1 /* SPDX-License-Identifier: BSD-2-Clause */ 2 /* 3 * Copyright (c) 2015, Linaro Limited 4 */ 5 #ifndef SIGNED_HDR_H 6 #define SIGNED_HDR_H 7 8 #include <inttypes.h> 9 #include <tee_api_types.h> 10 #include <stdlib.h> 11 12 enum shdr_img_type { 13 SHDR_TA = 0, 14 SHDR_BOOTSTRAP_TA = 1, 15 SHDR_ENCRYPTED_TA = 2, 16 }; 17 18 #define SHDR_MAGIC 0x4f545348 19 20 /** 21 * struct shdr - signed header 22 * @magic: magic number must match SHDR_MAGIC 23 * @img_type: image type, values defined by enum shdr_img_type 24 * @img_size: image size in bytes 25 * @algo: algorithm, defined by public key algorithms TEE_ALG_* 26 * from TEE Internal API specification 27 * @hash_size: size of the signed hash 28 * @sig_size: size of the signature 29 * @hash: hash of an image 30 * @sig: signature of @hash 31 */ 32 struct shdr { 33 uint32_t magic; 34 uint32_t img_type; 35 uint32_t img_size; 36 uint32_t algo; 37 uint16_t hash_size; 38 uint16_t sig_size; 39 /* 40 * Commented out element used to visualize the layout dynamic part 41 * of the struct. 42 * 43 * hash is accessed through the macro SHDR_GET_HASH and 44 * signature is accessed through the macro SHDR_GET_SIG 45 * 46 * uint8_t hash[hash_size]; 47 * uint8_t sig[sig_size]; 48 */ 49 }; 50 51 #define SHDR_GET_SIZE(x) (sizeof(struct shdr) + (x)->hash_size + \ 52 (x)->sig_size) 53 #define SHDR_GET_HASH(x) (uint8_t *)(((struct shdr *)(x)) + 1) 54 #define SHDR_GET_SIG(x) (SHDR_GET_HASH(x) + (x)->hash_size) 55 56 /** 57 * struct shdr_bootstrap_ta - bootstrap TA subheader 58 * @uuid: UUID of the TA 59 * @ta_version: Version of the TA 60 */ 61 struct shdr_bootstrap_ta { 62 uint8_t uuid[sizeof(TEE_UUID)]; 63 uint32_t ta_version; 64 }; 65 66 /** 67 * struct shdr_encrypted_ta - encrypted TA header 68 * @enc_algo: authenticated encyption algorithm, defined by symmetric key 69 * algorithms TEE_ALG_* from TEE Internal API 70 * specification 71 * @flags: authenticated encyption flags 72 * @iv_size: size of the initialization vector 73 * @tag_size: size of the authentication tag 74 * @iv: initialization vector 75 * @tag: authentication tag 76 */ 77 struct shdr_encrypted_ta { 78 uint32_t enc_algo; 79 uint32_t flags; 80 uint16_t iv_size; 81 uint16_t tag_size; 82 /* 83 * Commented out element used to visualize the layout dynamic part 84 * of the struct. 85 * 86 * iv is accessed through the macro SHDR_ENC_GET_IV and 87 * tag is accessed through the macro SHDR_ENC_GET_TAG 88 * 89 * uint8_t iv[iv_size]; 90 * uint8_t tag[tag_size]; 91 */ 92 }; 93 94 #define SHDR_ENC_KEY_TYPE_MASK 0x1 95 96 enum shdr_enc_key_type { 97 SHDR_ENC_KEY_DEV_SPECIFIC = 0, 98 SHDR_ENC_KEY_CLASS_WIDE = 1, 99 }; 100 101 #define SHDR_ENC_GET_SIZE(x) ({ typeof(x) _x = (x); \ 102 (sizeof(struct shdr_encrypted_ta) + \ 103 _x->iv_size + _x->tag_size); }) 104 #define SHDR_ENC_GET_IV(x) ((uint8_t *) \ 105 (((struct shdr_encrypted_ta *)(x)) + 1)) 106 #define SHDR_ENC_GET_TAG(x) ({ typeof(x) _x = (x); \ 107 (SHDR_ENC_GET_IV(_x) + _x->iv_size); }) 108 109 /* 110 * Allocates a struct shdr large enough to hold the entire header, 111 * excluding a subheader like struct shdr_bootstrap_ta. 112 */ 113 struct shdr *shdr_alloc_and_copy(const struct shdr *img, size_t img_size); 114 115 /* Frees a previously allocated struct shdr */ 116 static inline void shdr_free(struct shdr *shdr) 117 { 118 free(shdr); 119 } 120 121 /* 122 * Verifies the signature in the @shdr. 123 * 124 * Note that the static part of struct shdr and payload still need to be 125 * checked against the hash contained in the header. 126 * 127 * Returns TEE_SUCCESS on success or TEE_ERROR_SECURITY on failure 128 */ 129 TEE_Result shdr_verify_signature(const struct shdr *shdr); 130 131 #endif /*SIGNED_HDR_H*/ 132