[sw/silicon_creator] Move struct definitions shared across boot stages to a new header
We plan to move the bulk of the signature verification code to
`sw/device/silicon_creator/lib` to be able to use it in multiple boot stages.
Once this work is completed, the only difference between boot stages
should be the public keys that they use to verify manifest signatures
(`sigverify_keys.c`).
To this end, this change:
- Moves `sigverify_buffer_t` and `sigverify_rsa_key_t` to
`sw/device/silicon_creator/lib/sigverify_rsa_key.h`, and
- Moves `sigverify_rsa_key_get` to `sigverify_keys.c`.
Signed-off-by: Alphan Ulusoy <alphan@google.com>
diff --git a/sw/device/silicon_creator/lib/manifest.h b/sw/device/silicon_creator/lib/manifest.h
index 14bc437..0fe48cd 100644
--- a/sw/device/silicon_creator/lib/manifest.h
+++ b/sw/device/silicon_creator/lib/manifest.h
@@ -11,8 +11,7 @@
#include "sw/device/silicon_creator/lib/error.h"
#include "sw/device/silicon_creator/lib/keymgr_binding_value.h"
#include "sw/device/silicon_creator/lib/manifest_size.h"
-// FIXME: Move sigverify to sw/device/silicon_creator/lib
-#include "sw/device/silicon_creator/mask_rom/sigverify_keys.h"
+#include "sw/device/silicon_creator/lib/sigverify_rsa_key.h"
#ifdef __cplusplus
extern "C" {
diff --git a/sw/device/silicon_creator/lib/sigverify_rsa_key.h b/sw/device/silicon_creator/lib/sigverify_rsa_key.h
new file mode 100644
index 0000000..bc760fc
--- /dev/null
+++ b/sw/device/silicon_creator/lib/sigverify_rsa_key.h
@@ -0,0 +1,57 @@
+// Copyright lowRISC contributors.
+// Licensed under the Apache License, Version 2.0, see LICENSE for details.
+// SPDX-License-Identifier: Apache-2.0
+
+#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_SIGVERIFY_RSA_KEY_H_
+#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_SIGVERIFY_RSA_KEY_H_
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif // __cplusplus
+
+enum {
+ /**
+ * Length of an RSA-3072 modulus or signature in bits.
+ */
+ kSigVerifyRsaNumBits = 3072,
+ /**
+ * Length of an RSA-3072 modulus or signature in words.
+ */
+ kSigVerifyRsaNumWords = kSigVerifyRsaNumBits / (sizeof(uint32_t) * 8),
+};
+
+/**
+ * A type that holds `kSigVerifyRsaNumWords` words.
+ *
+ * This can be used for RSA-3072 moduli, signatures, and intermediate values
+ * during modular exponentiation.
+ */
+typedef struct sigverify_rsa_buffer {
+ uint32_t data[kSigVerifyRsaNumWords];
+} sigverify_rsa_buffer_t;
+
+/**
+ * An RSA public key.
+ */
+typedef struct sigverify_rsa_key {
+ /**
+ * Modulus, a `kSigVerifyRsaNumWords` base 2^32 digit integer, little-endian.
+ */
+ sigverify_rsa_buffer_t n;
+ /**
+ * Negative of the multiplicative inverse of n modulo 2^32.
+ */
+ uint32_t n0_inv;
+ /**
+ * Exponent.
+ */
+ uint32_t exponent;
+} sigverify_rsa_key_t;
+
+#ifdef __cplusplus
+} // extern "C"
+#endif // __cplusplus
+
+#endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_SIGVERIFY_RSA_KEY_H_
diff --git a/sw/device/silicon_creator/mask_rom/sigverify.c b/sw/device/silicon_creator/mask_rom/sigverify.c
index dbfb3f9..d09a23c 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify.c
+++ b/sw/device/silicon_creator/mask_rom/sigverify.c
@@ -13,25 +13,6 @@
#include "hw/top_earlgrey/sw/autogen/top_earlgrey.h"
/**
- * Returns the key with the given ID.
- *
- * @param key_id A key ID.
- * @param key Key with the given ID, valid only if it exists.
- * @return Result of the operation.
- */
-static rom_error_t sigverify_rsa_key_get(uint32_t key_id,
- const sigverify_rsa_key_t **key) {
- for (size_t i = 0; i < kSigVerifyNumRsaKeys; ++i) {
- const sigverify_rsa_key_t *cand_key = &kSigVerifyRsaKeys[i];
- if (sigverify_rsa_key_id_get(cand_key) == key_id) {
- *key = cand_key;
- return kErrorOk;
- }
- }
- return kErrorSigverifyInvalidArgument;
-}
-
-/**
* Checks the padding and the digest of an EMSA-PKCS1-v1_5 encoded message.
*
* EMSA-PKCS1-v1_5 is described in Section 9.2 of PKCS #1: RSA Cryptography
@@ -111,3 +92,6 @@
return kErrorOk;
}
+
+// `extern` declarations for `inline` functions in the header.
+extern uint32_t sigverify_rsa_key_id_get(const sigverify_rsa_buffer_t *modulus);
diff --git a/sw/device/silicon_creator/mask_rom/sigverify.h b/sw/device/silicon_creator/mask_rom/sigverify.h
index 616501c..5ae76b5 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify.h
+++ b/sw/device/silicon_creator/mask_rom/sigverify.h
@@ -9,13 +9,26 @@
#include <stdint.h>
#include "sw/device/silicon_creator/lib/error.h"
-#include "sw/device/silicon_creator/mask_rom/sigverify_keys.h"
+#include "sw/device/silicon_creator/lib/sigverify_rsa_key.h"
#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
-// TODO(opentitan/#5955): Update parameters when the manifest struct is ready.
+/**
+ * Gets the ID of an RSA public key from its modulus.
+ *
+ * ID of a key is the least significant word of its modulus.
+ * Callers must make sure that `modulus` is valid before calling this function.
+ *
+ * @param key An RSA public key.
+ * @return ID of the key.
+ */
+inline uint32_t sigverify_rsa_key_id_get(
+ const sigverify_rsa_buffer_t *modulus) {
+ return modulus->data[0];
+}
+
/**
* Verifies the signature of a ROM_EXT manifest.
*
diff --git a/sw/device/silicon_creator/mask_rom/sigverify_keys.c b/sw/device/silicon_creator/mask_rom/sigverify_keys.c
index fb08997..5b06609 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify_keys.c
+++ b/sw/device/silicon_creator/mask_rom/sigverify_keys.c
@@ -4,6 +4,10 @@
#include "sw/device/silicon_creator/mask_rom/sigverify_keys.h"
+#include <stddef.h>
+
+#include "sw/device/silicon_creator/mask_rom/sigverify.h"
+
/**
* Public keys for signature verification.
*
@@ -75,5 +79,14 @@
},
};
-// `extern` declarations for `inline` functions in the header.
-extern uint32_t sigverify_rsa_key_id_get(const sigverify_rsa_key_t *key);
+rom_error_t sigverify_rsa_key_get(uint32_t key_id,
+ const sigverify_rsa_key_t **key) {
+ for (size_t i = 0; i < kSigVerifyNumRsaKeys; ++i) {
+ const sigverify_rsa_key_t *cand_key = &kSigVerifyRsaKeys[i];
+ if (sigverify_rsa_key_id_get(&cand_key->n) == key_id) {
+ *key = cand_key;
+ return kErrorOk;
+ }
+ }
+ return kErrorSigverifyInvalidArgument;
+}
diff --git a/sw/device/silicon_creator/mask_rom/sigverify_keys.h b/sw/device/silicon_creator/mask_rom/sigverify_keys.h
index 0eac4b3..6acf14c 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify_keys.h
+++ b/sw/device/silicon_creator/mask_rom/sigverify_keys.h
@@ -7,56 +7,21 @@
#include <stdint.h>
+#include "sw/device/silicon_creator/lib/error.h"
+#include "sw/device/silicon_creator/lib/sigverify_rsa_key.h"
+
#ifdef __cplusplus
extern "C" {
#endif // __cplusplus
enum {
/**
- * Length of an RSA-3072 modulus or signature in bits.
- */
- kSigVerifyRsaNumBits = 3072,
- /**
- * Length of an RSA-3072 modulus or signature in words.
- */
- kSigVerifyRsaNumWords = kSigVerifyRsaNumBits / (sizeof(uint32_t) * 8),
- /**
* Number of RSA public keys.
*/
kSigVerifyNumRsaKeys = 2,
};
/**
- * A type that holds `kSigVerifyRsaNumWords` words.
- *
- * This can be used for RSA-3072 moduli, signatures, and intermediate values
- * during modular exponentiation.
- */
-typedef struct sigverify_rsa_buffer {
- uint32_t data[kSigVerifyRsaNumWords];
-} sigverify_rsa_buffer_t;
-
-/**
- * An RSA public key.
- *
- * Note: Defined here to be able to use in tests.
- */
-typedef struct sigverify_rsa_key {
- /**
- * Modulus, a `kSigVerifyRsaNumWords` base 2^32 digit integer, little-endian.
- */
- sigverify_rsa_buffer_t n;
- /**
- * Negative of the multiplicative inverse of n modulo 2^32.
- */
- uint32_t n0_inv;
- /**
- * Exponent.
- */
- uint32_t exponent;
-} sigverify_rsa_key_t;
-
-/**
* Public keys for signature verification.
*
* Note: Declared here to be able to use in tests.
@@ -64,17 +29,14 @@
extern const sigverify_rsa_key_t kSigVerifyRsaKeys[kSigVerifyNumRsaKeys];
/**
- * Gets the ID of an RSA public key.
+ * Returns the key with the given ID.
*
- * ID of a key is the least significant byte of its modulus.
- * Callers must make sure that `key` is valid before calling this function.
- *
- * @param key An RSA public key.
- * @return ID of the key.
+ * @param key_id A key ID.
+ * @param key Key with the given ID, valid only if it exists.
+ * @return Result of the operation.
*/
-inline uint32_t sigverify_rsa_key_id_get(const sigverify_rsa_key_t *key) {
- return key->n.data[0];
-}
+rom_error_t sigverify_rsa_key_get(uint32_t key_id,
+ const sigverify_rsa_key_t **key);
#ifdef __cplusplus
} // extern "C"
diff --git a/sw/device/silicon_creator/mask_rom/sigverify_mod_exp.h b/sw/device/silicon_creator/mask_rom/sigverify_mod_exp.h
index c5ae69a..6237009 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify_mod_exp.h
+++ b/sw/device/silicon_creator/mask_rom/sigverify_mod_exp.h
@@ -8,7 +8,7 @@
#include <stdbool.h>
#include <stdint.h>
-#include "sw/device/silicon_creator/mask_rom/sigverify_keys.h"
+#include "sw/device/silicon_creator/lib/sigverify_rsa_key.h"
#ifdef __cplusplus
extern "C" {
diff --git a/sw/device/silicon_creator/mask_rom/sigverify_mod_exp_ibex.c b/sw/device/silicon_creator/mask_rom/sigverify_mod_exp_ibex.c
index 76c6b42..53a42a7 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify_mod_exp_ibex.c
+++ b/sw/device/silicon_creator/mask_rom/sigverify_mod_exp_ibex.c
@@ -5,7 +5,6 @@
#include <stddef.h>
#include "sw/device/lib/base/memory.h"
-#include "sw/device/silicon_creator/mask_rom/sigverify_keys.h"
#include "sw/device/silicon_creator/mask_rom/sigverify_mod_exp.h"
/**
diff --git a/sw/device/silicon_creator/mask_rom/sigverify_mod_exp_ibex_unittest.cc b/sw/device/silicon_creator/mask_rom/sigverify_mod_exp_ibex_unittest.cc
index dd0300d..4e3bb8a 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify_mod_exp_ibex_unittest.cc
+++ b/sw/device/silicon_creator/mask_rom/sigverify_mod_exp_ibex_unittest.cc
@@ -6,6 +6,8 @@
#include "gmock/gmock.h"
#include "gtest/gtest.h"
+#include "sw/device/silicon_creator/mask_rom/sigverify.h"
+#include "sw/device/silicon_creator/mask_rom/sigverify_keys.h"
#include "sw/device/silicon_creator/mask_rom/sigverify_mod_exp.h"
namespace sigverify_mod_exp_ibex_unittest {
@@ -14,7 +16,7 @@
TEST(Keys, UniqueIds) {
std::unordered_set<uint32_t> ids;
for (auto const &key : kSigVerifyRsaKeys) {
- ids.insert(sigverify_rsa_key_id_get(&key));
+ ids.insert(sigverify_rsa_key_id_get(&key.n));
}
EXPECT_EQ(ids.size(), kSigVerifyNumRsaKeys);
@@ -107,7 +109,7 @@
TEST(Rsquares, AllKeys) {
std::unordered_set<uint32_t> ids;
for (auto const &test_case : kRsquares) {
- ids.insert(sigverify_rsa_key_id_get(test_case.key));
+ ids.insert(sigverify_rsa_key_id_get(&test_case.key->n));
}
EXPECT_EQ(ids.size(), kSigVerifyNumRsaKeys);
@@ -307,7 +309,7 @@
TEST(SigTestCases, AllKeys) {
std::unordered_set<uint32_t> ids;
for (auto const &test_case : kSigTestCases) {
- ids.insert(sigverify_rsa_key_id_get(test_case.key));
+ ids.insert(sigverify_rsa_key_id_get(&test_case.key->n));
}
EXPECT_EQ(ids.size(), kSigVerifyNumRsaKeys);
diff --git a/sw/device/silicon_creator/mask_rom/sigverify_unittest.cc b/sw/device/silicon_creator/mask_rom/sigverify_unittest.cc
index 5b0f4a1..d87c5db 100644
--- a/sw/device/silicon_creator/mask_rom/sigverify_unittest.cc
+++ b/sw/device/silicon_creator/mask_rom/sigverify_unittest.cc
@@ -94,7 +94,7 @@
TEST_F(SigVerifyTest, GoodSignature) {
// FIXME: Parameterize with key ids.
- const auto key_id = sigverify_rsa_key_id_get(&kSigVerifyRsaKeys[0]);
+ const auto key_id = sigverify_rsa_key_id_get(&kSigVerifyRsaKeys[0].n);
EXPECT_CALL(hmac_, sha256_init());
EXPECT_CALL(hmac_, sha256_update(kSignedRegion.data(), sizeof(kSignedRegion)))
@@ -113,7 +113,7 @@
TEST_F(SigVerifyTest, BadSignature) {
// FIXME: Parameterize with key ids.
- const auto key_id = sigverify_rsa_key_id_get(&kSigVerifyRsaKeys[0]);
+ const auto key_id = sigverify_rsa_key_id_get(&kSigVerifyRsaKeys[0].n);
// Corrupt the words of the encoded message by flipping their bits and check
// that signature verification fails.
