Blame - drivers/auth/crypto_mod.c - filogic/atf

blob: c63ff080f9a9df61b11aa89ef7c91cb8002c26d4 [file] [log] [blame]

Juan Castillo	8e55d93	2015-04-02 09:48:16 +0100	[diff] [blame]	1	/*
Alexei Fedorov	913cb7e	2020-01-23 14:27:38 +0000	[diff] [blame]	2	* Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
Juan Castillo	8e55d93	2015-04-02 09:48:16 +0100	[diff] [blame]	3	*
dp-arm	fa3cf0b	2017-05-03 09:38:09 +0100	[diff] [blame]	4	* SPDX-License-Identifier: BSD-3-Clause
Juan Castillo	8e55d93	2015-04-02 09:48:16 +0100	[diff] [blame]	5	*/
				6
				7	#include <assert.h>
Antonio Nino Diaz	e0f9063	2018-12-14 00:18:21 +0000	[diff] [blame]	8
				9	#include <common/debug.h>
				10	#include <drivers/auth/crypto_mod.h>
Juan Castillo	8e55d93	2015-04-02 09:48:16 +0100	[diff] [blame]	11
				12	/* Variable exported by the crypto library through REGISTER_CRYPTO_LIB() */
Juan Castillo	8e55d93	2015-04-02 09:48:16 +0100	[diff] [blame]	13
				14	/*
				15	* The crypto module is responsible for verifying digital signatures and hashes.
				16	* It relies on a crypto library to perform the cryptographic operations.
				17	*
				18	* The crypto module itself does not impose any specific format on signatures,
				19	* signature algorithm, keys or hashes, but most cryptographic libraries will
				20	* take the parameters as the following DER encoded ASN.1 structures:
				21	*
				22	* AlgorithmIdentifier ::= SEQUENCE {
				23	* algorithm OBJECT IDENTIFIER,
				24	* parameters ANY DEFINED BY algorithm OPTIONAL
				25	* }
				26	*
				27	* DigestInfo ::= SEQUENCE {
				28	* digestAlgorithm AlgorithmIdentifier,
				29	* digest OCTET STRING
				30	* }
				31	*
				32	* SubjectPublicKeyInfo ::= SEQUENCE {
				33	* algorithm AlgorithmIdentifier,
				34	* subjectPublicKey BIT STRING
				35	* }
				36	*
				37	* SignatureAlgorithm ::= AlgorithmIdentifier
				38	*
				39	* SignatureValue ::= BIT STRING
				40	*/
				41
				42	/*
				43	* Perform some static checking and call the library initialization function
				44	*/
				45	void crypto_mod_init(void)
				46	{
				47	assert(crypto_lib_desc.name != NULL);
				48	assert(crypto_lib_desc.init != NULL);
				49	assert(crypto_lib_desc.verify_signature != NULL);
				50	assert(crypto_lib_desc.verify_hash != NULL);
				51
				52	/* Initialize the cryptographic library */
				53	crypto_lib_desc.init();
				54	INFO("Using crypto library '%s'\n", crypto_lib_desc.name);
				55	}
				56
				57	/*
				58	* Function to verify a digital signature
				59	*
				60	* Parameters:
				61	*
				62	* data_ptr, data_len: signed data
				63	* sig_ptr, sig_len: the digital signature
				64	* sig_alg_ptr, sig_alg_len: the digital signature algorithm
				65	* pk_ptr, pk_len: the public key
				66	*/
				67	int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len,
				68	void *sig_ptr, unsigned int sig_len,
				69	void *sig_alg_ptr, unsigned int sig_alg_len,
				70	void *pk_ptr, unsigned int pk_len)
				71	{
				72	assert(data_ptr != NULL);
				73	assert(data_len != 0);
				74	assert(sig_ptr != NULL);
				75	assert(sig_len != 0);
				76	assert(sig_alg_ptr != NULL);
				77	assert(sig_alg_len != 0);
				78	assert(pk_ptr != NULL);
				79	assert(pk_len != 0);
				80
				81	return crypto_lib_desc.verify_signature(data_ptr, data_len,
				82	sig_ptr, sig_len,
				83	sig_alg_ptr, sig_alg_len,
				84	pk_ptr, pk_len);
				85	}
				86
				87	/*
				88	* Verify a hash by comparison
				89	*
				90	* Parameters:
				91	*
				92	* data_ptr, data_len: data to be hashed
				93	* digest_info_ptr, digest_info_len: hash to be compared
				94	*/
				95	int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len,
				96	void *digest_info_ptr, unsigned int digest_info_len)
				97	{
				98	assert(data_ptr != NULL);
				99	assert(data_len != 0);
				100	assert(digest_info_ptr != NULL);
				101	assert(digest_info_len != 0);
				102
				103	return crypto_lib_desc.verify_hash(data_ptr, data_len,
				104	digest_info_ptr, digest_info_len);
				105	}
Alexei Fedorov	913cb7e	2020-01-23 14:27:38 +0000	[diff] [blame]	106
				107	#if MEASURED_BOOT
				108	/*
				109	* Calculate a hash
				110	*
				111	* Parameters:
				112	*
				113	* alg: message digest algorithm
				114	* data_ptr, data_len: data to be hashed
				115	* output: resulting hash
				116	*/
				117	int crypto_mod_calc_hash(unsigned int alg, void *data_ptr,
				118	unsigned int data_len, unsigned char *output)
				119	{
				120	assert(data_ptr != NULL);
				121	assert(data_len != 0);
				122	assert(output != NULL);
				123
				124	return crypto_lib_desc.calc_hash(alg, data_ptr, data_len, output);
				125	}
				126	#endif /* MEASURED_BOOT */
Sumit Garg	392e4df	2019-11-15 10:43:00 +0530	[diff] [blame^]	127
				128	/*
				129	* Authenticated decryption of data
				130	*
				131	* Parameters:
				132	*
				133	* dec_algo: authenticated decryption algorithm
				134	* data_ptr, len: data to be decrypted (inout param)
				135	* key, key_len, key_flags: symmetric decryption key
				136	* iv, iv_len: initialization vector
				137	* tag, tag_len: authentication tag
				138	*/
				139	int crypto_mod_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr,
				140	size_t len, const void *key, unsigned int key_len,
				141	unsigned int key_flags, const void *iv,
				142	unsigned int iv_len, const void *tag,
				143	unsigned int tag_len)
				144	{
				145	assert(crypto_lib_desc.auth_decrypt != NULL);
				146	assert(data_ptr != NULL);
				147	assert(len != 0U);
				148	assert(key != NULL);
				149	assert(key_len != 0U);
				150	assert(iv != NULL);
				151	assert((iv_len != 0U) && (iv_len <= CRYPTO_MAX_IV_SIZE));
				152	assert(tag != NULL);
				153	assert((tag_len != 0U) && (tag_len <= CRYPTO_MAX_TAG_SIZE));
				154
				155	return crypto_lib_desc.auth_decrypt(dec_algo, data_ptr, len, key,
				156	key_len, key_flags, iv, iv_len, tag,
				157	tag_len);
				158	}