]>
Commit | Line | Data |
---|---|---|
19c402af SG |
1 | /* |
2 | * Copyright (c) 2013, Google Inc. | |
3 | * | |
4 | * (C) Copyright 2008 Semihalf | |
5 | * | |
6 | * (C) Copyright 2000-2006 | |
7 | * Wolfgang Denk, DENX Software Engineering, wd@denx.de. | |
8 | * | |
1a459660 | 9 | * SPDX-License-Identifier: GPL-2.0+ |
19c402af SG |
10 | */ |
11 | ||
12 | #ifndef _RSA_H | |
13 | #define _RSA_H | |
14 | ||
15 | #include <errno.h> | |
16 | #include <image.h> | |
17 | ||
646257d1 HS |
18 | /** |
19 | * struct rsa_public_key - holder for a public key | |
20 | * | |
21 | * An RSA public key consists of a modulus (typically called N), the inverse | |
22 | * and R^2, where R is 2^(# key bits). | |
23 | */ | |
24 | ||
25 | struct rsa_public_key { | |
26 | uint len; /* len of modulus[] in number of uint32_t */ | |
27 | uint32_t n0inv; /* -1 / modulus[0] mod 2^32 */ | |
28 | uint32_t *modulus; /* modulus as little endian array */ | |
29 | uint32_t *rr; /* R^2 as little endian array */ | |
e0f2f155 | 30 | uint64_t exponent; /* public exponent */ |
646257d1 HS |
31 | }; |
32 | ||
73223f0e SG |
33 | struct image_sign_info; |
34 | ||
19c402af SG |
35 | #if IMAGE_ENABLE_SIGN |
36 | /** | |
37 | * sign() - calculate and return signature for given input data | |
38 | * | |
39 | * @info: Specifies key and FIT information | |
40 | * @data: Pointer to the input data | |
41 | * @data_len: Data length | |
42 | * @sigp: Set to an allocated buffer holding the signature | |
43 | * @sig_len: Set to length of the calculated hash | |
44 | * | |
45 | * This computes input data signature according to selected algorithm. | |
46 | * Resulting signature value is placed in an allocated buffer, the | |
47 | * pointer is returned as *sigp. The length of the calculated | |
48 | * signature is returned via the sig_len pointer argument. The caller | |
49 | * should free *sigp. | |
50 | * | |
51 | * @return: 0, on success, -ve on error | |
52 | */ | |
53 | int rsa_sign(struct image_sign_info *info, | |
54 | const struct image_region region[], | |
55 | int region_count, uint8_t **sigp, uint *sig_len); | |
56 | ||
57 | /** | |
58 | * add_verify_data() - Add verification information to FDT | |
59 | * | |
60 | * Add public key information to the FDT node, suitable for | |
61 | * verification at run-time. The information added depends on the | |
62 | * algorithm being used. | |
63 | * | |
64 | * @info: Specifies key and FIT information | |
65 | * @keydest: Destination FDT blob for public key data | |
4f427a42 SG |
66 | * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space, |
67 | other -ve value on error | |
19c402af SG |
68 | */ |
69 | int rsa_add_verify_data(struct image_sign_info *info, void *keydest); | |
70 | #else | |
71 | static inline int rsa_sign(struct image_sign_info *info, | |
72 | const struct image_region region[], int region_count, | |
73 | uint8_t **sigp, uint *sig_len) | |
74 | { | |
75 | return -ENXIO; | |
76 | } | |
77 | ||
78 | static inline int rsa_add_verify_data(struct image_sign_info *info, | |
79 | void *keydest) | |
80 | { | |
81 | return -ENXIO; | |
82 | } | |
83 | #endif | |
84 | ||
85 | #if IMAGE_ENABLE_VERIFY | |
86 | /** | |
87 | * rsa_verify() - Verify a signature against some data | |
88 | * | |
89 | * Verify a RSA PKCS1.5 signature against an expected hash. | |
90 | * | |
91 | * @info: Specifies key and FIT information | |
92 | * @data: Pointer to the input data | |
93 | * @data_len: Data length | |
94 | * @sig: Signature | |
95 | * @sig_len: Number of bytes in signature | |
96 | * @return 0 if verified, -ve on error | |
97 | */ | |
98 | int rsa_verify(struct image_sign_info *info, | |
99 | const struct image_region region[], int region_count, | |
100 | uint8_t *sig, uint sig_len); | |
101 | #else | |
102 | static inline int rsa_verify(struct image_sign_info *info, | |
103 | const struct image_region region[], int region_count, | |
104 | uint8_t *sig, uint sig_len) | |
105 | { | |
106 | return -ENXIO; | |
107 | } | |
108 | #endif | |
109 | ||
db1b5f3d HS |
110 | #define RSA2048_BYTES (2048 / 8) |
111 | #define RSA4096_BYTES (4096 / 8) | |
112 | ||
113 | /* This is the minimum/maximum key size we support, in bits */ | |
114 | #define RSA_MIN_KEY_BITS 2048 | |
115 | #define RSA_MAX_KEY_BITS 4096 | |
116 | ||
117 | /* This is the maximum signature length that we support, in bits */ | |
118 | #define RSA_MAX_SIG_BITS 4096 | |
119 | ||
19c402af | 120 | #endif |