• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
3  *
4  * SPDX-License-Identifier: BSD-3-Clause
5  */
6 
7 #ifndef AUTH_COMMON_H
8 #define AUTH_COMMON_H
9 
10 /*
11  * Authentication framework common types
12  */
13 
14 /*
15  * Type of parameters that can be extracted from an image and
16  * used for authentication
17  */
18 typedef enum auth_param_type_enum {
19 	AUTH_PARAM_NONE,
20 	AUTH_PARAM_RAW_DATA,		/* Raw image data */
21 	AUTH_PARAM_SIG,			/* The image signature */
22 	AUTH_PARAM_SIG_ALG,		/* The image signature algorithm */
23 	AUTH_PARAM_HASH,		/* A hash (including the algorithm) */
24 	AUTH_PARAM_PUB_KEY,		/* A public key */
25 	AUTH_PARAM_NV_CTR,		/* A non-volatile counter */
26 } auth_param_type_t;
27 
28 /*
29  * Defines an authentication parameter. The cookie will be interpreted by the
30  * image parser module.
31  */
32 typedef struct auth_param_type_desc_s {
33 	auth_param_type_t type;
34 	void *cookie;
35 } auth_param_type_desc_t;
36 
37 /*
38  * Store a pointer to the authentication parameter and its length
39  */
40 typedef struct auth_param_data_desc_s {
41 	void *ptr;
42 	unsigned int len;
43 } auth_param_data_desc_t;
44 
45 /*
46  * Authentication parameter descriptor, including type and value
47  */
48 typedef struct auth_param_desc_s {
49 	auth_param_type_desc_t *type_desc;
50 	auth_param_data_desc_t data;
51 } auth_param_desc_t;
52 
53 /*
54  * The method type defines how an image is authenticated
55  */
56 typedef enum auth_method_type_enum {
57 	AUTH_METHOD_NONE = 0,
58 	AUTH_METHOD_HASH,	/* Authenticate by hash matching */
59 	AUTH_METHOD_SIG,	/* Authenticate by PK operation */
60 	AUTH_METHOD_NV_CTR,	/* Authenticate by Non-Volatile Counter */
61 	AUTH_METHOD_NUM 	/* Number of methods */
62 } auth_method_type_t;
63 
64 /*
65  * Parameters for authentication by hash matching
66  */
67 typedef struct auth_method_param_hash_s {
68 	auth_param_type_desc_t *data;	/* Data to hash */
69 	auth_param_type_desc_t *hash;	/* Hash to match with */
70 } auth_method_param_hash_t;
71 
72 /*
73  * Parameters for authentication by signature
74  */
75 typedef struct auth_method_param_sig_s {
76 	auth_param_type_desc_t *pk;	/* Public key */
77 	auth_param_type_desc_t *sig;	/* Signature to check */
78 	auth_param_type_desc_t *alg;	/* Signature algorithm */
79 	auth_param_type_desc_t *data;	/* Data signed */
80 } auth_method_param_sig_t;
81 
82 /*
83  * Parameters for authentication by NV counter
84  */
85 typedef struct auth_method_param_nv_ctr_s {
86 	auth_param_type_desc_t *cert_nv_ctr;	/* NV counter in certificate */
87 	auth_param_type_desc_t *plat_nv_ctr;	/* NV counter in platform */
88 } auth_method_param_nv_ctr_t;
89 
90 /*
91  * Authentication method descriptor
92  */
93 typedef struct auth_method_desc_s {
94 	auth_method_type_t type;
95 	union {
96 		auth_method_param_hash_t hash;
97 		auth_method_param_sig_t sig;
98 		auth_method_param_nv_ctr_t nv_ctr;
99 	} param;
100 } auth_method_desc_t;
101 
102 /*
103  * Helper macro to define an authentication parameter type descriptor
104  */
105 #define AUTH_PARAM_TYPE_DESC(_type, _cookie) \
106 	{ \
107 		.type = _type, \
108 		.cookie = (void *)_cookie \
109 	}
110 
111 /*
112  * Helper macro to define an authentication parameter data descriptor
113  */
114 #define AUTH_PARAM_DATA_DESC(_ptr, _len) \
115 	{ \
116 		.ptr = (void *)_ptr, \
117 		.len = (unsigned int)_len \
118 	}
119 
120 #endif /* AUTH_COMMON_H */
121