/* | |

* Copyright (C) 2016 The Android Open Source Project | |

* | |

* Permission is hereby granted, free of charge, to any person | |

* obtaining a copy of this software and associated documentation | |

* files (the "Software"), to deal in the Software without | |

* restriction, including without limitation the rights to use, copy, | |

* modify, merge, publish, distribute, sublicense, and/or sell copies | |

* of the Software, and to permit persons to whom the Software is | |

* furnished to do so, subject to the following conditions: | |

* | |

* The above copyright notice and this permission notice shall be | |

* included in all copies or substantial portions of the Software. | |

* | |

* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, | |

* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF | |

* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND | |

* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS | |

* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN | |

* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN | |

* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |

* SOFTWARE. | |

*/ | |

#if !defined(AVB_INSIDE_LIBAVB_H) && !defined(AVB_COMPILATION) | |

#error "Never include this file directly, include libavb.h instead." | |

#endif | |

#ifndef AVB_CRYPTO_H_ | |

#define AVB_CRYPTO_H_ | |

#include "avb_sysdeps.h" | |

#ifdef __cplusplus | |

extern "C" { | |

#endif | |

/* Size of a RSA-2048 signature. */ | |

#define AVB_RSA2048_NUM_BYTES 256 | |

/* Size of a RSA-4096 signature. */ | |

#define AVB_RSA4096_NUM_BYTES 512 | |

/* Size of a RSA-8192 signature. */ | |

#define AVB_RSA8192_NUM_BYTES 1024 | |

/* Size in bytes of a SHA-1 digest. */ | |

#define AVB_SHA1_DIGEST_SIZE 20 | |

/* Size in bytes of a SHA-256 digest. */ | |

#define AVB_SHA256_DIGEST_SIZE 32 | |

/* Size in bytes of a SHA-512 digest. */ | |

#define AVB_SHA512_DIGEST_SIZE 64 | |

/* Possible digest types supported by libavb routines. */ | |

typedef enum { | |

AVB_DIGEST_TYPE_SHA256, | |

AVB_DIGEST_TYPE_SHA512, | |

} AvbDigestType; | |

/* Algorithms that can be used in the vbmeta image for | |

* verification. An algorithm consists of a hash type and a signature | |

* type. | |

* | |

* The data used to calculate the hash is the three blocks mentioned | |

* in the documentation for |AvbVBMetaImageHeader| except for the data | |

* in the "Authentication data" block. | |

* | |

* For signatures with RSA keys, PKCS v1.5 padding is used. The public | |

* key data is stored in the auxiliary data block, see | |

* |AvbRSAPublicKeyHeader| for the serialization format. | |

* | |

* Each algorithm type is described below: | |

* | |

* AVB_ALGORITHM_TYPE_NONE: There is no hash, no signature of the | |

* data, and no public key. The data cannot be verified. The fields | |

* |hash_size|, |signature_size|, and |public_key_size| must be zero. | |

* | |

* AVB_ALGORITHM_TYPE_SHA256_RSA2048: The hash function used is | |

* SHA-256, resulting in 32 bytes of hash digest data. This hash is | |

* signed with a 2048-bit RSA key. The field |hash_size| must be 32, | |

* |signature_size| must be 256, and the public key data must have | |

* |key_num_bits| set to 2048. | |

* | |

* AVB_ALGORITHM_TYPE_SHA256_RSA4096: Like above, but only with | |

* a 4096-bit RSA key and |signature_size| set to 512. | |

* | |

* AVB_ALGORITHM_TYPE_SHA256_RSA8192: Like above, but only with | |

* a 8192-bit RSA key and |signature_size| set to 1024. | |

* | |

* AVB_ALGORITHM_TYPE_SHA512_RSA2048: The hash function used is | |

* SHA-512, resulting in 64 bytes of hash digest data. This hash is | |

* signed with a 2048-bit RSA key. The field |hash_size| must be 64, | |

* |signature_size| must be 256, and the public key data must have | |

* |key_num_bits| set to 2048. | |

* | |

* AVB_ALGORITHM_TYPE_SHA512_RSA4096: Like above, but only with | |

* a 4096-bit RSA key and |signature_size| set to 512. | |

* | |

* AVB_ALGORITHM_TYPE_SHA512_RSA8192: Like above, but only with | |

* a 8192-bit RSA key and |signature_size| set to 1024. | |

*/ | |

typedef enum { | |

AVB_ALGORITHM_TYPE_NONE, | |

AVB_ALGORITHM_TYPE_SHA256_RSA2048, | |

AVB_ALGORITHM_TYPE_SHA256_RSA4096, | |

AVB_ALGORITHM_TYPE_SHA256_RSA8192, | |

AVB_ALGORITHM_TYPE_SHA512_RSA2048, | |

AVB_ALGORITHM_TYPE_SHA512_RSA4096, | |

AVB_ALGORITHM_TYPE_SHA512_RSA8192, | |

_AVB_ALGORITHM_NUM_TYPES | |

} AvbAlgorithmType; | |

/* Holds algorithm-specific data. The |padding| is needed by avb_rsa_verify. */ | |

typedef struct { | |

const uint8_t* padding; | |

size_t padding_len; | |

size_t hash_len; | |

} AvbAlgorithmData; | |

/* Provides algorithm-specific data for a given |algorithm|. Returns NULL if | |

* |algorithm| is invalid. | |

*/ | |

const AvbAlgorithmData* avb_get_algorithm_data(AvbAlgorithmType algorithm) | |

AVB_ATTR_WARN_UNUSED_RESULT; | |

/* The header for a serialized RSA public key. | |

* | |

* The size of the key is given by |key_num_bits|, for example 2048 | |

* for a RSA-2048 key. By definition, a RSA public key is the pair (n, | |

* e) where |n| is the modulus (which can be represented in | |

* |key_num_bits| bits) and |e| is the public exponent. The exponent | |

* is not stored since it's assumed to always be 65537. | |

* | |

* To optimize verification, the key block includes two precomputed | |

* values, |n0inv| (fits in 32 bits) and |rr| and can always be | |

* represented in |key_num_bits|. | |

* The value |n0inv| is the value -1/n[0] (mod 2^32). The value |rr| | |

* is (2^key_num_bits)^2 (mod n). | |

* | |

* Following this header is |key_num_bits| bits of |n|, then | |

* |key_num_bits| bits of |rr|. Both values are stored with most | |

* significant bit first. Each serialized number takes up | |

* |key_num_bits|/8 bytes. | |

* | |

* All fields in this struct are stored in network byte order when | |

* serialized. To generate a copy with fields swapped to native byte | |

* order, use the function avb_rsa_public_key_header_validate_and_byteswap(). | |

* | |

* The avb_rsa_verify() function expects a key in this serialized | |

* format. | |

* | |

* The 'avbtool extract_public_key' command can be used to generate a | |

* serialized RSA public key. | |

*/ | |

typedef struct AvbRSAPublicKeyHeader { | |

uint32_t key_num_bits; | |

uint32_t n0inv; | |

} AVB_ATTR_PACKED AvbRSAPublicKeyHeader; | |

/* Copies |src| to |dest| and validates, byte-swapping fields in the | |

* process if needed. Returns true if valid, false if invalid. | |

*/ | |

bool avb_rsa_public_key_header_validate_and_byteswap( | |

const AvbRSAPublicKeyHeader* src, | |

AvbRSAPublicKeyHeader* dest) AVB_ATTR_WARN_UNUSED_RESULT; | |

#ifdef __cplusplus | |

} | |

#endif | |

#endif /* AVB_CRYPTO_H_ */ |