105799ae0SJuan Castillo /* 2*d35dee23Sdp-arm * Copyright (c) 2015-2016, ARM Limited and Contributors. All rights reserved. 305799ae0SJuan Castillo * 405799ae0SJuan Castillo * Redistribution and use in source and binary forms, with or without 505799ae0SJuan Castillo * modification, are permitted provided that the following conditions are met: 605799ae0SJuan Castillo * 705799ae0SJuan Castillo * Redistributions of source code must retain the above copyright notice, this 805799ae0SJuan Castillo * list of conditions and the following disclaimer. 905799ae0SJuan Castillo * 1005799ae0SJuan Castillo * Redistributions in binary form must reproduce the above copyright notice, 1105799ae0SJuan Castillo * this list of conditions and the following disclaimer in the documentation 1205799ae0SJuan Castillo * and/or other materials provided with the distribution. 1305799ae0SJuan Castillo * 1405799ae0SJuan Castillo * Neither the name of ARM nor the names of its contributors may be used 1505799ae0SJuan Castillo * to endorse or promote products derived from this software without specific 1605799ae0SJuan Castillo * prior written permission. 1705799ae0SJuan Castillo * 1805799ae0SJuan Castillo * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 1905799ae0SJuan Castillo * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2005799ae0SJuan Castillo * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2105799ae0SJuan Castillo * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 2205799ae0SJuan Castillo * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 2305799ae0SJuan Castillo * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2405799ae0SJuan Castillo * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 2505799ae0SJuan Castillo * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 2605799ae0SJuan Castillo * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 2705799ae0SJuan Castillo * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2805799ae0SJuan Castillo * POSSIBILITY OF SUCH DAMAGE. 2905799ae0SJuan Castillo */ 3005799ae0SJuan Castillo 3105799ae0SJuan Castillo #include <assert.h> 3205799ae0SJuan Castillo #include <auth_common.h> 3305799ae0SJuan Castillo #include <auth_mod.h> 3405799ae0SJuan Castillo #include <cot_def.h> 3505799ae0SJuan Castillo #include <crypto_mod.h> 3605799ae0SJuan Castillo #include <debug.h> 3705799ae0SJuan Castillo #include <img_parser_mod.h> 3805799ae0SJuan Castillo #include <platform.h> 3905799ae0SJuan Castillo #include <platform_def.h> 4005799ae0SJuan Castillo #include <stdint.h> 4105799ae0SJuan Castillo #include <string.h> 4205799ae0SJuan Castillo 4348279d52SJuan Castillo /* ASN.1 tags */ 4448279d52SJuan Castillo #define ASN1_INTEGER 0x02 4548279d52SJuan Castillo 4605799ae0SJuan Castillo #define return_if_error(rc) \ 4705799ae0SJuan Castillo do { \ 4805799ae0SJuan Castillo if (rc != 0) { \ 4905799ae0SJuan Castillo return rc; \ 5005799ae0SJuan Castillo } \ 5105799ae0SJuan Castillo } while (0) 5205799ae0SJuan Castillo 53*d35dee23Sdp-arm #pragma weak plat_set_nv_ctr2 54*d35dee23Sdp-arm 5505799ae0SJuan Castillo /* Pointer to CoT */ 5605799ae0SJuan Castillo extern const auth_img_desc_t *const cot_desc_ptr; 5705799ae0SJuan Castillo extern unsigned int auth_img_flags[]; 5805799ae0SJuan Castillo 5905799ae0SJuan Castillo static int cmp_auth_param_type_desc(const auth_param_type_desc_t *a, 6005799ae0SJuan Castillo const auth_param_type_desc_t *b) 6105799ae0SJuan Castillo { 6205799ae0SJuan Castillo if ((a->type == b->type) && (a->cookie == b->cookie)) { 6305799ae0SJuan Castillo return 0; 6405799ae0SJuan Castillo } 6505799ae0SJuan Castillo return 1; 6605799ae0SJuan Castillo } 6705799ae0SJuan Castillo 6805799ae0SJuan Castillo /* 6905799ae0SJuan Castillo * This function obtains the requested authentication parameter data from the 7005799ae0SJuan Castillo * information extracted from the parent image after its authentication. 7105799ae0SJuan Castillo */ 7205799ae0SJuan Castillo static int auth_get_param(const auth_param_type_desc_t *param_type_desc, 7305799ae0SJuan Castillo const auth_img_desc_t *img_desc, 7405799ae0SJuan Castillo void **param, unsigned int *len) 7505799ae0SJuan Castillo { 7605799ae0SJuan Castillo int i; 7705799ae0SJuan Castillo 7805799ae0SJuan Castillo for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) { 7905799ae0SJuan Castillo if (0 == cmp_auth_param_type_desc(param_type_desc, 8005799ae0SJuan Castillo img_desc->authenticated_data[i].type_desc)) { 8105799ae0SJuan Castillo *param = img_desc->authenticated_data[i].data.ptr; 8205799ae0SJuan Castillo *len = img_desc->authenticated_data[i].data.len; 8305799ae0SJuan Castillo return 0; 8405799ae0SJuan Castillo } 8505799ae0SJuan Castillo } 8605799ae0SJuan Castillo 8705799ae0SJuan Castillo return 1; 8805799ae0SJuan Castillo } 8905799ae0SJuan Castillo 9005799ae0SJuan Castillo /* 9105799ae0SJuan Castillo * Authenticate an image by matching the data hash 9205799ae0SJuan Castillo * 9305799ae0SJuan Castillo * This function implements 'AUTH_METHOD_HASH'. To authenticate an image using 9405799ae0SJuan Castillo * this method, the image must contain: 9505799ae0SJuan Castillo * 9605799ae0SJuan Castillo * - The data to calculate the hash from 9705799ae0SJuan Castillo * 9805799ae0SJuan Castillo * The parent image must contain: 9905799ae0SJuan Castillo * 10005799ae0SJuan Castillo * - The hash to be matched with (including hash algorithm) 10105799ae0SJuan Castillo * 10205799ae0SJuan Castillo * For a successful authentication, both hashes must match. The function calls 10305799ae0SJuan Castillo * the crypto-module to check this matching. 10405799ae0SJuan Castillo * 10505799ae0SJuan Castillo * Parameters: 10605799ae0SJuan Castillo * param: parameters to perform the hash authentication 10705799ae0SJuan Castillo * img_desc: pointer to image descriptor so we can know the image type 10805799ae0SJuan Castillo * and parent image 10905799ae0SJuan Castillo * img: pointer to image in memory 11005799ae0SJuan Castillo * img_len: length of image (in bytes) 11105799ae0SJuan Castillo * 11205799ae0SJuan Castillo * Return: 11305799ae0SJuan Castillo * 0 = success, Otherwise = error 11405799ae0SJuan Castillo */ 11505799ae0SJuan Castillo static int auth_hash(const auth_method_param_hash_t *param, 11605799ae0SJuan Castillo const auth_img_desc_t *img_desc, 11705799ae0SJuan Castillo void *img, unsigned int img_len) 11805799ae0SJuan Castillo { 11905799ae0SJuan Castillo void *data_ptr, *hash_der_ptr; 12005799ae0SJuan Castillo unsigned int data_len, hash_der_len; 12105799ae0SJuan Castillo int rc = 0; 12205799ae0SJuan Castillo 12305799ae0SJuan Castillo /* Get the hash from the parent image. This hash will be DER encoded 12405799ae0SJuan Castillo * and contain the hash algorithm */ 12505799ae0SJuan Castillo rc = auth_get_param(param->hash, img_desc->parent, 12605799ae0SJuan Castillo &hash_der_ptr, &hash_der_len); 12705799ae0SJuan Castillo return_if_error(rc); 12805799ae0SJuan Castillo 12905799ae0SJuan Castillo /* Get the data to be hashed from the current image */ 13005799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->data, 13105799ae0SJuan Castillo img, img_len, &data_ptr, &data_len); 13205799ae0SJuan Castillo return_if_error(rc); 13305799ae0SJuan Castillo 13405799ae0SJuan Castillo /* Ask the crypto module to verify this hash */ 13505799ae0SJuan Castillo rc = crypto_mod_verify_hash(data_ptr, data_len, 13605799ae0SJuan Castillo hash_der_ptr, hash_der_len); 13705799ae0SJuan Castillo 13805799ae0SJuan Castillo return rc; 13905799ae0SJuan Castillo } 14005799ae0SJuan Castillo 14105799ae0SJuan Castillo /* 14205799ae0SJuan Castillo * Authenticate by digital signature 14305799ae0SJuan Castillo * 14405799ae0SJuan Castillo * This function implements 'AUTH_METHOD_SIG'. To authenticate an image using 14505799ae0SJuan Castillo * this method, the image must contain: 14605799ae0SJuan Castillo * 14705799ae0SJuan Castillo * - Data to be signed 14805799ae0SJuan Castillo * - Signature 14905799ae0SJuan Castillo * - Signature algorithm 15005799ae0SJuan Castillo * 15105799ae0SJuan Castillo * We rely on the image parser module to extract this data from the image. 15205799ae0SJuan Castillo * The parent image must contain: 15305799ae0SJuan Castillo * 15405799ae0SJuan Castillo * - Public key (or a hash of it) 15505799ae0SJuan Castillo * 15605799ae0SJuan Castillo * If the parent image contains only a hash of the key, we will try to obtain 15705799ae0SJuan Castillo * the public key from the image itself (i.e. self-signed certificates). In that 15805799ae0SJuan Castillo * case, the signature verification is considered just an integrity check and 15905799ae0SJuan Castillo * the authentication is established by calculating the hash of the key and 16005799ae0SJuan Castillo * comparing it with the hash obtained from the parent. 16105799ae0SJuan Castillo * 16205799ae0SJuan Castillo * If the image has no parent (NULL), it means it has to be authenticated using 16305799ae0SJuan Castillo * the ROTPK stored in the platform. Again, this ROTPK could be the key itself 16405799ae0SJuan Castillo * or a hash of it. 16505799ae0SJuan Castillo * 16605799ae0SJuan Castillo * Return: 0 = success, Otherwise = error 16705799ae0SJuan Castillo */ 16805799ae0SJuan Castillo static int auth_signature(const auth_method_param_sig_t *param, 16905799ae0SJuan Castillo const auth_img_desc_t *img_desc, 17005799ae0SJuan Castillo void *img, unsigned int img_len) 17105799ae0SJuan Castillo { 17205799ae0SJuan Castillo void *data_ptr, *pk_ptr, *pk_hash_ptr, *sig_ptr, *sig_alg_ptr; 17305799ae0SJuan Castillo unsigned int data_len, pk_len, pk_hash_len, sig_len, sig_alg_len; 17405799ae0SJuan Castillo unsigned int flags = 0; 17505799ae0SJuan Castillo int rc = 0; 17605799ae0SJuan Castillo 17705799ae0SJuan Castillo /* Get the data to be signed from current image */ 17805799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->data, 17905799ae0SJuan Castillo img, img_len, &data_ptr, &data_len); 18005799ae0SJuan Castillo return_if_error(rc); 18105799ae0SJuan Castillo 18205799ae0SJuan Castillo /* Get the signature from current image */ 18305799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->sig, 18405799ae0SJuan Castillo img, img_len, &sig_ptr, &sig_len); 18505799ae0SJuan Castillo return_if_error(rc); 18605799ae0SJuan Castillo 18705799ae0SJuan Castillo /* Get the signature algorithm from current image */ 18805799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->alg, 18905799ae0SJuan Castillo img, img_len, &sig_alg_ptr, &sig_alg_len); 19005799ae0SJuan Castillo return_if_error(rc); 19105799ae0SJuan Castillo 19205799ae0SJuan Castillo /* Get the public key from the parent. If there is no parent (NULL), 19305799ae0SJuan Castillo * the certificate has been signed with the ROTPK, so we have to get 19405799ae0SJuan Castillo * the PK from the platform */ 19505799ae0SJuan Castillo if (img_desc->parent) { 19605799ae0SJuan Castillo rc = auth_get_param(param->pk, img_desc->parent, 19705799ae0SJuan Castillo &pk_ptr, &pk_len); 19805799ae0SJuan Castillo } else { 19905799ae0SJuan Castillo rc = plat_get_rotpk_info(param->pk->cookie, &pk_ptr, &pk_len, 20005799ae0SJuan Castillo &flags); 20105799ae0SJuan Castillo } 20205799ae0SJuan Castillo return_if_error(rc); 20305799ae0SJuan Castillo 20404943d33SSoby Mathew if (flags & (ROTPK_IS_HASH | ROTPK_NOT_DEPLOYED)) { 20504943d33SSoby Mathew /* If the PK is a hash of the key or if the ROTPK is not 20604943d33SSoby Mathew deployed on the platform, retrieve the key from the image */ 20705799ae0SJuan Castillo pk_hash_ptr = pk_ptr; 20805799ae0SJuan Castillo pk_hash_len = pk_len; 20905799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, 21005799ae0SJuan Castillo param->pk, img, img_len, 21105799ae0SJuan Castillo &pk_ptr, &pk_len); 21205799ae0SJuan Castillo return_if_error(rc); 21305799ae0SJuan Castillo 21405799ae0SJuan Castillo /* Ask the crypto module to verify the signature */ 21505799ae0SJuan Castillo rc = crypto_mod_verify_signature(data_ptr, data_len, 21605799ae0SJuan Castillo sig_ptr, sig_len, 21705799ae0SJuan Castillo sig_alg_ptr, sig_alg_len, 21805799ae0SJuan Castillo pk_ptr, pk_len); 21905799ae0SJuan Castillo return_if_error(rc); 22005799ae0SJuan Castillo 22104943d33SSoby Mathew if (flags & ROTPK_NOT_DEPLOYED) { 22204943d33SSoby Mathew NOTICE("ROTPK is not deployed on platform. " 22304943d33SSoby Mathew "Skipping ROTPK verification.\n"); 22404943d33SSoby Mathew } else { 22505799ae0SJuan Castillo /* Ask the crypto-module to verify the key hash */ 22605799ae0SJuan Castillo rc = crypto_mod_verify_hash(pk_ptr, pk_len, 22705799ae0SJuan Castillo pk_hash_ptr, pk_hash_len); 22804943d33SSoby Mathew } 22905799ae0SJuan Castillo } else { 23005799ae0SJuan Castillo /* Ask the crypto module to verify the signature */ 23105799ae0SJuan Castillo rc = crypto_mod_verify_signature(data_ptr, data_len, 23205799ae0SJuan Castillo sig_ptr, sig_len, 23305799ae0SJuan Castillo sig_alg_ptr, sig_alg_len, 23405799ae0SJuan Castillo pk_ptr, pk_len); 23505799ae0SJuan Castillo } 23605799ae0SJuan Castillo 23705799ae0SJuan Castillo return rc; 23805799ae0SJuan Castillo } 23905799ae0SJuan Castillo 24005799ae0SJuan Castillo /* 24148279d52SJuan Castillo * Authenticate by Non-Volatile counter 24248279d52SJuan Castillo * 24348279d52SJuan Castillo * To protect the system against rollback, the platform includes a non-volatile 24448279d52SJuan Castillo * counter whose value can only be increased. All certificates include a counter 24548279d52SJuan Castillo * value that should not be lower than the value stored in the platform. If the 24648279d52SJuan Castillo * value is larger, the counter in the platform must be updated to the new 24748279d52SJuan Castillo * value. 24848279d52SJuan Castillo * 24948279d52SJuan Castillo * Return: 0 = success, Otherwise = error 25048279d52SJuan Castillo */ 25148279d52SJuan Castillo static int auth_nvctr(const auth_method_param_nv_ctr_t *param, 25248279d52SJuan Castillo const auth_img_desc_t *img_desc, 25348279d52SJuan Castillo void *img, unsigned int img_len) 25448279d52SJuan Castillo { 25548279d52SJuan Castillo char *p; 25648279d52SJuan Castillo void *data_ptr = NULL; 25748279d52SJuan Castillo unsigned int data_len, len, i; 25848279d52SJuan Castillo unsigned int cert_nv_ctr, plat_nv_ctr; 25948279d52SJuan Castillo int rc = 0; 26048279d52SJuan Castillo 26148279d52SJuan Castillo /* Get the counter value from current image. The AM expects the IPM 26248279d52SJuan Castillo * to return the counter value as a DER encoded integer */ 26348279d52SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, param->cert_nv_ctr, 26448279d52SJuan Castillo img, img_len, &data_ptr, &data_len); 26548279d52SJuan Castillo return_if_error(rc); 26648279d52SJuan Castillo 26748279d52SJuan Castillo /* Parse the DER encoded integer */ 26848279d52SJuan Castillo assert(data_ptr); 26948279d52SJuan Castillo p = (char *)data_ptr; 27048279d52SJuan Castillo if (*p != ASN1_INTEGER) { 27148279d52SJuan Castillo /* Invalid ASN.1 integer */ 27248279d52SJuan Castillo return 1; 27348279d52SJuan Castillo } 27448279d52SJuan Castillo p++; 27548279d52SJuan Castillo 27648279d52SJuan Castillo /* NV-counters are unsigned integers up to 32-bit */ 27748279d52SJuan Castillo len = (unsigned int)(*p & 0x7f); 27848279d52SJuan Castillo if ((*p & 0x80) || (len > 4)) { 27948279d52SJuan Castillo return 1; 28048279d52SJuan Castillo } 28148279d52SJuan Castillo p++; 28248279d52SJuan Castillo 28348279d52SJuan Castillo /* Check the number is not negative */ 28448279d52SJuan Castillo if (*p & 0x80) { 28548279d52SJuan Castillo return 1; 28648279d52SJuan Castillo } 28748279d52SJuan Castillo 28848279d52SJuan Castillo /* Convert to unsigned int. This code is for a little-endian CPU */ 28948279d52SJuan Castillo cert_nv_ctr = 0; 29048279d52SJuan Castillo for (i = 0; i < len; i++) { 29148279d52SJuan Castillo cert_nv_ctr = (cert_nv_ctr << 8) | *p++; 29248279d52SJuan Castillo } 29348279d52SJuan Castillo 29448279d52SJuan Castillo /* Get the counter from the platform */ 29548279d52SJuan Castillo rc = plat_get_nv_ctr(param->plat_nv_ctr->cookie, &plat_nv_ctr); 29648279d52SJuan Castillo return_if_error(rc); 29748279d52SJuan Castillo 29848279d52SJuan Castillo if (cert_nv_ctr < plat_nv_ctr) { 29948279d52SJuan Castillo /* Invalid NV-counter */ 30048279d52SJuan Castillo return 1; 30148279d52SJuan Castillo } else if (cert_nv_ctr > plat_nv_ctr) { 302*d35dee23Sdp-arm rc = plat_set_nv_ctr2(param->plat_nv_ctr->cookie, 303*d35dee23Sdp-arm img_desc, cert_nv_ctr); 30448279d52SJuan Castillo return_if_error(rc); 30548279d52SJuan Castillo } 30648279d52SJuan Castillo 30748279d52SJuan Castillo return 0; 30848279d52SJuan Castillo } 30948279d52SJuan Castillo 310*d35dee23Sdp-arm int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc __unused, 311*d35dee23Sdp-arm unsigned int nv_ctr) 312*d35dee23Sdp-arm { 313*d35dee23Sdp-arm return plat_set_nv_ctr(cookie, nv_ctr); 314*d35dee23Sdp-arm } 315*d35dee23Sdp-arm 31648279d52SJuan Castillo /* 31705799ae0SJuan Castillo * Return the parent id in the output parameter '*parent_id' 31805799ae0SJuan Castillo * 31905799ae0SJuan Castillo * Return value: 32005799ae0SJuan Castillo * 0 = Image has parent, 1 = Image has no parent or parent is authenticated 32105799ae0SJuan Castillo */ 32205799ae0SJuan Castillo int auth_mod_get_parent_id(unsigned int img_id, unsigned int *parent_id) 32305799ae0SJuan Castillo { 32405799ae0SJuan Castillo const auth_img_desc_t *img_desc = NULL; 32505799ae0SJuan Castillo 32605799ae0SJuan Castillo assert(parent_id != NULL); 32705799ae0SJuan Castillo 32805799ae0SJuan Castillo /* Get the image descriptor */ 32905799ae0SJuan Castillo img_desc = &cot_desc_ptr[img_id]; 33005799ae0SJuan Castillo 33105799ae0SJuan Castillo /* Check if the image has no parent (ROT) */ 33205799ae0SJuan Castillo if (img_desc->parent == NULL) { 33305799ae0SJuan Castillo *parent_id = 0; 33405799ae0SJuan Castillo return 1; 33505799ae0SJuan Castillo } 33605799ae0SJuan Castillo 33705799ae0SJuan Castillo /* Check if the parent has already been authenticated */ 33805799ae0SJuan Castillo if (auth_img_flags[img_desc->parent->img_id] & IMG_FLAG_AUTHENTICATED) { 33905799ae0SJuan Castillo *parent_id = 0; 34005799ae0SJuan Castillo return 1; 34105799ae0SJuan Castillo } 34205799ae0SJuan Castillo 34305799ae0SJuan Castillo *parent_id = img_desc->parent->img_id; 34405799ae0SJuan Castillo return 0; 34505799ae0SJuan Castillo } 34605799ae0SJuan Castillo 34705799ae0SJuan Castillo /* 34805799ae0SJuan Castillo * Initialize the different modules in the authentication framework 34905799ae0SJuan Castillo */ 35005799ae0SJuan Castillo void auth_mod_init(void) 35105799ae0SJuan Castillo { 35205799ae0SJuan Castillo /* Check we have a valid CoT registered */ 35305799ae0SJuan Castillo assert(cot_desc_ptr != NULL); 35405799ae0SJuan Castillo 35505799ae0SJuan Castillo /* Crypto module */ 35605799ae0SJuan Castillo crypto_mod_init(); 35705799ae0SJuan Castillo 35805799ae0SJuan Castillo /* Image parser module */ 35905799ae0SJuan Castillo img_parser_init(); 36005799ae0SJuan Castillo } 36105799ae0SJuan Castillo 36205799ae0SJuan Castillo /* 36305799ae0SJuan Castillo * Authenticate a certificate/image 36405799ae0SJuan Castillo * 36505799ae0SJuan Castillo * Return: 0 = success, Otherwise = error 36605799ae0SJuan Castillo */ 36705799ae0SJuan Castillo int auth_mod_verify_img(unsigned int img_id, 36805799ae0SJuan Castillo void *img_ptr, 36905799ae0SJuan Castillo unsigned int img_len) 37005799ae0SJuan Castillo { 37105799ae0SJuan Castillo const auth_img_desc_t *img_desc = NULL; 37205799ae0SJuan Castillo const auth_method_desc_t *auth_method = NULL; 37305799ae0SJuan Castillo void *param_ptr; 37405799ae0SJuan Castillo unsigned int param_len; 37505799ae0SJuan Castillo int rc, i; 37605799ae0SJuan Castillo 37705799ae0SJuan Castillo /* Get the image descriptor from the chain of trust */ 37805799ae0SJuan Castillo img_desc = &cot_desc_ptr[img_id]; 37905799ae0SJuan Castillo 38005799ae0SJuan Castillo /* Ask the parser to check the image integrity */ 38105799ae0SJuan Castillo rc = img_parser_check_integrity(img_desc->img_type, img_ptr, img_len); 38205799ae0SJuan Castillo return_if_error(rc); 38305799ae0SJuan Castillo 38405799ae0SJuan Castillo /* Authenticate the image using the methods indicated in the image 38505799ae0SJuan Castillo * descriptor. */ 38605799ae0SJuan Castillo for (i = 0 ; i < AUTH_METHOD_NUM ; i++) { 38705799ae0SJuan Castillo auth_method = &img_desc->img_auth_methods[i]; 38805799ae0SJuan Castillo switch (auth_method->type) { 38905799ae0SJuan Castillo case AUTH_METHOD_NONE: 39005799ae0SJuan Castillo rc = 0; 39105799ae0SJuan Castillo break; 39205799ae0SJuan Castillo case AUTH_METHOD_HASH: 39305799ae0SJuan Castillo rc = auth_hash(&auth_method->param.hash, 39405799ae0SJuan Castillo img_desc, img_ptr, img_len); 39505799ae0SJuan Castillo break; 39605799ae0SJuan Castillo case AUTH_METHOD_SIG: 39705799ae0SJuan Castillo rc = auth_signature(&auth_method->param.sig, 39805799ae0SJuan Castillo img_desc, img_ptr, img_len); 39905799ae0SJuan Castillo break; 40048279d52SJuan Castillo case AUTH_METHOD_NV_CTR: 40148279d52SJuan Castillo rc = auth_nvctr(&auth_method->param.nv_ctr, 40248279d52SJuan Castillo img_desc, img_ptr, img_len); 40348279d52SJuan Castillo break; 40405799ae0SJuan Castillo default: 40505799ae0SJuan Castillo /* Unknown authentication method */ 40605799ae0SJuan Castillo rc = 1; 40705799ae0SJuan Castillo break; 40805799ae0SJuan Castillo } 40905799ae0SJuan Castillo return_if_error(rc); 41005799ae0SJuan Castillo } 41105799ae0SJuan Castillo 41205799ae0SJuan Castillo /* Extract the parameters indicated in the image descriptor to 41305799ae0SJuan Castillo * authenticate the children images. */ 41405799ae0SJuan Castillo for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) { 41505799ae0SJuan Castillo if (img_desc->authenticated_data[i].type_desc == NULL) { 41605799ae0SJuan Castillo continue; 41705799ae0SJuan Castillo } 41805799ae0SJuan Castillo 41905799ae0SJuan Castillo /* Get the parameter from the image parser module */ 42005799ae0SJuan Castillo rc = img_parser_get_auth_param(img_desc->img_type, 42105799ae0SJuan Castillo img_desc->authenticated_data[i].type_desc, 42205799ae0SJuan Castillo img_ptr, img_len, ¶m_ptr, ¶m_len); 42305799ae0SJuan Castillo return_if_error(rc); 42405799ae0SJuan Castillo 42505799ae0SJuan Castillo /* Check parameter size */ 42605799ae0SJuan Castillo if (param_len > img_desc->authenticated_data[i].data.len) { 42705799ae0SJuan Castillo return 1; 42805799ae0SJuan Castillo } 42905799ae0SJuan Castillo 43005799ae0SJuan Castillo /* Copy the parameter for later use */ 43105799ae0SJuan Castillo memcpy((void *)img_desc->authenticated_data[i].data.ptr, 43205799ae0SJuan Castillo (void *)param_ptr, param_len); 43305799ae0SJuan Castillo } 43405799ae0SJuan Castillo 43505799ae0SJuan Castillo /* Mark image as authenticated */ 43605799ae0SJuan Castillo auth_img_flags[img_desc->img_id] |= IMG_FLAG_AUTHENTICATED; 43705799ae0SJuan Castillo 43805799ae0SJuan Castillo return 0; 43905799ae0SJuan Castillo } 440