firmware/2lib/2crypto.c - mirrors/cros/chromiumos/platform/vboot_reference - Git at Google

 /* Copyright 2020 The Chromium OS Authors. All rights reserved.
  * Use of this source code is governed by a BSD-style license that can be
  * found in the LICENSE file.
  *
  * Hash and signature algorithm parsing helpers for host utilities.
  */

 #include "2common.h"
 #include "2crypto.h"
 #include "2rsa.h"
 #include "2sha.h"
 #include "2sysincludes.h"

 /*
  * These two need to be exported for host/lib/crypto.c, but they also need to be
  * in .rodata to make coreboot XIP stages happy. We know they are immutable but
  * there is no C language way to guarantee that, so we have to manually force
  * the compiler to place them in .rodata. Also inject custom section flags so
  * they are only allocatable (a) but not writeable (w).
  */

 __attribute__((section(".rodata.vb2_sig_names,\"a\"\n# ")))
 const char *vb2_sig_names[VB2_SIG_ALG_COUNT] = {
 	[VB2_SIG_NONE]		= "none",
 	[VB2_SIG_RSA1024]	= "RSA1024",
 	[VB2_SIG_RSA2048]	= "RSA2048",
 	[VB2_SIG_RSA4096]	= "RSA4096",
 	[VB2_SIG_RSA8192]	= "RSA8192",
 	[VB2_SIG_RSA2048_EXP3]	= "RSA2048EXP3",
 	[VB2_SIG_RSA3072_EXP3]	= "RSA3072EXP3",
 };

 __attribute__((section(".rodata.vb2_hash_names,\"a\"\n# ")))
 const char *vb2_hash_names[VB2_HASH_ALG_COUNT] = {
 	[VB2_HASH_NONE]		= "none",
 #if VB2_SUPPORT_SHA1
 	[VB2_HASH_SHA1]		= VB2_SHA1_ALG_NAME,
 #endif
 #if VB2_SUPPORT_SHA256
 	[VB2_HASH_SHA224]	= VB2_SHA224_ALG_NAME,
 	[VB2_HASH_SHA256]	= VB2_SHA256_ALG_NAME,
 #endif
 #if VB2_SUPPORT_SHA512
 	[VB2_HASH_SHA384]	= VB2_SHA384_ALG_NAME,
 	[VB2_HASH_SHA512]	= VB2_SHA512_ALG_NAME,
 #endif
 };

 /* The others are internal to this file. */

 static const char *crypto_names[] = {
 #if VB2_SUPPORT_SHA1
 	[VB2_ALG_RSA1024_SHA1]		= "RSA1024 SHA1",
 	[VB2_ALG_RSA2048_SHA1]		= "RSA2048 SHA1",
 	[VB2_ALG_RSA4096_SHA1]		= "RSA4096 SHA1",
 	[VB2_ALG_RSA8192_SHA1]		= "RSA8192 SHA1",
 	[VB2_ALG_RSA2048_EXP3_SHA1]	= "RSA2048 EXP3 SHA1",
 	[VB2_ALG_RSA3072_EXP3_SHA1]	= "RSA3072 EXP3 SHA1",
 #endif
 #if VB2_SUPPORT_SHA256
 	[VB2_ALG_RSA1024_SHA256]	= "RSA1024 SHA256",
 	[VB2_ALG_RSA2048_SHA256]	= "RSA2048 SHA256",
 	[VB2_ALG_RSA4096_SHA256]	= "RSA4096 SHA256",
 	[VB2_ALG_RSA8192_SHA256]	= "RSA8192 SHA256",
 	[VB2_ALG_RSA2048_EXP3_SHA256]	= "RSA2048 EXP3 SHA256",
 	[VB2_ALG_RSA3072_EXP3_SHA256]	= "RSA3072 EXP3 SHA256",
 #endif
 #if VB2_SUPPORT_SHA512
 	[VB2_ALG_RSA1024_SHA512]	= "RSA1024 SHA512",
 	[VB2_ALG_RSA2048_SHA512]	= "RSA2048 SHA512",
 	[VB2_ALG_RSA4096_SHA512]	= "RSA4096 SHA512",
 	[VB2_ALG_RSA8192_SHA512]	= "RSA8192 SHA512",
 	[VB2_ALG_RSA2048_EXP3_SHA512]	= "RSA2048 EXP3 SHA512",
 	[VB2_ALG_RSA3072_EXP3_SHA512]	= "RSA3072 EXP3 SHA512",
 #endif
 };

 static const char *crypto_filenames[] = {
 #if VB2_SUPPORT_SHA1
 	[VB2_ALG_RSA1024_SHA1]		= "rsa1024",
 	[VB2_ALG_RSA2048_SHA1]		= "rsa2048",
 	[VB2_ALG_RSA4096_SHA1]		= "rsa4096",
 	[VB2_ALG_RSA8192_SHA1]		= "rsa8192",
 	[VB2_ALG_RSA2048_EXP3_SHA1]	= "rsa2048_exp3",
 	[VB2_ALG_RSA3072_EXP3_SHA1]	= "rsa3072_exp3",
 #endif
 #if VB2_SUPPORT_SHA256
 	[VB2_ALG_RSA1024_SHA256]	= "rsa1024",
 	[VB2_ALG_RSA2048_SHA256]	= "rsa2048",
 	[VB2_ALG_RSA4096_SHA256]	= "rsa4096",
 	[VB2_ALG_RSA8192_SHA256]	= "rsa8192",
 	[VB2_ALG_RSA2048_EXP3_SHA256]	= "rsa2048_exp3",
 	[VB2_ALG_RSA3072_EXP3_SHA256]	= "rsa3072_exp3",
 #endif
 #if VB2_SUPPORT_SHA512
 	[VB2_ALG_RSA1024_SHA512]	= "rsa1024",
 	[VB2_ALG_RSA2048_SHA512]	= "rsa2048",
 	[VB2_ALG_RSA4096_SHA512]	= "rsa4096",
 	[VB2_ALG_RSA8192_SHA512]	= "rsa8192",
 	[VB2_ALG_RSA2048_EXP3_SHA512]	= "rsa2048_exp3",
 	[VB2_ALG_RSA3072_EXP3_SHA512]	= "rsa3072_exp3",
 #endif
 };

 static const uint8_t crypto_to_sig[] = {
 #if VB2_SUPPORT_SHA1
 	[VB2_ALG_RSA1024_SHA1]		= VB2_SIG_RSA1024,
 	[VB2_ALG_RSA2048_SHA1]		= VB2_SIG_RSA2048,
 	[VB2_ALG_RSA4096_SHA1]		= VB2_SIG_RSA4096,
 	[VB2_ALG_RSA8192_SHA1]		= VB2_SIG_RSA8192,
 	[VB2_ALG_RSA2048_EXP3_SHA1]	= VB2_SIG_RSA2048_EXP3,
 	[VB2_ALG_RSA3072_EXP3_SHA1]	= VB2_SIG_RSA3072_EXP3,
 #endif
 #if VB2_SUPPORT_SHA256
 	[VB2_ALG_RSA1024_SHA256]	= VB2_SIG_RSA1024,
 	[VB2_ALG_RSA2048_SHA256]	= VB2_SIG_RSA2048,
 	[VB2_ALG_RSA4096_SHA256]	= VB2_SIG_RSA4096,
 	[VB2_ALG_RSA8192_SHA256]	= VB2_SIG_RSA8192,
 	[VB2_ALG_RSA2048_EXP3_SHA256]	= VB2_SIG_RSA2048_EXP3,
 	[VB2_ALG_RSA3072_EXP3_SHA256]	= VB2_SIG_RSA3072_EXP3,
 #endif
 #if VB2_SUPPORT_SHA512
 	[VB2_ALG_RSA1024_SHA512]	= VB2_SIG_RSA1024,
 	[VB2_ALG_RSA2048_SHA512]	= VB2_SIG_RSA2048,
 	[VB2_ALG_RSA4096_SHA512]	= VB2_SIG_RSA4096,
 	[VB2_ALG_RSA8192_SHA512]	= VB2_SIG_RSA8192,
 	[VB2_ALG_RSA2048_EXP3_SHA512]	= VB2_SIG_RSA2048_EXP3,
 	[VB2_ALG_RSA3072_EXP3_SHA512]	= VB2_SIG_RSA3072_EXP3,
 #endif
 };

 static const uint8_t crypto_to_hash[] = {
 #if VB2_SUPPORT_SHA1
 	[VB2_ALG_RSA1024_SHA1]		= VB2_HASH_SHA1,
 	[VB2_ALG_RSA2048_SHA1]		= VB2_HASH_SHA1,
 	[VB2_ALG_RSA4096_SHA1]		= VB2_HASH_SHA1,
 	[VB2_ALG_RSA8192_SHA1]		= VB2_HASH_SHA1,
 	[VB2_ALG_RSA2048_EXP3_SHA1]	= VB2_HASH_SHA1,
 	[VB2_ALG_RSA3072_EXP3_SHA1]	= VB2_HASH_SHA1,
 #endif
 #if VB2_SUPPORT_SHA256
 	[VB2_ALG_RSA1024_SHA256]	= VB2_HASH_SHA256,
 	[VB2_ALG_RSA2048_SHA256]	= VB2_HASH_SHA256,
 	[VB2_ALG_RSA4096_SHA256]	= VB2_HASH_SHA256,
 	[VB2_ALG_RSA8192_SHA256]	= VB2_HASH_SHA256,
 	[VB2_ALG_RSA2048_EXP3_SHA256]	= VB2_HASH_SHA256,
 	[VB2_ALG_RSA3072_EXP3_SHA256]	= VB2_HASH_SHA256,
 #endif
 #if VB2_SUPPORT_SHA512
 	[VB2_ALG_RSA1024_SHA512]	= VB2_HASH_SHA512,
 	[VB2_ALG_RSA2048_SHA512]	= VB2_HASH_SHA512,
 	[VB2_ALG_RSA4096_SHA512]	= VB2_HASH_SHA512,
 	[VB2_ALG_RSA8192_SHA512]	= VB2_HASH_SHA512,
 	[VB2_ALG_RSA2048_EXP3_SHA512]	= VB2_HASH_SHA512,
 	[VB2_ALG_RSA3072_EXP3_SHA512]	= VB2_HASH_SHA512,
 #endif
 };

 #if VB2_SUPPORT_SHA512
 _Static_assert(ARRAY_SIZE(crypto_names) == VB2_ALG_COUNT, "");
 _Static_assert(ARRAY_SIZE(crypto_filenames) == VB2_ALG_COUNT, "");
 _Static_assert(ARRAY_SIZE(crypto_to_sig) == VB2_ALG_COUNT, "");
 _Static_assert(ARRAY_SIZE(crypto_to_hash) == VB2_ALG_COUNT, "");
 #endif

 const char *vb2_get_hash_algorithm_name(enum vb2_hash_algorithm hash_alg)
 {	if (hash_alg < ARRAY_SIZE(vb2_hash_names) && vb2_hash_names[hash_alg])
 		return vb2_hash_names[hash_alg];
 	else
 		return VB2_INVALID_ALG_NAME;
 }

 const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg)
 {
 	if (sig_alg < ARRAY_SIZE(vb2_sig_names) && vb2_sig_names[sig_alg])
 		return vb2_sig_names[sig_alg];
 	else
 		return VB2_INVALID_ALG_NAME;
 }

 const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg)
 {
 	if (alg < ARRAY_SIZE(crypto_names) && crypto_names[alg])
 		return crypto_names[alg];
 	else
 		return VB2_INVALID_ALG_NAME;
 }

 const char *vb2_get_crypto_algorithm_file(enum vb2_crypto_algorithm alg)
 {
 	if (alg < ARRAY_SIZE(crypto_filenames) && crypto_filenames[alg])
 		return crypto_filenames[alg];
 	else
 		return VB2_INVALID_ALG_NAME;
 }

 enum vb2_signature_algorithm vb2_crypto_to_signature(
 		enum vb2_crypto_algorithm algorithm)
 {
 	if (algorithm < ARRAY_SIZE(crypto_to_sig))
 		return crypto_to_sig[algorithm];
 	else
 		return VB2_SIG_INVALID;
 }

 enum vb2_hash_algorithm vb2_crypto_to_hash(enum vb2_crypto_algorithm algorithm)
 {
 	if (algorithm < ARRAY_SIZE(crypto_to_hash))
 		return crypto_to_hash[algorithm];
 	else
 		return VB2_HASH_INVALID;
 }
	/* Copyright 2020 The Chromium OS Authors. All rights reserved.
	* Use of this source code is governed by a BSD-style license that can be
	* found in the LICENSE file.
	*
	* Hash and signature algorithm parsing helpers for host utilities.
	*/

	#include "2common.h"
	#include "2crypto.h"
	#include "2rsa.h"
	#include "2sha.h"
	#include "2sysincludes.h"

	/*
	* These two need to be exported for host/lib/crypto.c, but they also need to be
	* in .rodata to make coreboot XIP stages happy. We know they are immutable but
	* there is no C language way to guarantee that, so we have to manually force
	* the compiler to place them in .rodata. Also inject custom section flags so
	* they are only allocatable (a) but not writeable (w).
	*/

	__attribute__((section(".rodata.vb2_sig_names,\"a\"\n# ")))
	const char *vb2_sig_names[VB2_SIG_ALG_COUNT] = {
	[VB2_SIG_NONE] = "none",
	[VB2_SIG_RSA1024] = "RSA1024",
	[VB2_SIG_RSA2048] = "RSA2048",
	[VB2_SIG_RSA4096] = "RSA4096",
	[VB2_SIG_RSA8192] = "RSA8192",
	[VB2_SIG_RSA2048_EXP3] = "RSA2048EXP3",
	[VB2_SIG_RSA3072_EXP3] = "RSA3072EXP3",
	};

	__attribute__((section(".rodata.vb2_hash_names,\"a\"\n# ")))
	const char *vb2_hash_names[VB2_HASH_ALG_COUNT] = {
	[VB2_HASH_NONE] = "none",
	#if VB2_SUPPORT_SHA1
	[VB2_HASH_SHA1] = VB2_SHA1_ALG_NAME,
	#endif
	#if VB2_SUPPORT_SHA256
	[VB2_HASH_SHA224] = VB2_SHA224_ALG_NAME,
	[VB2_HASH_SHA256] = VB2_SHA256_ALG_NAME,
	#endif
	#if VB2_SUPPORT_SHA512
	[VB2_HASH_SHA384] = VB2_SHA384_ALG_NAME,
	[VB2_HASH_SHA512] = VB2_SHA512_ALG_NAME,
	#endif
	};

	/* The others are internal to this file. */

	static const char *crypto_names[] = {
	#if VB2_SUPPORT_SHA1
	[VB2_ALG_RSA1024_SHA1] = "RSA1024 SHA1",
	[VB2_ALG_RSA2048_SHA1] = "RSA2048 SHA1",
	[VB2_ALG_RSA4096_SHA1] = "RSA4096 SHA1",
	[VB2_ALG_RSA8192_SHA1] = "RSA8192 SHA1",
	[VB2_ALG_RSA2048_EXP3_SHA1] = "RSA2048 EXP3 SHA1",
	[VB2_ALG_RSA3072_EXP3_SHA1] = "RSA3072 EXP3 SHA1",
	#endif
	#if VB2_SUPPORT_SHA256
	[VB2_ALG_RSA1024_SHA256] = "RSA1024 SHA256",
	[VB2_ALG_RSA2048_SHA256] = "RSA2048 SHA256",
	[VB2_ALG_RSA4096_SHA256] = "RSA4096 SHA256",
	[VB2_ALG_RSA8192_SHA256] = "RSA8192 SHA256",
	[VB2_ALG_RSA2048_EXP3_SHA256] = "RSA2048 EXP3 SHA256",
	[VB2_ALG_RSA3072_EXP3_SHA256] = "RSA3072 EXP3 SHA256",
	#endif
	#if VB2_SUPPORT_SHA512
	[VB2_ALG_RSA1024_SHA512] = "RSA1024 SHA512",
	[VB2_ALG_RSA2048_SHA512] = "RSA2048 SHA512",
	[VB2_ALG_RSA4096_SHA512] = "RSA4096 SHA512",
	[VB2_ALG_RSA8192_SHA512] = "RSA8192 SHA512",
	[VB2_ALG_RSA2048_EXP3_SHA512] = "RSA2048 EXP3 SHA512",
	[VB2_ALG_RSA3072_EXP3_SHA512] = "RSA3072 EXP3 SHA512",
	#endif
	};

	static const char *crypto_filenames[] = {
	#if VB2_SUPPORT_SHA1
	[VB2_ALG_RSA1024_SHA1] = "rsa1024",
	[VB2_ALG_RSA2048_SHA1] = "rsa2048",
	[VB2_ALG_RSA4096_SHA1] = "rsa4096",
	[VB2_ALG_RSA8192_SHA1] = "rsa8192",
	[VB2_ALG_RSA2048_EXP3_SHA1] = "rsa2048_exp3",
	[VB2_ALG_RSA3072_EXP3_SHA1] = "rsa3072_exp3",
	#endif
	#if VB2_SUPPORT_SHA256
	[VB2_ALG_RSA1024_SHA256] = "rsa1024",
	[VB2_ALG_RSA2048_SHA256] = "rsa2048",
	[VB2_ALG_RSA4096_SHA256] = "rsa4096",
	[VB2_ALG_RSA8192_SHA256] = "rsa8192",
	[VB2_ALG_RSA2048_EXP3_SHA256] = "rsa2048_exp3",
	[VB2_ALG_RSA3072_EXP3_SHA256] = "rsa3072_exp3",
	#endif
	#if VB2_SUPPORT_SHA512
	[VB2_ALG_RSA1024_SHA512] = "rsa1024",
	[VB2_ALG_RSA2048_SHA512] = "rsa2048",
	[VB2_ALG_RSA4096_SHA512] = "rsa4096",
	[VB2_ALG_RSA8192_SHA512] = "rsa8192",
	[VB2_ALG_RSA2048_EXP3_SHA512] = "rsa2048_exp3",
	[VB2_ALG_RSA3072_EXP3_SHA512] = "rsa3072_exp3",
	#endif
	};

	static const uint8_t crypto_to_sig[] = {
	#if VB2_SUPPORT_SHA1
	[VB2_ALG_RSA1024_SHA1] = VB2_SIG_RSA1024,
	[VB2_ALG_RSA2048_SHA1] = VB2_SIG_RSA2048,
	[VB2_ALG_RSA4096_SHA1] = VB2_SIG_RSA4096,
	[VB2_ALG_RSA8192_SHA1] = VB2_SIG_RSA8192,
	[VB2_ALG_RSA2048_EXP3_SHA1] = VB2_SIG_RSA2048_EXP3,
	[VB2_ALG_RSA3072_EXP3_SHA1] = VB2_SIG_RSA3072_EXP3,
	#endif
	#if VB2_SUPPORT_SHA256
	[VB2_ALG_RSA1024_SHA256] = VB2_SIG_RSA1024,
	[VB2_ALG_RSA2048_SHA256] = VB2_SIG_RSA2048,
	[VB2_ALG_RSA4096_SHA256] = VB2_SIG_RSA4096,
	[VB2_ALG_RSA8192_SHA256] = VB2_SIG_RSA8192,
	[VB2_ALG_RSA2048_EXP3_SHA256] = VB2_SIG_RSA2048_EXP3,
	[VB2_ALG_RSA3072_EXP3_SHA256] = VB2_SIG_RSA3072_EXP3,
	#endif
	#if VB2_SUPPORT_SHA512
	[VB2_ALG_RSA1024_SHA512] = VB2_SIG_RSA1024,
	[VB2_ALG_RSA2048_SHA512] = VB2_SIG_RSA2048,
	[VB2_ALG_RSA4096_SHA512] = VB2_SIG_RSA4096,
	[VB2_ALG_RSA8192_SHA512] = VB2_SIG_RSA8192,
	[VB2_ALG_RSA2048_EXP3_SHA512] = VB2_SIG_RSA2048_EXP3,
	[VB2_ALG_RSA3072_EXP3_SHA512] = VB2_SIG_RSA3072_EXP3,
	#endif
	};

	static const uint8_t crypto_to_hash[] = {
	#if VB2_SUPPORT_SHA1
	[VB2_ALG_RSA1024_SHA1] = VB2_HASH_SHA1,
	[VB2_ALG_RSA2048_SHA1] = VB2_HASH_SHA1,
	[VB2_ALG_RSA4096_SHA1] = VB2_HASH_SHA1,
	[VB2_ALG_RSA8192_SHA1] = VB2_HASH_SHA1,
	[VB2_ALG_RSA2048_EXP3_SHA1] = VB2_HASH_SHA1,
	[VB2_ALG_RSA3072_EXP3_SHA1] = VB2_HASH_SHA1,
	#endif
	#if VB2_SUPPORT_SHA256
	[VB2_ALG_RSA1024_SHA256] = VB2_HASH_SHA256,
	[VB2_ALG_RSA2048_SHA256] = VB2_HASH_SHA256,
	[VB2_ALG_RSA4096_SHA256] = VB2_HASH_SHA256,
	[VB2_ALG_RSA8192_SHA256] = VB2_HASH_SHA256,
	[VB2_ALG_RSA2048_EXP3_SHA256] = VB2_HASH_SHA256,
	[VB2_ALG_RSA3072_EXP3_SHA256] = VB2_HASH_SHA256,
	#endif
	#if VB2_SUPPORT_SHA512
	[VB2_ALG_RSA1024_SHA512] = VB2_HASH_SHA512,
	[VB2_ALG_RSA2048_SHA512] = VB2_HASH_SHA512,
	[VB2_ALG_RSA4096_SHA512] = VB2_HASH_SHA512,
	[VB2_ALG_RSA8192_SHA512] = VB2_HASH_SHA512,
	[VB2_ALG_RSA2048_EXP3_SHA512] = VB2_HASH_SHA512,
	[VB2_ALG_RSA3072_EXP3_SHA512] = VB2_HASH_SHA512,
	#endif
	};

	#if VB2_SUPPORT_SHA512
	_Static_assert(ARRAY_SIZE(crypto_names) == VB2_ALG_COUNT, "");
	_Static_assert(ARRAY_SIZE(crypto_filenames) == VB2_ALG_COUNT, "");
	_Static_assert(ARRAY_SIZE(crypto_to_sig) == VB2_ALG_COUNT, "");
	_Static_assert(ARRAY_SIZE(crypto_to_hash) == VB2_ALG_COUNT, "");
	#endif

	const char *vb2_get_hash_algorithm_name(enum vb2_hash_algorithm hash_alg)
	{ if (hash_alg < ARRAY_SIZE(vb2_hash_names) && vb2_hash_names[hash_alg])
	return vb2_hash_names[hash_alg];
	else
	return VB2_INVALID_ALG_NAME;
	}

	const char *vb2_get_sig_algorithm_name(enum vb2_signature_algorithm sig_alg)
	{
	if (sig_alg < ARRAY_SIZE(vb2_sig_names) && vb2_sig_names[sig_alg])
	return vb2_sig_names[sig_alg];
	else
	return VB2_INVALID_ALG_NAME;
	}

	const char *vb2_get_crypto_algorithm_name(enum vb2_crypto_algorithm alg)
	{
	if (alg < ARRAY_SIZE(crypto_names) && crypto_names[alg])
	return crypto_names[alg];
	else
	return VB2_INVALID_ALG_NAME;
	}

	const char *vb2_get_crypto_algorithm_file(enum vb2_crypto_algorithm alg)
	{
	if (alg < ARRAY_SIZE(crypto_filenames) && crypto_filenames[alg])
	return crypto_filenames[alg];
	else
	return VB2_INVALID_ALG_NAME;
	}

	enum vb2_signature_algorithm vb2_crypto_to_signature(
	enum vb2_crypto_algorithm algorithm)
	{
	if (algorithm < ARRAY_SIZE(crypto_to_sig))
	return crypto_to_sig[algorithm];
	else
	return VB2_SIG_INVALID;
	}

	enum vb2_hash_algorithm vb2_crypto_to_hash(enum vb2_crypto_algorithm algorithm)
	{
	if (algorithm < ARRAY_SIZE(crypto_to_hash))
	return crypto_to_hash[algorithm];
	else
	return VB2_HASH_INVALID;
	}