RSA signature verification and SHA-1/256/512 reference implementation for verified boot.
Also contains some preliminary tests for these primitives.
Review URL: http://codereview.chromium.org/553023
diff --git a/include/padding.h b/include/padding.h
new file mode 100644
index 0000000..2cc74bf
--- /dev/null
+++ b/include/padding.h
@@ -0,0 +1,27 @@
+#ifndef VBOOT_REFERENCE_PADDING_H_
+#define VBOOT_REFERENCE_PADDING_H_
+
+#include <inttypes.h>
+
+extern const uint8_t paddingRSA1024_SHA1[];
+extern const uint8_t paddingRSA1024_SHA256[];
+extern const uint8_t paddingRSA1024_SHA512[];
+extern const uint8_t paddingRSA2048_SHA1[];
+extern const uint8_t paddingRSA2048_SHA256[];
+extern const uint8_t paddingRSA2048_SHA512[];
+extern const uint8_t paddingRSA4096_SHA1[];
+extern const uint8_t paddingRSA4096_SHA256[];
+extern const uint8_t paddingRSA4096_SHA512[];
+extern const uint8_t paddingRSA8192_SHA1[];
+extern const uint8_t paddingRSA8192_SHA256[];
+extern const uint8_t paddingRSA8192_SHA512[];
+
+extern const int kNumAlgorithms;
+
+extern const int siglen_map[];
+extern const uint8_t* padding_map[];
+extern const int padding_size_map[];
+extern const int hash_blocksize_map[];
+extern const char* algo_strings[];
+
+#endif /* VBOOT_REFERENCE_PADDING_H_ */
diff --git a/include/rsa.h b/include/rsa.h
new file mode 100644
index 0000000..1969ab6
--- /dev/null
+++ b/include/rsa.h
@@ -0,0 +1,37 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#ifndef VBOOT_REFERENCE_RSA_H_
+#define VBOOT_REFERENCE_RSA_H_
+
+#include <inttypes.h>
+
+#define RSA1024NUMBYTES 128 /* 1024 bit key length */
+#define RSA2048NUMBYTES 256 /* 2048 bit key length */
+#define RSA4096NUMBYTES 512 /* 4096 bit key length */
+#define RSA8192NUMBYTES 1024 /* 8192 bit key length */
+
+#define RSA1024NUMWORDS (RSA1024NUMBYTES / sizeof(uint32_t))
+#define RSA2048NUMWORDS (RSA2048NUMBYTES / sizeof(uint32_t))
+#define RSA4096NUMWORDS (RSA4096NUMBYTES / sizeof(uint32_t))
+#define RSA8192NUMWORDS (RSA8192NUMBYTES / sizeof(uint32_t))
+
+typedef struct RSAPublicKey {
+ int len; /* Length of n[] in number of uint32_t */
+ uint32_t n0inv; /* -1 / n[0] mod 2^32 */
+ uint32_t* n; /* modulus as little endian array */
+ uint32_t* rr; /* R^2 as little endian array */
+} RSAPublicKey;
+
+/* Verify a RSA PKCS1.5 signature [sig] of [sig_type] and length [sig_len]
+ * against an expected [hash] using [key]. Returns 0 on failure, 1 on success.
+ */
+int RSA_verify(const RSAPublicKey *key,
+ const uint8_t* sig,
+ const int sig_len,
+ const uint8_t sig_type,
+ const uint8_t* hash);
+
+#endif /* VBOOT_REFERENCE_RSA_H_ */
diff --git a/include/sha.h b/include/sha.h
new file mode 100644
index 0000000..b15cfd1
--- /dev/null
+++ b/include/sha.h
@@ -0,0 +1,73 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* SHA-1, 256 and 512 functions. */
+
+#ifndef VBOOT_REFERENCE_SHA_H_
+#define VBOOT_REFERENCE_SHA_H_
+
+#include <inttypes.h>
+#include <string.h>
+
+#define SHA1_DIGEST_SIZE 20
+#define SHA1_BLOCK_SIZE 64
+
+#define SHA256_DIGEST_SIZE 32
+#define SHA256_BLOCK_SIZE 64
+
+#define SHA512_DIGEST_SIZE 64
+#define SHA512_BLOCK_SIZE 128
+
+typedef struct SHA1_CTX {
+ uint64_t count;
+ uint32_t state[5];
+#if defined(HAVE_ENDIAN_H) && defined(HAVE_LITTLE_ENDIAN)
+ union {
+ uint8_t b[64];
+ uint32_t w[16];
+ } buf;
+#else
+ uint8_t buf[64];
+#endif
+} SHA1_CTX;
+
+typedef struct {
+ uint32_t h[8];
+ uint32_t tot_len;
+ uint32_t len;
+ uint8_t block[2 * SHA256_BLOCK_SIZE];
+ uint8_t buf[SHA256_DIGEST_SIZE]; /* Used for storing the final digest. */
+} SHA256_CTX;
+
+typedef struct {
+ uint64_t h[8];
+ uint32_t tot_len;
+ uint32_t len;
+ uint8_t block[2 * SHA512_BLOCK_SIZE];
+ uint8_t buf[SHA512_DIGEST_SIZE]; /* Used for storing the final digest. */
+} SHA512_CTX;
+
+
+void SHA1_init(SHA1_CTX* ctx);
+void SHA1_update(SHA1_CTX* ctx, const uint8_t* data, int len);
+uint8_t* SHA1_final(SHA1_CTX* ctx);
+/* Convenience function for SHA-1. Computes hash on [data] of length [len].
+ * and stores it into [digest]. [digest] should be pre-allocated to
+ * SHA1_DIGEST_SIZE bytes.
+ */
+uint8_t* SHA1(const void* data, int len, uint8_t* digest);
+
+void SHA256_init(SHA256_CTX* ctx);
+void SHA256_update(SHA256_CTX* ctx, const uint8_t* data, int len);
+uint8_t* SHA256_final(SHA256_CTX* ctx);
+uint8_t* SHA256(const uint8_t* data, int len, uint8_t* digest);
+
+void SHA512_init(SHA512_CTX* ctx);
+void SHA512_update(SHA512_CTX* ctx, const uint8_t* data, int len);
+uint8_t* SHA512_final(SHA512_CTX* ctx);
+uint8_t* SHA512(const uint8_t* data, int len, uint8_t* digest);
+
+
+#endif /* VBOOT_REFERENCE_SHA_H_ */
diff --git a/include/utility.h b/include/utility.h
new file mode 100644
index 0000000..ddb1dc0
--- /dev/null
+++ b/include/utility.h
@@ -0,0 +1,32 @@
+/* Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+/* Helper functions/wrappers for memory allocations, manipulation and
+ * comparison.
+ */
+
+#ifndef VBOOT_REFERENCE_UTILITY_H_
+#define VBOOT_REFERENCE_UTILITY_H_
+
+#include <string.h>
+
+/* Allocate [size] bytes and return a pointer to the allocated memory. Abort
+ * on error.
+ */
+void* Malloc(size_t size);
+
+/* Free memory pointed by [ptr] previously allocated by Malloc(). */
+void Free(void* ptr);
+
+/* Copy [n] bytes from [src] to [dest]. */
+void* Memcpy(void* dest, const void* src, size_t n);
+
+/* Compare [n] bytes starting at [s1] with [s2] and return 1 if they match,
+ * 0 if they don't. Time taken to perform the comparison is only dependent on
+ * [n] and not on the relationship of the match between [s1] and [s2].
+ */
+int SafeMemcmp(const void* s1, const void* s2, size_t n);
+
+#endif /* VBOOT_REFERENCE_UTILITY_H_ */