/* Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
 * Use of this source code is governed by a BSD-style license that can be
 * found in the LICENSE file.
 */

#ifndef VBOOT_REFERENCE_2RSA_H_
#define VBOOT_REFERENCE_2RSA_H_

struct vb2_workbuf;

/* Algorithms for crypto lib */
enum vb2_crypto_algorithm {
	VB2_ALG_RSA1024_SHA1 = 0,
	VB2_ALG_RSA1024_SHA256,
	VB2_ALG_RSA1024_SHA512,
	VB2_ALG_RSA2048_SHA1,
	VB2_ALG_RSA2048_SHA256,
	VB2_ALG_RSA2048_SHA512,
	VB2_ALG_RSA4096_SHA1,
	VB2_ALG_RSA4096_SHA256,
	VB2_ALG_RSA4096_SHA512,
	VB2_ALG_RSA8192_SHA1,
	VB2_ALG_RSA8192_SHA256,
	VB2_ALG_RSA8192_SHA512,
	// TODO: add algorithms for bare SHA with no RSA?

	/* Number of algorithms */
	VB2_ALG_COUNT
};

/* Public key structure in RAM */
struct vb2_public_key {
	uint32_t arrsize;    /* Length of n[] and rr[] in number of uint32_t */
	uint32_t n0inv;      /* -1 / n[0] mod 2^32 */
	const uint32_t *n;   /* Modulus as little endian array */
	const uint32_t *rr;  /* R^2 as little endian array */
	uint32_t algorithm;  /* Algorithm to use when verifying with the key */
};

/**
 * Return the size of a RSA signature
 *
 * @param algorithm	Key algorithm
 * @return The size of the signature, or 0 if error.
 */
uint32_t vb2_rsa_sig_size(uint32_t algorithm);

/**
 * Return the size of a pre-processed RSA public key.
 *
 * @param algorithm	Key algorithm
 * @return The size of the preprocessed key, or 0 if error.
 */
uint32_t vb2_packed_key_size(uint32_t algorithm);

/**
 * Check pkcs 1.5 padding bytes
 *
 * @param sig		Signature to verify
 * @param algorithm	Key algorithm
 * @return VB2_SUCCESS, or non-zero if error.
 */
int vb2_check_padding(uint8_t *sig, int algorithm);

/* Size of work buffer sufficient for vb2_verify_digest() worst case */
#define VB2_VERIFY_DIGEST_WORKBUF_BYTES (3 * 1024)

/**
 * Verify a RSA PKCS1.5 signature against an expected hash digest.
 *
 * @param key		Key to use in signature verification
 * @param sig		Signature to verify (destroyed in process)
 * @param digest	Digest of signed data
 * @param wb		Work buffer
 * @return VB2_SUCCESS, or non-zero if error.
 */
int vb2_verify_digest(const struct vb2_public_key *key,
		      uint8_t *sig,
		      const uint8_t *digest,
		      struct vb2_workbuf *wb);

#endif  /* VBOOT_REFERENCE_2RSA_H_ */