1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Permission is hereby granted, free of charge, to any person 5 * obtaining a copy of this software and associated documentation 6 * files (the "Software"), to deal in the Software without 7 * restriction, including without limitation the rights to use, copy, 8 * modify, merge, publish, distribute, sublicense, and/or sell copies 9 * of the Software, and to permit persons to whom the Software is 10 * furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice shall be 13 * included in all copies or substantial portions of the Software. 14 * 15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS 19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN 20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 22 * SOFTWARE. 23 */ 24 25 /* 26 #if !defined(AVB_INSIDE_LIBAVB_H) && !defined(AVB_COMPILATION) 27 #error "Never include this file directly, include libavb.h instead." 28 #endif 29 */ 30 31 #ifndef AVB_CRYPTO_H_ 32 #define AVB_CRYPTO_H_ 33 34 #include <android_avb/avb_sysdeps.h> 35 36 #ifdef __cplusplus 37 extern "C" { 38 #endif 39 40 /* Size of a RSA-2048 signature. */ 41 #define AVB_RSA2048_NUM_BYTES 256 42 43 /* Size of a RSA-4096 signature. */ 44 #define AVB_RSA4096_NUM_BYTES 512 45 46 /* Size of a RSA-8192 signature. */ 47 #define AVB_RSA8192_NUM_BYTES 1024 48 49 /* Size in bytes of a SHA-1 digest. */ 50 #define AVB_SHA1_DIGEST_SIZE 20 51 52 /* Size in bytes of a SHA-256 digest. */ 53 #define AVB_SHA256_DIGEST_SIZE 32 54 55 /* Size in bytes of a SHA-512 digest. */ 56 #define AVB_SHA512_DIGEST_SIZE 64 57 58 /* Possible digest types supported by libavb routines. */ 59 typedef enum { 60 AVB_DIGEST_TYPE_SHA256, 61 AVB_DIGEST_TYPE_SHA512, 62 } AvbDigestType; 63 64 /* Algorithms that can be used in the vbmeta image for 65 * verification. An algorithm consists of a hash type and a signature 66 * type. 67 * 68 * The data used to calculate the hash is the three blocks mentioned 69 * in the documentation for |AvbVBMetaImageHeader| except for the data 70 * in the "Authentication data" block. 71 * 72 * For signatures with RSA keys, PKCS v1.5 padding is used. The public 73 * key data is stored in the auxiliary data block, see 74 * |AvbRSAPublicKeyHeader| for the serialization format. 75 * 76 * Each algorithm type is described below: 77 * 78 * AVB_ALGORITHM_TYPE_NONE: There is no hash, no signature of the 79 * data, and no public key. The data cannot be verified. The fields 80 * |hash_size|, |signature_size|, and |public_key_size| must be zero. 81 * 82 * AVB_ALGORITHM_TYPE_SHA256_RSA2048: The hash function used is 83 * SHA-256, resulting in 32 bytes of hash digest data. This hash is 84 * signed with a 2048-bit RSA key. The field |hash_size| must be 32, 85 * |signature_size| must be 256, and the public key data must have 86 * |key_num_bits| set to 2048. 87 * 88 * AVB_ALGORITHM_TYPE_SHA256_RSA4096: Like above, but only with 89 * a 4096-bit RSA key and |signature_size| set to 512. 90 * 91 * AVB_ALGORITHM_TYPE_SHA256_RSA8192: Like above, but only with 92 * a 8192-bit RSA key and |signature_size| set to 1024. 93 * 94 * AVB_ALGORITHM_TYPE_SHA512_RSA2048: The hash function used is 95 * SHA-512, resulting in 64 bytes of hash digest data. This hash is 96 * signed with a 2048-bit RSA key. The field |hash_size| must be 64, 97 * |signature_size| must be 256, and the public key data must have 98 * |key_num_bits| set to 2048. 99 * 100 * AVB_ALGORITHM_TYPE_SHA512_RSA4096: Like above, but only with 101 * a 4096-bit RSA key and |signature_size| set to 512. 102 * 103 * AVB_ALGORITHM_TYPE_SHA512_RSA8192: Like above, but only with 104 * a 8192-bit RSA key and |signature_size| set to 1024. 105 */ 106 typedef enum { 107 AVB_ALGORITHM_TYPE_NONE, 108 AVB_ALGORITHM_TYPE_SHA256_RSA2048, 109 AVB_ALGORITHM_TYPE_SHA256_RSA4096, 110 AVB_ALGORITHM_TYPE_SHA256_RSA8192, 111 AVB_ALGORITHM_TYPE_SHA512_RSA2048, 112 AVB_ALGORITHM_TYPE_SHA512_RSA4096, 113 AVB_ALGORITHM_TYPE_SHA512_RSA8192, 114 _AVB_ALGORITHM_NUM_TYPES 115 } AvbAlgorithmType; 116 117 /* Holds algorithm-specific data. The |padding| is needed by avb_rsa_verify. */ 118 typedef struct { 119 const uint8_t* padding; 120 size_t padding_len; 121 size_t hash_len; 122 } AvbAlgorithmData; 123 124 /* Provides algorithm-specific data for a given |algorithm|. Returns NULL if 125 * |algorithm| is invalid. 126 */ 127 const AvbAlgorithmData* avb_get_algorithm_data(AvbAlgorithmType algorithm) 128 AVB_ATTR_WARN_UNUSED_RESULT; 129 130 /* The header for a serialized RSA public key. 131 * 132 * The size of the key is given by |key_num_bits|, for example 2048 133 * for a RSA-2048 key. By definition, a RSA public key is the pair (n, 134 * e) where |n| is the modulus (which can be represented in 135 * |key_num_bits| bits) and |e| is the public exponent. The exponent 136 * is not stored since it's assumed to always be 65537. 137 * 138 * To optimize verification, the key block includes two precomputed 139 * values, |n0inv| (fits in 32 bits) and |rr| and can always be 140 * represented in |key_num_bits|. 141 142 * The value |n0inv| is the value -1/n[0] (mod 2^32). The value |rr| 143 * is (2^key_num_bits)^2 (mod n). 144 * 145 * Following this header is |key_num_bits| bits of |n|, then 146 * |key_num_bits| bits of |rr|. Both values are stored with most 147 * significant bit first. Each serialized number takes up 148 * |key_num_bits|/8 bytes. 149 * 150 * All fields in this struct are stored in network byte order when 151 * serialized. To generate a copy with fields swapped to native byte 152 * order, use the function avb_rsa_public_key_header_validate_and_byteswap(). 153 * 154 * The avb_rsa_verify() function expects a key in this serialized 155 * format. 156 * 157 * The 'avbtool extract_public_key' command can be used to generate a 158 * serialized RSA public key. 159 */ 160 typedef struct AvbRSAPublicKeyHeader { 161 uint32_t key_num_bits; 162 uint32_t n0inv; 163 } AVB_ATTR_PACKED AvbRSAPublicKeyHeader; 164 165 /* Copies |src| to |dest| and validates, byte-swapping fields in the 166 * process if needed. Returns true if valid, false if invalid. 167 */ 168 bool avb_rsa_public_key_header_validate_and_byteswap( 169 const AvbRSAPublicKeyHeader* src, 170 AvbRSAPublicKeyHeader* dest) AVB_ATTR_WARN_UNUSED_RESULT; 171 172 #ifdef __cplusplus 173 } 174 #endif 175 176 #endif /* AVB_CRYPTO_H_ */ 177