libcr51sign: enhance to support key rotation
Support validate cr51 descriptor with trusted hash and key within the
signature structure.
Accept the descriptor if its hash is trusted.
Validate the descriptor signature with verification key provided along
with the signature if the key is trusted.
To support the above enhancement for key rotation, three new functions
are defined in interface:
* trust_descriptor_hash
* trust_key_in_signature_structure
* verify_rsa_signature_with_modulus_and_exponent
Applications (i.e. flashupdate or bios-validator) will provide these
functions.
And to facilitate verify rsa signature using key in signature structure,
an implementation of verify_rsa_signature_with_modulus_and_exponent
using the openssl has been provided also.
Change-Id: I787f8c661433052f8c8a1d23e9e6140befce2265
Signed-off-by: Dan Zhang <zhdaniel@google.com>
4 files changed