xref: /OK3568_Linux_fs/u-boot/include/android_avb/avb_crypto.h (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593Smuzhiyun /*
2*4882a593Smuzhiyun  * Copyright (C) 2016 The Android Open Source Project
3*4882a593Smuzhiyun  *
4*4882a593Smuzhiyun  * Permission is hereby granted, free of charge, to any person
5*4882a593Smuzhiyun  * obtaining a copy of this software and associated documentation
6*4882a593Smuzhiyun  * files (the "Software"), to deal in the Software without
7*4882a593Smuzhiyun  * restriction, including without limitation the rights to use, copy,
8*4882a593Smuzhiyun  * modify, merge, publish, distribute, sublicense, and/or sell copies
9*4882a593Smuzhiyun  * of the Software, and to permit persons to whom the Software is
10*4882a593Smuzhiyun  * furnished to do so, subject to the following conditions:
11*4882a593Smuzhiyun  *
12*4882a593Smuzhiyun  * The above copyright notice and this permission notice shall be
13*4882a593Smuzhiyun  * included in all copies or substantial portions of the Software.
14*4882a593Smuzhiyun  *
15*4882a593Smuzhiyun  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16*4882a593Smuzhiyun  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17*4882a593Smuzhiyun  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18*4882a593Smuzhiyun  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19*4882a593Smuzhiyun  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20*4882a593Smuzhiyun  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21*4882a593Smuzhiyun  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22*4882a593Smuzhiyun  * SOFTWARE.
23*4882a593Smuzhiyun  */
24*4882a593Smuzhiyun 
25*4882a593Smuzhiyun /*
26*4882a593Smuzhiyun #if !defined(AVB_INSIDE_LIBAVB_H) && !defined(AVB_COMPILATION)
27*4882a593Smuzhiyun #error "Never include this file directly, include libavb.h instead."
28*4882a593Smuzhiyun #endif
29*4882a593Smuzhiyun */
30*4882a593Smuzhiyun 
31*4882a593Smuzhiyun #ifndef AVB_CRYPTO_H_
32*4882a593Smuzhiyun #define AVB_CRYPTO_H_
33*4882a593Smuzhiyun 
34*4882a593Smuzhiyun #include <android_avb/avb_sysdeps.h>
35*4882a593Smuzhiyun 
36*4882a593Smuzhiyun #ifdef __cplusplus
37*4882a593Smuzhiyun extern "C" {
38*4882a593Smuzhiyun #endif
39*4882a593Smuzhiyun 
40*4882a593Smuzhiyun /* Size of a RSA-2048 signature. */
41*4882a593Smuzhiyun #define AVB_RSA2048_NUM_BYTES 256
42*4882a593Smuzhiyun 
43*4882a593Smuzhiyun /* Size of a RSA-4096 signature. */
44*4882a593Smuzhiyun #define AVB_RSA4096_NUM_BYTES 512
45*4882a593Smuzhiyun 
46*4882a593Smuzhiyun /* Size of a RSA-8192 signature. */
47*4882a593Smuzhiyun #define AVB_RSA8192_NUM_BYTES 1024
48*4882a593Smuzhiyun 
49*4882a593Smuzhiyun /* Size in bytes of a SHA-1 digest. */
50*4882a593Smuzhiyun #define AVB_SHA1_DIGEST_SIZE 20
51*4882a593Smuzhiyun 
52*4882a593Smuzhiyun /* Size in bytes of a SHA-256 digest. */
53*4882a593Smuzhiyun #define AVB_SHA256_DIGEST_SIZE 32
54*4882a593Smuzhiyun 
55*4882a593Smuzhiyun /* Size in bytes of a SHA-512 digest. */
56*4882a593Smuzhiyun #define AVB_SHA512_DIGEST_SIZE 64
57*4882a593Smuzhiyun 
58*4882a593Smuzhiyun /* Possible digest types supported by libavb routines. */
59*4882a593Smuzhiyun typedef enum {
60*4882a593Smuzhiyun   AVB_DIGEST_TYPE_SHA256,
61*4882a593Smuzhiyun   AVB_DIGEST_TYPE_SHA512,
62*4882a593Smuzhiyun } AvbDigestType;
63*4882a593Smuzhiyun 
64*4882a593Smuzhiyun /* Algorithms that can be used in the vbmeta image for
65*4882a593Smuzhiyun  * verification. An algorithm consists of a hash type and a signature
66*4882a593Smuzhiyun  * type.
67*4882a593Smuzhiyun  *
68*4882a593Smuzhiyun  * The data used to calculate the hash is the three blocks mentioned
69*4882a593Smuzhiyun  * in the documentation for |AvbVBMetaImageHeader| except for the data
70*4882a593Smuzhiyun  * in the "Authentication data" block.
71*4882a593Smuzhiyun  *
72*4882a593Smuzhiyun  * For signatures with RSA keys, PKCS v1.5 padding is used. The public
73*4882a593Smuzhiyun  * key data is stored in the auxiliary data block, see
74*4882a593Smuzhiyun  * |AvbRSAPublicKeyHeader| for the serialization format.
75*4882a593Smuzhiyun  *
76*4882a593Smuzhiyun  * Each algorithm type is described below:
77*4882a593Smuzhiyun  *
78*4882a593Smuzhiyun  * AVB_ALGORITHM_TYPE_NONE: There is no hash, no signature of the
79*4882a593Smuzhiyun  * data, and no public key. The data cannot be verified. The fields
80*4882a593Smuzhiyun  * |hash_size|, |signature_size|, and |public_key_size| must be zero.
81*4882a593Smuzhiyun  *
82*4882a593Smuzhiyun  * AVB_ALGORITHM_TYPE_SHA256_RSA2048: The hash function used is
83*4882a593Smuzhiyun  * SHA-256, resulting in 32 bytes of hash digest data. This hash is
84*4882a593Smuzhiyun  * signed with a 2048-bit RSA key. The field |hash_size| must be 32,
85*4882a593Smuzhiyun  * |signature_size| must be 256, and the public key data must have
86*4882a593Smuzhiyun  * |key_num_bits| set to 2048.
87*4882a593Smuzhiyun  *
88*4882a593Smuzhiyun  * AVB_ALGORITHM_TYPE_SHA256_RSA4096: Like above, but only with
89*4882a593Smuzhiyun  * a 4096-bit RSA key and |signature_size| set to 512.
90*4882a593Smuzhiyun  *
91*4882a593Smuzhiyun  * AVB_ALGORITHM_TYPE_SHA256_RSA8192: Like above, but only with
92*4882a593Smuzhiyun  * a 8192-bit RSA key and |signature_size| set to 1024.
93*4882a593Smuzhiyun  *
94*4882a593Smuzhiyun  * AVB_ALGORITHM_TYPE_SHA512_RSA2048: The hash function used is
95*4882a593Smuzhiyun  * SHA-512, resulting in 64 bytes of hash digest data. This hash is
96*4882a593Smuzhiyun  * signed with a 2048-bit RSA key. The field |hash_size| must be 64,
97*4882a593Smuzhiyun  * |signature_size| must be 256, and the public key data must have
98*4882a593Smuzhiyun  * |key_num_bits| set to 2048.
99*4882a593Smuzhiyun  *
100*4882a593Smuzhiyun  * AVB_ALGORITHM_TYPE_SHA512_RSA4096: Like above, but only with
101*4882a593Smuzhiyun  * a 4096-bit RSA key and |signature_size| set to 512.
102*4882a593Smuzhiyun  *
103*4882a593Smuzhiyun  * AVB_ALGORITHM_TYPE_SHA512_RSA8192: Like above, but only with
104*4882a593Smuzhiyun  * a 8192-bit RSA key and |signature_size| set to 1024.
105*4882a593Smuzhiyun  */
106*4882a593Smuzhiyun typedef enum {
107*4882a593Smuzhiyun   AVB_ALGORITHM_TYPE_NONE,
108*4882a593Smuzhiyun   AVB_ALGORITHM_TYPE_SHA256_RSA2048,
109*4882a593Smuzhiyun   AVB_ALGORITHM_TYPE_SHA256_RSA4096,
110*4882a593Smuzhiyun   AVB_ALGORITHM_TYPE_SHA256_RSA8192,
111*4882a593Smuzhiyun   AVB_ALGORITHM_TYPE_SHA512_RSA2048,
112*4882a593Smuzhiyun   AVB_ALGORITHM_TYPE_SHA512_RSA4096,
113*4882a593Smuzhiyun   AVB_ALGORITHM_TYPE_SHA512_RSA8192,
114*4882a593Smuzhiyun   _AVB_ALGORITHM_NUM_TYPES
115*4882a593Smuzhiyun } AvbAlgorithmType;
116*4882a593Smuzhiyun 
117*4882a593Smuzhiyun /* Holds algorithm-specific data. The |padding| is needed by avb_rsa_verify. */
118*4882a593Smuzhiyun typedef struct {
119*4882a593Smuzhiyun   const uint8_t* padding;
120*4882a593Smuzhiyun   size_t padding_len;
121*4882a593Smuzhiyun   size_t hash_len;
122*4882a593Smuzhiyun } AvbAlgorithmData;
123*4882a593Smuzhiyun 
124*4882a593Smuzhiyun /* Provides algorithm-specific data for a given |algorithm|. Returns NULL if
125*4882a593Smuzhiyun  * |algorithm| is invalid.
126*4882a593Smuzhiyun  */
127*4882a593Smuzhiyun const AvbAlgorithmData* avb_get_algorithm_data(AvbAlgorithmType algorithm)
128*4882a593Smuzhiyun     AVB_ATTR_WARN_UNUSED_RESULT;
129*4882a593Smuzhiyun 
130*4882a593Smuzhiyun /* The header for a serialized RSA public key.
131*4882a593Smuzhiyun  *
132*4882a593Smuzhiyun  * The size of the key is given by |key_num_bits|, for example 2048
133*4882a593Smuzhiyun  * for a RSA-2048 key. By definition, a RSA public key is the pair (n,
134*4882a593Smuzhiyun  * e) where |n| is the modulus (which can be represented in
135*4882a593Smuzhiyun  * |key_num_bits| bits) and |e| is the public exponent. The exponent
136*4882a593Smuzhiyun  * is not stored since it's assumed to always be 65537.
137*4882a593Smuzhiyun  *
138*4882a593Smuzhiyun  * To optimize verification, the key block includes two precomputed
139*4882a593Smuzhiyun  * values, |n0inv| (fits in 32 bits) and |rr| and can always be
140*4882a593Smuzhiyun  * represented in |key_num_bits|.
141*4882a593Smuzhiyun 
142*4882a593Smuzhiyun  * The value |n0inv| is the value -1/n[0] (mod 2^32). The value |rr|
143*4882a593Smuzhiyun  * is (2^key_num_bits)^2 (mod n).
144*4882a593Smuzhiyun  *
145*4882a593Smuzhiyun  * Following this header is |key_num_bits| bits of |n|, then
146*4882a593Smuzhiyun  * |key_num_bits| bits of |rr|. Both values are stored with most
147*4882a593Smuzhiyun  * significant bit first. Each serialized number takes up
148*4882a593Smuzhiyun  * |key_num_bits|/8 bytes.
149*4882a593Smuzhiyun  *
150*4882a593Smuzhiyun  * All fields in this struct are stored in network byte order when
151*4882a593Smuzhiyun  * serialized.  To generate a copy with fields swapped to native byte
152*4882a593Smuzhiyun  * order, use the function avb_rsa_public_key_header_validate_and_byteswap().
153*4882a593Smuzhiyun  *
154*4882a593Smuzhiyun  * The avb_rsa_verify() function expects a key in this serialized
155*4882a593Smuzhiyun  * format.
156*4882a593Smuzhiyun  *
157*4882a593Smuzhiyun  * The 'avbtool extract_public_key' command can be used to generate a
158*4882a593Smuzhiyun  * serialized RSA public key.
159*4882a593Smuzhiyun  */
160*4882a593Smuzhiyun typedef struct AvbRSAPublicKeyHeader {
161*4882a593Smuzhiyun   uint32_t key_num_bits;
162*4882a593Smuzhiyun   uint32_t n0inv;
163*4882a593Smuzhiyun } AVB_ATTR_PACKED AvbRSAPublicKeyHeader;
164*4882a593Smuzhiyun 
165*4882a593Smuzhiyun /* Copies |src| to |dest| and validates, byte-swapping fields in the
166*4882a593Smuzhiyun  * process if needed. Returns true if valid, false if invalid.
167*4882a593Smuzhiyun  */
168*4882a593Smuzhiyun bool avb_rsa_public_key_header_validate_and_byteswap(
169*4882a593Smuzhiyun     const AvbRSAPublicKeyHeader* src,
170*4882a593Smuzhiyun     AvbRSAPublicKeyHeader* dest) AVB_ATTR_WARN_UNUSED_RESULT;
171*4882a593Smuzhiyun 
172*4882a593Smuzhiyun #ifdef __cplusplus
173*4882a593Smuzhiyun }
174*4882a593Smuzhiyun #endif
175*4882a593Smuzhiyun 
176*4882a593Smuzhiyun #endif /* AVB_CRYPTO_H_ */
177