1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
|
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Permission is hereby granted, free of charge, to any person
* obtaining a copy of this software and associated documentation
* files (the "Software"), to deal in the Software without
* restriction, including without limitation the rights to use, copy,
* modify, merge, publish, distribute, sublicense, and/or sell copies
* of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
* BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
* ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
* CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
* SOFTWARE.
*/
#if !defined(AVB_INSIDE_LIBAVB_H) && !defined(AVB_COMPILATION)
#error "Never include this file directly, include libavb.h instead."
#endif
#ifndef AVB_CRYPTO_H_
#define AVB_CRYPTO_H_
#include "avb_sysdeps.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Algorithms that can be used in the vbmeta image for
* verification. An algorithm consists of a hash type and a signature
* type.
*
* The data used to calculate the hash is the three blocks mentioned
* in the documentation for |AvbVBMetaImageHeader| except for the data
* in the "Authentication data" block.
*
* For signatures with RSA keys, PKCS v1.5 padding is used. The public
* key data is stored in the auxiliary data block, see
* |AvbRSAPublicKeyHeader| for the serialization format.
*
* Each algorithm type is described below:
*
* AVB_ALGORITHM_TYPE_NONE: There is no hash, no signature of the
* data, and no public key. The data cannot be verified. The fields
* |hash_size|, |signature_size|, and |public_key_size| must be zero.
*
* AVB_ALGORITHM_TYPE_SHA256_RSA2048: The hash function used is
* SHA-256, resulting in 32 bytes of hash digest data. This hash is
* signed with a 2048-bit RSA key. The field |hash_size| must be 32,
* |signature_size| must be 256, and the public key data must have
* |key_num_bits| set to 2048.
*
* AVB_ALGORITHM_TYPE_SHA256_RSA4096: Like above, but only with
* a 4096-bit RSA key and |signature_size| set to 512.
*
* AVB_ALGORITHM_TYPE_SHA256_RSA8192: Like above, but only with
* a 8192-bit RSA key and |signature_size| set to 1024.
*
* AVB_ALGORITHM_TYPE_SHA512_RSA2048: The hash function used is
* SHA-512, resulting in 64 bytes of hash digest data. This hash is
* signed with a 2048-bit RSA key. The field |hash_size| must be 64,
* |signature_size| must be 256, and the public key data must have
* |key_num_bits| set to 2048.
*
* AVB_ALGORITHM_TYPE_SHA512_RSA4096: Like above, but only with
* a 4096-bit RSA key and |signature_size| set to 512.
*
* AVB_ALGORITHM_TYPE_SHA512_RSA8192: Like above, but only with
* a 8192-bit RSA key and |signature_size| set to 1024.
*/
typedef enum {
AVB_ALGORITHM_TYPE_NONE,
AVB_ALGORITHM_TYPE_SHA256_RSA2048,
AVB_ALGORITHM_TYPE_SHA256_RSA4096,
AVB_ALGORITHM_TYPE_SHA256_RSA8192,
AVB_ALGORITHM_TYPE_SHA512_RSA2048,
AVB_ALGORITHM_TYPE_SHA512_RSA4096,
AVB_ALGORITHM_TYPE_SHA512_RSA8192,
_AVB_ALGORITHM_NUM_TYPES
} AvbAlgorithmType;
/* The header for a serialized RSA public key.
*
* The size of the key is given by |key_num_bits|, for example 2048
* for a RSA-2048 key. By definition, a RSA public key is the pair (n,
* e) where |n| is the modulus (which can be represented in
* |key_num_bits| bits) and |e| is the public exponent. The exponent
* is not stored since it's assumed to always be 65537.
*
* To optimize verification, the key block includes two precomputed
* values, |n0inv| (fits in 32 bits) and |rr| and can always be
* represented in |key_num_bits|.
* The value |n0inv| is the value -1/n[0] (mod 2^32). The value |rr|
* is (2^key_num_bits)^2 (mod n).
*
* Following this header is |key_num_bits| bits of |n|, then
* |key_num_bits| bits of |rr|. Both values are stored with most
* significant bit first. Each serialized number takes up
* |key_num_bits|/8 bytes.
*
* All fields in this struct are stored in network byte order when
* serialized. To generate a copy with fields swapped to native byte
* order, use the function avb_rsa_public_key_header_validate_and_byteswap().
*
* The avb_rsa_verify() function expects a key in this serialized
* format.
*
* The 'avbtool extract_public_key' command can be used to generate a
* serialized RSA public key.
*/
typedef struct AvbRSAPublicKeyHeader {
uint32_t key_num_bits;
uint32_t n0inv;
} AVB_ATTR_PACKED AvbRSAPublicKeyHeader;
/* Copies |src| to |dest| and validates, byte-swapping fields in the
* process if needed. Returns true if valid, false if invalid.
*/
bool avb_rsa_public_key_header_validate_and_byteswap(
const AvbRSAPublicKeyHeader* src,
AvbRSAPublicKeyHeader* dest) AVB_ATTR_WARN_UNUSED_RESULT;
#ifdef __cplusplus
}
#endif
#endif /* AVB_CRYPTO_H_ */
|