From f28057a2607ef1e408396095a1fa125d1c7d52f3 Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Thu, 9 Mar 2023 22:23:49 +0000 Subject: [PATCH 1/5] docs(auth): add 'calc_hash' function's details in CM Updated the Crypto Module section to detail the 'calc_hash' function. Change-Id: I04a24abba150745e4eba6273bdb7cf12b66bfebc Signed-off-by: Manish V Badarkhe --- docs/design/auth-framework.rst | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst index 6913e66e1..38a1173db 100644 --- a/docs/design/auth-framework.rst +++ b/docs/design/auth-framework.rst @@ -236,6 +236,9 @@ functions must be provided by the CL: void *sig_ptr, unsigned int sig_len, void *sig_alg, unsigned int sig_alg_len, void *pk_ptr, unsigned int pk_len); + int (*calc_hash)(enum crypto_md_algo alg, void *data_ptr, + unsigned int data_len, + unsigned char output[CRYPTO_MD_MAX_SIZE]) int (*verify_hash)(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len); @@ -243,11 +246,20 @@ These functions are registered in the CM using the macro: .. code:: c - REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash); + REGISTER_CRYPTO_LIB(_name, + _init, + _verify_signature, + _calc_hash, + _verify_hash); ``_name`` must be a string containing the name of the CL. This name is used for debugging purposes. +Crypto module provides a function ``_calc_hash`` to calculate and +return the hash of the given data using the provided hash algorithm. +This function is mainly used in the ``MEASURED_BOOT`` and ``DRTM_SUPPORT`` +features to calculate the hashes of various images/data. + Image Parser Module (IPM) ^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -936,7 +948,7 @@ i.e. verify a hash or a digital signature. Arm platforms will use a library based on mbed TLS, which can be found in ``drivers/auth/mbedtls/mbedtls_crypto.c``. This library is registered in the authentication framework using the macro ``REGISTER_CRYPTO_LIB()`` and exports -four functions: +below functions: .. code:: c @@ -945,6 +957,9 @@ four functions: void *sig_ptr, unsigned int sig_len, void *sig_alg, unsigned int sig_alg_len, void *pk_ptr, unsigned int pk_len); + int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, + unsigned int data_len, + unsigned char output[CRYPTO_MD_MAX_SIZE]) int verify_hash(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len); int auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, @@ -975,6 +990,6 @@ The mbedTLS library algorithm support is configured by both the -------------- -*Copyright (c) 2017-2020, Arm Limited and Contributors. All rights reserved.* +*Copyright (c) 2017-2023, Arm Limited and Contributors. All rights reserved.* .. _TBBR-Client specification: https://developer.arm.com/docs/den0006/latest/trusted-board-boot-requirements-client-tbbr-client-armv8-a From f1e693a77548950cfffcb1d5a4b67cf349e0aed9 Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Fri, 10 Mar 2023 19:00:02 +0000 Subject: [PATCH 2/5] feat(auth): compare platform and certificate ROTPK for authentication Compared the full ROTPK with the ROTPK obtained from the certificate when the platform supports full ROTPK instead of hash of ROTPK. Additionally, changed the code to verify the ROTPK before relying on it for signature verification. Change-Id: I52bb9deb1a1dd5b184d3156bddad14c238692de7 Signed-off-by: Manish V Badarkhe --- drivers/auth/auth_mod.c | 84 ++++++++++++++++++++-------------- include/plat/common/platform.h | 7 +++ 2 files changed, 57 insertions(+), 34 deletions(-) diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c index 1bf03d409..f15306537 100644 --- a/drivers/auth/auth_mod.c +++ b/drivers/auth/auth_mod.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -33,7 +33,6 @@ #pragma weak plat_set_nv_ctr2 #pragma weak plat_convert_pk - static int cmp_auth_param_type_desc(const auth_param_type_desc_t *a, const auth_param_type_desc_t *b) { @@ -150,8 +149,8 @@ static int auth_signature(const auth_method_param_sig_t *param, const auth_img_desc_t *img_desc, void *img, unsigned int img_len) { - void *data_ptr, *pk_ptr, *pk_hash_ptr, *sig_ptr, *sig_alg_ptr; - unsigned int data_len, pk_len, pk_hash_len, sig_len, sig_alg_len; + void *data_ptr, *pk_ptr, *pk_plat_ptr, *sig_ptr, *sig_alg_ptr; + unsigned int data_len, pk_len, pk_plat_len, sig_len, sig_alg_len; unsigned int flags = 0; int rc = 0; @@ -173,52 +172,69 @@ static int auth_signature(const auth_method_param_sig_t *param, /* Get the public key from the parent. If there is no parent (NULL), * the certificate has been signed with the ROTPK, so we have to get * the PK from the platform */ - if (img_desc->parent) { + if (img_desc->parent != NULL) { rc = auth_get_param(param->pk, img_desc->parent, &pk_ptr, &pk_len); + return_if_error(rc); } else { - rc = plat_get_rotpk_info(param->pk->cookie, &pk_ptr, &pk_len, - &flags); - } - return_if_error(rc); + /* + * Root certificates are signed with the ROTPK, so we have to + * get it from the platform. + */ + rc = plat_get_rotpk_info(param->pk->cookie, &pk_plat_ptr, + &pk_plat_len, &flags); + return_if_error(rc); - if (flags & (ROTPK_IS_HASH | ROTPK_NOT_DEPLOYED)) { - /* If the PK is a hash of the key or if the ROTPK is not - deployed on the platform, retrieve the key from the image */ - pk_hash_ptr = pk_ptr; - pk_hash_len = pk_len; + assert(is_rotpk_flags_valid(flags)); + + /* Also retrieve the key from the image. */ rc = img_parser_get_auth_param(img_desc->img_type, - param->pk, img, img_len, - &pk_ptr, &pk_len); + param->pk, img, img_len, + &pk_ptr, &pk_len); return_if_error(rc); - /* Ask the crypto module to verify the signature */ - rc = crypto_mod_verify_signature(data_ptr, data_len, - sig_ptr, sig_len, - sig_alg_ptr, sig_alg_len, - pk_ptr, pk_len); - return_if_error(rc); - - if (flags & ROTPK_NOT_DEPLOYED) { + /* + * Validate the certificate's key against the platform ROTPK. + * + * Platform may store key in one of the following way - + * 1. Hash of ROTPK + * 2. Hash if prefixed, suffixed or modified ROTPK + * 3. Full ROTPK + */ + if ((flags & ROTPK_NOT_DEPLOYED) != 0U) { NOTICE("ROTPK is not deployed on platform. " "Skipping ROTPK verification.\n"); - } else { - /* platform may store the hash of a prefixed, suffixed or modified pk */ + } else if ((flags & ROTPK_IS_HASH) != 0U) { + /* + * platform may store the hash of a prefixed, + * suffixed or modified pk + */ rc = plat_convert_pk(pk_ptr, pk_len, &pk_ptr, &pk_len); return_if_error(rc); - /* Ask the crypto-module to verify the key hash */ + /* + * The hash of the certificate's public key must match + * the hash of the ROTPK. + */ rc = crypto_mod_verify_hash(pk_ptr, pk_len, - pk_hash_ptr, pk_hash_len); + pk_plat_ptr, pk_plat_len); + return_if_error(rc); + } else { + /* Platform supports full ROTPK */ + if ((pk_len != pk_plat_len) || + (memcmp(pk_plat_ptr, pk_ptr, pk_len) != 0)) { + ERROR("plat and cert ROTPK len mismatch\n"); + return -1; + } } - } else { - /* Ask the crypto module to verify the signature */ - rc = crypto_mod_verify_signature(data_ptr, data_len, - sig_ptr, sig_len, - sig_alg_ptr, sig_alg_len, - pk_ptr, pk_len); } + /* Ask the crypto module to verify the signature */ + rc = crypto_mod_verify_signature(data_ptr, data_len, + sig_ptr, sig_len, + sig_alg_ptr, sig_alg_len, + pk_ptr, pk_len); + return rc; } diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index a14d77504..72d316018 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -44,10 +44,17 @@ enum fw_enc_status_t; * plat_get_rotpk_info() flags ******************************************************************************/ #define ROTPK_IS_HASH (1 << 0) + /* Flag used to skip verification of the certificate ROTPK while the platform ROTPK is not deployed */ #define ROTPK_NOT_DEPLOYED (1 << 1) +static inline bool is_rotpk_flags_valid(unsigned int flags) +{ + unsigned int valid_flags = ROTPK_IS_HASH; + return (flags == ROTPK_NOT_DEPLOYED) || ((flags & ~valid_flags) == 0); +} + /******************************************************************************* * plat_get_enc_key_info() flags ******************************************************************************/ From 0ca7b32623041acca0e505a07fca458fe0876d79 Mon Sep 17 00:00:00 2001 From: Yann Gautier Date: Tue, 24 Jan 2023 09:23:10 +0100 Subject: [PATCH 3/5] docs(auth): add auth_decrypt in CM chapter The call to REGISTER_CRYPTO_LIB requires auth_decrypt function to be provided. Add its prototype and update REGISTER_CRYPTO_LIB call. Signed-off-by: Yann Gautier Change-Id: Id1f2a54867ffe5dec36e0bf22490d01858891585 --- docs/design/auth-framework.rst | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst index 38a1173db..508a82fac 100644 --- a/docs/design/auth-framework.rst +++ b/docs/design/auth-framework.rst @@ -241,6 +241,11 @@ functions must be provided by the CL: unsigned char output[CRYPTO_MD_MAX_SIZE]) int (*verify_hash)(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len); + int (*auth_decrypt)(enum crypto_dec_algo dec_algo, void *data_ptr, + size_t len, const void *key, unsigned int key_len, + unsigned int key_flags, const void *iv, + unsigned int iv_len, const void *tag, + unsigned int tag_len); These functions are registered in the CM using the macro: @@ -250,7 +255,8 @@ These functions are registered in the CM using the macro: _init, _verify_signature, _calc_hash, - _verify_hash); + _verify_hash, + _auth_decrypt); ``_name`` must be a string containing the name of the CL. This name is used for debugging purposes. From 4ac5b3949d874c4e0cd74fce8360a554bfd4cd3f Mon Sep 17 00:00:00 2001 From: Yann Gautier Date: Tue, 24 Jan 2023 09:39:47 +0100 Subject: [PATCH 4/5] refactor(auth): replace plat_convert_pk Following discussions in the reviews of the patch that introduced plat_convert_pk() function [1], it was decided to deprecate it to avoid weak function declaration. A new optional function pointer convert_pk is added to crypto_lib_desc_t. A new function crypto_mod_convert_pk() will either call crypto_lib_desc.convert_pk() if it is defined, or do the same as what was done by the weak function otherwise. [1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/17174 Signed-off-by: Yann Gautier Change-Id: I9358867f8bfd5e96b5ee238c066877da368e43c6 --- docs/design/auth-framework.rst | 22 ++++++++++++++- docs/porting-guide.rst | 28 ------------------- drivers/auth/auth_mod.c | 12 +------- drivers/auth/crypto_mod.c | 16 ++++++++++- .../auth/cryptocell/712/cryptocell_crypto.c | 2 +- .../auth/cryptocell/713/cryptocell_crypto.c | 2 +- drivers/auth/mbedtls/mbedtls_crypto.c | 8 +++--- drivers/nxp/crypto/caam/src/auth/nxp_crypto.c | 2 +- include/drivers/auth/crypto_mod.h | 19 +++++++++---- include/plat/common/platform.h | 2 -- plat/st/common/stm32mp_crypto_lib.c | 17 +++++------ 11 files changed, 67 insertions(+), 63 deletions(-) diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst index 508a82fac..597f955ec 100644 --- a/docs/design/auth-framework.rst +++ b/docs/design/auth-framework.rst @@ -256,7 +256,8 @@ These functions are registered in the CM using the macro: _verify_signature, _calc_hash, _verify_hash, - _auth_decrypt); + _auth_decrypt, + _convert_pk); ``_name`` must be a string containing the name of the CL. This name is used for debugging purposes. @@ -266,6 +267,25 @@ return the hash of the given data using the provided hash algorithm. This function is mainly used in the ``MEASURED_BOOT`` and ``DRTM_SUPPORT`` features to calculate the hashes of various images/data. +Optionally, a platform function can be provided to convert public key +(_convert_pk). It is only used if the platform saves a hash of the ROTPK. +Most platforms save the hash of the ROTPK, but some may save slightly different +information - e.g the hash of the ROTPK plus some related information. +Defining this function allows to transform the ROTPK used to verify +the signature to the buffer (a platform specific public key) which +hash is saved in OTP. + +.. code:: c + + int (*convert_pk)(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len); + + +- ``full_pk_ptr``: Pointer to Distinguished Encoding Rules (DER) ROTPK. +- ``full_pk_len``: DER ROTPK size. +- ``hashed_pk_ptr``: to return a pointer to a buffer, which hash should be the one saved in OTP. +- ``hashed_pk_len``: previous buffer size + Image Parser Module (IPM) ^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst index bc9c00f3c..25b55e813 100644 --- a/docs/porting-guide.rst +++ b/docs/porting-guide.rst @@ -894,34 +894,6 @@ The function returns 0 on success. Any other value means the counter value either could not be updated or the authentication image descriptor indicates that it is not allowed to be updated. -Function: plat_convert_pk() -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -:: - - Argument : void *, unsigned int, void **, unsigned int * - Return : int - -This function is optional when Trusted Board Boot is enabled, and only -used if the platform saves a hash of the ROTPK. -First argument is the Distinguished Encoding Rules (DER) ROTPK. -Second argument is its size. -Third argument is used to return a pointer to a buffer, which hash should -be the one saved in OTP. -Fourth argument is a pointer to return its size. - -Most platforms save the hash of the ROTPK, but some may save slightly different -information - e.g the hash of the ROTPK plus some related information. -Defining this function allows to transform the ROTPK used to verify -the signature to the buffer (a platform specific public key) which -hash is saved in OTP. - -The default implementation copies the input key and length to the output without -modification. - -The function returns 0 on success. Any other value means the expected -public key buffer cannot be extracted. - Dynamic Root of Trust for Measurement support (in BL31) ------------------------------------------------------- diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c index f15306537..7a9cca8e3 100644 --- a/drivers/auth/auth_mod.c +++ b/drivers/auth/auth_mod.c @@ -31,7 +31,6 @@ } while (0) #pragma weak plat_set_nv_ctr2 -#pragma weak plat_convert_pk static int cmp_auth_param_type_desc(const auth_param_type_desc_t *a, const auth_param_type_desc_t *b) @@ -209,7 +208,7 @@ static int auth_signature(const auth_method_param_sig_t *param, * platform may store the hash of a prefixed, * suffixed or modified pk */ - rc = plat_convert_pk(pk_ptr, pk_len, &pk_ptr, &pk_len); + rc = crypto_mod_convert_pk(pk_ptr, pk_len, &pk_ptr, &pk_len); return_if_error(rc); /* @@ -330,15 +329,6 @@ int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc __unused, return plat_set_nv_ctr(cookie, nv_ctr); } -int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, - void **hashed_pk_ptr, unsigned int *hashed_pk_len) -{ - *hashed_pk_ptr = full_pk_ptr; - *hashed_pk_len = full_pk_len; - - return 0; -} - /* * Return the parent id in the output parameter '*parent_id' * diff --git a/drivers/auth/crypto_mod.c b/drivers/auth/crypto_mod.c index fa1adb4f7..e36b2858a 100644 --- a/drivers/auth/crypto_mod.c +++ b/drivers/auth/crypto_mod.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -142,6 +142,20 @@ int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, #endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ +int crypto_mod_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len) +{ + if (crypto_lib_desc.convert_pk != NULL) { + return crypto_lib_desc.convert_pk(full_pk_ptr, full_pk_len, + hashed_pk_ptr, hashed_pk_len); + } + + *hashed_pk_ptr = full_pk_ptr; + *hashed_pk_len = full_pk_len; + + return 0; +} + /* * Authenticated decryption of data * diff --git a/drivers/auth/cryptocell/712/cryptocell_crypto.c b/drivers/auth/cryptocell/712/cryptocell_crypto.c index e2b189bb5..b6a3f7bda 100644 --- a/drivers/auth/cryptocell/712/cryptocell_crypto.c +++ b/drivers/auth/cryptocell/712/cryptocell_crypto.c @@ -330,5 +330,5 @@ static int verify_hash(void *data_ptr, unsigned int data_len, /* * Register crypto library descriptor */ -REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL); +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL); diff --git a/drivers/auth/cryptocell/713/cryptocell_crypto.c b/drivers/auth/cryptocell/713/cryptocell_crypto.c index 388264ed3..506cf1cf5 100644 --- a/drivers/auth/cryptocell/713/cryptocell_crypto.c +++ b/drivers/auth/cryptocell/713/cryptocell_crypto.c @@ -302,4 +302,4 @@ static int verify_hash(void *data_ptr, unsigned int data_len, /* * Register crypto library descriptor */ -REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL); +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL); diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c index 4241d2161..df4763d9b 100644 --- a/drivers/auth/mbedtls/mbedtls_crypto.c +++ b/drivers/auth/mbedtls/mbedtls_crypto.c @@ -396,17 +396,17 @@ static int auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, #if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC #if TF_MBEDTLS_USE_AES_GCM REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash, - auth_decrypt); + auth_decrypt, NULL); #else REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash, - NULL); + NULL, NULL); #endif #elif CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY #if TF_MBEDTLS_USE_AES_GCM REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, - auth_decrypt); + auth_decrypt, NULL); #else -REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL); +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL); #endif #elif CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY REGISTER_CRYPTO_LIB(LIB_NAME, init, calc_hash); diff --git a/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c b/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c index 646e981f7..a7fb898b0 100644 --- a/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c +++ b/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c @@ -120,4 +120,4 @@ static int verify_hash(void *data_ptr, unsigned int data_len, /* * Register crypto library descriptor */ -REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL); +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL); diff --git a/include/drivers/auth/crypto_mod.h b/include/drivers/auth/crypto_mod.h index 3a23df4b7..498fdcb79 100644 --- a/include/drivers/auth/crypto_mod.h +++ b/include/drivers/auth/crypto_mod.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -74,6 +74,10 @@ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC #endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ + /* Convert Public key (optional) */ + int (*convert_pk)(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len); + /* * Authenticated decryption. Return one of the * 'enum crypto_ret_value' options. @@ -119,27 +123,32 @@ int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, #endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ +int crypto_mod_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len); + #if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC /* Macro to register a cryptographic library */ #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ - _calc_hash, _auth_decrypt) \ + _calc_hash, _auth_decrypt, _convert_pk) \ const crypto_lib_desc_t crypto_lib_desc = { \ .name = _name, \ .init = _init, \ .verify_signature = _verify_signature, \ .verify_hash = _verify_hash, \ .calc_hash = _calc_hash, \ - .auth_decrypt = _auth_decrypt \ + .auth_decrypt = _auth_decrypt, \ + .convert_pk = _convert_pk \ } #elif CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ - _auth_decrypt) \ + _auth_decrypt, _convert_pk) \ const crypto_lib_desc_t crypto_lib_desc = { \ .name = _name, \ .init = _init, \ .verify_signature = _verify_signature, \ .verify_hash = _verify_hash, \ - .auth_decrypt = _auth_decrypt \ + .auth_decrypt = _auth_decrypt, \ + .convert_pk = _convert_pk \ } #elif CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY #define REGISTER_CRYPTO_LIB(_name, _init, _calc_hash) \ diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index 72d316018..d146a2945 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -352,8 +352,6 @@ int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr); int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr); int plat_set_nv_ctr2(void *cookie, const struct auth_img_desc_s *img_desc, unsigned int nv_ctr); -int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, - void **hashed_pk_ptr, unsigned int *hash_pk_len); int get_mbedtls_heap_helper(void **heap_addr, size_t *heap_size); int plat_get_enc_key_info(enum fw_enc_status_t fw_enc_status, uint8_t *key, size_t *key_len, unsigned int *flags, diff --git a/plat/st/common/stm32mp_crypto_lib.c b/plat/st/common/stm32mp_crypto_lib.c index 0da00193a..373a00815 100644 --- a/plat/st/common/stm32mp_crypto_lib.c +++ b/plat/st/common/stm32mp_crypto_lib.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022, STMicroelectronics - All Rights Reserved + * Copyright (c) 2022-2023, STMicroelectronics - All Rights Reserved * * SPDX-License-Identifier: BSD-3-Clause */ @@ -167,8 +167,8 @@ uint32_t verify_signature(uint8_t *hash_in, uint8_t *pubkey_in, return ret; } -int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, - void **hashed_pk_ptr, unsigned int *hashed_pk_len) +static int crypto_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len) { return get_plain_pk_from_asn1(full_pk_ptr, full_pk_len, hashed_pk_ptr, hashed_pk_len, NULL); } @@ -220,8 +220,8 @@ static uint32_t verify_signature(uint8_t *hash_in, uint8_t *pubkey_in, return 0; } -int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, - void **hashed_pk_ptr, unsigned int *hashed_pk_len) +static int crypto_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len) { static uint8_t st_pk[CRYPTO_PUBKEY_MAX_SIZE + sizeof(uint32_t)]; int ret; @@ -650,13 +650,14 @@ REGISTER_CRYPTO_LIB("stm32_crypto_lib", crypto_lib_init, crypto_verify_signature, crypto_verify_hash, - crypto_auth_decrypt); + crypto_auth_decrypt, + crypto_convert_pk); #else /* No decryption support */ REGISTER_CRYPTO_LIB("stm32_crypto_lib", crypto_lib_init, crypto_verify_signature, crypto_verify_hash, - NULL); - + NULL, + crypto_convert_pk); #endif From dee99f10b1dcea09091f4a1d53185153802dfb64 Mon Sep 17 00:00:00 2001 From: Yann Gautier Date: Wed, 15 Mar 2023 11:31:25 +0100 Subject: [PATCH 5/5] refactor(auth)!: unify REGISTER_CRYPTO_LIB Have only one definition for REGISTER_CRYPTO_LIB macro, with all the possible fields. Worst case adds 4 u64 to crypto_lib_desc. While at it, correct some MISRA violations: MC3R1.R12.1: (advisory) The precedence of operators within expressions should be made explicit. Signed-off-by: Yann Gautier Change-Id: I1342a20e6eef2354753182c2a81ff959e03e5c81 --- .../auth/cryptocell/712/cryptocell_crypto.c | 2 +- .../auth/cryptocell/713/cryptocell_crypto.c | 2 +- drivers/auth/mbedtls/mbedtls_crypto.c | 7 +-- drivers/nxp/crypto/caam/src/auth/nxp_crypto.c | 2 +- include/drivers/auth/crypto_mod.h | 44 ++++--------------- plat/st/common/stm32mp_crypto_lib.c | 2 + 6 files changed, 17 insertions(+), 42 deletions(-) diff --git a/drivers/auth/cryptocell/712/cryptocell_crypto.c b/drivers/auth/cryptocell/712/cryptocell_crypto.c index b6a3f7bda..bba13f8bb 100644 --- a/drivers/auth/cryptocell/712/cryptocell_crypto.c +++ b/drivers/auth/cryptocell/712/cryptocell_crypto.c @@ -330,5 +330,5 @@ static int verify_hash(void *data_ptr, unsigned int data_len, /* * Register crypto library descriptor */ -REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL); +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL, NULL); diff --git a/drivers/auth/cryptocell/713/cryptocell_crypto.c b/drivers/auth/cryptocell/713/cryptocell_crypto.c index 506cf1cf5..6601b3a88 100644 --- a/drivers/auth/cryptocell/713/cryptocell_crypto.c +++ b/drivers/auth/cryptocell/713/cryptocell_crypto.c @@ -302,4 +302,4 @@ static int verify_hash(void *data_ptr, unsigned int data_len, /* * Register crypto library descriptor */ -REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL); +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL, NULL); diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c index df4763d9b..6d6364f32 100644 --- a/drivers/auth/mbedtls/mbedtls_crypto.c +++ b/drivers/auth/mbedtls/mbedtls_crypto.c @@ -403,11 +403,12 @@ REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash, #endif #elif CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY #if TF_MBEDTLS_USE_AES_GCM -REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, auth_decrypt, NULL); #else -REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL); +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, + NULL, NULL); #endif #elif CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY -REGISTER_CRYPTO_LIB(LIB_NAME, init, calc_hash); +REGISTER_CRYPTO_LIB(LIB_NAME, init, NULL, NULL, calc_hash, NULL, NULL); #endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ diff --git a/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c b/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c index a7fb898b0..408d974aa 100644 --- a/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c +++ b/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c @@ -120,4 +120,4 @@ static int verify_hash(void *data_ptr, unsigned int data_len, /* * Register crypto library descriptor */ -REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL); +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL, NULL); diff --git a/include/drivers/auth/crypto_mod.h b/include/drivers/auth/crypto_mod.h index 498fdcb79..00ea8c620 100644 --- a/include/drivers/auth/crypto_mod.h +++ b/include/drivers/auth/crypto_mod.h @@ -52,8 +52,6 @@ typedef struct crypto_lib_desc_s { /* Verify a digital signature. Return one of the * 'enum crypto_ret_value' options */ -#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \ -CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC int (*verify_signature)(void *data_ptr, unsigned int data_len, void *sig_ptr, unsigned int sig_len, void *sig_alg, unsigned int sig_alg_len, @@ -62,17 +60,11 @@ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC /* Verify a hash. Return one of the 'enum crypto_ret_value' options */ int (*verify_hash)(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len); -#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \ - CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ -#if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ -CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC /* Calculate a hash. Return hash value */ int (*calc_hash)(enum crypto_md_algo md_alg, void *data_ptr, unsigned int data_len, unsigned char output[CRYPTO_MD_MAX_SIZE]); -#endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ - CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ /* Convert Public key (optional) */ int (*convert_pk)(void *full_pk_ptr, unsigned int full_pk_len, @@ -98,16 +90,16 @@ static inline void crypto_mod_init(void) } #endif /* CRYPTO_SUPPORT */ -#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \ -CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC +#if (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY) || \ + (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC) int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len, void *sig_ptr, unsigned int sig_len, void *sig_alg_ptr, unsigned int sig_alg_len, void *pk_ptr, unsigned int pk_len); int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len); -#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \ - CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ +#endif /* (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY) || \ + (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC) */ int crypto_mod_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, size_t len, const void *key, unsigned int key_len, @@ -115,18 +107,17 @@ int crypto_mod_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, unsigned int iv_len, const void *tag, unsigned int tag_len); -#if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ -CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC +#if (CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY) || \ + (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC) int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, unsigned int data_len, unsigned char output[CRYPTO_MD_MAX_SIZE]); -#endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ - CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ +#endif /* (CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY) || \ + (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC) */ int crypto_mod_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, void **hashed_pk_ptr, unsigned int *hashed_pk_len); -#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC /* Macro to register a cryptographic library */ #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ _calc_hash, _auth_decrypt, _convert_pk) \ @@ -139,25 +130,6 @@ int crypto_mod_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, .auth_decrypt = _auth_decrypt, \ .convert_pk = _convert_pk \ } -#elif CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY -#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ - _auth_decrypt, _convert_pk) \ - const crypto_lib_desc_t crypto_lib_desc = { \ - .name = _name, \ - .init = _init, \ - .verify_signature = _verify_signature, \ - .verify_hash = _verify_hash, \ - .auth_decrypt = _auth_decrypt, \ - .convert_pk = _convert_pk \ - } -#elif CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY -#define REGISTER_CRYPTO_LIB(_name, _init, _calc_hash) \ - const crypto_lib_desc_t crypto_lib_desc = { \ - .name = _name, \ - .init = _init, \ - .calc_hash = _calc_hash, \ - } -#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ extern const crypto_lib_desc_t crypto_lib_desc; diff --git a/plat/st/common/stm32mp_crypto_lib.c b/plat/st/common/stm32mp_crypto_lib.c index 373a00815..ea2b8dbf8 100644 --- a/plat/st/common/stm32mp_crypto_lib.c +++ b/plat/st/common/stm32mp_crypto_lib.c @@ -650,6 +650,7 @@ REGISTER_CRYPTO_LIB("stm32_crypto_lib", crypto_lib_init, crypto_verify_signature, crypto_verify_hash, + NULL, crypto_auth_decrypt, crypto_convert_pk); @@ -659,5 +660,6 @@ REGISTER_CRYPTO_LIB("stm32_crypto_lib", crypto_verify_signature, crypto_verify_hash, NULL, + NULL, crypto_convert_pk); #endif