nxp_crypto.c 2.64 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
/*
 * Copyright 2021 NXP
 *
 * SPDX-License-Identifier: BSD-3-Clause
 *
 */

#include <stddef.h>
#include <string.h>

#include "caam.h"
#include <common/debug.h>
#include <drivers/auth/crypto_mod.h>

#include "hash.h"
#include "rsa.h"

#define LIB_NAME		"NXP crypto"

/*
 * Initialize the library and export the descriptor
 */
static void init(void)
{
	/* Initialize NXP crypto library`:*/
	NOTICE("Initializing & configuring SEC block.\n");

	if (config_sec_block() < 0) {
		ERROR("Init & config failure for caam.\n");
	}
}

/*
 * Verify a signature.
 *
 * For IMG_PLAT - data points to a PKCS#1.5 encoded HASH
 * sig_alg will be RSA or ECC
 * Parameters are passed using the DER encoding format following the ASN.1
 * structures detailed above.
 */
static int verify_signature(void *data_ptr, unsigned int data_len,
			    void *sig_ptr, unsigned int sig_len,
			    void *sign_alg, unsigned int sig_alg_len,
			    void *pk_ptr, unsigned int pk_len)
{
	int ret = CRYPTO_SUCCESS;

	enum sig_alg alg = *(enum sig_alg *)sign_alg;

	switch (alg) {
	case RSA:
		NOTICE("Verifying RSA\n");
		ret = rsa_verify_signature(data_ptr, data_len, sig_ptr, sig_len,
					   pk_ptr, pk_len);
		break;
	case ECC:
	default:
		ret = CRYPTO_ERR_SIGNATURE;
		break;
	}

	if (ret != 0) {
		ERROR("RSA verification Failed\n");
	}
	return ret;

}

/*
 * Match a hash
 *
 * Digest info is passed as a table of SHA-26 hashes and digest_info_len
 * is number of entries in the table
 * This implementation is very specific to the CSF header parser ROTPK
 * comparison.
 */
static int verify_hash(void *data_ptr, unsigned int data_len,
		       void *digest_info_ptr, unsigned int digest_info_len)
{
	void *ctx = NULL;
	int i = 0, ret = 0;
	enum hash_algo algo = SHA256;
	uint8_t hash[SHA256_BYTES] __aligned(CACHE_WRITEBACK_GRANULE) = {0};
	uint32_t digest_size = SHA256_BYTES;
	uint8_t *hash_tbl = digest_info_ptr;

	NOTICE("Verifying hash\n");
	ret = hash_init(algo, &ctx);
	if (ret != 0) {
		return CRYPTO_ERR_HASH;
	}

	/* Update hash with that of SRK table */
	ret = hash_update(algo, ctx, data_ptr, data_len);
	if (ret != 0) {
		return CRYPTO_ERR_HASH;
	}

	/* Copy hash at destination buffer */
	ret = hash_final(algo, ctx, hash, digest_size);
	if (ret != 0) {
		return CRYPTO_ERR_HASH;
	}

	VERBOSE("%s Calculated hash\n", __func__);
	for (i = 0; i < SHA256_BYTES/4; i++) {
		VERBOSE("%x\n", *((uint32_t *)hash + i));
	}

	for (i = 0; i < digest_info_len; i++) {
		if (memcmp(hash, (hash_tbl + (i * digest_size)),
			   digest_size) == 0) {
			return CRYPTO_SUCCESS;
		}
	}

	return CRYPTO_ERR_HASH;
}

/*
 * Register crypto library descriptor
 */
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);