xref: /optee_os/core/include/signed_hdr.h (revision 5a913ee74d3c71af2a2860ce8a4e7aeab2916f9b) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2015, Linaro Limited
4  */
5 #ifndef SIGNED_HDR_H
6 #define SIGNED_HDR_H
7 
8 #include <inttypes.h>
9 #include <tee_api_types.h>
10 #include <stdlib.h>
11 
12 enum shdr_img_type {
13 	SHDR_TA = 0,
14 	SHDR_BOOTSTRAP_TA = 1,
15 };
16 
17 #define SHDR_MAGIC	0x4f545348
18 
19 /**
20  * struct shdr - signed header
21  * @magic:	magic number must match SHDR_MAGIC
22  * @img_type:	image type, values defined by enum shdr_img_type
23  * @img_size:	image size in bytes
24  * @algo:	algorithm, defined by public key algorithms TEE_ALG_*
25  *		from TEE Internal API specification
26  * @hash_size:	size of the signed hash
27  * @sig_size:	size of the signature
28  * @hash:	hash of an image
29  * @sig:	signature of @hash
30  */
31 struct shdr {
32 	uint32_t magic;
33 	uint32_t img_type;
34 	uint32_t img_size;
35 	uint32_t algo;
36 	uint16_t hash_size;
37 	uint16_t sig_size;
38 	/*
39 	 * Commented out element used to visualize the layout dynamic part
40 	 * of the struct.
41 	 *
42 	 * hash is accessed through the macro SHDR_GET_HASH and
43 	 * signature is accessed through the macro SHDR_GET_SIG
44 	 *
45 	 * uint8_t hash[hash_size];
46 	 * uint8_t sig[sig_size];
47 	 */
48 };
49 
50 #define SHDR_GET_SIZE(x)	(sizeof(struct shdr) + (x)->hash_size + \
51 				 (x)->sig_size)
52 #define SHDR_GET_HASH(x)	(uint8_t *)(((struct shdr *)(x)) + 1)
53 #define SHDR_GET_SIG(x)		(SHDR_GET_HASH(x) + (x)->hash_size)
54 
55 struct shdr_bootstrap_ta {
56 	uint8_t uuid[sizeof(TEE_UUID)];
57 	uint32_t ta_version;
58 };
59 
60 /*
61  * Allocates a struct shdr large enough to hold the entire header,
62  * excluding a subheader like struct shdr_bootstrap_ta.
63  */
64 struct shdr *shdr_alloc_and_copy(const struct shdr *img, size_t img_size);
65 
66 /* Frees a previously allocated struct shdr */
67 static inline void shdr_free(struct shdr *shdr)
68 {
69 	free(shdr);
70 }
71 
72 /*
73  * Verifies the signature in the @shdr.
74  *
75  * Note that the static part of struct shdr and payload still need to be
76  * checked against the hash contained in the header.
77  *
78  * Returns TEE_SUCCESS on success or TEE_ERROR_SECURITY on failure
79  */
80 TEE_Result shdr_verify_signature(const struct shdr *shdr);
81 
82 #endif /*SIGNED_HDR_H*/
83