xref: /rk3399_ARM-atf/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c (revision 04cf04c72d403e0c057505882fac9002d39d4102) 
1 /*
2  * Copyright 2021 NXP
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  *
6  */
7 
8 #include <stddef.h>
9 #include <string.h>
10 
11 #include "caam.h"
12 #include <common/debug.h>
13 #include <drivers/auth/crypto_mod.h>
14 
15 #include "hash.h"
16 #include "rsa.h"
17 
18 #define LIB_NAME		"NXP crypto"
19 
20 /*
21  * Initialize the library and export the descriptor
22  */
23 static void init(void)
24 {
25 	/* Initialize NXP crypto library`:*/
26 	NOTICE("Initializing & configuring SEC block.\n");
27 
28 	if (config_sec_block() < 0) {
29 		ERROR("Init & config failure for caam.\n");
30 	}
31 }
32 
33 /*
34  * Verify a signature.
35  *
36  * For IMG_PLAT - data points to a PKCS#1.5 encoded HASH
37  * sig_alg will be RSA or ECC
38  * Parameters are passed using the DER encoding format following the ASN.1
39  * structures detailed above.
40  */
41 static int verify_signature(void *data_ptr, unsigned int data_len,
42 			    void *sig_ptr, unsigned int sig_len,
43 			    void *sign_alg, unsigned int sig_alg_len,
44 			    void *pk_ptr, unsigned int pk_len)
45 {
46 	int ret = CRYPTO_SUCCESS;
47 
48 	enum sig_alg alg = *(enum sig_alg *)sign_alg;
49 
50 	switch (alg) {
51 	case RSA:
52 		NOTICE("Verifying RSA\n");
53 		ret = rsa_verify_signature(data_ptr, data_len, sig_ptr, sig_len,
54 					   pk_ptr, pk_len);
55 		break;
56 	case ECC:
57 	default:
58 		ret = CRYPTO_ERR_SIGNATURE;
59 		break;
60 	}
61 
62 	if (ret != 0) {
63 		ERROR("RSA verification Failed\n");
64 	}
65 	return ret;
66 
67 }
68 
69 /*
70  * Match a hash
71  *
72  * Digest info is passed as a table of SHA-26 hashes and digest_info_len
73  * is number of entries in the table
74  * This implementation is very specific to the CSF header parser ROTPK
75  * comparison.
76  */
77 static int verify_hash(void *data_ptr, unsigned int data_len,
78 		       void *digest_info_ptr, unsigned int digest_info_len)
79 {
80 	void *ctx = NULL;
81 	int i = 0, ret = 0;
82 	enum hash_algo algo = SHA256;
83 	uint8_t hash[SHA256_BYTES] __aligned(CACHE_WRITEBACK_GRANULE) = {0};
84 	uint32_t digest_size = SHA256_BYTES;
85 	uint8_t *hash_tbl = digest_info_ptr;
86 
87 	NOTICE("Verifying hash\n");
88 	ret = hash_init(algo, &ctx);
89 	if (ret != 0) {
90 		return CRYPTO_ERR_HASH;
91 	}
92 
93 	/* Update hash with that of SRK table */
94 	ret = hash_update(algo, ctx, data_ptr, data_len);
95 	if (ret != 0) {
96 		return CRYPTO_ERR_HASH;
97 	}
98 
99 	/* Copy hash at destination buffer */
100 	ret = hash_final(algo, ctx, hash, digest_size);
101 	if (ret != 0) {
102 		return CRYPTO_ERR_HASH;
103 	}
104 
105 	VERBOSE("%s Calculated hash\n", __func__);
106 	for (i = 0; i < SHA256_BYTES/4; i++) {
107 		VERBOSE("%x\n", *((uint32_t *)hash + i));
108 	}
109 
110 	for (i = 0; i < digest_info_len; i++) {
111 		if (memcmp(hash, (hash_tbl + (i * digest_size)),
112 			   digest_size) == 0) {
113 			return CRYPTO_SUCCESS;
114 		}
115 	}
116 
117 	return CRYPTO_ERR_HASH;
118 }
119 
120 /*
121  * Register crypto library descriptor
122  */
123 REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL, NULL, NULL);
124