105799ae0SJuan Castillo /* 205799ae0SJuan Castillo * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. 305799ae0SJuan Castillo * 405799ae0SJuan Castillo * Redistribution and use in source and binary forms, with or without 505799ae0SJuan Castillo * modification, are permitted provided that the following conditions are met: 605799ae0SJuan Castillo * 705799ae0SJuan Castillo * Redistributions of source code must retain the above copyright notice, this 805799ae0SJuan Castillo * list of conditions and the following disclaimer. 905799ae0SJuan Castillo * 1005799ae0SJuan Castillo * Redistributions in binary form must reproduce the above copyright notice, 1105799ae0SJuan Castillo * this list of conditions and the following disclaimer in the documentation 1205799ae0SJuan Castillo * and/or other materials provided with the distribution. 1305799ae0SJuan Castillo * 1405799ae0SJuan Castillo * Neither the name of ARM nor the names of its contributors may be used 1505799ae0SJuan Castillo * to endorse or promote products derived from this software without specific 1605799ae0SJuan Castillo * prior written permission. 1705799ae0SJuan Castillo * 1805799ae0SJuan Castillo * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 1905799ae0SJuan Castillo * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 2005799ae0SJuan Castillo * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 2105799ae0SJuan Castillo * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 2205799ae0SJuan Castillo * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 2305799ae0SJuan Castillo * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 2405799ae0SJuan Castillo * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 2505799ae0SJuan Castillo * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 2605799ae0SJuan Castillo * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 2705799ae0SJuan Castillo * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 2805799ae0SJuan Castillo * POSSIBILITY OF SUCH DAMAGE. 2905799ae0SJuan Castillo */ 3005799ae0SJuan Castillo 3105799ae0SJuan Castillo #ifndef __AUTH_COMMON_H__ 3205799ae0SJuan Castillo #define __AUTH_COMMON_H__ 3305799ae0SJuan Castillo 3405799ae0SJuan Castillo /* 3505799ae0SJuan Castillo * Authentication framework common types 3605799ae0SJuan Castillo */ 3705799ae0SJuan Castillo 3805799ae0SJuan Castillo /* 3905799ae0SJuan Castillo * Type of parameters that can be extracted from an image and 4005799ae0SJuan Castillo * used for authentication 4105799ae0SJuan Castillo */ 4205799ae0SJuan Castillo typedef enum auth_param_type_enum { 4305799ae0SJuan Castillo AUTH_PARAM_NONE, 4405799ae0SJuan Castillo AUTH_PARAM_RAW_DATA, /* Raw image data */ 4505799ae0SJuan Castillo AUTH_PARAM_SIG, /* The image signature */ 4605799ae0SJuan Castillo AUTH_PARAM_SIG_ALG, /* The image signature algorithm */ 4705799ae0SJuan Castillo AUTH_PARAM_HASH, /* A hash (including the algorithm) */ 4805799ae0SJuan Castillo AUTH_PARAM_PUB_KEY, /* A public key */ 49*48279d52SJuan Castillo AUTH_PARAM_NV_CTR, /* A non-volatile counter */ 5005799ae0SJuan Castillo } auth_param_type_t; 5105799ae0SJuan Castillo 5205799ae0SJuan Castillo /* 5305799ae0SJuan Castillo * Defines an authentication parameter. The cookie will be interpreted by the 5405799ae0SJuan Castillo * image parser module. 5505799ae0SJuan Castillo */ 5605799ae0SJuan Castillo typedef struct auth_param_type_desc_s { 5705799ae0SJuan Castillo auth_param_type_t type; 5805799ae0SJuan Castillo void *cookie; 5905799ae0SJuan Castillo } auth_param_type_desc_t; 6005799ae0SJuan Castillo 6105799ae0SJuan Castillo /* 6205799ae0SJuan Castillo * Store a pointer to the authentication parameter and its length 6305799ae0SJuan Castillo */ 6405799ae0SJuan Castillo typedef struct auth_param_data_desc_s { 6505799ae0SJuan Castillo void *ptr; 6605799ae0SJuan Castillo unsigned int len; 6705799ae0SJuan Castillo } auth_param_data_desc_t; 6805799ae0SJuan Castillo 6905799ae0SJuan Castillo /* 7005799ae0SJuan Castillo * Authentication parameter descriptor, including type and value 7105799ae0SJuan Castillo */ 7205799ae0SJuan Castillo typedef struct auth_param_desc_s { 7305799ae0SJuan Castillo auth_param_type_desc_t *type_desc; 7405799ae0SJuan Castillo auth_param_data_desc_t data; 7505799ae0SJuan Castillo } auth_param_desc_t; 7605799ae0SJuan Castillo 7705799ae0SJuan Castillo /* 7805799ae0SJuan Castillo * The method type defines how an image is authenticated 7905799ae0SJuan Castillo */ 8005799ae0SJuan Castillo typedef enum auth_method_type_enum { 8105799ae0SJuan Castillo AUTH_METHOD_NONE = 0, 8205799ae0SJuan Castillo AUTH_METHOD_HASH, /* Authenticate by hash matching */ 8305799ae0SJuan Castillo AUTH_METHOD_SIG, /* Authenticate by PK operation */ 84*48279d52SJuan Castillo AUTH_METHOD_NV_CTR, /* Authenticate by Non-Volatile Counter */ 8505799ae0SJuan Castillo AUTH_METHOD_NUM /* Number of methods */ 8605799ae0SJuan Castillo } auth_method_type_t; 8705799ae0SJuan Castillo 8805799ae0SJuan Castillo /* 8905799ae0SJuan Castillo * Parameters for authentication by hash matching 9005799ae0SJuan Castillo */ 9105799ae0SJuan Castillo typedef struct auth_method_param_hash_s { 9205799ae0SJuan Castillo auth_param_type_desc_t *data; /* Data to hash */ 9305799ae0SJuan Castillo auth_param_type_desc_t *hash; /* Hash to match with */ 9405799ae0SJuan Castillo } auth_method_param_hash_t; 9505799ae0SJuan Castillo 9605799ae0SJuan Castillo /* 9705799ae0SJuan Castillo * Parameters for authentication by signature 9805799ae0SJuan Castillo */ 9905799ae0SJuan Castillo typedef struct auth_method_param_sig_s { 10005799ae0SJuan Castillo auth_param_type_desc_t *pk; /* Public key */ 10105799ae0SJuan Castillo auth_param_type_desc_t *sig; /* Signature to check */ 10205799ae0SJuan Castillo auth_param_type_desc_t *alg; /* Signature algorithm */ 10305799ae0SJuan Castillo auth_param_type_desc_t *data; /* Data signed */ 10405799ae0SJuan Castillo } auth_method_param_sig_t; 10505799ae0SJuan Castillo 10605799ae0SJuan Castillo /* 10705799ae0SJuan Castillo * Parameters for authentication by NV counter 10805799ae0SJuan Castillo */ 10905799ae0SJuan Castillo typedef struct auth_method_param_nv_ctr_s { 110*48279d52SJuan Castillo auth_param_type_desc_t *cert_nv_ctr; /* NV counter in certificate */ 111*48279d52SJuan Castillo auth_param_type_desc_t *plat_nv_ctr; /* NV counter in platform */ 11205799ae0SJuan Castillo } auth_method_param_nv_ctr_t; 11305799ae0SJuan Castillo 11405799ae0SJuan Castillo /* 11505799ae0SJuan Castillo * Authentication method descriptor 11605799ae0SJuan Castillo */ 11705799ae0SJuan Castillo typedef struct auth_method_desc_s { 11805799ae0SJuan Castillo auth_method_type_t type; 11905799ae0SJuan Castillo union { 12005799ae0SJuan Castillo auth_method_param_hash_t hash; 12105799ae0SJuan Castillo auth_method_param_sig_t sig; 12205799ae0SJuan Castillo auth_method_param_nv_ctr_t nv_ctr; 12305799ae0SJuan Castillo } param; 12405799ae0SJuan Castillo } auth_method_desc_t; 12505799ae0SJuan Castillo 12605799ae0SJuan Castillo /* 12705799ae0SJuan Castillo * Helper macro to define an authentication parameter type descriptor 12805799ae0SJuan Castillo */ 12905799ae0SJuan Castillo #define AUTH_PARAM_TYPE_DESC(_type, _cookie) \ 13005799ae0SJuan Castillo { \ 13105799ae0SJuan Castillo .type = _type, \ 13205799ae0SJuan Castillo .cookie = (void *)_cookie \ 13305799ae0SJuan Castillo } 13405799ae0SJuan Castillo 13505799ae0SJuan Castillo /* 13605799ae0SJuan Castillo * Helper macro to define an authentication parameter data descriptor 13705799ae0SJuan Castillo */ 13805799ae0SJuan Castillo #define AUTH_PARAM_DATA_DESC(_ptr, _len) \ 13905799ae0SJuan Castillo { \ 14005799ae0SJuan Castillo .ptr = (void *)_ptr, \ 14105799ae0SJuan Castillo .len = (unsigned int)_len \ 14205799ae0SJuan Castillo } 14305799ae0SJuan Castillo 14405799ae0SJuan Castillo #endif /* __AUTH_COMMON_H__ */ 145