Pankaj Gupta | 95c7eee | 2020-12-09 14:02:39 +0530 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2021 NXP |
| 3 | * |
| 4 | * SPDX-License-Identifier: BSD-3-Clause |
| 5 | * |
| 6 | */ |
| 7 | |
| 8 | #include <stddef.h> |
| 9 | #include <string.h> |
| 10 | |
| 11 | #include "caam.h" |
| 12 | #include <common/debug.h> |
| 13 | #include <drivers/auth/crypto_mod.h> |
| 14 | |
| 15 | #include "hash.h" |
| 16 | #include "rsa.h" |
| 17 | |
| 18 | #define LIB_NAME "NXP crypto" |
| 19 | |
| 20 | /* |
| 21 | * Initialize the library and export the descriptor |
| 22 | */ |
| 23 | static void init(void) |
| 24 | { |
| 25 | /* Initialize NXP crypto library`:*/ |
| 26 | NOTICE("Initializing & configuring SEC block.\n"); |
| 27 | |
| 28 | if (config_sec_block() < 0) { |
| 29 | ERROR("Init & config failure for caam.\n"); |
| 30 | } |
| 31 | } |
| 32 | |
| 33 | /* |
| 34 | * Verify a signature. |
| 35 | * |
| 36 | * For IMG_PLAT - data points to a PKCS#1.5 encoded HASH |
| 37 | * sig_alg will be RSA or ECC |
| 38 | * Parameters are passed using the DER encoding format following the ASN.1 |
| 39 | * structures detailed above. |
| 40 | */ |
| 41 | static int verify_signature(void *data_ptr, unsigned int data_len, |
| 42 | void *sig_ptr, unsigned int sig_len, |
| 43 | void *sign_alg, unsigned int sig_alg_len, |
| 44 | void *pk_ptr, unsigned int pk_len) |
| 45 | { |
| 46 | int ret = CRYPTO_SUCCESS; |
| 47 | |
| 48 | enum sig_alg alg = *(enum sig_alg *)sign_alg; |
| 49 | |
| 50 | switch (alg) { |
| 51 | case RSA: |
| 52 | NOTICE("Verifying RSA\n"); |
| 53 | ret = rsa_verify_signature(data_ptr, data_len, sig_ptr, sig_len, |
| 54 | pk_ptr, pk_len); |
| 55 | break; |
| 56 | case ECC: |
| 57 | default: |
| 58 | ret = CRYPTO_ERR_SIGNATURE; |
| 59 | break; |
| 60 | } |
| 61 | |
| 62 | if (ret != 0) { |
| 63 | ERROR("RSA verification Failed\n"); |
| 64 | } |
| 65 | return ret; |
| 66 | |
| 67 | } |
| 68 | |
| 69 | /* |
| 70 | * Match a hash |
| 71 | * |
| 72 | * Digest info is passed as a table of SHA-26 hashes and digest_info_len |
| 73 | * is number of entries in the table |
| 74 | * This implementation is very specific to the CSF header parser ROTPK |
| 75 | * comparison. |
| 76 | */ |
| 77 | static int verify_hash(void *data_ptr, unsigned int data_len, |
| 78 | void *digest_info_ptr, unsigned int digest_info_len) |
| 79 | { |
| 80 | void *ctx = NULL; |
| 81 | int i = 0, ret = 0; |
| 82 | enum hash_algo algo = SHA256; |
| 83 | uint8_t hash[SHA256_BYTES] __aligned(CACHE_WRITEBACK_GRANULE) = {0}; |
| 84 | uint32_t digest_size = SHA256_BYTES; |
| 85 | uint8_t *hash_tbl = digest_info_ptr; |
| 86 | |
| 87 | NOTICE("Verifying hash\n"); |
| 88 | ret = hash_init(algo, &ctx); |
| 89 | if (ret != 0) { |
| 90 | return CRYPTO_ERR_HASH; |
| 91 | } |
| 92 | |
| 93 | /* Update hash with that of SRK table */ |
| 94 | ret = hash_update(algo, ctx, data_ptr, data_len); |
| 95 | if (ret != 0) { |
| 96 | return CRYPTO_ERR_HASH; |
| 97 | } |
| 98 | |
| 99 | /* Copy hash at destination buffer */ |
| 100 | ret = hash_final(algo, ctx, hash, digest_size); |
| 101 | if (ret != 0) { |
| 102 | return CRYPTO_ERR_HASH; |
| 103 | } |
| 104 | |
| 105 | VERBOSE("%s Calculated hash\n", __func__); |
| 106 | for (i = 0; i < SHA256_BYTES/4; i++) { |
| 107 | VERBOSE("%x\n", *((uint32_t *)hash + i)); |
| 108 | } |
| 109 | |
| 110 | for (i = 0; i < digest_info_len; i++) { |
| 111 | if (memcmp(hash, (hash_tbl + (i * digest_size)), |
| 112 | digest_size) == 0) { |
| 113 | return CRYPTO_SUCCESS; |
| 114 | } |
| 115 | } |
| 116 | |
| 117 | return CRYPTO_ERR_HASH; |
| 118 | } |
| 119 | |
| 120 | /* |
| 121 | * Register crypto library descriptor |
| 122 | */ |
| 123 | REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL); |