1 /* 2 * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 8 #ifndef RSA_H 9 #define RSA_H 10 11 /* 12 * All the includes that are needed for code using this module to 13 * compile correctly should be #included here. 14 */ 15 16 #include "cc_pka_hw_plat_defs.h" 17 #include "cc_sec_defs.h" 18 #include "cc_pal_types_plat.h" 19 20 #ifdef __cplusplus 21 extern "C" 22 { 23 #endif 24 25 26 /************************ Defines ******************************/ 27 28 #define CC_BOOT_RSA_VERIFIER_ALG_FAILURE (CC_SB_RSA_BASE_ERROR + 0x00000001) 29 #define CC_BOOT_RSA_VERIFIER_CMP_FAILURE (CC_SB_RSA_BASE_ERROR + 0x00000002) 30 31 /* the modulus size ion bits */ 32 #define RSA_EXP_SIZE_WORDS 1 33 34 35 /* PKA max count of SRAM registers: */ 36 #define RSA_HW_PKI_PKA_MAX_COUNT_OF_PHYS_MEM_REGS PKA_MAX_COUNT_OF_PHYS_MEM_REGS /*32*/ 37 /* PKA required count of SRAM registers: */ 38 #define RSA_PKA_REQUIRED_COUNT_OF_PHYS_MEM_REGS 7 39 40 /* maximal size of extended register in "big PKA words" and in 32-bit words: * 41 the size defined according to RSA as more large, and used to define some * 42 * auxiliary buffers sizes */ 43 #define RSA_PKA_MAX_REGISTER_SIZE_IN_PKA_WORDS \ 44 ((SB_CERT_RSA_KEY_SIZE_IN_BITS + RSA_PKA_EXTRA_BITS + RSA_PKA_BIG_WORD_SIZE_IN_BITS - 1)/RSA_PKA_BIG_WORD_SIZE_IN_BITS + 1) 45 #define RSA_PKA_MAX_REGISTER_SIZE_WORDS (RSA_PKA_MAX_REGISTER_SIZE_IN_PKA_WORDS*(RSA_PKA_BIG_WORD_SIZE_IN_BITS/CC_BITS_IN_32BIT_WORD)) 46 #define RSA_PKA_MAX_REGISTER_SIZE_BITS (RSA_PKA_MAX_REGISTER_SIZE_WORDS * CC_BITS_IN_32BIT_WORD) 47 48 /* size of Barrett modulus tag NP, used in PKA algorithms */ 49 #define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS (RSA_PKA_BIG_WORD_SIZE_IN_BITS + RSA_PKA_EXTRA_BITS) 50 #define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS)) 51 #define RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS (CALC_FULL_32BIT_WORDS(RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_BITS)) 52 53 /* size of buffer for Barrett modulus tag NP, used for both 64- and 128-bits PKA */ 54 #define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS 5 /*maximal of RSA_HW_PKI_PKA_BARRETT_MOD_TAG_SIZE_IN_WORDS*/ 55 #define RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_BYTES (RSA_PKA_BARRETT_MOD_TAG_BUFF_SIZE_IN_WORDS*CC_32BIT_WORD_SIZE) 56 57 /* the public exponent */ 58 #define RSA_PUBL_EXP_SIZE_IN_BITS 17UL 59 #define RSA_PUBL_EXP_SIZE_IN_BYTES (CALC_FULL_BYTES(RSA_PUBL_EXP_SIZE_IN_BITS)) 60 #ifndef BIG__ENDIAN 61 #define RSA_EXP_VAL 0x00010001UL 62 #else 63 #define RSA_EXP_VAL 0x01000100UL 64 #endif 65 66 /* RSA PSS verify definitions */ 67 #define RSA_HASH_LENGTH 32 /*SHA256*/ 68 #define RSA_PSS_SALT_LENGTH 32 69 #define RSA_PSS_PAD1_LEN 8 70 71 /* RSA Encrypt definitions */ 72 #define RSA_ENCR_RND_PS_SIZE_BYTES 8 73 #define RSA_ENCR_DATA_IN_SIZE_BYTES 16 74 75 #define RSA_PKCS1_VER21 1 76 77 78 79 /************************ Enums ********************************/ 80 81 /************************ Typedefs ****************************/ 82 83 /************************ Structs *****************************/ 84 85 /************************ Public Variables *********************/ 86 87 /************************ Public Functions *********************/ 88 89 90 /*************************************************************************/ 91 /** 92 93 \brief RSA_PSS_Verify implements the Verify algorithm 94 as defined in PKCS#1 v2.1 95 96 @param[in] hwBaseAddress - HW base address. Relevant for HW 97 implementation, for SW it is ignored. 98 @param[in] dataInHashResult - the DataIn hash result. 99 @param[in] pN - the modulus (2048 bits). 100 @param[in] pNp - the Barrett tag. Relevant for HW 101 implementation, for SW it is ignored. 102 @param[in] pSig - the pointer to the signature to be 103 verified. 104 Note: All input arrays are in LE format of bytes and words. 105 106 @return CCError_t - On success the value CC_OK is returned, 107 on failure - a value from secureboot_error.h 108 */ 109 110 CCError_t RSA_PSS_Verify( unsigned long hwBaseAddress, 111 CCHashResult_t dataInHashResult, 112 uint32_t *pN, 113 uint32_t *pNp, 114 uint32_t *pSig); 115 116 117 /*************************************************************************/ 118 /** 119 * @brief The RSA_CalcExponent calculates The following: 120 * 121 * Res = (Base ^ Exp) mod N ( Exp = 0x10001 ) 122 * 123 * The calculation is done in a secured way using the PIC. 124 * 125 * @param[in] hwBaseAddress - HW base address. Relevant for HW 126 * implementation, for SW it is ignored. 127 * @Base_ptr[in] - The pointer to the base buffer. 128 * @pN[in] - The pointer to the modulus buffer (2048 bits). 129 * @pNp[in] - The np vector buffer (160 bits). Relevant for HW 130 * implementation, for SW it is ignored. 131 * @pRes[out] - The pointer to the buffer that will contain the result. 132 * 133 * NOTE: The SW version of the function uses a temp buffer, pointed by 134 * global pointer gSecBootExpTempBuff; the size of the buffer must be 135 * not less than 8*SB_CERT_RSA_KEY_SIZE_IN_WORDS + 1 word. 136 * 137 * @return CCError_t - On success CC_OK is returned, on failure a 138 * value MODULE_* as defined in ... 139 */ 140 void RSA_CalcExponent( 141 unsigned long hwBaseAddress, 142 uint32_t *Base_ptr, 143 uint32_t *pN, 144 uint32_t *pNp, 145 uint32_t *pRes); 146 147 148 /*************************************************************************/ 149 /** 150 * @brief The RSA_CalcNp calculates Np value and saves it into pNp: 151 * 152 * @param[in] hwBaseAddress - The HW base address. Relevant for HW 153 * implementation, for SW it is ignored. 154 * @pN[in] - The pointer to the modulus buffer. 155 * @pNp[out] - The pointer to Np vector buffer. Its size must be >= 160. 156 */ 157 void RSA_CalcNp( unsigned long hwBaseAddress, 158 uint32_t *pN, 159 uint32_t *pNp); 160 161 162 #ifdef __cplusplus 163 } 164 #endif 165 166 #endif 167 168 169 170
