105799ae0SJuan Castillo /* 205799ae0SJuan Castillo * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. 305799ae0SJuan Castillo * 482cb2c1aSdp-arm * SPDX-License-Identifier: BSD-3-Clause 505799ae0SJuan Castillo */ 605799ae0SJuan Castillo 7*c3cf06f1SAntonio Nino Diaz #ifndef AUTH_COMMON_H 8*c3cf06f1SAntonio Nino Diaz #define AUTH_COMMON_H 905799ae0SJuan Castillo 1005799ae0SJuan Castillo /* 1105799ae0SJuan Castillo * Authentication framework common types 1205799ae0SJuan Castillo */ 1305799ae0SJuan Castillo 1405799ae0SJuan Castillo /* 1505799ae0SJuan Castillo * Type of parameters that can be extracted from an image and 1605799ae0SJuan Castillo * used for authentication 1705799ae0SJuan Castillo */ 1805799ae0SJuan Castillo typedef enum auth_param_type_enum { 1905799ae0SJuan Castillo AUTH_PARAM_NONE, 2005799ae0SJuan Castillo AUTH_PARAM_RAW_DATA, /* Raw image data */ 2105799ae0SJuan Castillo AUTH_PARAM_SIG, /* The image signature */ 2205799ae0SJuan Castillo AUTH_PARAM_SIG_ALG, /* The image signature algorithm */ 2305799ae0SJuan Castillo AUTH_PARAM_HASH, /* A hash (including the algorithm) */ 2405799ae0SJuan Castillo AUTH_PARAM_PUB_KEY, /* A public key */ 2548279d52SJuan Castillo AUTH_PARAM_NV_CTR, /* A non-volatile counter */ 2605799ae0SJuan Castillo } auth_param_type_t; 2705799ae0SJuan Castillo 2805799ae0SJuan Castillo /* 2905799ae0SJuan Castillo * Defines an authentication parameter. The cookie will be interpreted by the 3005799ae0SJuan Castillo * image parser module. 3105799ae0SJuan Castillo */ 3205799ae0SJuan Castillo typedef struct auth_param_type_desc_s { 3305799ae0SJuan Castillo auth_param_type_t type; 3405799ae0SJuan Castillo void *cookie; 3505799ae0SJuan Castillo } auth_param_type_desc_t; 3605799ae0SJuan Castillo 3705799ae0SJuan Castillo /* 3805799ae0SJuan Castillo * Store a pointer to the authentication parameter and its length 3905799ae0SJuan Castillo */ 4005799ae0SJuan Castillo typedef struct auth_param_data_desc_s { 4105799ae0SJuan Castillo void *ptr; 4205799ae0SJuan Castillo unsigned int len; 4305799ae0SJuan Castillo } auth_param_data_desc_t; 4405799ae0SJuan Castillo 4505799ae0SJuan Castillo /* 4605799ae0SJuan Castillo * Authentication parameter descriptor, including type and value 4705799ae0SJuan Castillo */ 4805799ae0SJuan Castillo typedef struct auth_param_desc_s { 4905799ae0SJuan Castillo auth_param_type_desc_t *type_desc; 5005799ae0SJuan Castillo auth_param_data_desc_t data; 5105799ae0SJuan Castillo } auth_param_desc_t; 5205799ae0SJuan Castillo 5305799ae0SJuan Castillo /* 5405799ae0SJuan Castillo * The method type defines how an image is authenticated 5505799ae0SJuan Castillo */ 5605799ae0SJuan Castillo typedef enum auth_method_type_enum { 5705799ae0SJuan Castillo AUTH_METHOD_NONE = 0, 5805799ae0SJuan Castillo AUTH_METHOD_HASH, /* Authenticate by hash matching */ 5905799ae0SJuan Castillo AUTH_METHOD_SIG, /* Authenticate by PK operation */ 6048279d52SJuan Castillo AUTH_METHOD_NV_CTR, /* Authenticate by Non-Volatile Counter */ 6105799ae0SJuan Castillo AUTH_METHOD_NUM /* Number of methods */ 6205799ae0SJuan Castillo } auth_method_type_t; 6305799ae0SJuan Castillo 6405799ae0SJuan Castillo /* 6505799ae0SJuan Castillo * Parameters for authentication by hash matching 6605799ae0SJuan Castillo */ 6705799ae0SJuan Castillo typedef struct auth_method_param_hash_s { 6805799ae0SJuan Castillo auth_param_type_desc_t *data; /* Data to hash */ 6905799ae0SJuan Castillo auth_param_type_desc_t *hash; /* Hash to match with */ 7005799ae0SJuan Castillo } auth_method_param_hash_t; 7105799ae0SJuan Castillo 7205799ae0SJuan Castillo /* 7305799ae0SJuan Castillo * Parameters for authentication by signature 7405799ae0SJuan Castillo */ 7505799ae0SJuan Castillo typedef struct auth_method_param_sig_s { 7605799ae0SJuan Castillo auth_param_type_desc_t *pk; /* Public key */ 7705799ae0SJuan Castillo auth_param_type_desc_t *sig; /* Signature to check */ 7805799ae0SJuan Castillo auth_param_type_desc_t *alg; /* Signature algorithm */ 7905799ae0SJuan Castillo auth_param_type_desc_t *data; /* Data signed */ 8005799ae0SJuan Castillo } auth_method_param_sig_t; 8105799ae0SJuan Castillo 8205799ae0SJuan Castillo /* 8305799ae0SJuan Castillo * Parameters for authentication by NV counter 8405799ae0SJuan Castillo */ 8505799ae0SJuan Castillo typedef struct auth_method_param_nv_ctr_s { 8648279d52SJuan Castillo auth_param_type_desc_t *cert_nv_ctr; /* NV counter in certificate */ 8748279d52SJuan Castillo auth_param_type_desc_t *plat_nv_ctr; /* NV counter in platform */ 8805799ae0SJuan Castillo } auth_method_param_nv_ctr_t; 8905799ae0SJuan Castillo 9005799ae0SJuan Castillo /* 9105799ae0SJuan Castillo * Authentication method descriptor 9205799ae0SJuan Castillo */ 9305799ae0SJuan Castillo typedef struct auth_method_desc_s { 9405799ae0SJuan Castillo auth_method_type_t type; 9505799ae0SJuan Castillo union { 9605799ae0SJuan Castillo auth_method_param_hash_t hash; 9705799ae0SJuan Castillo auth_method_param_sig_t sig; 9805799ae0SJuan Castillo auth_method_param_nv_ctr_t nv_ctr; 9905799ae0SJuan Castillo } param; 10005799ae0SJuan Castillo } auth_method_desc_t; 10105799ae0SJuan Castillo 10205799ae0SJuan Castillo /* 10305799ae0SJuan Castillo * Helper macro to define an authentication parameter type descriptor 10405799ae0SJuan Castillo */ 10505799ae0SJuan Castillo #define AUTH_PARAM_TYPE_DESC(_type, _cookie) \ 10605799ae0SJuan Castillo { \ 10705799ae0SJuan Castillo .type = _type, \ 10805799ae0SJuan Castillo .cookie = (void *)_cookie \ 10905799ae0SJuan Castillo } 11005799ae0SJuan Castillo 11105799ae0SJuan Castillo /* 11205799ae0SJuan Castillo * Helper macro to define an authentication parameter data descriptor 11305799ae0SJuan Castillo */ 11405799ae0SJuan Castillo #define AUTH_PARAM_DATA_DESC(_ptr, _len) \ 11505799ae0SJuan Castillo { \ 11605799ae0SJuan Castillo .ptr = (void *)_ptr, \ 11705799ae0SJuan Castillo .len = (unsigned int)_len \ 11805799ae0SJuan Castillo } 11905799ae0SJuan Castillo 120*c3cf06f1SAntonio Nino Diaz #endif /* AUTH_COMMON_H */ 121