1 /* 2 * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #include <assert.h> 8 9 #include <common/debug.h> 10 #include <drivers/auth/crypto_mod.h> 11 12 /* Variable exported by the crypto library through REGISTER_CRYPTO_LIB() */ 13 14 /* 15 * The crypto module is responsible for verifying digital signatures and hashes. 16 * It relies on a crypto library to perform the cryptographic operations. 17 * 18 * The crypto module itself does not impose any specific format on signatures, 19 * signature algorithm, keys or hashes, but most cryptographic libraries will 20 * take the parameters as the following DER encoded ASN.1 structures: 21 * 22 * AlgorithmIdentifier ::= SEQUENCE { 23 * algorithm OBJECT IDENTIFIER, 24 * parameters ANY DEFINED BY algorithm OPTIONAL 25 * } 26 * 27 * DigestInfo ::= SEQUENCE { 28 * digestAlgorithm AlgorithmIdentifier, 29 * digest OCTET STRING 30 * } 31 * 32 * SubjectPublicKeyInfo ::= SEQUENCE { 33 * algorithm AlgorithmIdentifier, 34 * subjectPublicKey BIT STRING 35 * } 36 * 37 * SignatureAlgorithm ::= AlgorithmIdentifier 38 * 39 * SignatureValue ::= BIT STRING 40 */ 41 42 /* 43 * Perform some static checking and call the library initialization function 44 */ 45 void crypto_mod_init(void) 46 { 47 assert(crypto_lib_desc.name != NULL); 48 assert(crypto_lib_desc.init != NULL); 49 #if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \ 50 CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC 51 assert(crypto_lib_desc.verify_signature != NULL); 52 assert(crypto_lib_desc.verify_hash != NULL); 53 #endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \ 54 CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ 55 56 #if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ 57 CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC 58 assert(crypto_lib_desc.calc_hash != NULL); 59 #endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ 60 CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ 61 62 /* Initialize the cryptographic library */ 63 crypto_lib_desc.init(); 64 INFO("Using crypto library '%s'\n", crypto_lib_desc.name); 65 } 66 67 #if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \ 68 CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC 69 /* 70 * Function to verify a digital signature 71 * 72 * Parameters: 73 * 74 * data_ptr, data_len: signed data 75 * sig_ptr, sig_len: the digital signature 76 * sig_alg_ptr, sig_alg_len: the digital signature algorithm 77 * pk_ptr, pk_len: the public key 78 */ 79 int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len, 80 void *sig_ptr, unsigned int sig_len, 81 void *sig_alg_ptr, unsigned int sig_alg_len, 82 void *pk_ptr, unsigned int pk_len) 83 { 84 assert(data_ptr != NULL); 85 assert(data_len != 0); 86 assert(sig_ptr != NULL); 87 assert(sig_len != 0); 88 assert(sig_alg_ptr != NULL); 89 assert(sig_alg_len != 0); 90 assert(pk_ptr != NULL); 91 assert(pk_len != 0); 92 93 return crypto_lib_desc.verify_signature(data_ptr, data_len, 94 sig_ptr, sig_len, 95 sig_alg_ptr, sig_alg_len, 96 pk_ptr, pk_len); 97 } 98 99 /* 100 * Verify a hash by comparison 101 * 102 * Parameters: 103 * 104 * data_ptr, data_len: data to be hashed 105 * digest_info_ptr, digest_info_len: hash to be compared 106 */ 107 int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len, 108 void *digest_info_ptr, unsigned int digest_info_len) 109 { 110 assert(data_ptr != NULL); 111 assert(data_len != 0); 112 assert(digest_info_ptr != NULL); 113 assert(digest_info_len != 0); 114 115 return crypto_lib_desc.verify_hash(data_ptr, data_len, 116 digest_info_ptr, digest_info_len); 117 } 118 #endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \ 119 CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ 120 121 #if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ 122 CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC 123 /* 124 * Calculate a hash 125 * 126 * Parameters: 127 * 128 * alg: message digest algorithm 129 * data_ptr, data_len: data to be hashed 130 * output: resulting hash 131 */ 132 int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, 133 unsigned int data_len, 134 unsigned char output[CRYPTO_MD_MAX_SIZE]) 135 { 136 assert(data_ptr != NULL); 137 assert(data_len != 0); 138 assert(output != NULL); 139 140 return crypto_lib_desc.calc_hash(alg, data_ptr, data_len, output); 141 } 142 #endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ 143 CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ 144 145 int crypto_mod_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, 146 void **hashed_pk_ptr, unsigned int *hashed_pk_len) 147 { 148 if (crypto_lib_desc.convert_pk != NULL) { 149 return crypto_lib_desc.convert_pk(full_pk_ptr, full_pk_len, 150 hashed_pk_ptr, hashed_pk_len); 151 } 152 153 *hashed_pk_ptr = full_pk_ptr; 154 *hashed_pk_len = full_pk_len; 155 156 return 0; 157 } 158 159 /* 160 * Authenticated decryption of data 161 * 162 * Parameters: 163 * 164 * dec_algo: authenticated decryption algorithm 165 * data_ptr, len: data to be decrypted (inout param) 166 * key, key_len, key_flags: symmetric decryption key 167 * iv, iv_len: initialization vector 168 * tag, tag_len: authentication tag 169 */ 170 int crypto_mod_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, 171 size_t len, const void *key, unsigned int key_len, 172 unsigned int key_flags, const void *iv, 173 unsigned int iv_len, const void *tag, 174 unsigned int tag_len) 175 { 176 assert(crypto_lib_desc.auth_decrypt != NULL); 177 assert(data_ptr != NULL); 178 assert(len != 0U); 179 assert(key != NULL); 180 assert(key_len != 0U); 181 assert(iv != NULL); 182 assert((iv_len != 0U) && (iv_len <= CRYPTO_MAX_IV_SIZE)); 183 assert(tag != NULL); 184 assert((tag_len != 0U) && (tag_len <= CRYPTO_MAX_TAG_SIZE)); 185 186 return crypto_lib_desc.auth_decrypt(dec_algo, data_ptr, len, key, 187 key_len, key_flags, iv, iv_len, tag, 188 tag_len); 189 } 190