platform/hardware/amlogic/bootctrl.git - Unnamed repository; edit this file 'description' to name the repository.

1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Permission is hereby granted, free of charge, to any person
5  * obtaining a copy of this software and associated documentation
6  * files (the "Software"), to deal in the Software without
7  * restriction, including without limitation the rights to use, copy,
8  * modify, merge, publish, distribute, sublicense, and/or sell copies
9  * of the Software, and to permit persons to whom the Software is
10  * furnished to do so, subject to the following conditions:
11  *
12  * The above copyright notice and this permission notice shall be
13  * included in all copies or substantial portions of the Software.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16  * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17  * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18  * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19  * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20  * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21  * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22  * SOFTWARE.
23  */
24
25 #if !defined(AVB_INSIDE_LIBAVB_H) && !defined(AVB_COMPILATION)
26 #error "Never include this file directly, include libavb.h instead."
27 #endif
28
29 #ifndef AVB_CRYPTO_H_
30 #define AVB_CRYPTO_H_
31
32 #include "avb_sysdeps.h"
33
34 #ifdef __cplusplus
35 extern "C" {
36 #endif
37
38 /* Size of a RSA-2048 signature. */
39 #define AVB_RSA2048_NUM_BYTES 256
40
41 /* Size of a RSA-4096 signature. */
42 #define AVB_RSA4096_NUM_BYTES 512
43
44 /* Size of a RSA-8192 signature. */
45 #define AVB_RSA8192_NUM_BYTES 1024
46
47 /* Size in bytes of a SHA-256 digest. */
48 #define AVB_SHA256_DIGEST_SIZE 32
49
50 /* Size in bytes of a SHA-512 digest. */
51 #define AVB_SHA512_DIGEST_SIZE 64
52
53 /* Algorithms that can be used in the vbmeta image for
54  * verification. An algorithm consists of a hash type and a signature
55  * type.
56  *
57  * The data used to calculate the hash is the three blocks mentioned
58  * in the documentation for |AvbVBMetaImageHeader| except for the data
59  * in the "Authentication data" block.
60  *
61  * For signatures with RSA keys, PKCS v1.5 padding is used. The public
62  * key data is stored in the auxiliary data block, see
63  * |AvbRSAPublicKeyHeader| for the serialization format.
64  *
65  * Each algorithm type is described below:
66  *
67  * AVB_ALGORITHM_TYPE_NONE: There is no hash, no signature of the
68  * data, and no public key. The data cannot be verified. The fields
69  * |hash_size|, |signature_size|, and |public_key_size| must be zero.
70  *
71  * AVB_ALGORITHM_TYPE_SHA256_RSA2048: The hash function used is
72  * SHA-256, resulting in 32 bytes of hash digest data. This hash is
73  * signed with a 2048-bit RSA key. The field |hash_size| must be 32,
74  * |signature_size| must be 256, and the public key data must have
75  * |key_num_bits| set to 2048.
76  *
77  * AVB_ALGORITHM_TYPE_SHA256_RSA4096: Like above, but only with
78  * a 4096-bit RSA key and |signature_size| set to 512.
79  *
80  * AVB_ALGORITHM_TYPE_SHA256_RSA8192: Like above, but only with
81  * a 8192-bit RSA key and |signature_size| set to 1024.
82  *
83  * AVB_ALGORITHM_TYPE_SHA512_RSA2048: The hash function used is
84  * SHA-512, resulting in 64 bytes of hash digest data. This hash is
85  * signed with a 2048-bit RSA key. The field |hash_size| must be 64,
86  * |signature_size| must be 256, and the public key data must have
87  * |key_num_bits| set to 2048.
88  *
89  * AVB_ALGORITHM_TYPE_SHA512_RSA4096: Like above, but only with
90  * a 4096-bit RSA key and |signature_size| set to 512.
91  *
92  * AVB_ALGORITHM_TYPE_SHA512_RSA8192: Like above, but only with
93  * a 8192-bit RSA key and |signature_size| set to 1024.
94  */
95 typedef enum {
96   AVB_ALGORITHM_TYPE_NONE,
97   AVB_ALGORITHM_TYPE_SHA256_RSA2048,
98   AVB_ALGORITHM_TYPE_SHA256_RSA4096,
99   AVB_ALGORITHM_TYPE_SHA256_RSA8192,
100   AVB_ALGORITHM_TYPE_SHA512_RSA2048,
101   AVB_ALGORITHM_TYPE_SHA512_RSA4096,
102   AVB_ALGORITHM_TYPE_SHA512_RSA8192,
103   _AVB_ALGORITHM_NUM_TYPES
104 } AvbAlgorithmType;
105
106 /* Holds algorithm-specific data. The |padding| is needed by avb_rsa_verify. */
107 typedef struct {
108   const uint8_t* padding;
109   size_t padding_len;
110   size_t hash_len;
111 } AvbAlgorithmData;
112
113 /* Provides algorithm-specific data for a given |algorithm|. Returns NULL if
114  * |algorithm| is invalid.
115  */
116 const AvbAlgorithmData* avb_get_algorithm_data(AvbAlgorithmType algorithm)
117     AVB_ATTR_WARN_UNUSED_RESULT;
118
119 /* The header for a serialized RSA public key.
120  *
121  * The size of the key is given by |key_num_bits|, for example 2048
122  * for a RSA-2048 key. By definition, a RSA public key is the pair (n,
123  * e) where |n| is the modulus (which can be represented in
124  * |key_num_bits| bits) and |e| is the public exponent. The exponent
125  * is not stored since it's assumed to always be 65537.
126  *
127  * To optimize verification, the key block includes two precomputed
128  * values, |n0inv| (fits in 32 bits) and |rr| and can always be
129  * represented in |key_num_bits|.
130
131  * The value |n0inv| is the value -1/n[0] (mod 2^32). The value |rr|
132  * is (2^key_num_bits)^2 (mod n).
133  *
134  * Following this header is |key_num_bits| bits of |n|, then
135  * |key_num_bits| bits of |rr|. Both values are stored with most
136  * significant bit first. Each serialized number takes up
137  * |key_num_bits|/8 bytes.
138  *
139  * All fields in this struct are stored in network byte order when
140  * serialized.  To generate a copy with fields swapped to native byte
141  * order, use the function avb_rsa_public_key_header_validate_and_byteswap().
142  *
143  * The avb_rsa_verify() function expects a key in this serialized
144  * format.
145  *
146  * The 'avbtool extract_public_key' command can be used to generate a
147  * serialized RSA public key.
148  */
149 typedef struct AvbRSAPublicKeyHeader {
150   uint32_t key_num_bits;
151   uint32_t n0inv;
152 } AVB_ATTR_PACKED AvbRSAPublicKeyHeader;
153
154 /* Copies |src| to |dest| and validates, byte-swapping fields in the
155  * process if needed. Returns true if valid, false if invalid.
156  */
157 bool avb_rsa_public_key_header_validate_and_byteswap(
158     const AvbRSAPublicKeyHeader* src,
159     AvbRSAPublicKeyHeader* dest) AVB_ATTR_WARN_UNUSED_RESULT;
160
161 #ifdef __cplusplus
162 }
163 #endif
164
165 #endif /* AVB_CRYPTO_H_ */
166
1	/*
2	* Copyright (C) 2016 The Android Open Source Project
3	*
4	* Permission is hereby granted, free of charge, to any person
5	* obtaining a copy of this software and associated documentation
6	* files (the "Software"), to deal in the Software without
7	* restriction, including without limitation the rights to use, copy,
8	* modify, merge, publish, distribute, sublicense, and/or sell copies
9	* of the Software, and to permit persons to whom the Software is
10	* furnished to do so, subject to the following conditions:
11	*
12	* The above copyright notice and this permission notice shall be
13	* included in all copies or substantial portions of the Software.
14	*
15	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16	* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17	* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18	* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19	* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20	* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21	* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22	* SOFTWARE.
23	*/
24
25	#if !defined(AVB_INSIDE_LIBAVB_H) && !defined(AVB_COMPILATION)
26	#error "Never include this file directly, include libavb.h instead."
27	#endif
28
29	#ifndef AVB_CRYPTO_H_
30	#define AVB_CRYPTO_H_
31
32	#include "avb_sysdeps.h"
33
34	#ifdef __cplusplus
35	extern "C" {
36	#endif
37
38	/* Size of a RSA-2048 signature. */
39	#define AVB_RSA2048_NUM_BYTES 256
40
41	/* Size of a RSA-4096 signature. */
42	#define AVB_RSA4096_NUM_BYTES 512
43
44	/* Size of a RSA-8192 signature. */
45	#define AVB_RSA8192_NUM_BYTES 1024
46
47	/* Size in bytes of a SHA-256 digest. */
48	#define AVB_SHA256_DIGEST_SIZE 32
49
50	/* Size in bytes of a SHA-512 digest. */
51	#define AVB_SHA512_DIGEST_SIZE 64
52
53	/* Algorithms that can be used in the vbmeta image for
54	* verification. An algorithm consists of a hash type and a signature
55	* type.
56	*
57	* The data used to calculate the hash is the three blocks mentioned
58	* in the documentation for \|AvbVBMetaImageHeader\| except for the data
59	* in the "Authentication data" block.
60	*
61	* For signatures with RSA keys, PKCS v1.5 padding is used. The public
62	* key data is stored in the auxiliary data block, see
63	* \|AvbRSAPublicKeyHeader\| for the serialization format.
64	*
65	* Each algorithm type is described below:
66	*
67	* AVB_ALGORITHM_TYPE_NONE: There is no hash, no signature of the
68	* data, and no public key. The data cannot be verified. The fields
69	* \|hash_size\|, \|signature_size\|, and \|public_key_size\| must be zero.
70	*
71	* AVB_ALGORITHM_TYPE_SHA256_RSA2048: The hash function used is
72	* SHA-256, resulting in 32 bytes of hash digest data. This hash is
73	* signed with a 2048-bit RSA key. The field \|hash_size\| must be 32,
74	* \|signature_size\| must be 256, and the public key data must have
75	* \|key_num_bits\| set to 2048.
76	*
77	* AVB_ALGORITHM_TYPE_SHA256_RSA4096: Like above, but only with
78	* a 4096-bit RSA key and \|signature_size\| set to 512.
79	*
80	* AVB_ALGORITHM_TYPE_SHA256_RSA8192: Like above, but only with
81	* a 8192-bit RSA key and \|signature_size\| set to 1024.
82	*
83	* AVB_ALGORITHM_TYPE_SHA512_RSA2048: The hash function used is
84	* SHA-512, resulting in 64 bytes of hash digest data. This hash is
85	* signed with a 2048-bit RSA key. The field \|hash_size\| must be 64,
86	* \|signature_size\| must be 256, and the public key data must have
87	* \|key_num_bits\| set to 2048.
88	*
89	* AVB_ALGORITHM_TYPE_SHA512_RSA4096: Like above, but only with
90	* a 4096-bit RSA key and \|signature_size\| set to 512.
91	*
92	* AVB_ALGORITHM_TYPE_SHA512_RSA8192: Like above, but only with
93	* a 8192-bit RSA key and \|signature_size\| set to 1024.
94	*/
95	typedef enum {
96	AVB_ALGORITHM_TYPE_NONE,
97	AVB_ALGORITHM_TYPE_SHA256_RSA2048,
98	AVB_ALGORITHM_TYPE_SHA256_RSA4096,
99	AVB_ALGORITHM_TYPE_SHA256_RSA8192,
100	AVB_ALGORITHM_TYPE_SHA512_RSA2048,
101	AVB_ALGORITHM_TYPE_SHA512_RSA4096,
102	AVB_ALGORITHM_TYPE_SHA512_RSA8192,
103	_AVB_ALGORITHM_NUM_TYPES
104	} AvbAlgorithmType;
105
106	/* Holds algorithm-specific data. The \|padding\| is needed by avb_rsa_verify. */
107	typedef struct {
108	const uint8_t* padding;
109	size_t padding_len;
110	size_t hash_len;
111	} AvbAlgorithmData;
112
113	/* Provides algorithm-specific data for a given \|algorithm\|. Returns NULL if
114	* \|algorithm\| is invalid.
115	*/
116	const AvbAlgorithmData* avb_get_algorithm_data(AvbAlgorithmType algorithm)
117	AVB_ATTR_WARN_UNUSED_RESULT;
118
119	/* The header for a serialized RSA public key.
120	*
121	* The size of the key is given by \|key_num_bits\|, for example 2048
122	* for a RSA-2048 key. By definition, a RSA public key is the pair (n,
123	* e) where \|n\| is the modulus (which can be represented in
124	* \|key_num_bits\| bits) and \|e\| is the public exponent. The exponent
125	* is not stored since it's assumed to always be 65537.
126	*
127	* To optimize verification, the key block includes two precomputed
128	* values, \|n0inv\| (fits in 32 bits) and \|rr\| and can always be
129	* represented in \|key_num_bits\|.
130
131	* The value \|n0inv\| is the value -1/n[0] (mod 2^32). The value \|rr\|
132	* is (2^key_num_bits)^2 (mod n).
133	*
134	* Following this header is \|key_num_bits\| bits of \|n\|, then
135	* \|key_num_bits\| bits of \|rr\|. Both values are stored with most
136	* significant bit first. Each serialized number takes up
137	* \|key_num_bits\|/8 bytes.
138	*
139	* All fields in this struct are stored in network byte order when
140	* serialized. To generate a copy with fields swapped to native byte
141	* order, use the function avb_rsa_public_key_header_validate_and_byteswap().
142	*
143	* The avb_rsa_verify() function expects a key in this serialized
144	* format.
145	*
146	* The 'avbtool extract_public_key' command can be used to generate a
147	* serialized RSA public key.
148	*/
149	typedef struct AvbRSAPublicKeyHeader {
150	uint32_t key_num_bits;
151	uint32_t n0inv;
152	} AVB_ATTR_PACKED AvbRSAPublicKeyHeader;
153
154	/* Copies \|src\| to \|dest\| and validates, byte-swapping fields in the
155	* process if needed. Returns true if valid, false if invalid.
156	*/
157	bool avb_rsa_public_key_header_validate_and_byteswap(
158	const AvbRSAPublicKeyHeader* src,
159	AvbRSAPublicKeyHeader* dest) AVB_ATTR_WARN_UNUSED_RESULT;
160
161	#ifdef __cplusplus
162	}
163	#endif
164
165	#endif /* AVB_CRYPTO_H_ */
166