1
2
3
4
5
6
7
8
9
10
11#ifndef _RSA_H
12#define _RSA_H
13
14#include <errno.h>
15#include <image.h>
16
17
18
19
20
21
22
23
24struct rsa_public_key {
25 uint len;
26 uint32_t n0inv;
27 uint32_t *modulus;
28 uint32_t *rr;
29 uint64_t exponent;
30};
31
32struct image_sign_info;
33
34#if IMAGE_ENABLE_SIGN
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52int rsa_sign(struct image_sign_info *info,
53 const struct image_region region[],
54 int region_count, uint8_t **sigp, uint *sig_len);
55
56
57
58
59
60
61
62
63
64
65
66
67
68int rsa_add_verify_data(struct image_sign_info *info, void *keydest);
69#else
70static inline int rsa_sign(struct image_sign_info *info,
71 const struct image_region region[], int region_count,
72 uint8_t **sigp, uint *sig_len)
73{
74 return -ENXIO;
75}
76
77static inline int rsa_add_verify_data(struct image_sign_info *info,
78 void *keydest)
79{
80 return -ENXIO;
81}
82#endif
83
84#if IMAGE_ENABLE_VERIFY
85
86
87
88
89
90
91
92
93
94
95
96int rsa_verify_hash(struct image_sign_info *info,
97 const uint8_t *hash, uint8_t *sig, uint sig_len);
98
99
100
101
102
103
104
105
106
107
108
109
110
111int rsa_verify(struct image_sign_info *info,
112 const struct image_region region[], int region_count,
113 uint8_t *sig, uint sig_len);
114
115int rsa_verify_with_pkey(struct image_sign_info *info,
116 const void *hash, uint8_t *sig, uint sig_len);
117
118int padding_pkcs_15_verify(struct image_sign_info *info,
119 uint8_t *msg, int msg_len,
120 const uint8_t *hash, int hash_len);
121
122#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
123int padding_pss_verify(struct image_sign_info *info,
124 uint8_t *msg, int msg_len,
125 const uint8_t *hash, int hash_len);
126#endif
127#else
128static inline int rsa_verify_hash(struct image_sign_info *info,
129 const uint8_t *hash,
130 uint8_t *sig, uint sig_len)
131{
132 return -ENXIO;
133}
134
135static inline int rsa_verify(struct image_sign_info *info,
136 const struct image_region region[], int region_count,
137 uint8_t *sig, uint sig_len)
138{
139 return -ENXIO;
140}
141
142static inline int padding_pkcs_15_verify(struct image_sign_info *info,
143 uint8_t *msg, int msg_len,
144 const uint8_t *hash, int hash_len)
145{
146 return -ENXIO;
147}
148
149#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT
150static inline int padding_pss_verify(struct image_sign_info *info,
151 uint8_t *msg, int msg_len,
152 const uint8_t *hash, int hash_len)
153{
154 return -ENXIO;
155}
156#endif
157#endif
158
159#define RSA_DEFAULT_PADDING_NAME "pkcs-1.5"
160
161#define RSA2048_BYTES (2048 / 8)
162#define RSA4096_BYTES (4096 / 8)
163
164
165#define RSA_MIN_KEY_BITS 2048
166#define RSA_MAX_KEY_BITS 4096
167
168
169#define RSA_MAX_SIG_BITS 4096
170
171#endif
172