blob: ae53ad5cd713e4b670e3d31f4de6e9cb19db6754 [file] [log] [blame] [edit]
/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*
* Host-side functions for verified boot key structures
*/
#ifndef VBOOT_REFERENCE_HOST_KEY2_H_
#define VBOOT_REFERENCE_HOST_KEY2_H_
#include "2id.h"
#include "2return_codes.h"
#include "2struct.h"
struct vb2_public_key;
struct vb21_packed_key;
/* Private key data, in-memory format for use in signing calls. */
struct vb2_private_key {
struct rsa_st *rsa_private_key; /* Private key data */
enum vb2_hash_algorithm hash_alg; /* Hash algorithm */
enum vb2_signature_algorithm sig_alg; /* Signature algorithm */
char *desc; /* Description */
struct vb2_id id; /* Key ID */
};
struct vb2_packed_private_key {
/* Signature algorithm used by the key (enum vb2_crypto_algorithm) */
uint32_t algorithm;
uint32_t reserved2;
/* Key data formatted for d2i_RSAPrivateKey() */
uint8_t key_data[0];
};
/**
* Free a private key.
*
* @param key Key containing internal data to free.
*/
void vb2_private_key_free(struct vb2_private_key *key);
/**
* Unpack a private key from vb21_packed_private_key format.
*
* @param key_ptr Destination for newly allocated key; this must be
* freed with vb2_private_key_free().
* @param buf Source buffer containing packed key
* @param size Size of buffer in bytes
* @return VB2_SUCCESS, or non-zero error code if error.
*/
vb2_error_t vb21_private_key_unpack(struct vb2_private_key **key_ptr,
const uint8_t *buf, uint32_t size);
/**
* Read a private key from vb21_packed_private_key format.
*
* @param key_ptr Destination for newly allocated key; this must be
* freed with vb2_private_key_free().
* @param filename File to read key data from.
* @return VB2_SUCCESS, or non-zero error code if error.
*/
vb2_error_t vb21_private_key_read(struct vb2_private_key **key_ptr,
const char *filename);
/**
* Read a private key from a .pem file.
*
* This only reads the internal data for the key. It does not set any of the
* other fields in *key_ptr, since those are not contained in the .pem file.
*
* @param key_ptr Destination for newly allocated key; this must be
* freed with vb2_private_key_free().
* @param filename File to read key data from.
* @return VB2_SUCCESS, or non-zero error code if error.
*/
vb2_error_t vb2_private_key_read_pem(struct vb2_private_key **key_ptr,
const char *filename);
/**
* Set the description of a private key.
*
* @param key Key to set description for
* @param desc Description string, or NULL if no description.
* @return VB2_SUCCESS, or non-zero error code if error.
*/
vb2_error_t vb2_private_key_set_desc(struct vb2_private_key *key,
const char *desc);
/**
* Write a private key to vb21_packed_private_key format.
*
* @param key Key to write
* @param filename File to write key data to.
* @return VB2_SUCCESS, or non-zero error code if error.
*/
vb2_error_t vb21_private_key_write(const struct vb2_private_key *key,
const char *filename);
/**
* Get a private key for an unsigned hash
*
* @param key_ptr Destination for pointer to key. The key is statically
* allocated and must not be freed.
* @param hash_alg Hash algorithm to use
* @return VB2_SUCCESS, or non-zero error code if error.
*/
vb2_error_t vb2_private_key_hash(const struct vb2_private_key **key_ptr,
enum vb2_hash_algorithm hash_alg);
/**
* Allocate a public key buffer of sufficient size for the signature algorithm.
*
* This only initializes the sig_alg field and the id field to an empty
* id. It does not set any of the other fields in *key_ptr.
*
* @param key_ptr Destination for newly allocated key; this must be
* freed with vb2_public_key_free().
* @param sig_alg Signature algorithm for key.
* @return VB2_SUCCESS, or non-zero error code if error.
*/
vb2_error_t vb2_public_key_alloc(struct vb2_public_key **key_ptr,
enum vb2_signature_algorithm sig_alg);
/**
* Return the packed data for a key allocated with vb2_public_key_alloc().
*
* The packed data is in the same buffer, following the key struct and ID.
*/
uint8_t *vb2_public_key_packed_data(struct vb2_public_key *key);
/**
* Free a public key allocated by one of the functions below.
*
* Note that this should ONLY be called for public keys allocated via one
* of those functions; public keys created or filled in other ways (such as
* vb21_unpack_key()) do not allocate memory for sub-fields in the same way.
*
* @param key Key to free
*/
void vb2_public_key_free(struct vb2_public_key *key);
/**
* Read a public key from a .keyb file.
*
* Guesses the signature algorithm based on the size of the .keyb file. Does
* not set the hash_alg, id, or desc fields, since those are not contained in
* the .keyb file.
*
* @param key_ptr Destination for newly allocated key; this must be
* freed with vb2_public_key_free().
* @param filename File to read key from.
* @return VB2_SUCCESS, or non-zero error code if error.
*/
vb2_error_t vb2_public_key_read_keyb(struct vb2_public_key **key_ptr,
const char *filename);
/**
* Set the description of a public key.
*
* @param key Key to set description for
* @param desc Description string, or NULL if no description.
* @return VB2_SUCCESS, or non-zero error code if error.
*/
vb2_error_t vb2_public_key_set_desc(struct vb2_public_key *key,
const char *desc);
/**
* Read a public key in vb21_packed_key format.
*
* @param key_ptr On success, points to the newly allocated key buffer.
* Caller is responsible for calling free() on this.
* @return VB2_SUCCESS, or non-zero if error.
*/
vb2_error_t vb21_packed_key_read(struct vb21_packed_key **key_ptr,
const char *filename);
/**
* Pack a public key into vb21_packed_key format.
*
* @param pubk Public key to pack
* @param key_ptr On success, points to a newly allocated packed key
* buffer. Caller is responsible for calling free() on
* this.
* @return VB2_SUCCESS, or non-zero if error.
*/
vb2_error_t vb21_public_key_pack(struct vb21_packed_key **key_ptr,
const struct vb2_public_key *pubk);
/**
* Get a public key for an unsigned hash.
*
* @param key Destination for key data.
* @param hash_alg Hash algorithm to use
* @return VB2_SUCCESS, or non-zero error code if error.
*/
vb2_error_t vb2_public_key_hash(struct vb2_public_key *key,
enum vb2_hash_algorithm hash_alg);
/**
* Return the signature algorithm implied by the bit length of an RSA key
*
* @param rsa RSA key
* @return vb2 signature algorithm
*/
enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa);
/**
* Write a public key to the vb21_packed_key format.
*
* @param key Key to write
* @param filename File to write key data to.
* @return VB2_SUCCESS, or non-zero error code if error.
*/
vb2_error_t vb21_public_key_write(const struct vb2_public_key *key,
const char *filename);
/**
* Unpack a key for use in verification
*
* The elements of the unpacked key will point into the source buffer, so don't
* free the source buffer until you're done with the key.
*
* @param key Destintion for unpacked key
* @param buf Source buffer containing packed key
* @param size Size of buffer in bytes
* @return VB2_SUCCESS, or non-zero error code if error.
*/
vb2_error_t vb21_unpack_key(struct vb2_public_key *key, const uint8_t *buf,
uint32_t size);
#endif /* VBOOT_REFERENCE_HOST_KEY2_H_ */