105799ae0SJuan Castillo /* 28c105290SAlexei Fedorov * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved. 305799ae0SJuan Castillo * 482cb2c1aSdp-arm * SPDX-License-Identifier: BSD-3-Clause 505799ae0SJuan Castillo */ 605799ae0SJuan Castillo 705799ae0SJuan Castillo #include <assert.h> 809d40e0eSAntonio Nino Diaz 909d40e0eSAntonio Nino Diaz #include <common/debug.h> 1009d40e0eSAntonio Nino Diaz #include <drivers/auth/crypto_mod.h> 1105799ae0SJuan Castillo 1205799ae0SJuan Castillo /* Variable exported by the crypto library through REGISTER_CRYPTO_LIB() */ 1305799ae0SJuan Castillo 1405799ae0SJuan Castillo /* 1505799ae0SJuan Castillo * The crypto module is responsible for verifying digital signatures and hashes. 1605799ae0SJuan Castillo * It relies on a crypto library to perform the cryptographic operations. 1705799ae0SJuan Castillo * 1805799ae0SJuan Castillo * The crypto module itself does not impose any specific format on signatures, 1905799ae0SJuan Castillo * signature algorithm, keys or hashes, but most cryptographic libraries will 2005799ae0SJuan Castillo * take the parameters as the following DER encoded ASN.1 structures: 2105799ae0SJuan Castillo * 2205799ae0SJuan Castillo * AlgorithmIdentifier ::= SEQUENCE { 2305799ae0SJuan Castillo * algorithm OBJECT IDENTIFIER, 2405799ae0SJuan Castillo * parameters ANY DEFINED BY algorithm OPTIONAL 2505799ae0SJuan Castillo * } 2605799ae0SJuan Castillo * 2705799ae0SJuan Castillo * DigestInfo ::= SEQUENCE { 2805799ae0SJuan Castillo * digestAlgorithm AlgorithmIdentifier, 2905799ae0SJuan Castillo * digest OCTET STRING 3005799ae0SJuan Castillo * } 3105799ae0SJuan Castillo * 3205799ae0SJuan Castillo * SubjectPublicKeyInfo ::= SEQUENCE { 3305799ae0SJuan Castillo * algorithm AlgorithmIdentifier, 3405799ae0SJuan Castillo * subjectPublicKey BIT STRING 3505799ae0SJuan Castillo * } 3605799ae0SJuan Castillo * 3705799ae0SJuan Castillo * SignatureAlgorithm ::= AlgorithmIdentifier 3805799ae0SJuan Castillo * 3905799ae0SJuan Castillo * SignatureValue ::= BIT STRING 4005799ae0SJuan Castillo */ 4105799ae0SJuan Castillo 4205799ae0SJuan Castillo /* 4305799ae0SJuan Castillo * Perform some static checking and call the library initialization function 4405799ae0SJuan Castillo */ 4505799ae0SJuan Castillo void crypto_mod_init(void) 4605799ae0SJuan Castillo { 4705799ae0SJuan Castillo assert(crypto_lib_desc.name != NULL); 4805799ae0SJuan Castillo assert(crypto_lib_desc.init != NULL); 4905799ae0SJuan Castillo assert(crypto_lib_desc.verify_signature != NULL); 5005799ae0SJuan Castillo assert(crypto_lib_desc.verify_hash != NULL); 5105799ae0SJuan Castillo 5205799ae0SJuan Castillo /* Initialize the cryptographic library */ 5305799ae0SJuan Castillo crypto_lib_desc.init(); 5405799ae0SJuan Castillo INFO("Using crypto library '%s'\n", crypto_lib_desc.name); 5505799ae0SJuan Castillo } 5605799ae0SJuan Castillo 5705799ae0SJuan Castillo /* 5805799ae0SJuan Castillo * Function to verify a digital signature 5905799ae0SJuan Castillo * 6005799ae0SJuan Castillo * Parameters: 6105799ae0SJuan Castillo * 6205799ae0SJuan Castillo * data_ptr, data_len: signed data 6305799ae0SJuan Castillo * sig_ptr, sig_len: the digital signature 6405799ae0SJuan Castillo * sig_alg_ptr, sig_alg_len: the digital signature algorithm 6505799ae0SJuan Castillo * pk_ptr, pk_len: the public key 6605799ae0SJuan Castillo */ 6705799ae0SJuan Castillo int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len, 6805799ae0SJuan Castillo void *sig_ptr, unsigned int sig_len, 6905799ae0SJuan Castillo void *sig_alg_ptr, unsigned int sig_alg_len, 7005799ae0SJuan Castillo void *pk_ptr, unsigned int pk_len) 7105799ae0SJuan Castillo { 7205799ae0SJuan Castillo assert(data_ptr != NULL); 7305799ae0SJuan Castillo assert(data_len != 0); 7405799ae0SJuan Castillo assert(sig_ptr != NULL); 7505799ae0SJuan Castillo assert(sig_len != 0); 7605799ae0SJuan Castillo assert(sig_alg_ptr != NULL); 7705799ae0SJuan Castillo assert(sig_alg_len != 0); 7805799ae0SJuan Castillo assert(pk_ptr != NULL); 7905799ae0SJuan Castillo assert(pk_len != 0); 8005799ae0SJuan Castillo 8105799ae0SJuan Castillo return crypto_lib_desc.verify_signature(data_ptr, data_len, 8205799ae0SJuan Castillo sig_ptr, sig_len, 8305799ae0SJuan Castillo sig_alg_ptr, sig_alg_len, 8405799ae0SJuan Castillo pk_ptr, pk_len); 8505799ae0SJuan Castillo } 8605799ae0SJuan Castillo 8705799ae0SJuan Castillo /* 8805799ae0SJuan Castillo * Verify a hash by comparison 8905799ae0SJuan Castillo * 9005799ae0SJuan Castillo * Parameters: 9105799ae0SJuan Castillo * 9205799ae0SJuan Castillo * data_ptr, data_len: data to be hashed 9305799ae0SJuan Castillo * digest_info_ptr, digest_info_len: hash to be compared 9405799ae0SJuan Castillo */ 9505799ae0SJuan Castillo int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len, 9605799ae0SJuan Castillo void *digest_info_ptr, unsigned int digest_info_len) 9705799ae0SJuan Castillo { 9805799ae0SJuan Castillo assert(data_ptr != NULL); 9905799ae0SJuan Castillo assert(data_len != 0); 10005799ae0SJuan Castillo assert(digest_info_ptr != NULL); 10105799ae0SJuan Castillo assert(digest_info_len != 0); 10205799ae0SJuan Castillo 10305799ae0SJuan Castillo return crypto_lib_desc.verify_hash(data_ptr, data_len, 10405799ae0SJuan Castillo digest_info_ptr, digest_info_len); 10505799ae0SJuan Castillo } 1068c105290SAlexei Fedorov 1078c105290SAlexei Fedorov #if MEASURED_BOOT 1088c105290SAlexei Fedorov /* 1098c105290SAlexei Fedorov * Calculate a hash 1108c105290SAlexei Fedorov * 1118c105290SAlexei Fedorov * Parameters: 1128c105290SAlexei Fedorov * 1138c105290SAlexei Fedorov * alg: message digest algorithm 1148c105290SAlexei Fedorov * data_ptr, data_len: data to be hashed 1158c105290SAlexei Fedorov * output: resulting hash 1168c105290SAlexei Fedorov */ 1178c105290SAlexei Fedorov int crypto_mod_calc_hash(unsigned int alg, void *data_ptr, 1188c105290SAlexei Fedorov unsigned int data_len, unsigned char *output) 1198c105290SAlexei Fedorov { 1208c105290SAlexei Fedorov assert(data_ptr != NULL); 1218c105290SAlexei Fedorov assert(data_len != 0); 1228c105290SAlexei Fedorov assert(output != NULL); 1238c105290SAlexei Fedorov 1248c105290SAlexei Fedorov return crypto_lib_desc.calc_hash(alg, data_ptr, data_len, output); 1258c105290SAlexei Fedorov } 1268c105290SAlexei Fedorov #endif /* MEASURED_BOOT */ 127*7cda17bbSSumit Garg 128*7cda17bbSSumit Garg /* 129*7cda17bbSSumit Garg * Authenticated decryption of data 130*7cda17bbSSumit Garg * 131*7cda17bbSSumit Garg * Parameters: 132*7cda17bbSSumit Garg * 133*7cda17bbSSumit Garg * dec_algo: authenticated decryption algorithm 134*7cda17bbSSumit Garg * data_ptr, len: data to be decrypted (inout param) 135*7cda17bbSSumit Garg * key, key_len, key_flags: symmetric decryption key 136*7cda17bbSSumit Garg * iv, iv_len: initialization vector 137*7cda17bbSSumit Garg * tag, tag_len: authentication tag 138*7cda17bbSSumit Garg */ 139*7cda17bbSSumit Garg int crypto_mod_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, 140*7cda17bbSSumit Garg size_t len, const void *key, unsigned int key_len, 141*7cda17bbSSumit Garg unsigned int key_flags, const void *iv, 142*7cda17bbSSumit Garg unsigned int iv_len, const void *tag, 143*7cda17bbSSumit Garg unsigned int tag_len) 144*7cda17bbSSumit Garg { 145*7cda17bbSSumit Garg assert(crypto_lib_desc.auth_decrypt != NULL); 146*7cda17bbSSumit Garg assert(data_ptr != NULL); 147*7cda17bbSSumit Garg assert(len != 0U); 148*7cda17bbSSumit Garg assert(key != NULL); 149*7cda17bbSSumit Garg assert(key_len != 0U); 150*7cda17bbSSumit Garg assert(iv != NULL); 151*7cda17bbSSumit Garg assert((iv_len != 0U) && (iv_len <= CRYPTO_MAX_IV_SIZE)); 152*7cda17bbSSumit Garg assert(tag != NULL); 153*7cda17bbSSumit Garg assert((tag_len != 0U) && (tag_len <= CRYPTO_MAX_TAG_SIZE)); 154*7cda17bbSSumit Garg 155*7cda17bbSSumit Garg return crypto_lib_desc.auth_decrypt(dec_algo, data_ptr, len, key, 156*7cda17bbSSumit Garg key_len, key_flags, iv, iv_len, tag, 157*7cda17bbSSumit Garg tag_len); 158*7cda17bbSSumit Garg } 159