xref: /rk3399_ARM-atf/drivers/auth/crypto_mod.c (revision 09d40e0e08283a249e7dce0e106c07c5141f9b7e) 
105799ae0SJuan Castillo /*
23b94189aSRoberto Vargas  * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
305799ae0SJuan Castillo  *
482cb2c1aSdp-arm  * SPDX-License-Identifier: BSD-3-Clause
505799ae0SJuan Castillo  */
605799ae0SJuan Castillo 
705799ae0SJuan Castillo #include <assert.h>
8*09d40e0eSAntonio Nino Diaz 
9*09d40e0eSAntonio Nino Diaz #include <common/debug.h>
10*09d40e0eSAntonio Nino Diaz #include <drivers/auth/crypto_mod.h>
1105799ae0SJuan Castillo 
1205799ae0SJuan Castillo /* Variable exported by the crypto library through REGISTER_CRYPTO_LIB() */
1305799ae0SJuan Castillo 
1405799ae0SJuan Castillo /*
1505799ae0SJuan Castillo  * The crypto module is responsible for verifying digital signatures and hashes.
1605799ae0SJuan Castillo  * It relies on a crypto library to perform the cryptographic operations.
1705799ae0SJuan Castillo  *
1805799ae0SJuan Castillo  * The crypto module itself does not impose any specific format on signatures,
1905799ae0SJuan Castillo  * signature algorithm, keys or hashes, but most cryptographic libraries will
2005799ae0SJuan Castillo  * take the parameters as the following DER encoded ASN.1 structures:
2105799ae0SJuan Castillo  *
2205799ae0SJuan Castillo  *     AlgorithmIdentifier ::= SEQUENCE  {
2305799ae0SJuan Castillo  *         algorithm        OBJECT IDENTIFIER,
2405799ae0SJuan Castillo  *         parameters       ANY DEFINED BY algorithm OPTIONAL
2505799ae0SJuan Castillo  *     }
2605799ae0SJuan Castillo  *
2705799ae0SJuan Castillo  *     DigestInfo ::= SEQUENCE {
2805799ae0SJuan Castillo  *         digestAlgorithm  AlgorithmIdentifier,
2905799ae0SJuan Castillo  *         digest           OCTET STRING
3005799ae0SJuan Castillo  *     }
3105799ae0SJuan Castillo  *
3205799ae0SJuan Castillo  *     SubjectPublicKeyInfo ::= SEQUENCE  {
3305799ae0SJuan Castillo  *         algorithm        AlgorithmIdentifier,
3405799ae0SJuan Castillo  *         subjectPublicKey BIT STRING
3505799ae0SJuan Castillo  *     }
3605799ae0SJuan Castillo  *
3705799ae0SJuan Castillo  *     SignatureAlgorithm ::= AlgorithmIdentifier
3805799ae0SJuan Castillo  *
3905799ae0SJuan Castillo  *     SignatureValue ::= BIT STRING
4005799ae0SJuan Castillo  */
4105799ae0SJuan Castillo 
4205799ae0SJuan Castillo /*
4305799ae0SJuan Castillo  * Perform some static checking and call the library initialization function
4405799ae0SJuan Castillo  */
4505799ae0SJuan Castillo void crypto_mod_init(void)
4605799ae0SJuan Castillo {
4705799ae0SJuan Castillo 	assert(crypto_lib_desc.name != NULL);
4805799ae0SJuan Castillo 	assert(crypto_lib_desc.init != NULL);
4905799ae0SJuan Castillo 	assert(crypto_lib_desc.verify_signature != NULL);
5005799ae0SJuan Castillo 	assert(crypto_lib_desc.verify_hash != NULL);
5105799ae0SJuan Castillo 
5205799ae0SJuan Castillo 	/* Initialize the cryptographic library */
5305799ae0SJuan Castillo 	crypto_lib_desc.init();
5405799ae0SJuan Castillo 	INFO("Using crypto library '%s'\n", crypto_lib_desc.name);
5505799ae0SJuan Castillo }
5605799ae0SJuan Castillo 
5705799ae0SJuan Castillo /*
5805799ae0SJuan Castillo  * Function to verify a digital signature
5905799ae0SJuan Castillo  *
6005799ae0SJuan Castillo  * Parameters:
6105799ae0SJuan Castillo  *
6205799ae0SJuan Castillo  *   data_ptr, data_len: signed data
6305799ae0SJuan Castillo  *   sig_ptr, sig_len: the digital signature
6405799ae0SJuan Castillo  *   sig_alg_ptr, sig_alg_len: the digital signature algorithm
6505799ae0SJuan Castillo  *   pk_ptr, pk_len: the public key
6605799ae0SJuan Castillo  */
6705799ae0SJuan Castillo int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len,
6805799ae0SJuan Castillo 				void *sig_ptr, unsigned int sig_len,
6905799ae0SJuan Castillo 				void *sig_alg_ptr, unsigned int sig_alg_len,
7005799ae0SJuan Castillo 				void *pk_ptr, unsigned int pk_len)
7105799ae0SJuan Castillo {
7205799ae0SJuan Castillo 	assert(data_ptr != NULL);
7305799ae0SJuan Castillo 	assert(data_len != 0);
7405799ae0SJuan Castillo 	assert(sig_ptr != NULL);
7505799ae0SJuan Castillo 	assert(sig_len != 0);
7605799ae0SJuan Castillo 	assert(sig_alg_ptr != NULL);
7705799ae0SJuan Castillo 	assert(sig_alg_len != 0);
7805799ae0SJuan Castillo 	assert(pk_ptr != NULL);
7905799ae0SJuan Castillo 	assert(pk_len != 0);
8005799ae0SJuan Castillo 
8105799ae0SJuan Castillo 	return crypto_lib_desc.verify_signature(data_ptr, data_len,
8205799ae0SJuan Castillo 						sig_ptr, sig_len,
8305799ae0SJuan Castillo 						sig_alg_ptr, sig_alg_len,
8405799ae0SJuan Castillo 						pk_ptr, pk_len);
8505799ae0SJuan Castillo }
8605799ae0SJuan Castillo 
8705799ae0SJuan Castillo /*
8805799ae0SJuan Castillo  * Verify a hash by comparison
8905799ae0SJuan Castillo  *
9005799ae0SJuan Castillo  * Parameters:
9105799ae0SJuan Castillo  *
9205799ae0SJuan Castillo  *   data_ptr, data_len: data to be hashed
9305799ae0SJuan Castillo  *   digest_info_ptr, digest_info_len: hash to be compared
9405799ae0SJuan Castillo  */
9505799ae0SJuan Castillo int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len,
9605799ae0SJuan Castillo 			   void *digest_info_ptr, unsigned int digest_info_len)
9705799ae0SJuan Castillo {
9805799ae0SJuan Castillo 	assert(data_ptr != NULL);
9905799ae0SJuan Castillo 	assert(data_len != 0);
10005799ae0SJuan Castillo 	assert(digest_info_ptr != NULL);
10105799ae0SJuan Castillo 	assert(digest_info_len != 0);
10205799ae0SJuan Castillo 
10305799ae0SJuan Castillo 	return crypto_lib_desc.verify_hash(data_ptr, data_len,
10405799ae0SJuan Castillo 					   digest_info_ptr, digest_info_len);
10505799ae0SJuan Castillo }
106