM_NUM_TYPES 94d8f9d2afSIgor Opaniuk } AvbAlgorithmType; 95d8f9d2afSIgor Opaniuk 96d8f9d2afSIgor Opaniuk /* Holds algorithm-specific data. The |padding| is needed by avb_rsa_verify. */ 97d8f9d2afSIgor Opaniuk typedef struct { 98d8f9d2afSIgor Opaniuk const uint8_t* padding; 99d8f9d2afSIgor Opaniuk size_t padding_len; 100d8f9d2afSIgor Opaniuk size_t hash_len; 101d8f9d2afSIgor Opaniuk } AvbAlgorithmData; 102d8f9d2afSIgor Opaniuk 103d8f9d2afSIgor Opaniuk /* Provides algorithm-specific data for a given |algorithm|. Returns NULL if 104d8f9d2afSIgor Opaniuk * |algorithm| is invalid. 105d8f9d2afSIgor Opaniuk */ 106d8f9d2afSIgor Opaniuk const AvbAlgorithmData* avb_get_algorithm_data(AvbAlgorithmType algorithm) 107d8f9d2afSIgor Opaniuk AVB_ATTR_WARN_UNUSED_RESULT; 108d8f9d2afSIgor Opaniuk 109d8f9d2afSIgor Opaniuk /* The header for a serialized RSA public key. 110d8f9d2afSIgor Opaniuk * 111d8f9d2afSIgor Opaniuk * The size of the key is given by |key_num_bits|, for example 2048 112d8f9d2afSIgor Opaniuk * for a RSA-2048 key. By definition, a RSA public key is the pair (n, 113d8f9d2afSIgor Opaniuk * e) where |n| is the modulus (which can be represented in 114d8f9d2afSIgor Opaniuk * |key_num_bits| bits) and |e| is the public exponent. The exponent 115d8f9d2afSIgor Opaniuk * is not stored since it's assumed to always be 65537. 116d8f9d2afSIgor Opaniuk * 117d8f9d2afSIgor Opaniuk * To optimize verification, the key block includes two precomputed 118d8f9d2afSIgor Opaniuk * values, |n0inv| (fits in 32 bits) and |rr| and can always be 119d8f9d2afSIgor Opaniuk * represented in |key_num_bits|. 120d8f9d2afSIgor Opaniuk 121d8f9d2afSIgor Opaniuk * The value |n0inv| is the value -1/n[0] (mod 2^32). The value |rr| 122d8f9d2afSIgor Opaniuk * is (2^key_num_bits)^2 (mod n). 123d8f9d2afSIgor Opaniuk * 124d8f9d2afSIgor Opaniuk * Following this header is |key_num_bits| bits of |n|, then 125d8f9d2afSIgor Opaniuk * |key_num_bits| bits of |rr|. Both values are stored with most 126d8f9d2afSIgor Opaniuk * significant bit first. Each serialized number takes up 127d8f9d2afSIgor Opaniuk * |key_num_bits|/8 bytes. 128d8f9d2afSIgor Opaniuk * 129d8f9d2afSIgor Opaniuk * All fields in this struct are stored in network byte order when 130d8f9d2afSIgor Opaniuk * serialized. To generate a copy with fields swapped to native byte 131d8f9d2afSIgor Opaniuk * order, use the function avb_rsa_public_key_header_validate_and_byteswap(). 132d8f9d2afSIgor Opaniuk * 133d8f9d2afSIgor Opaniuk * The avb_rsa_verify() function expects a key in this serialized 134d8f9d2afSIgor Opaniuk * format. 135d8f9d2afSIgor Opaniuk * 136d8f9d2afSIgor Opaniuk * The 'avbtool extract_public_key' command can be used to generate a 137d8f9d2afSIgor Opaniuk * serialized RSA public key. 138d8f9d2afSIgor Opaniuk */ 139d8f9d2afSIgor Opaniuk typedef struct AvbRSAPublicKeyHeader { 140d8f9d2afSIgor Opaniuk uint32_t key_num_bits; 141d8f9d2afSIgor Opaniuk uint32_t n0inv; 142d8f9d2afSIgor Opaniuk } AVB_ATTR_PACKED AvbRSAPublicKeyHeader; 143d8f9d2afSIgor Opaniuk 144d8f9d2afSIgor Opaniuk /* Copies |src| to |dest| and validates, byte-swapping fields in the 145d8f9d2afSIgor Opaniuk * process if needed. Returns true if valid, false if invalid. 146d8f9d2afSIgor Opaniuk */ 147d8f9d2afSIgor Opaniuk bool avb_rsa_public_key_header_validate_and_byteswap( 148d8f9d2afSIgor Opaniuk const AvbRSAPublicKeyHeader* src, 149d8f9d2afSIgor Opaniuk AvbRSAPublicKeyHeader* dest) AVB_ATTR_WARN_UNUSED_RESULT; 150d8f9d2afSIgor Opaniuk 151d8f9d2afSIgor Opaniuk #ifdef __cplusplus 152d8f9d2afSIgor Opaniuk } 153d8f9d2afSIgor Opaniuk #endif 154d8f9d2afSIgor Opaniuk 155d8f9d2afSIgor Opaniuk #endif /* AVB_CRYPTO_H_ */ 156