Software APIs
rsa_verify.h
1 // Copyright lowRISC contributors (OpenTitan project).
2 // Licensed under the Apache License, Version 2.0, see LICENSE for details.
3 // SPDX-License-Identifier: Apache-2.0
4 
5 #ifndef OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_SIGVERIFY_RSA_VERIFY_H_
6 #define OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_SIGVERIFY_RSA_VERIFY_H_
7 
8 #include "sw/device/silicon_creator/lib/drivers/hmac.h"
9 #include "sw/device/silicon_creator/lib/drivers/lifecycle.h"
10 #include "sw/device/silicon_creator/lib/error.h"
11 #include "sw/device/silicon_creator/lib/sigverify/rsa_key.h"
12 
13 #ifdef __cplusplus
14 extern "C" {
15 #endif // __cplusplus
16 
17 enum {
18  /**
19  * A non-trivial constant chosen such that `kSigverifySpxSuccess ^
20  * kSigverifyRsaSuccess = kSigverifyFlashExec`.
21  */
22  kSigverifyRsaSuccess = 0x2f06b4e0,
23 };
24 
25 /**
26  * Verifies an RSASSA-PKCS1-v1_5 signature.
27  *
28  * The actual implementation that is used (software or OTBN) is determined by
29  * the life cycle state of the device and the OTP value.
30  *
31  * @param signature Signature to be verified.
32  * @param key Signer's RSA public key.
33  * @param act_digest Actual digest of the message being verified.
34  * @param lc_state Life cycle state of the device.
35  * @param[out] flash_exec Value to write to the flash_ctrl EXEC register.
36  * @return Result of the operation.
37  */
38 OT_WARN_UNUSED_RESULT
39 rom_error_t sigverify_rsa_verify(const sigverify_rsa_buffer_t *signature,
40  const sigverify_rsa_key_t *key,
41  const hmac_digest_t *act_digest,
42  lifecycle_state_t lc_state,
43  uint32_t *flash_exec);
44 
45 /**
46  * Transforms `kSigverifyRsaSuccess` into `kErrorOk`.
47  *
48  * Callers should transform the result to a suitable error value if it is not
49  * `kErrorOk` for ease of debugging.
50  *
51  * @param v A value.
52  * @return `kErrorOk` if `v` is `kSigverifyRsaSuccess`.
53  */
54 OT_WARN_UNUSED_RESULT
55 inline uint32_t sigverify_rsa_success_to_ok(uint32_t v) {
56  return (v << 22 ^ v << 19 ^ v << 3) >> 21;
57 }
58 
59 #ifdef __cplusplus
60 } // extern "C"
61 #endif // __cplusplus
62 
63 #endif // OPENTITAN_SW_DEVICE_SILICON_CREATOR_LIB_SIGVERIFY_RSA_VERIFY_H_
Return to OpenTitan Documentation