Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / 392e4df5067b8c5d35fabee53359fbc35ff9005c / . / drivers / auth / mbedtls / mbedtls_crypto.c
blob: 2a9801497c2aec58beedfeb41d954adda51e7cff [file] [log] [blame]
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]1/*
Alexei Fedorov913cb7e2020-01-23 14:27:38 +0000[diff] [blame]2 * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]3 *
dp-armfa3cf0b2017-05-03 09:38:09 +0100[diff] [blame]4 * SPDX-License-Identifier: BSD-3-Clause
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]5 */
6
Sumit Garg392e4df2019-11-15 10:43:00 +0530[diff] [blame^]7#include <assert.h>
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]8#include <stddef.h>
9#include <string.h>
10
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]11/* mbed TLS headers */
Sumit Garg392e4df2019-11-15 10:43:00 +0530[diff] [blame^]12#include <mbedtls/gcm.h>
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]13#include <mbedtls/md.h>
14#include <mbedtls/memory_buffer_alloc.h>
15#include <mbedtls/oid.h>
16#include <mbedtls/platform.h>
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]17
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]18#include <common/debug.h>
19#include <drivers/auth/crypto_mod.h>
20#include <drivers/auth/mbedtls/mbedtls_common.h>
21#include <drivers/auth/mbedtls/mbedtls_config.h>
Sumit Garg392e4df2019-11-15 10:43:00 +0530[diff] [blame^]22#include <plat/common/platform.h>
Antonio Nino Diaze0f90632018-12-14 00:18:21 +0000[diff] [blame]23
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]24#define LIB_NAME "mbed TLS"
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]25
26/*
27 * AlgorithmIdentifier ::= SEQUENCE {
28 * algorithm OBJECT IDENTIFIER,
29 * parameters ANY DEFINED BY algorithm OPTIONAL
30 * }
31 *
32 * SubjectPublicKeyInfo ::= SEQUENCE {
33 * algorithm AlgorithmIdentifier,
34 * subjectPublicKey BIT STRING
35 * }
36 *
37 * DigestInfo ::= SEQUENCE {
38 * digestAlgorithm AlgorithmIdentifier,
39 * digest OCTET STRING
40 * }
41 */
42
43/*
44 * Initialize the library and export the descriptor
45 */
46static void init(void)
47{
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]48 /* Initialize mbed TLS */
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]49 mbedtls_init();
50}
51
52/*
53 * Verify a signature.
54 *
55 * Parameters are passed using the DER encoding format following the ASN.1
56 * structures detailed above.
57 */
58static int verify_signature(void *data_ptr, unsigned int data_len,
59 void *sig_ptr, unsigned int sig_len,
60 void *sig_alg, unsigned int sig_alg_len,
61 void *pk_ptr, unsigned int pk_len)
62{
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]63 mbedtls_asn1_buf sig_oid, sig_params;
64 mbedtls_asn1_buf signature;
65 mbedtls_md_type_t md_alg;
66 mbedtls_pk_type_t pk_alg;
Soby Mathew0a68d132017-05-31 10:35:27 +0100[diff] [blame]67 mbedtls_pk_context pk = {0};
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]68 int rc;
69 void *sig_opts = NULL;
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]70 const mbedtls_md_info_t *md_info;
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]71 unsigned char *p, *end;
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]72 unsigned char hash[MBEDTLS_MD_MAX_SIZE];
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]73
74 /* Get pointers to signature OID and parameters */
75 p = (unsigned char *)sig_alg;
76 end = (unsigned char *)(p + sig_alg_len);
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]77 rc = mbedtls_asn1_get_alg(&p, end, &sig_oid, &sig_params);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]78 if (rc != 0) {
79 return CRYPTO_ERR_SIGNATURE;
80 }
81
82 /* Get the actual signature algorithm (MD + PK) */
Soby Mathew0a68d132017-05-31 10:35:27 +0100[diff] [blame]83 rc = mbedtls_x509_get_sig_alg(&sig_oid, &sig_params, &md_alg, &pk_alg, &sig_opts);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]84 if (rc != 0) {
85 return CRYPTO_ERR_SIGNATURE;
86 }
87
88 /* Parse the public key */
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]89 mbedtls_pk_init(&pk);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]90 p = (unsigned char *)pk_ptr;
91 end = (unsigned char *)(p + pk_len);
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]92 rc = mbedtls_pk_parse_subpubkey(&p, end, &pk);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]93 if (rc != 0) {
Soby Mathew0a68d132017-05-31 10:35:27 +0100[diff] [blame]94 rc = CRYPTO_ERR_SIGNATURE;
95 goto end2;
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]96 }
97
98 /* Get the signature (bitstring) */
99 p = (unsigned char *)sig_ptr;
100 end = (unsigned char *)(p + sig_len);
101 signature.tag = *p;
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]102 rc = mbedtls_asn1_get_bitstring_null(&p, end, &signature.len);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]103 if (rc != 0) {
104 rc = CRYPTO_ERR_SIGNATURE;
Soby Mathew0a68d132017-05-31 10:35:27 +0100[diff] [blame]105 goto end1;
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]106 }
107 signature.p = p;
108
109 /* Calculate the hash of the data */
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]110 md_info = mbedtls_md_info_from_type(md_alg);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]111 if (md_info == NULL) {
112 rc = CRYPTO_ERR_SIGNATURE;
Soby Mathew0a68d132017-05-31 10:35:27 +0100[diff] [blame]113 goto end1;
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]114 }
115 p = (unsigned char *)data_ptr;
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]116 rc = mbedtls_md(md_info, p, data_len, hash);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]117 if (rc != 0) {
118 rc = CRYPTO_ERR_SIGNATURE;
Soby Mathew0a68d132017-05-31 10:35:27 +0100[diff] [blame]119 goto end1;
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]120 }
121
122 /* Verify the signature */
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]123 rc = mbedtls_pk_verify_ext(pk_alg, sig_opts, &pk, md_alg, hash,
124 mbedtls_md_get_size(md_info),
125 signature.p, signature.len);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]126 if (rc != 0) {
127 rc = CRYPTO_ERR_SIGNATURE;
Soby Mathew0a68d132017-05-31 10:35:27 +0100[diff] [blame]128 goto end1;
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]129 }
130
131 /* Signature verification success */
132 rc = CRYPTO_SUCCESS;
133
Soby Mathew0a68d132017-05-31 10:35:27 +0100[diff] [blame]134end1:
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]135 mbedtls_pk_free(&pk);
Soby Mathew0a68d132017-05-31 10:35:27 +0100[diff] [blame]136end2:
137 mbedtls_free(sig_opts);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]138 return rc;
139}
140
141/*
142 * Match a hash
143 *
144 * Digest info is passed in DER format following the ASN.1 structure detailed
145 * above.
146 */
147static int verify_hash(void *data_ptr, unsigned int data_len,
148 void *digest_info_ptr, unsigned int digest_info_len)
149{
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]150 mbedtls_asn1_buf hash_oid, params;
151 mbedtls_md_type_t md_alg;
152 const mbedtls_md_info_t *md_info;
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]153 unsigned char *p, *end, *hash;
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]154 unsigned char data_hash[MBEDTLS_MD_MAX_SIZE];
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]155 size_t len;
156 int rc;
157
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]158 /* Digest info should be an MBEDTLS_ASN1_SEQUENCE */
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]159 p = (unsigned char *)digest_info_ptr;
Sandrine Bailleuxdf8de2d2016-01-04 15:49:23 +0000[diff] [blame]160 end = p + digest_info_len;
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]161 rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_CONSTRUCTED |
162 MBEDTLS_ASN1_SEQUENCE);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]163 if (rc != 0) {
164 return CRYPTO_ERR_HASH;
165 }
166
167 /* Get the hash algorithm */
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]168 rc = mbedtls_asn1_get_alg(&p, end, &hash_oid, &params);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]169 if (rc != 0) {
170 return CRYPTO_ERR_HASH;
171 }
172
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]173 rc = mbedtls_oid_get_md_alg(&hash_oid, &md_alg);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]174 if (rc != 0) {
175 return CRYPTO_ERR_HASH;
176 }
177
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]178 md_info = mbedtls_md_info_from_type(md_alg);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]179 if (md_info == NULL) {
180 return CRYPTO_ERR_HASH;
181 }
182
183 /* Hash should be octet string type */
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]184 rc = mbedtls_asn1_get_tag(&p, end, &len, MBEDTLS_ASN1_OCTET_STRING);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]185 if (rc != 0) {
186 return CRYPTO_ERR_HASH;
187 }
188
189 /* Length of hash must match the algorithm's size */
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]190 if (len != mbedtls_md_get_size(md_info)) {
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]191 return CRYPTO_ERR_HASH;
192 }
193 hash = p;
194
195 /* Calculate the hash of the data */
196 p = (unsigned char *)data_ptr;
Juan Castillobae6b2a2015-11-05 09:24:53 +0000[diff] [blame]197 rc = mbedtls_md(md_info, p, data_len, data_hash);
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]198 if (rc != 0) {
199 return CRYPTO_ERR_HASH;
200 }
201
202 /* Compare values */
Antonio Nino Diaz0ca1afa2017-02-09 10:26:54 +0000[diff] [blame]203 rc = memcmp(data_hash, hash, mbedtls_md_get_size(md_info));
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]204 if (rc != 0) {
205 return CRYPTO_ERR_HASH;
206 }
207
208 return CRYPTO_SUCCESS;
209}
210
Alexei Fedorov913cb7e2020-01-23 14:27:38 +0000[diff] [blame]211#if MEASURED_BOOT
212/*
213 * Calculate a hash
214 *
215 * output points to the computed hash
216 */
217int calc_hash(unsigned int alg, void *data_ptr,
218 unsigned int data_len, unsigned char *output)
219{
220 const mbedtls_md_info_t *md_info;
221
222 md_info = mbedtls_md_info_from_type((mbedtls_md_type_t)alg);
223 if (md_info == NULL) {
224 return CRYPTO_ERR_HASH;
225 }
226
227 /* Calculate the hash of the data */
228 return mbedtls_md(md_info, data_ptr, data_len, output);
229}
230#endif /* MEASURED_BOOT */
231
Sumit Garg392e4df2019-11-15 10:43:00 +0530[diff] [blame^]232#if TF_MBEDTLS_USE_AES_GCM
233/*
234 * Stack based buffer allocation for decryption operation. It could
235 * be configured to balance stack usage vs execution speed.
236 */
237#define DEC_OP_BUF_SIZE 128
238
239static int aes_gcm_decrypt(void *data_ptr, size_t len, const void *key,
240 unsigned int key_len, const void *iv,
241 unsigned int iv_len, const void *tag,
242 unsigned int tag_len)
243{
244 mbedtls_gcm_context ctx;
245 mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
246 unsigned char buf[DEC_OP_BUF_SIZE];
247 unsigned char tag_buf[CRYPTO_MAX_TAG_SIZE];
248 unsigned char *pt = data_ptr;
249 size_t dec_len;
250 int diff, i, rc;
251
252 mbedtls_gcm_init(&ctx);
253
254 rc = mbedtls_gcm_setkey(&ctx, cipher, key, key_len * 8);
255 if (rc != 0) {
256 rc = CRYPTO_ERR_DECRYPTION;
257 goto exit_gcm;
258 }
259
260 rc = mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, iv, iv_len, NULL, 0);
261 if (rc != 0) {
262 rc = CRYPTO_ERR_DECRYPTION;
263 goto exit_gcm;
264 }
265
266 while (len > 0) {
267 dec_len = MIN(sizeof(buf), len);
268
269 rc = mbedtls_gcm_update(&ctx, dec_len, pt, buf);
270 if (rc != 0) {
271 rc = CRYPTO_ERR_DECRYPTION;
272 goto exit_gcm;
273 }
274
275 memcpy(pt, buf, dec_len);
276 pt += dec_len;
277 len -= dec_len;
278 }
279
280 rc = mbedtls_gcm_finish(&ctx, tag_buf, sizeof(tag_buf));
281 if (rc != 0) {
282 rc = CRYPTO_ERR_DECRYPTION;
283 goto exit_gcm;
284 }
285
286 /* Check tag in "constant-time" */
287 for (diff = 0, i = 0; i < tag_len; i++)
288 diff |= ((const unsigned char *)tag)[i] ^ tag_buf[i];
289
290 if (diff != 0) {
291 rc = CRYPTO_ERR_DECRYPTION;
292 goto exit_gcm;
293 }
294
295 /* GCM decryption success */
296 rc = CRYPTO_SUCCESS;
297
298exit_gcm:
299 mbedtls_gcm_free(&ctx);
300 return rc;
301}
302
303/*
304 * Authenticated decryption of an image
305 */
306static int auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr,
307 size_t len, const void *key, unsigned int key_len,
308 unsigned int key_flags, const void *iv,
309 unsigned int iv_len, const void *tag,
310 unsigned int tag_len)
311{
312 int rc;
313
314 assert((key_flags & ENC_KEY_IS_IDENTIFIER) == 0);
315
316 switch (dec_algo) {
317 case CRYPTO_GCM_DECRYPT:
318 rc = aes_gcm_decrypt(data_ptr, len, key, key_len, iv, iv_len,
319 tag, tag_len);
320 if (rc != 0)
321 return rc;
322 break;
323 default:
324 return CRYPTO_ERR_DECRYPTION;
325 }
326
327 return CRYPTO_SUCCESS;
328}
329#endif /* TF_MBEDTLS_USE_AES_GCM */
330
Juan Castilloa57a4d52015-04-02 15:44:20 +0100[diff] [blame]331/*
332 * Register crypto library descriptor
333 */
Alexei Fedorov913cb7e2020-01-23 14:27:38 +0000[diff] [blame]334#if MEASURED_BOOT
Sumit Garg392e4df2019-11-15 10:43:00 +0530[diff] [blame^]335#if TF_MBEDTLS_USE_AES_GCM
336REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
337 auth_decrypt);
338#else
339REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
340 NULL);
341#endif
342#else /* MEASURED_BOOT */
343#if TF_MBEDTLS_USE_AES_GCM
344REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash,
345 auth_decrypt);
Alexei Fedorov913cb7e2020-01-23 14:27:38 +0000[diff] [blame]346#else
Sumit Garg392e4df2019-11-15 10:43:00 +0530[diff] [blame^]347REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);
348#endif
Alexei Fedorov913cb7e2020-01-23 14:27:38 +0000[diff] [blame]349#endif /* MEASURED_BOOT */