1 /* 2 * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 #ifndef AUTH_COMMON_H 8 #define AUTH_COMMON_H 9 10 /* 11 * Authentication framework common types 12 */ 13 14 /* 15 * Type of parameters that can be extracted from an image and 16 * used for authentication 17 */ 18 typedef enum auth_param_type_enum { 19 AUTH_PARAM_NONE, 20 AUTH_PARAM_RAW_DATA, /* Raw image data */ 21 AUTH_PARAM_SIG, /* The image signature */ 22 AUTH_PARAM_SIG_ALG, /* The image signature algorithm */ 23 AUTH_PARAM_HASH, /* A hash (including the algorithm) */ 24 AUTH_PARAM_PUB_KEY, /* A public key */ 25 AUTH_PARAM_NV_CTR, /* A non-volatile counter */ 26 } auth_param_type_t; 27 28 /* 29 * Defines an authentication parameter. The cookie will be interpreted by the 30 * image parser module. 31 */ 32 typedef struct auth_param_type_desc_s { 33 auth_param_type_t type; 34 void *cookie; 35 } auth_param_type_desc_t; 36 37 /* 38 * Store a pointer to the authentication parameter and its length 39 */ 40 typedef struct auth_param_data_desc_s { 41 void *ptr; 42 unsigned int len; 43 } auth_param_data_desc_t; 44 45 /* 46 * Authentication parameter descriptor, including type and value 47 */ 48 typedef struct auth_param_desc_s { 49 auth_param_type_desc_t *type_desc; 50 auth_param_data_desc_t data; 51 } auth_param_desc_t; 52 53 /* 54 * The method type defines how an image is authenticated 55 */ 56 typedef enum auth_method_type_enum { 57 AUTH_METHOD_NONE = 0, 58 AUTH_METHOD_HASH, /* Authenticate by hash matching */ 59 AUTH_METHOD_SIG, /* Authenticate by PK operation */ 60 AUTH_METHOD_NV_CTR, /* Authenticate by Non-Volatile Counter */ 61 AUTH_METHOD_NUM /* Number of methods */ 62 } auth_method_type_t; 63 64 /* 65 * Parameters for authentication by hash matching 66 */ 67 typedef struct auth_method_param_hash_s { 68 auth_param_type_desc_t *data; /* Data to hash */ 69 auth_param_type_desc_t *hash; /* Hash to match with */ 70 } auth_method_param_hash_t; 71 72 /* 73 * Parameters for authentication by signature 74 */ 75 typedef struct auth_method_param_sig_s { 76 auth_param_type_desc_t *pk; /* Public key */ 77 auth_param_type_desc_t *sig; /* Signature to check */ 78 auth_param_type_desc_t *alg; /* Signature algorithm */ 79 auth_param_type_desc_t *data; /* Data signed */ 80 } auth_method_param_sig_t; 81 82 /* 83 * Parameters for authentication by NV counter 84 */ 85 typedef struct auth_method_param_nv_ctr_s { 86 auth_param_type_desc_t *cert_nv_ctr; /* NV counter in certificate */ 87 auth_param_type_desc_t *plat_nv_ctr; /* NV counter in platform */ 88 } auth_method_param_nv_ctr_t; 89 90 /* 91 * Authentication method descriptor 92 */ 93 typedef struct auth_method_desc_s { 94 auth_method_type_t type; 95 union { 96 auth_method_param_hash_t hash; 97 auth_method_param_sig_t sig; 98 auth_method_param_nv_ctr_t nv_ctr; 99 } param; 100 } auth_method_desc_t; 101 102 /* 103 * Helper macro to define an authentication parameter type descriptor 104 */ 105 #define AUTH_PARAM_TYPE_DESC(_type, _cookie) \ 106 { \ 107 .type = _type, \ 108 .cookie = (void *)_cookie \ 109 } 110 111 /* 112 * Helper macro to define an authentication parameter data descriptor 113 */ 114 #define AUTH_PARAM_DATA_DESC(_ptr, _len) \ 115 { \ 116 .ptr = (void *)_ptr, \ 117 .len = (unsigned int)_len \ 118 } 119 120 #endif /* AUTH_COMMON_H */ 121