Software APIs
rsa_key.h
1// Copyright lowRISC contributors (OpenTitan project).
2// Licensed under the Apache License, Version 2.0, see LICENSE for details.
3// SPDX-License-Identifier: Apache-2.0
4
5#ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_SIGVERIFY_RSA_KEY_H_
6#define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_SIGVERIFY_RSA_KEY_H_
7
8#include <stdint.h>
9
10#include "sw/device/lib/base/macros.h"
11
12#ifdef __cplusplus
13extern "C" {
14#endif // __cplusplus
15
16enum {
17 /**
18 * Length of an RSA-3072 modulus or signature in bits.
19 */
20 kSigVerifyRsaNumBits = 3072,
21 /**
22 * Length of an RSA-3072 modulus or signature in bytes.
23 */
24 kSigVerifyRsaNumBytes = kSigVerifyRsaNumBits / 8,
25 /**
26 * Length of an RSA-3072 modulus or signature in words.
27 */
28 kSigVerifyRsaNumWords = kSigVerifyRsaNumBytes / sizeof(uint32_t),
29};
30
31/**
32 * A type that holds `kSigVerifyRsaNumWords` words.
33 *
34 * This can be used for RSA-3072 moduli, signatures, and intermediate values
35 * during modular exponentiation.
36 */
37typedef struct sigverify_rsa_buffer {
38 uint32_t data[kSigVerifyRsaNumWords];
39} sigverify_rsa_buffer_t;
40
41/**
42 * An RSA public key with exponent 65537.
43 */
44typedef struct sigverify_rsa_key {
45 /**
46 * Modulus, a `kSigVerifyRsaNumWords` base 2^32 digit integer, little-endian.
47 */
48 sigverify_rsa_buffer_t n;
49 /**
50 * Negative of the multiplicative inverse of n modulo 2^256, little-endian.
51 *
52 * Calculations performed on OTBN (word size: 256 bits) use the whole array
53 * while calculations performed on Ibex (word size: 32 bits) use only the
54 * first word, which is equal to -n^-1 mod 2^32.
55 */
56 uint32_t n0_inv[8];
57} sigverify_rsa_key_t;
58
59/**
60 * Gets the ID of an RSA public key from its modulus.
61 *
62 * ID of a key is the least significant word of its modulus.
63 * Callers must make sure that `modulus` is valid before calling this function.
64 *
65 * @param key An RSA public key.
66 * @return ID of the key.
67 */
68OT_WARN_UNUSED_RESULT
69inline uint32_t sigverify_rsa_key_id_get(
70 const sigverify_rsa_buffer_t *modulus) {
71 return modulus->data[0];
72}
73
74#ifdef __cplusplus
75} // extern "C"
76#endif // __cplusplus
77
78#endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_SIGVERIFY_RSA_KEY_H_