uboot/include/u-boot/rsa.h
<<
>>
Prefs 
   1/* SPDX-License-Identifier: GPL-2.0+ */
   2/*
   3 * Copyright (c) 2013, Google Inc.
   4 *
   5 * (C) Copyright 2008 Semihalf
   6 *
   7 * (C) Copyright 2000-2006
   8 * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
   9 */
  10
  11#ifndef _RSA_H
  12#define _RSA_H
  13
  14#include <errno.h>
  15#include <image.h>
  16
  17/**
  18 * struct rsa_public_key - holder for a public key
  19 *
  20 * An RSA public key consists of a modulus (typically called N), the inverse
  21 * and R^2, where R is 2^(# key bits).
  22 */
  23
  24struct rsa_public_key {
  25        uint len;               /* len of modulus[] in number of uint32_t */
  26        uint32_t n0inv;         /* -1 / modulus[0] mod 2^32 */
  27        uint32_t *modulus;      /* modulus as little endian array */
  28        uint32_t *rr;           /* R^2 as little endian array */
  29        uint64_t exponent;      /* public exponent */
  30};
  31
  32struct image_sign_info;
  33
  34#if IMAGE_ENABLE_SIGN
  35/**
  36 * sign() - calculate and return signature for given input data
  37 *
  38 * @info:       Specifies key and FIT information
  39 * @data:       Pointer to the input data
  40 * @data_len:   Data length
  41 * @sigp:       Set to an allocated buffer holding the signature
  42 * @sig_len:    Set to length of the calculated hash
  43 *
  44 * This computes input data signature according to selected algorithm.
  45 * Resulting signature value is placed in an allocated buffer, the
  46 * pointer is returned as *sigp. The length of the calculated
  47 * signature is returned via the sig_len pointer argument. The caller
  48 * should free *sigp.
  49 *
  50 * @return: 0, on success, -ve on error
  51 */
  52int rsa_sign(struct image_sign_info *info,
  53             const struct image_region region[],
  54             int region_count, uint8_t **sigp, uint *sig_len);
  55
  56/**
  57 * add_verify_data() - Add verification information to FDT
  58 *
  59 * Add public key information to the FDT node, suitable for
  60 * verification at run-time. The information added depends on the
  61 * algorithm being used.
  62 *
  63 * @info:       Specifies key and FIT information
  64 * @keydest:    Destination FDT blob for public key data
  65 * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space,
  66                other -ve value on error
  67*/
  68int rsa_add_verify_data(struct image_sign_info *info, void *keydest);
  69#else
  70static inline int rsa_sign(struct image_sign_info *info,
  71                const struct image_region region[], int region_count,
  72                uint8_t **sigp, uint *sig_len)
  73{
  74        return -ENXIO;
  75}
  76
  77static inline int rsa_add_verify_data(struct image_sign_info *info,
  78                                      void *keydest)
  79{
  80        return -ENXIO;
  81}
  82#endif
  83
  84#if IMAGE_ENABLE_VERIFY
  85/**
  86 * rsa_verify() - Verify a signature against some data
  87 *
  88 * Verify a RSA PKCS1.5 signature against an expected hash.
  89 *
  90 * @info:       Specifies key and FIT information
  91 * @data:       Pointer to the input data
  92 * @data_len:   Data length
  93 * @sig:        Signature
  94 * @sig_len:    Number of bytes in signature
  95 * @return 0 if verified, -ve on error
  96 */
  97int rsa_verify(struct image_sign_info *info,
  98               const struct image_region region[], int region_count,
  99               uint8_t *sig, uint sig_len);
 100
 101int padding_pkcs_15_verify(struct image_sign_info *info,
 102                           uint8_t *msg, int msg_len,
 103                           const uint8_t *hash, int hash_len);
 104
 105#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
 106int padding_pss_verify(struct image_sign_info *info,
 107                       uint8_t *msg, int msg_len,
 108                       const uint8_t *hash, int hash_len);
 109#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
 110#else
 111static inline int rsa_verify(struct image_sign_info *info,
 112                const struct image_region region[], int region_count,
 113                uint8_t *sig, uint sig_len)
 114{
 115        return -ENXIO;
 116}
 117
 118static inline int padding_pkcs_15_verify(struct image_sign_info *info,
 119                                         uint8_t *msg, int msg_len,
 120                                         const uint8_t *hash, int hash_len)
 121{
 122        return -ENXIO;
 123}
 124
 125#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
 126static inline int padding_pss_verify(struct image_sign_info *info,
 127                                     uint8_t *msg, int msg_len,
 128                                     const uint8_t *hash, int hash_len)
 129{
 130        return -ENXIO;
 131}
 132#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
 133#endif
 134
 135#define RSA_DEFAULT_PADDING_NAME                "pkcs-1.5"
 136
 137#define RSA2048_BYTES   (2048 / 8)
 138#define RSA4096_BYTES   (4096 / 8)
 139
 140/* This is the minimum/maximum key size we support, in bits */
 141#define RSA_MIN_KEY_BITS        2048
 142#define RSA_MAX_KEY_BITS        4096
 143
 144/* This is the maximum signature length that we support, in bits */
 145#define RSA_MAX_SIG_BITS        4096
 146
 147#endif
 148
Hosted by Missing Link Electronics. The original LXR software by the LXR community, this experimental version by lxr@linux.no.