drivers/auth/crypto_mod.c

   1 /*
   2  * Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
   3  *
   4  * SPDX-License-Identifier: BSD-3-Clause
   5  */
   6
   7 #include <assert.h>
   8
   9 #include <common/debug.h>
  10 #include <drivers/auth/crypto_mod.h>
  11
  12 /* Variable exported by the crypto library through REGISTER_CRYPTO_LIB() */
  13
  14 /*
  15  * The crypto module is responsible for verifying digital signatures and hashes.
  16  * It relies on a crypto library to perform the cryptographic operations.
  17  *
  18  * The crypto module itself does not impose any specific format on signatures,
  19  * signature algorithm, keys or hashes, but most cryptographic libraries will
  20  * take the parameters as the following DER encoded ASN.1 structures:
  21  *
  22  *     AlgorithmIdentifier ::= SEQUENCE  {
  23  *         algorithm        OBJECT IDENTIFIER,
  24  *         parameters       ANY DEFINED BY algorithm OPTIONAL
  25  *     }
  26  *
  27  *     DigestInfo ::= SEQUENCE {
  28  *         digestAlgorithm  AlgorithmIdentifier,
  29  *         digest           OCTET STRING
  30  *     }
  31  *
  32  *     SubjectPublicKeyInfo ::= SEQUENCE  {
  33  *         algorithm        AlgorithmIdentifier,
  34  *         subjectPublicKey BIT STRING
  35  *     }
  36  *
  37  *     SignatureAlgorithm ::= AlgorithmIdentifier
  38  *
  39  *     SignatureValue ::= BIT STRING
  40  */
  41
  42 /*
  43  * Perform some static checking and call the library initialization function
  44  */
  45 void crypto_mod_init(void)
  46 {
  47         assert(crypto_lib_desc.name != NULL);
  48         assert(crypto_lib_desc.init != NULL);
  49         assert(crypto_lib_desc.verify_signature != NULL);
  50         assert(crypto_lib_desc.verify_hash != NULL);
  51
  52         /* Initialize the cryptographic library */
  53         crypto_lib_desc.init();
  54         INFO("Using crypto library '%s'\n", crypto_lib_desc.name);
  55 }
  56
  57 /*
  58  * Function to verify a digital signature
  59  *
  60  * Parameters:
  61  *
  62  *   data_ptr, data_len: signed data
  63  *   sig_ptr, sig_len: the digital signature
  64  *   sig_alg_ptr, sig_alg_len: the digital signature algorithm
  65  *   pk_ptr, pk_len: the public key
  66  */
  67 int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len,
  68                                 void *sig_ptr, unsigned int sig_len,
  69                                 void *sig_alg_ptr, unsigned int sig_alg_len,
  70                                 void *pk_ptr, unsigned int pk_len)
  71 {
  72         assert(data_ptr != NULL);
  73         assert(data_len != 0);
  74         assert(sig_ptr != NULL);
  75         assert(sig_len != 0);
  76         assert(sig_alg_ptr != NULL);
  77         assert(sig_alg_len != 0);
  78         assert(pk_ptr != NULL);
  79         assert(pk_len != 0);
  80
  81         return crypto_lib_desc.verify_signature(data_ptr, data_len,
  82                                                 sig_ptr, sig_len,
  83                                                 sig_alg_ptr, sig_alg_len,
  84                                                 pk_ptr, pk_len);
  85 }
  86
  87 /*
  88  * Verify a hash by comparison
  89  *
  90  * Parameters:
  91  *
  92  *   data_ptr, data_len: data to be hashed
  93  *   digest_info_ptr, digest_info_len: hash to be compared
  94  */
  95 int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len,
  96                            void *digest_info_ptr, unsigned int digest_info_len)
  97 {
  98         assert(data_ptr != NULL);
  99         assert(data_len != 0);
 100         assert(digest_info_ptr != NULL);
 101         assert(digest_info_len != 0);
 102
 103         return crypto_lib_desc.verify_hash(data_ptr, data_len,
 104                                            digest_info_ptr, digest_info_len);
 105 }