105799ae0SJuan Castillo /* 2*e43caf38SManish V Badarkhe * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. 305799ae0SJuan Castillo * 482cb2c1aSdp-arm * SPDX-License-Identifier: BSD-3-Clause 505799ae0SJuan Castillo */ 605799ae0SJuan Castillo 705799ae0SJuan Castillo #include <assert.h> 809d40e0eSAntonio Nino Diaz 909d40e0eSAntonio Nino Diaz #include <common/debug.h> 1009d40e0eSAntonio Nino Diaz #include <drivers/auth/crypto_mod.h> 1105799ae0SJuan Castillo 1205799ae0SJuan Castillo /* Variable exported by the crypto library through REGISTER_CRYPTO_LIB() */ 1305799ae0SJuan Castillo 1405799ae0SJuan Castillo /* 1505799ae0SJuan Castillo * The crypto module is responsible for verifying digital signatures and hashes. 1605799ae0SJuan Castillo * It relies on a crypto library to perform the cryptographic operations. 1705799ae0SJuan Castillo * 1805799ae0SJuan Castillo * The crypto module itself does not impose any specific format on signatures, 1905799ae0SJuan Castillo * signature algorithm, keys or hashes, but most cryptographic libraries will 2005799ae0SJuan Castillo * take the parameters as the following DER encoded ASN.1 structures: 2105799ae0SJuan Castillo * 2205799ae0SJuan Castillo * AlgorithmIdentifier ::= SEQUENCE { 2305799ae0SJuan Castillo * algorithm OBJECT IDENTIFIER, 2405799ae0SJuan Castillo * parameters ANY DEFINED BY algorithm OPTIONAL 2505799ae0SJuan Castillo * } 2605799ae0SJuan Castillo * 2705799ae0SJuan Castillo * DigestInfo ::= SEQUENCE { 2805799ae0SJuan Castillo * digestAlgorithm AlgorithmIdentifier, 2905799ae0SJuan Castillo * digest OCTET STRING 3005799ae0SJuan Castillo * } 3105799ae0SJuan Castillo * 3205799ae0SJuan Castillo * SubjectPublicKeyInfo ::= SEQUENCE { 3305799ae0SJuan Castillo * algorithm AlgorithmIdentifier, 3405799ae0SJuan Castillo * subjectPublicKey BIT STRING 3505799ae0SJuan Castillo * } 3605799ae0SJuan Castillo * 3705799ae0SJuan Castillo * SignatureAlgorithm ::= AlgorithmIdentifier 3805799ae0SJuan Castillo * 3905799ae0SJuan Castillo * SignatureValue ::= BIT STRING 4005799ae0SJuan Castillo */ 4105799ae0SJuan Castillo 4205799ae0SJuan Castillo /* 4305799ae0SJuan Castillo * Perform some static checking and call the library initialization function 4405799ae0SJuan Castillo */ 4505799ae0SJuan Castillo void crypto_mod_init(void) 4605799ae0SJuan Castillo { 4705799ae0SJuan Castillo assert(crypto_lib_desc.name != NULL); 4805799ae0SJuan Castillo assert(crypto_lib_desc.init != NULL); 490aa0b3afSManish V Badarkhe #if TRUSTED_BOARD_BOOT 5005799ae0SJuan Castillo assert(crypto_lib_desc.verify_signature != NULL); 5105799ae0SJuan Castillo assert(crypto_lib_desc.verify_hash != NULL); 520aa0b3afSManish V Badarkhe #endif /* TRUSTED_BOARD_BOOT */ 53*e43caf38SManish V Badarkhe #if MEASURED_BOOT || DRTM_SUPPORT 540aa0b3afSManish V Badarkhe assert(crypto_lib_desc.calc_hash != NULL); 55*e43caf38SManish V Badarkhe #endif /* MEASURED_BOOT || DRTM_SUPPORT */ 5605799ae0SJuan Castillo 5705799ae0SJuan Castillo /* Initialize the cryptographic library */ 5805799ae0SJuan Castillo crypto_lib_desc.init(); 5905799ae0SJuan Castillo INFO("Using crypto library '%s'\n", crypto_lib_desc.name); 6005799ae0SJuan Castillo } 6105799ae0SJuan Castillo 6205799ae0SJuan Castillo /* 6305799ae0SJuan Castillo * Function to verify a digital signature 6405799ae0SJuan Castillo * 6505799ae0SJuan Castillo * Parameters: 6605799ae0SJuan Castillo * 6705799ae0SJuan Castillo * data_ptr, data_len: signed data 6805799ae0SJuan Castillo * sig_ptr, sig_len: the digital signature 6905799ae0SJuan Castillo * sig_alg_ptr, sig_alg_len: the digital signature algorithm 7005799ae0SJuan Castillo * pk_ptr, pk_len: the public key 7105799ae0SJuan Castillo */ 7205799ae0SJuan Castillo int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len, 7305799ae0SJuan Castillo void *sig_ptr, unsigned int sig_len, 7405799ae0SJuan Castillo void *sig_alg_ptr, unsigned int sig_alg_len, 7505799ae0SJuan Castillo void *pk_ptr, unsigned int pk_len) 7605799ae0SJuan Castillo { 7705799ae0SJuan Castillo assert(data_ptr != NULL); 7805799ae0SJuan Castillo assert(data_len != 0); 7905799ae0SJuan Castillo assert(sig_ptr != NULL); 8005799ae0SJuan Castillo assert(sig_len != 0); 8105799ae0SJuan Castillo assert(sig_alg_ptr != NULL); 8205799ae0SJuan Castillo assert(sig_alg_len != 0); 8305799ae0SJuan Castillo assert(pk_ptr != NULL); 8405799ae0SJuan Castillo assert(pk_len != 0); 8505799ae0SJuan Castillo 8605799ae0SJuan Castillo return crypto_lib_desc.verify_signature(data_ptr, data_len, 8705799ae0SJuan Castillo sig_ptr, sig_len, 8805799ae0SJuan Castillo sig_alg_ptr, sig_alg_len, 8905799ae0SJuan Castillo pk_ptr, pk_len); 9005799ae0SJuan Castillo } 9105799ae0SJuan Castillo 9205799ae0SJuan Castillo /* 9305799ae0SJuan Castillo * Verify a hash by comparison 9405799ae0SJuan Castillo * 9505799ae0SJuan Castillo * Parameters: 9605799ae0SJuan Castillo * 9705799ae0SJuan Castillo * data_ptr, data_len: data to be hashed 9805799ae0SJuan Castillo * digest_info_ptr, digest_info_len: hash to be compared 9905799ae0SJuan Castillo */ 10005799ae0SJuan Castillo int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len, 10105799ae0SJuan Castillo void *digest_info_ptr, unsigned int digest_info_len) 10205799ae0SJuan Castillo { 10305799ae0SJuan Castillo assert(data_ptr != NULL); 10405799ae0SJuan Castillo assert(data_len != 0); 10505799ae0SJuan Castillo assert(digest_info_ptr != NULL); 10605799ae0SJuan Castillo assert(digest_info_len != 0); 10705799ae0SJuan Castillo 10805799ae0SJuan Castillo return crypto_lib_desc.verify_hash(data_ptr, data_len, 10905799ae0SJuan Castillo digest_info_ptr, digest_info_len); 11005799ae0SJuan Castillo } 1118c105290SAlexei Fedorov 112*e43caf38SManish V Badarkhe #if MEASURED_BOOT || DRTM_SUPPORT 1138c105290SAlexei Fedorov /* 1148c105290SAlexei Fedorov * Calculate a hash 1158c105290SAlexei Fedorov * 1168c105290SAlexei Fedorov * Parameters: 1178c105290SAlexei Fedorov * 1188c105290SAlexei Fedorov * alg: message digest algorithm 1198c105290SAlexei Fedorov * data_ptr, data_len: data to be hashed 1208c105290SAlexei Fedorov * output: resulting hash 1218c105290SAlexei Fedorov */ 12214db963fSManish V Badarkhe int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, 12314db963fSManish V Badarkhe unsigned int data_len, 12414db963fSManish V Badarkhe unsigned char output[CRYPTO_MD_MAX_SIZE]) 1258c105290SAlexei Fedorov { 1268c105290SAlexei Fedorov assert(data_ptr != NULL); 1278c105290SAlexei Fedorov assert(data_len != 0); 1288c105290SAlexei Fedorov assert(output != NULL); 1298c105290SAlexei Fedorov 1308c105290SAlexei Fedorov return crypto_lib_desc.calc_hash(alg, data_ptr, data_len, output); 1318c105290SAlexei Fedorov } 132*e43caf38SManish V Badarkhe #endif /* MEASURED_BOOT || DRTM_SUPPORT */ 1337cda17bbSSumit Garg 1347cda17bbSSumit Garg /* 1357cda17bbSSumit Garg * Authenticated decryption of data 1367cda17bbSSumit Garg * 1377cda17bbSSumit Garg * Parameters: 1387cda17bbSSumit Garg * 1397cda17bbSSumit Garg * dec_algo: authenticated decryption algorithm 1407cda17bbSSumit Garg * data_ptr, len: data to be decrypted (inout param) 1417cda17bbSSumit Garg * key, key_len, key_flags: symmetric decryption key 1427cda17bbSSumit Garg * iv, iv_len: initialization vector 1437cda17bbSSumit Garg * tag, tag_len: authentication tag 1447cda17bbSSumit Garg */ 1457cda17bbSSumit Garg int crypto_mod_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, 1467cda17bbSSumit Garg size_t len, const void *key, unsigned int key_len, 1477cda17bbSSumit Garg unsigned int key_flags, const void *iv, 1487cda17bbSSumit Garg unsigned int iv_len, const void *tag, 1497cda17bbSSumit Garg unsigned int tag_len) 1507cda17bbSSumit Garg { 1517cda17bbSSumit Garg assert(crypto_lib_desc.auth_decrypt != NULL); 1527cda17bbSSumit Garg assert(data_ptr != NULL); 1537cda17bbSSumit Garg assert(len != 0U); 1547cda17bbSSumit Garg assert(key != NULL); 1557cda17bbSSumit Garg assert(key_len != 0U); 1567cda17bbSSumit Garg assert(iv != NULL); 1577cda17bbSSumit Garg assert((iv_len != 0U) && (iv_len <= CRYPTO_MAX_IV_SIZE)); 1587cda17bbSSumit Garg assert(tag != NULL); 1597cda17bbSSumit Garg assert((tag_len != 0U) && (tag_len <= CRYPTO_MAX_TAG_SIZE)); 1607cda17bbSSumit Garg 1617cda17bbSSumit Garg return crypto_lib_desc.auth_decrypt(dec_algo, data_ptr, len, key, 1627cda17bbSSumit Garg key_len, key_flags, iv, iv_len, tag, 1637cda17bbSSumit Garg tag_len); 1647cda17bbSSumit Garg } 165