12b9912e6SJeroen Hofstee /* 22b9912e6SJeroen Hofstee * Copyright (c) 2013, Google Inc. 32b9912e6SJeroen Hofstee * 42b9912e6SJeroen Hofstee * (C) Copyright 2008 Semihalf 52b9912e6SJeroen Hofstee * 62b9912e6SJeroen Hofstee * (C) Copyright 2000-2006 72b9912e6SJeroen Hofstee * Wolfgang Denk, DENX Software Engineering, wd@denx.de. 82b9912e6SJeroen Hofstee * 92b9912e6SJeroen Hofstee * SPDX-License-Identifier: GPL-2.0+ 102b9912e6SJeroen Hofstee */ 112b9912e6SJeroen Hofstee 122b9912e6SJeroen Hofstee #ifndef _RSA_H 132b9912e6SJeroen Hofstee #define _RSA_H 142b9912e6SJeroen Hofstee 152b9912e6SJeroen Hofstee #include <errno.h> 162b9912e6SJeroen Hofstee #include <image.h> 172b9912e6SJeroen Hofstee 182b9912e6SJeroen Hofstee /** 192b9912e6SJeroen Hofstee * struct rsa_public_key - holder for a public key 202b9912e6SJeroen Hofstee * 212b9912e6SJeroen Hofstee * An RSA public key consists of a modulus (typically called N), the inverse 222b9912e6SJeroen Hofstee * and R^2, where R is 2^(# key bits). 232b9912e6SJeroen Hofstee */ 242b9912e6SJeroen Hofstee 252b9912e6SJeroen Hofstee struct rsa_public_key { 262b9912e6SJeroen Hofstee uint len; /* len of modulus[] in number of uint32_t */ 272b9912e6SJeroen Hofstee uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */ 282b9912e6SJeroen Hofstee uint32_t *modulus; /* modulus as little endian array */ 292b9912e6SJeroen Hofstee uint32_t *rr; /* R^2 as little endian array */ 30e0f2f155SMichael van der Westhuizen uint64_t exponent; /* public exponent */ 312b9912e6SJeroen Hofstee }; 322b9912e6SJeroen Hofstee 3373223f0eSSimon Glass struct image_sign_info; 3473223f0eSSimon Glass 352b9912e6SJeroen Hofstee #if IMAGE_ENABLE_SIGN 362b9912e6SJeroen Hofstee /** 372b9912e6SJeroen Hofstee * sign() - calculate and return signature for given input data 382b9912e6SJeroen Hofstee * 392b9912e6SJeroen Hofstee * @info: Specifies key and FIT information 402b9912e6SJeroen Hofstee * @data: Pointer to the input data 412b9912e6SJeroen Hofstee * @data_len: Data length 422b9912e6SJeroen Hofstee * @sigp: Set to an allocated buffer holding the signature 432b9912e6SJeroen Hofstee * @sig_len: Set to length of the calculated hash 442b9912e6SJeroen Hofstee * 452b9912e6SJeroen Hofstee * This computes input data signature according to selected algorithm. 462b9912e6SJeroen Hofstee * Resulting signature value is placed in an allocated buffer, the 472b9912e6SJeroen Hofstee * pointer is returned as *sigp. The length of the calculated 482b9912e6SJeroen Hofstee * signature is returned via the sig_len pointer argument. The caller 492b9912e6SJeroen Hofstee * should free *sigp. 502b9912e6SJeroen Hofstee * 512b9912e6SJeroen Hofstee * @return: 0, on success, -ve on error 522b9912e6SJeroen Hofstee */ 532b9912e6SJeroen Hofstee int rsa_sign(struct image_sign_info *info, 542b9912e6SJeroen Hofstee const struct image_region region[], 552b9912e6SJeroen Hofstee int region_count, uint8_t **sigp, uint *sig_len); 562b9912e6SJeroen Hofstee 572b9912e6SJeroen Hofstee /** 582b9912e6SJeroen Hofstee * add_verify_data() - Add verification information to FDT 592b9912e6SJeroen Hofstee * 602b9912e6SJeroen Hofstee * Add public key information to the FDT node, suitable for 612b9912e6SJeroen Hofstee * verification at run-time. The information added depends on the 622b9912e6SJeroen Hofstee * algorithm being used. 632b9912e6SJeroen Hofstee * 642b9912e6SJeroen Hofstee * @info: Specifies key and FIT information 652b9912e6SJeroen Hofstee * @keydest: Destination FDT blob for public key data 662b9912e6SJeroen Hofstee * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space, 672b9912e6SJeroen Hofstee other -ve value on error 682b9912e6SJeroen Hofstee */ 692b9912e6SJeroen Hofstee int rsa_add_verify_data(struct image_sign_info *info, void *keydest); 702b9912e6SJeroen Hofstee #else 712b9912e6SJeroen Hofstee static inline int rsa_sign(struct image_sign_info *info, 722b9912e6SJeroen Hofstee const struct image_region region[], int region_count, 732b9912e6SJeroen Hofstee uint8_t **sigp, uint *sig_len) 742b9912e6SJeroen Hofstee { 752b9912e6SJeroen Hofstee return -ENXIO; 762b9912e6SJeroen Hofstee } 772b9912e6SJeroen Hofstee 782b9912e6SJeroen Hofstee static inline int rsa_add_verify_data(struct image_sign_info *info, 792b9912e6SJeroen Hofstee void *keydest) 802b9912e6SJeroen Hofstee { 812b9912e6SJeroen Hofstee return -ENXIO; 822b9912e6SJeroen Hofstee } 832b9912e6SJeroen Hofstee #endif 842b9912e6SJeroen Hofstee 85*5f14e3deSJoseph Chen #if IMAGE_ENABLE_VERIFY || defined(CONFIG_SPL_FIT_SIGNATURE) 862b9912e6SJeroen Hofstee /** 872b9912e6SJeroen Hofstee * rsa_verify() - Verify a signature against some data 882b9912e6SJeroen Hofstee * 892b9912e6SJeroen Hofstee * Verify a RSA PKCS1.5 signature against an expected hash. 902b9912e6SJeroen Hofstee * 912b9912e6SJeroen Hofstee * @info: Specifies key and FIT information 922b9912e6SJeroen Hofstee * @data: Pointer to the input data 932b9912e6SJeroen Hofstee * @data_len: Data length 942b9912e6SJeroen Hofstee * @sig: Signature 952b9912e6SJeroen Hofstee * @sig_len: Number of bytes in signature 962b9912e6SJeroen Hofstee * @return 0 if verified, -ve on error 972b9912e6SJeroen Hofstee */ 982b9912e6SJeroen Hofstee int rsa_verify(struct image_sign_info *info, 992b9912e6SJeroen Hofstee const struct image_region region[], int region_count, 1002b9912e6SJeroen Hofstee uint8_t *sig, uint sig_len); 1012b9912e6SJeroen Hofstee #else 1022b9912e6SJeroen Hofstee static inline int rsa_verify(struct image_sign_info *info, 1032b9912e6SJeroen Hofstee const struct image_region region[], int region_count, 1042b9912e6SJeroen Hofstee uint8_t *sig, uint sig_len) 1052b9912e6SJeroen Hofstee { 1062b9912e6SJeroen Hofstee return -ENXIO; 1072b9912e6SJeroen Hofstee } 1082b9912e6SJeroen Hofstee #endif 1092b9912e6SJeroen Hofstee 1102b9912e6SJeroen Hofstee #define RSA2048_BYTES (2048 / 8) 1112b9912e6SJeroen Hofstee #define RSA4096_BYTES (4096 / 8) 1122b9912e6SJeroen Hofstee 1132b9912e6SJeroen Hofstee /* This is the minimum/maximum key size we support, in bits */ 1142b9912e6SJeroen Hofstee #define RSA_MIN_KEY_BITS 2048 1152b9912e6SJeroen Hofstee #define RSA_MAX_KEY_BITS 4096 1162b9912e6SJeroen Hofstee 1172b9912e6SJeroen Hofstee /* This is the maximum signature length that we support, in bits */ 1182b9912e6SJeroen Hofstee #define RSA_MAX_SIG_BITS 4096 1192b9912e6SJeroen Hofstee 1202b9912e6SJeroen Hofstee #endif 121