[sw, rom_exts] Add development keys and reference signature artifacts
The idea for this change stemmed from:
https://docs.opentitan.org/sw/device/rom_exts/docs/manifest/#development-versions-subject-to-change
This change however goes beyond development key pair and adds some useful
reference files (binary to sign, SHA-256 hash of this binary, and
signatures in DER and base64 representations).
Signed-off-by: Silvestrs Timofejevs <silvestrst@lowrisc.org>
diff --git a/sw/device/rom_exts/keys/README.md b/sw/device/rom_exts/keys/README.md
new file mode 100644
index 0000000..f193421
--- /dev/null
+++ b/sw/device/rom_exts/keys/README.md
@@ -0,0 +1,112 @@
+# Introduction
+
+The main idea of the development key pair and other signing artefacts is to
+make cross-development of on device and host side components for ROM_EXT
+signing easier.
+
+It is also useful when starting new development, as it is easier to make sure
+that signing process is correct by matching the produced hashes and signatures
+against the reference files provided.
+
+Typical use-case would be - signing ROM_EXT image via host side tooling, and
+then using the same key pair on device to validate the signature.
+
+Files breakdown:
+- `test_key_private.pem` : private key (DER encoded binary) in PEM
+ representation.
+- `test_key_public.pem` : public key (DER encoded binary) in PEM
+ representation.
+`testing` sub-directory:
+- `hello_world.bin` : reference file containing "Hello World!".
+- `hello_world_digest.base64` : SHA-256 digest in base64 representation.
+- `hello_world.sign.base64` : RSASSA-PKCS1-V1_5-SIGN signature (DER encoded
+ binary) in base64 representation.
+
+** Please note that some tools/libraries require files in DER binary encoding.
+Instructions below include commands to generate DER keys and signature
+artifacts. **
+
+# Keys
+
+This guide assumes that commands are run from within `sw/device/rom_exts/keys`
+directory.
+
+`cd sw/device/rom_exts/keys`
+
+## How the key pair was generated?
+
+```
+// Private RSA key in `.pem` and `.der` representations.
+openssl genrsa -3 -out test_key_private.pem 3072
+openssl rsa -in test_key_private.pem -outform DER -out test_key_private.der
+```
+
+```
+// Public RSA key in `.pem` and `.der` representations.
+openssl rsa -in test_key_private.pem -pubout -out test_key_public.pem
+openssl rsa \
+ -in test_key_private.pem \
+ -outform DER -pubout \
+ -out test_key_public.der
+```
+
+# Hash, signature generation and verification.
+
+This guide assumes that commands are run from within
+`sw/device/rom_exts/keys/testing` directory.
+
+`cd sw/device/rom_exts/keys/testing`
+
+## How the reference file was signed?
+
+```
+// Hash generation.
+openssl dgst -sha256 -binary -out hello_world_digest.bin hello_world.bin
+
+// Convert hash from binary to base64.
+openssl base64 -in hello_world_digest.bin -out hello_world_digest.base64
+
+// Convert hash from base64 to binary.
+openssl base64 -d -in hello_world_digest.base64 -out hello_world_digest.bin
+```
+
+```
+// RSASSA-PKCS1-V1_5-SIGN.
+// For DER use `-keyform DER` and `-inkey ../test_key_private.der`.
+openssl pkeyutl \
+ -keyform PEM \
+ -inkey ../test_key_private.pem \
+ -pkeyopt rsa_padding_mode:pkcs1 \
+ -pkeyopt digest:sha256 \
+ -in hello_world_digest.bin \
+ -out hello_world.sign -sign
+```
+
+```
+// Convert the signature from binary to base64.
+openssl base64 -in hello_world.sign -out hello_world.sign.base64
+
+// Convert the signature from base64 to binary.
+openssl base64 -d -in hello_world.sign.base64 -out hello_world.sign
+```
+
+## Signature verification.
+
+```
+// From source.
+openssl dgst \
+ -sha256 \
+ -verify ../test_key_public.pem \
+ -signature hello_world.sign \
+ hello_world.bin
+```
+
+```
+// From hash.
+openssl pkeyutl \
+ -verify \
+ -in hello_world_digest.bin \
+ -sigfile hello_world.sign \
+ -pkeyopt digest:sha256 \
+ -inkey ../test_key_private.pem
+```
diff --git a/sw/device/rom_exts/keys/test_key_private.pem b/sw/device/rom_exts/keys/test_key_private.pem
new file mode 100644
index 0000000..d24715a
--- /dev/null
+++ b/sw/device/rom_exts/keys/test_key_private.pem
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5AIBAAKCAYEA1UaqkxKjjxVY1TnvkaIQJGZoMky1sAVmbWmu8U6Yh/HIRfwo
+HOI7ZU6oYP2MZrC9DvGIsGAS3sjnbwmEont683dYj1ZIXGorwfozYP8ZdWXO/ADf
+spoVPCyztaJPgXM4ZKF9fOXQalW1MLd0/3hTtDbufbSCgyXSsf9oAhpQPMcIETUX
+d3RuLl6frHXxpdZjLsE31mY6XxtH/VVd4nYO9JW8Rvx6mgv5hG/hRTw/oD+v4Px6
+pE6dXIPSEBElRvOiE4/MO2O01Vb4n1WgVO8gk5V++VB6lCGHLgEcV9NRwnIxuBr7
+SNAA321sSvEin9Nh7SwqK1ZK/uEBl3Y5l+JQReZD7tcJMdRqrtXspMYanyDm3JTE
+7zAhrbp1Q7C6CBnT8QqXKL61xIE5cb1k2/Bu1cZjh70uBcHz2zKntAe43Tp35kWW
+DEZrJkSLYZcLMmK3P6O3VzL6gJvWSu/wMs8qrQB1kmthD/2c2X+VCrsMarabKLmI
+EkWBvTtMSZRpWT5fAgEDAoIBgQCOLxxiDG0KDjs40UphFrVtmZrMMyPKrkRI8R9L
+ibsFS9rZUsVoltJDicWV/l2Zyyi0oQXK6rc/MJpKBlhsUlH3pOW05DA9nB0r/CJA
+qhD47on9Vep3EWN9cyJ5Ft+roiWYa6j97orxjnjLJPiqUDfNefRTzaxXbox2qkVW
+vDV92gVgzg+k+El0PxUdo/ZujuzJ1iU5mXw/Z4VTjj6W+V9NuSgvUvxmsqZYSpYu
+KCpq1R/rUvxtib49rTa1YMOEomrVbqf/G1WKY2zb0/vD5viwzVEQ80rjnzD55BDg
+TEWFH9bWLpzmnDG0x1gB9le4+4rBYWd5/LQmS+wLclIckD6TKw/nX9ZB1RLgUiiX
+Potj3XYBJt2NM6h3m60ubqxBeuqBfCehv/Fxgeh98zR1jQ7RQz5fRl4klqDyynpL
+6N9o4YTJf3D13t2QVohAagWamnILt05FF7FPMFe/vhgCAzSUJrcqCFNgz1TnF9zp
+O3VSKet6b5eOKCj8+meuG0fgiasCgcEA7jHEvWXA9+z1ixUBCMCgQiu9iuVcD3+F
+1bCPh53m3t0BXoGhfpCZmvzvfIRd4c6tSjxf33wtExgGE/M6fWe90yqf8A3hodHn
+hL5J3VrfMhqqWABxwt032EOWuhNTv9lVS0mfxhfM5owLl/jtQfJTnNsvVzqKHKUE
++erVdqF/wI6CEWJ4N7uujLpnJSVf/nXjfHFWuTJNsGA+Ovlnl/BqbL1Ay7W7M4DP
+GtK7MuqXqgG9oDgwY3G/XzCnIVVaNgTBAoHBAOU4C39U843U38qCpaZUC0g1x9T+
+Li8zN+F6c3/DApvlbhhTbnBVHLVFeMt7QSiLZIDdrxTfD7JXGXJXg++iNJX7DCO5
+Zi1C5tmcZeSNalc6C4LaBtiFbSINWsP3Y+YIHuOGu/AG/rOyURzXqOmqhP8GVqGZ
+FrI6/XUYGsuI6f9Zrqaj9GO8cEEIV9vSoswFKLGfazZdItlzFHBZZJfZ8WIJIgep
+KMtFzmQJDnn3RMV1/FDZ9FmXhOKTCaMWI1JrHwKBwQCey9h+Q9X6nfkHY1YF1cAs
+HSkHQ5K0/66OdbUFE+8/PgDpq8D/CxER/fT9rZPr3x4xfZU/qB4Muq6393xTmn6M
+xxVKs+vBNppYftvo5z92vHGQAEvXPiU617nRYjfVO44yMRUuuoiZsrJlUJ4r9uJo
+kh+PfFwTGK378eOka6qAXwFg7FAlJ8mzJu9uGOqpo+z9oOR7dt51lX7R+5plSvGd
+04CHznzNAIoR4dIh8bpxVn5q0CBCS9TqIG9rjjwkAysCgcEAmNAHqjiiXo3qhwHD
+xDgHhXkv41QeyiIlQPxM/9dXEpj0EDee9Y4TI4Ol3PzWGweYVekfYz9fzDoQ9uUC
+n8F4Y/yywnuZc4HvO72ZQwjxj3wHrJFZ5a5IwV48gqTtRAVp7QR9Sq9Ud8w2Ezpw
+m8cDVK7ka7tkdtH+ThAR3QXxVOZ0bxf4Qn2gK1rlPTcXMq4bIRTyJD4XO6INoDuY
+ZTv2QVtsBRtwh4Pe7Vte+/ot2PlS4JFNkQ+t7GIGbLls4Zy/AoHBAM3rm0RGg1tU
+4CaHuK3Tc7hzb3TFQ3FsJ0/wrpbL+2FqnXLCj9+tyHrZJx+QfKwWdJMto78kilSJ
+KsoZMDGmTwr2haVwMZcyfv+z4yEEpGqzqIBDNN+fQNMoLxlkcWfEthTqD1VyIePd
+CRMnI2vOPivrYeXcpapg4rEk0n70+nMZ80LFU+PrmiOMIUjx1TUdmchjOsf7rChq
+Fl2qnn9RdZCqzHZuYpEA5uOVVRzN2TZgrS9J5keQtfsMGVKUL64Tig==
+-----END RSA PRIVATE KEY-----
diff --git a/sw/device/rom_exts/keys/test_key_public.pem b/sw/device/rom_exts/keys/test_key_public.pem
new file mode 100644
index 0000000..fa708e4
--- /dev/null
+++ b/sw/device/rom_exts/keys/test_key_public.pem
@@ -0,0 +1,11 @@
+-----BEGIN PUBLIC KEY-----
+MIIBoDANBgkqhkiG9w0BAQEFAAOCAY0AMIIBiAKCAYEA1UaqkxKjjxVY1TnvkaIQ
+JGZoMky1sAVmbWmu8U6Yh/HIRfwoHOI7ZU6oYP2MZrC9DvGIsGAS3sjnbwmEont6
+83dYj1ZIXGorwfozYP8ZdWXO/ADfspoVPCyztaJPgXM4ZKF9fOXQalW1MLd0/3hT
+tDbufbSCgyXSsf9oAhpQPMcIETUXd3RuLl6frHXxpdZjLsE31mY6XxtH/VVd4nYO
+9JW8Rvx6mgv5hG/hRTw/oD+v4Px6pE6dXIPSEBElRvOiE4/MO2O01Vb4n1WgVO8g
+k5V++VB6lCGHLgEcV9NRwnIxuBr7SNAA321sSvEin9Nh7SwqK1ZK/uEBl3Y5l+JQ
+ReZD7tcJMdRqrtXspMYanyDm3JTE7zAhrbp1Q7C6CBnT8QqXKL61xIE5cb1k2/Bu
+1cZjh70uBcHz2zKntAe43Tp35kWWDEZrJkSLYZcLMmK3P6O3VzL6gJvWSu/wMs8q
+rQB1kmthD/2c2X+VCrsMarabKLmIEkWBvTtMSZRpWT5fAgED
+-----END PUBLIC KEY-----
diff --git a/sw/device/rom_exts/keys/testing/hello_world.bin b/sw/device/rom_exts/keys/testing/hello_world.bin
new file mode 100644
index 0000000..c57eff5
--- /dev/null
+++ b/sw/device/rom_exts/keys/testing/hello_world.bin
@@ -0,0 +1 @@
+Hello World!
\ No newline at end of file
diff --git a/sw/device/rom_exts/keys/testing/hello_world.sign.base64 b/sw/device/rom_exts/keys/testing/hello_world.sign.base64
new file mode 100644
index 0000000..2d3cc3d
--- /dev/null
+++ b/sw/device/rom_exts/keys/testing/hello_world.sign.base64
@@ -0,0 +1,8 @@
+X11NVgfrm7cE5zWg3ExDTZ/kQuohY2Z2xvLzhOXIXbA4Z6p6cAyslFL3CfLUyFlt
+RgO/1pKZG8ix0l86d5oKccS7+HYPJOuigEN02saQGa4pLqKD5RQ7eA036CdyLhld
+uUFECpt+jlSGS/XCtbxuMxdCqTRQ9S+a90gcxv/T1O3ZZHss9EOPMCXVF4MP6itw
+8QsDCTMCZLZP61i13RJZyUBnreR98FLCT1P6V7wFk093pgYQNHwE7trEGsAi8qxh
+/k+2AOoG79qKfxeYsctWYl+bZPLSIlnBHm6rW8zb27McHxpodVQaJS3Kvw9E4Off
+xBGqKciyIWIol9MPamYnxufV+VmHgPdLrfs7DwsW35Ep5RKuk4MOagwP6366I/6w
+re0Muaqb9hKQ6lWxyRhaBFELu1KaOphpJ6jcjjhb90WF4JzCcRpPg5jKcDoDmX2m
+oVmU/TQYsMw6c549RkIud8KykRVfFzab/AMoo1k7fUMP3Ejpg3lJa7838C6NFAKT
diff --git a/sw/device/rom_exts/keys/testing/hello_world_digest.base64 b/sw/device/rom_exts/keys/testing/hello_world_digest.base64
new file mode 100644
index 0000000..79c4de5
--- /dev/null
+++ b/sw/device/rom_exts/keys/testing/hello_world_digest.base64
@@ -0,0 +1 @@
+f4OxZX/x/FO5LcGBSKHWXfwtSx+j1ncoSt3SABJtkGk=
