Google Git
Sign in
cos / mirrors / cros / chromiumos / platform / vboot_reference / d641f8d74688290f4c7185c042b6973032ce2f37^! / .
commitd641f8d74688290f4c7185c042b6973032ce2f37[log] [tgz]
authorKangheui Won <khwon@chromium.org>Wed Aug 19 19:29:20 2020 +1000
committerCommit Bot <commit-bot@chromium.org>Thu Aug 20 23:39:44 2020 +0000
tree8dd90ba4003ba8ece554fe2c43b26d0168d737d2
parent3932b1c8729e9bfac918da50224d06adae73fde0 [diff]
vboot2: Add prototype for hwcrypto RSA

Introduce new prototype for HW RSA accleration. This is not used
on anywhere yet but will unblock coreboot work to support HW RSA.

BRANCH=none
BUG=b:163710320, b:161205813
TEST=make runtests; emerge-zork coreboot depthcharge

Change-Id: Ic4b93f32410efdd06bd012efe58749b6ef0692c6
Signed-off-by: Kangheui Won <khwon@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2364338
Reviewed-by: Julius Werner <jwerner@chromium.org>

diff --git a/firmware/2lib/2stub.c b/firmware/2lib/2stub.c
index c4b9bdf..fc539fe 100644
--- a/firmware/2lib/2stub.c
+++ b/firmware/2lib/2stub.c

@@ -61,6 +61,13 @@
 }
 
 __attribute__((weak))
+vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key,
+					     const uint8_t *sig, const uint8_t *digest)
+{
+	return VB2_ERROR_EX_HWCRYPTO_UNSUPPORTED;
+}
+
+__attribute__((weak))
 vb2_error_t vb2ex_tpm_set_mode(enum vb2_tpm_mode mode_val)
 {
 	fprintf(stderr, "%s: function not implemented\n", __func__);

diff --git a/firmware/2lib/include/2api.h b/firmware/2lib/include/2api.h
index c6d99bd..c2f636e 100644
--- a/firmware/2lib/include/2api.h
+++ b/firmware/2lib/include/2api.h

@@ -26,6 +26,7 @@
 #include "2id.h"
 #include "2recovery_reasons.h"
 #include "2return_codes.h"
+#include "2rsa.h"
 #include "2secdata_struct.h"
 
 #define _VB2_TRY_IMPL(expr, ctx, recovery_reason, ...) do { \
@@ -952,6 +953,19 @@
 vb2_error_t vb2ex_hwcrypto_digest_finalize(uint8_t *digest,
 					   uint32_t digest_size);
 
+/**
+ * Verify a RSA PKCS1.5 signature in hardware crypto engine
+ * against an expected hash digest.
+ *
+ * @param key		Key to use in signature verification
+ * @param sig		Signature to verify (destroyed in process)
+ * @param digest	Digest of signed data
+ * @return VB2_SUCCESS, or non-zero error code (HWCRYPTO_UNSUPPORTED not fatal).
+ */
+vb2_error_t vb2ex_hwcrypto_rsa_verify_digest(const struct vb2_public_key *key,
+					     const uint8_t *sig,
+					     const uint8_t *digest);
+
 /*
  * Abort vboot flow due to a failed assertion or broken assumption.
  *

diff --git a/firmware/2lib/include/2rsa.h b/firmware/2lib/include/2rsa.h
index 0d0bf2a..4b1febc 100644
--- a/firmware/2lib/include/2rsa.h
+++ b/firmware/2lib/include/2rsa.h

@@ -8,7 +8,6 @@
 
 #include "2crypto.h"
 #include "2return_codes.h"
-#include "2struct.h"
 
 struct vb2_workbuf;