]>
Commit | Line | Data |
---|---|---|
19c402af SG |
1 | /* |
2 | * Copyright (c) 2013, Google Inc. | |
3 | * | |
4 | * (C) Copyright 2008 Semihalf | |
5 | * | |
6 | * (C) Copyright 2000-2006 | |
7 | * Wolfgang Denk, DENX Software Engineering, wd@denx.de. | |
8 | * | |
1a459660 | 9 | * SPDX-License-Identifier: GPL-2.0+ |
19c402af SG |
10 | */ |
11 | ||
12 | #ifndef _RSA_H | |
13 | #define _RSA_H | |
14 | ||
15 | #include <errno.h> | |
16 | #include <image.h> | |
17 | ||
646257d1 HS |
18 | /** |
19 | * struct rsa_public_key - holder for a public key | |
20 | * | |
21 | * An RSA public key consists of a modulus (typically called N), the inverse | |
22 | * and R^2, where R is 2^(# key bits). | |
23 | */ | |
24 | ||
25 | struct rsa_public_key { | |
26 | uint len; /* len of modulus[] in number of uint32_t */ | |
27 | uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */ | |
28 | uint32_t *modulus; /* modulus as little endian array */ | |
29 | uint32_t *rr; /* R^2 as little endian array */ | |
30 | }; | |
31 | ||
19c402af SG |
32 | #if IMAGE_ENABLE_SIGN |
33 | /** | |
34 | * sign() - calculate and return signature for given input data | |
35 | * | |
36 | * @info: Specifies key and FIT information | |
37 | * @data: Pointer to the input data | |
38 | * @data_len: Data length | |
39 | * @sigp: Set to an allocated buffer holding the signature | |
40 | * @sig_len: Set to length of the calculated hash | |
41 | * | |
42 | * This computes input data signature according to selected algorithm. | |
43 | * Resulting signature value is placed in an allocated buffer, the | |
44 | * pointer is returned as *sigp. The length of the calculated | |
45 | * signature is returned via the sig_len pointer argument. The caller | |
46 | * should free *sigp. | |
47 | * | |
48 | * @return: 0, on success, -ve on error | |
49 | */ | |
50 | int rsa_sign(struct image_sign_info *info, | |
51 | const struct image_region region[], | |
52 | int region_count, uint8_t **sigp, uint *sig_len); | |
53 | ||
54 | /** | |
55 | * add_verify_data() - Add verification information to FDT | |
56 | * | |
57 | * Add public key information to the FDT node, suitable for | |
58 | * verification at run-time. The information added depends on the | |
59 | * algorithm being used. | |
60 | * | |
61 | * @info: Specifies key and FIT information | |
62 | * @keydest: Destination FDT blob for public key data | |
63 | * @return: 0, on success, -ve on error | |
64 | */ | |
65 | int rsa_add_verify_data(struct image_sign_info *info, void *keydest); | |
66 | #else | |
67 | static inline int rsa_sign(struct image_sign_info *info, | |
68 | const struct image_region region[], int region_count, | |
69 | uint8_t **sigp, uint *sig_len) | |
70 | { | |
71 | return -ENXIO; | |
72 | } | |
73 | ||
74 | static inline int rsa_add_verify_data(struct image_sign_info *info, | |
75 | void *keydest) | |
76 | { | |
77 | return -ENXIO; | |
78 | } | |
79 | #endif | |
80 | ||
81 | #if IMAGE_ENABLE_VERIFY | |
82 | /** | |
83 | * rsa_verify() - Verify a signature against some data | |
84 | * | |
85 | * Verify a RSA PKCS1.5 signature against an expected hash. | |
86 | * | |
87 | * @info: Specifies key and FIT information | |
88 | * @data: Pointer to the input data | |
89 | * @data_len: Data length | |
90 | * @sig: Signature | |
91 | * @sig_len: Number of bytes in signature | |
92 | * @return 0 if verified, -ve on error | |
93 | */ | |
94 | int rsa_verify(struct image_sign_info *info, | |
95 | const struct image_region region[], int region_count, | |
96 | uint8_t *sig, uint sig_len); | |
97 | #else | |
98 | static inline int rsa_verify(struct image_sign_info *info, | |
99 | const struct image_region region[], int region_count, | |
100 | uint8_t *sig, uint sig_len) | |
101 | { | |
102 | return -ENXIO; | |
103 | } | |
104 | #endif | |
105 | ||
db1b5f3d HS |
106 | #define RSA2048_BYTES (2048 / 8) |
107 | #define RSA4096_BYTES (4096 / 8) | |
108 | ||
109 | /* This is the minimum/maximum key size we support, in bits */ | |
110 | #define RSA_MIN_KEY_BITS 2048 | |
111 | #define RSA_MAX_KEY_BITS 4096 | |
112 | ||
113 | /* This is the maximum signature length that we support, in bits */ | |
114 | #define RSA_MAX_SIG_BITS 4096 | |
115 | ||
19c402af | 116 | #endif |