xref: /optee_os/core/include/signed_hdr.h (revision 78b7c7c7653f8bff42fe44d31a79d7f6bbfd4d47) 
1 /* SPDX-License-Identifier: BSD-2-Clause */
2 /*
3  * Copyright (c) 2015, Linaro Limited
4  * All rights reserved.
5  */
6 #ifndef SIGNED_HDR_H
7 #define SIGNED_HDR_H
8 
9 #include <inttypes.h>
10 #include <tee_api_types.h>
11 #include <stdlib.h>
12 
13 enum shdr_img_type {
14 	SHDR_TA = 0,
15 	SHDR_BOOTSTRAP_TA = 1,
16 };
17 
18 #define SHDR_MAGIC	0x4f545348
19 
20 /**
21  * struct shdr - signed header
22  * @magic:	magic number must match SHDR_MAGIC
23  * @img_type:	image type, values defined by enum shdr_img_type
24  * @img_size:	image size in bytes
25  * @algo:	algorithm, defined by public key algorithms TEE_ALG_*
26  *		from TEE Internal API specification
27  * @hash_size:	size of the signed hash
28  * @sig_size:	size of the signature
29  * @hash:	hash of an image
30  * @sig:	signature of @hash
31  */
32 struct shdr {
33 	uint32_t magic;
34 	uint32_t img_type;
35 	uint32_t img_size;
36 	uint32_t algo;
37 	uint16_t hash_size;
38 	uint16_t sig_size;
39 	/*
40 	 * Commented out element used to visualize the layout dynamic part
41 	 * of the struct.
42 	 *
43 	 * hash is accessed through the macro SHDR_GET_HASH and
44 	 * signature is accessed through the macro SHDR_GET_SIG
45 	 *
46 	 * uint8_t hash[hash_size];
47 	 * uint8_t sig[sig_size];
48 	 */
49 };
50 
51 #define SHDR_GET_SIZE(x)	(sizeof(struct shdr) + (x)->hash_size + \
52 				 (x)->sig_size)
53 #define SHDR_GET_HASH(x)	(uint8_t *)(((struct shdr *)(x)) + 1)
54 #define SHDR_GET_SIG(x)		(SHDR_GET_HASH(x) + (x)->hash_size)
55 
56 struct shdr_bootstrap_ta {
57 	uint8_t uuid[sizeof(TEE_UUID)];
58 	uint32_t version;
59 };
60 
61 /*
62  * Allocates a struct shdr large enough to hold the entire header,
63  * excluding a subheader like struct shdr_bootstrap_ta.
64  */
65 struct shdr *shdr_alloc_and_copy(const struct shdr *img, size_t img_size);
66 
67 /* Frees a previously allocated struct shdr */
68 static inline void shdr_free(struct shdr *shdr)
69 {
70 	free(shdr);
71 }
72 
73 /*
74  * Verifies the signature in the @shdr.
75  *
76  * Note that the static part of struct shdr and payload still need to be
77  * checked against the hash contained in the header.
78  *
79  * Returns TEE_SUCCESS on success or TEE_ERROR_SECURITY on failure
80  */
81 TEE_Result shdr_verify_signature(const struct shdr *shdr);
82 
83 #endif /*SIGNED_HDR_H*/
84