1*2b9912e6SJeroen Hofstee /* 2*2b9912e6SJeroen Hofstee * Copyright (c) 2013, Google Inc. 3*2b9912e6SJeroen Hofstee * 4*2b9912e6SJeroen Hofstee * (C) Copyright 2008 Semihalf 5*2b9912e6SJeroen Hofstee * 6*2b9912e6SJeroen Hofstee * (C) Copyright 2000-2006 7*2b9912e6SJeroen Hofstee * Wolfgang Denk, DENX Software Engineering, wd@denx.de. 8*2b9912e6SJeroen Hofstee * 9*2b9912e6SJeroen Hofstee * SPDX-License-Identifier: GPL-2.0+ 10*2b9912e6SJeroen Hofstee */ 11*2b9912e6SJeroen Hofstee 12*2b9912e6SJeroen Hofstee #ifndef _RSA_H 13*2b9912e6SJeroen Hofstee #define _RSA_H 14*2b9912e6SJeroen Hofstee 15*2b9912e6SJeroen Hofstee #include <errno.h> 16*2b9912e6SJeroen Hofstee #include <image.h> 17*2b9912e6SJeroen Hofstee 18*2b9912e6SJeroen Hofstee /** 19*2b9912e6SJeroen Hofstee * struct rsa_public_key - holder for a public key 20*2b9912e6SJeroen Hofstee * 21*2b9912e6SJeroen Hofstee * An RSA public key consists of a modulus (typically called N), the inverse 22*2b9912e6SJeroen Hofstee * and R^2, where R is 2^(# key bits). 23*2b9912e6SJeroen Hofstee */ 24*2b9912e6SJeroen Hofstee 25*2b9912e6SJeroen Hofstee struct rsa_public_key { 26*2b9912e6SJeroen Hofstee uint len; /* len of modulus[] in number of uint32_t */ 27*2b9912e6SJeroen Hofstee uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */ 28*2b9912e6SJeroen Hofstee uint32_t *modulus; /* modulus as little endian array */ 29*2b9912e6SJeroen Hofstee uint32_t *rr; /* R^2 as little endian array */ 30*2b9912e6SJeroen Hofstee }; 31*2b9912e6SJeroen Hofstee 32*2b9912e6SJeroen Hofstee #if IMAGE_ENABLE_SIGN 33*2b9912e6SJeroen Hofstee /** 34*2b9912e6SJeroen Hofstee * sign() - calculate and return signature for given input data 35*2b9912e6SJeroen Hofstee * 36*2b9912e6SJeroen Hofstee * @info: Specifies key and FIT information 37*2b9912e6SJeroen Hofstee * @data: Pointer to the input data 38*2b9912e6SJeroen Hofstee * @data_len: Data length 39*2b9912e6SJeroen Hofstee * @sigp: Set to an allocated buffer holding the signature 40*2b9912e6SJeroen Hofstee * @sig_len: Set to length of the calculated hash 41*2b9912e6SJeroen Hofstee * 42*2b9912e6SJeroen Hofstee * This computes input data signature according to selected algorithm. 43*2b9912e6SJeroen Hofstee * Resulting signature value is placed in an allocated buffer, the 44*2b9912e6SJeroen Hofstee * pointer is returned as *sigp. The length of the calculated 45*2b9912e6SJeroen Hofstee * signature is returned via the sig_len pointer argument. The caller 46*2b9912e6SJeroen Hofstee * should free *sigp. 47*2b9912e6SJeroen Hofstee * 48*2b9912e6SJeroen Hofstee * @return: 0, on success, -ve on error 49*2b9912e6SJeroen Hofstee */ 50*2b9912e6SJeroen Hofstee int rsa_sign(struct image_sign_info *info, 51*2b9912e6SJeroen Hofstee const struct image_region region[], 52*2b9912e6SJeroen Hofstee int region_count, uint8_t **sigp, uint *sig_len); 53*2b9912e6SJeroen Hofstee 54*2b9912e6SJeroen Hofstee /** 55*2b9912e6SJeroen Hofstee * add_verify_data() - Add verification information to FDT 56*2b9912e6SJeroen Hofstee * 57*2b9912e6SJeroen Hofstee * Add public key information to the FDT node, suitable for 58*2b9912e6SJeroen Hofstee * verification at run-time. The information added depends on the 59*2b9912e6SJeroen Hofstee * algorithm being used. 60*2b9912e6SJeroen Hofstee * 61*2b9912e6SJeroen Hofstee * @info: Specifies key and FIT information 62*2b9912e6SJeroen Hofstee * @keydest: Destination FDT blob for public key data 63*2b9912e6SJeroen Hofstee * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space, 64*2b9912e6SJeroen Hofstee other -ve value on error 65*2b9912e6SJeroen Hofstee */ 66*2b9912e6SJeroen Hofstee int rsa_add_verify_data(struct image_sign_info *info, void *keydest); 67*2b9912e6SJeroen Hofstee #else 68*2b9912e6SJeroen Hofstee static inline int rsa_sign(struct image_sign_info *info, 69*2b9912e6SJeroen Hofstee const struct image_region region[], int region_count, 70*2b9912e6SJeroen Hofstee uint8_t **sigp, uint *sig_len) 71*2b9912e6SJeroen Hofstee { 72*2b9912e6SJeroen Hofstee return -ENXIO; 73*2b9912e6SJeroen Hofstee } 74*2b9912e6SJeroen Hofstee 75*2b9912e6SJeroen Hofstee static inline int rsa_add_verify_data(struct image_sign_info *info, 76*2b9912e6SJeroen Hofstee void *keydest) 77*2b9912e6SJeroen Hofstee { 78*2b9912e6SJeroen Hofstee return -ENXIO; 79*2b9912e6SJeroen Hofstee } 80*2b9912e6SJeroen Hofstee #endif 81*2b9912e6SJeroen Hofstee 82*2b9912e6SJeroen Hofstee #if IMAGE_ENABLE_VERIFY 83*2b9912e6SJeroen Hofstee /** 84*2b9912e6SJeroen Hofstee * rsa_verify() - Verify a signature against some data 85*2b9912e6SJeroen Hofstee * 86*2b9912e6SJeroen Hofstee * Verify a RSA PKCS1.5 signature against an expected hash. 87*2b9912e6SJeroen Hofstee * 88*2b9912e6SJeroen Hofstee * @info: Specifies key and FIT information 89*2b9912e6SJeroen Hofstee * @data: Pointer to the input data 90*2b9912e6SJeroen Hofstee * @data_len: Data length 91*2b9912e6SJeroen Hofstee * @sig: Signature 92*2b9912e6SJeroen Hofstee * @sig_len: Number of bytes in signature 93*2b9912e6SJeroen Hofstee * @return 0 if verified, -ve on error 94*2b9912e6SJeroen Hofstee */ 95*2b9912e6SJeroen Hofstee int rsa_verify(struct image_sign_info *info, 96*2b9912e6SJeroen Hofstee const struct image_region region[], int region_count, 97*2b9912e6SJeroen Hofstee uint8_t *sig, uint sig_len); 98*2b9912e6SJeroen Hofstee #else 99*2b9912e6SJeroen Hofstee static inline int rsa_verify(struct image_sign_info *info, 100*2b9912e6SJeroen Hofstee const struct image_region region[], int region_count, 101*2b9912e6SJeroen Hofstee uint8_t *sig, uint sig_len) 102*2b9912e6SJeroen Hofstee { 103*2b9912e6SJeroen Hofstee return -ENXIO; 104*2b9912e6SJeroen Hofstee } 105*2b9912e6SJeroen Hofstee #endif 106*2b9912e6SJeroen Hofstee 107*2b9912e6SJeroen Hofstee #define RSA2048_BYTES (2048 / 8) 108*2b9912e6SJeroen Hofstee #define RSA4096_BYTES (4096 / 8) 109*2b9912e6SJeroen Hofstee 110*2b9912e6SJeroen Hofstee /* This is the minimum/maximum key size we support, in bits */ 111*2b9912e6SJeroen Hofstee #define RSA_MIN_KEY_BITS 2048 112*2b9912e6SJeroen Hofstee #define RSA_MAX_KEY_BITS 4096 113*2b9912e6SJeroen Hofstee 114*2b9912e6SJeroen Hofstee /* This is the maximum signature length that we support, in bits */ 115*2b9912e6SJeroen Hofstee #define RSA_MAX_SIG_BITS 4096 116*2b9912e6SJeroen Hofstee 117*2b9912e6SJeroen Hofstee #endif 118