diff --git a/bl1/bl1.ld.S b/bl1/bl1.ld.S
index d682384a6cb70fde87aa5d98e2a3ea683d9f18de..df9a799481315105380454329b4566fa2c888fdf 100644
--- a/bl1/bl1.ld.S
+++ b/bl1/bl1.ld.S
@@ -51,6 +51,12 @@ SECTIONS
*(.text*)
*(.rodata*)
+ /* Ensure 8-byte alignment for descriptors and ensure inclusion */
+ . = ALIGN(8);
+ __PARSER_LIB_DESCS_START__ = .;
+ KEEP(*(.img_parser_lib_descs))
+ __PARSER_LIB_DESCS_END__ = .;
+
/*
* Ensure 8-byte alignment for cpu_ops so that its fields are also
* aligned. Also ensure cpu_ops inclusion.
diff --git a/bl2/bl2.ld.S b/bl2/bl2.ld.S
index 99333391b7a351f994bc143cd25937010d70968c..33588e69806857e7a4de163131d3b1142f980134 100644
--- a/bl2/bl2.ld.S
+++ b/bl2/bl2.ld.S
@@ -50,6 +50,13 @@ SECTIONS
*bl2_entrypoint.o(.text*)
*(.text*)
*(.rodata*)
+
+ /* Ensure 8-byte alignment for descriptors and ensure inclusion */
+ . = ALIGN(8);
+ __PARSER_LIB_DESCS_START__ = .;
+ KEEP(*(.img_parser_lib_descs))
+ __PARSER_LIB_DESCS_END__ = .;
+
*(.vectors)
__RO_END_UNALIGNED__ = .;
/*
diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c
new file mode 100644
index 0000000000000000000000000000000000000000..bdd3c5a1023108ef389f17f6a686fd83d97073f8
--- /dev/null
+++ b/drivers/auth/auth_mod.c
@@ -0,0 +1,348 @@
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <assert.h>
+#include <auth_common.h>
+#include <auth_mod.h>
+#include <cot_def.h>
+#include <crypto_mod.h>
+#include <debug.h>
+#include <img_parser_mod.h>
+#include <platform.h>
+#include <platform_def.h>
+#include <stdint.h>
+#include <string.h>
+
+#define return_if_error(rc) \
+ do { \
+ if (rc != 0) { \
+ return rc; \
+ } \
+ } while (0)
+
+/* Pointer to CoT */
+extern const auth_img_desc_t *const cot_desc_ptr;
+extern unsigned int auth_img_flags[];
+
+static int cmp_auth_param_type_desc(const auth_param_type_desc_t *a,
+ const auth_param_type_desc_t *b)
+{
+ if ((a->type == b->type) && (a->cookie == b->cookie)) {
+ return 0;
+ }
+ return 1;
+}
+
+/*
+ * This function obtains the requested authentication parameter data from the
+ * information extracted from the parent image after its authentication.
+ */
+static int auth_get_param(const auth_param_type_desc_t *param_type_desc,
+ const auth_img_desc_t *img_desc,
+ void **param, unsigned int *len)
+{
+ int i;
+
+ for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) {
+ if (0 == cmp_auth_param_type_desc(param_type_desc,
+ img_desc->authenticated_data[i].type_desc)) {
+ *param = img_desc->authenticated_data[i].data.ptr;
+ *len = img_desc->authenticated_data[i].data.len;
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+/*
+ * Authenticate an image by matching the data hash
+ *
+ * This function implements 'AUTH_METHOD_HASH'. To authenticate an image using
+ * this method, the image must contain:
+ *
+ * - The data to calculate the hash from
+ *
+ * The parent image must contain:
+ *
+ * - The hash to be matched with (including hash algorithm)
+ *
+ * For a successful authentication, both hashes must match. The function calls
+ * the crypto-module to check this matching.
+ *
+ * Parameters:
+ * param: parameters to perform the hash authentication
+ * img_desc: pointer to image descriptor so we can know the image type
+ * and parent image
+ * img: pointer to image in memory
+ * img_len: length of image (in bytes)
+ *
+ * Return:
+ * 0 = success, Otherwise = error
+ */
+static int auth_hash(const auth_method_param_hash_t *param,
+ const auth_img_desc_t *img_desc,
+ void *img, unsigned int img_len)
+{
+ void *data_ptr, *hash_der_ptr;
+ unsigned int data_len, hash_der_len;
+ int rc = 0;
+
+ /* Get the hash from the parent image. This hash will be DER encoded
+ * and contain the hash algorithm */
+ rc = auth_get_param(param->hash, img_desc->parent,
+ &hash_der_ptr, &hash_der_len);
+ return_if_error(rc);
+
+ /* Get the data to be hashed from the current image */
+ rc = img_parser_get_auth_param(img_desc->img_type, param->data,
+ img, img_len, &data_ptr, &data_len);
+ return_if_error(rc);
+
+ /* Ask the crypto module to verify this hash */
+ rc = crypto_mod_verify_hash(data_ptr, data_len,
+ hash_der_ptr, hash_der_len);
+
+ return rc;
+}
+
+/*
+ * Authenticate by digital signature
+ *
+ * This function implements 'AUTH_METHOD_SIG'. To authenticate an image using
+ * this method, the image must contain:
+ *
+ * - Data to be signed
+ * - Signature
+ * - Signature algorithm
+ *
+ * We rely on the image parser module to extract this data from the image.
+ * The parent image must contain:
+ *
+ * - Public key (or a hash of it)
+ *
+ * If the parent image contains only a hash of the key, we will try to obtain
+ * the public key from the image itself (i.e. self-signed certificates). In that
+ * case, the signature verification is considered just an integrity check and
+ * the authentication is established by calculating the hash of the key and
+ * comparing it with the hash obtained from the parent.
+ *
+ * If the image has no parent (NULL), it means it has to be authenticated using
+ * the ROTPK stored in the platform. Again, this ROTPK could be the key itself
+ * or a hash of it.
+ *
+ * Return: 0 = success, Otherwise = error
+ */
+static int auth_signature(const auth_method_param_sig_t *param,
+ const auth_img_desc_t *img_desc,
+ void *img, unsigned int img_len)
+{
+ void *data_ptr, *pk_ptr, *pk_hash_ptr, *sig_ptr, *sig_alg_ptr;
+ unsigned int data_len, pk_len, pk_hash_len, sig_len, sig_alg_len;
+ unsigned int flags = 0;
+ int rc = 0;
+
+ /* Get the data to be signed from current image */
+ rc = img_parser_get_auth_param(img_desc->img_type, param->data,
+ img, img_len, &data_ptr, &data_len);
+ return_if_error(rc);
+
+ /* Get the signature from current image */
+ rc = img_parser_get_auth_param(img_desc->img_type, param->sig,
+ img, img_len, &sig_ptr, &sig_len);
+ return_if_error(rc);
+
+ /* Get the signature algorithm from current image */
+ rc = img_parser_get_auth_param(img_desc->img_type, param->alg,
+ img, img_len, &sig_alg_ptr, &sig_alg_len);
+ return_if_error(rc);
+
+ /* Get the public key from the parent. If there is no parent (NULL),
+ * the certificate has been signed with the ROTPK, so we have to get
+ * the PK from the platform */
+ if (img_desc->parent) {
+ rc = auth_get_param(param->pk, img_desc->parent,
+ &pk_ptr, &pk_len);
+ } else {
+ rc = plat_get_rotpk_info(param->pk->cookie, &pk_ptr, &pk_len,
+ &flags);
+ }
+ return_if_error(rc);
+
+ /* If the PK is a hash of the key, retrieve the key from the image */
+ if (flags & ROTPK_IS_HASH) {
+ pk_hash_ptr = pk_ptr;
+ pk_hash_len = pk_len;
+ rc = img_parser_get_auth_param(img_desc->img_type,
+ param->pk, img, img_len,
+ &pk_ptr, &pk_len);
+ return_if_error(rc);
+
+ /* Ask the crypto module to verify the signature */
+ rc = crypto_mod_verify_signature(data_ptr, data_len,
+ sig_ptr, sig_len,
+ sig_alg_ptr, sig_alg_len,
+ pk_ptr, pk_len);
+ return_if_error(rc);
+
+ /* Ask the crypto-module to verify the key hash */
+ rc = crypto_mod_verify_hash(pk_ptr, pk_len,
+ pk_hash_ptr, pk_hash_len);
+ } else {
+ /* Ask the crypto module to verify the signature */
+ rc = crypto_mod_verify_signature(data_ptr, data_len,
+ sig_ptr, sig_len,
+ sig_alg_ptr, sig_alg_len,
+ pk_ptr, pk_len);
+ }
+
+ return rc;
+}
+
+/*
+ * Return the parent id in the output parameter '*parent_id'
+ *
+ * Return value:
+ * 0 = Image has parent, 1 = Image has no parent or parent is authenticated
+ */
+int auth_mod_get_parent_id(unsigned int img_id, unsigned int *parent_id)
+{
+ const auth_img_desc_t *img_desc = NULL;
+
+ assert(parent_id != NULL);
+
+ /* Get the image descriptor */
+ img_desc = &cot_desc_ptr[img_id];
+
+ /* Check if the image has no parent (ROT) */
+ if (img_desc->parent == NULL) {
+ *parent_id = 0;
+ return 1;
+ }
+
+ /* Check if the parent has already been authenticated */
+ if (auth_img_flags[img_desc->parent->img_id] & IMG_FLAG_AUTHENTICATED) {
+ *parent_id = 0;
+ return 1;
+ }
+
+ *parent_id = img_desc->parent->img_id;
+ return 0;
+}
+
+/*
+ * Initialize the different modules in the authentication framework
+ */
+void auth_mod_init(void)
+{
+ /* Check we have a valid CoT registered */
+ assert(cot_desc_ptr != NULL);
+
+ /* Crypto module */
+ crypto_mod_init();
+
+ /* Image parser module */
+ img_parser_init();
+}
+
+/*
+ * Authenticate a certificate/image
+ *
+ * Return: 0 = success, Otherwise = error
+ */
+int auth_mod_verify_img(unsigned int img_id,
+ void *img_ptr,
+ unsigned int img_len)
+{
+ const auth_img_desc_t *img_desc = NULL;
+ const auth_method_desc_t *auth_method = NULL;
+ void *param_ptr;
+ unsigned int param_len;
+ int rc, i;
+
+ /* Get the image descriptor from the chain of trust */
+ img_desc = &cot_desc_ptr[img_id];
+
+ /* Ask the parser to check the image integrity */
+ rc = img_parser_check_integrity(img_desc->img_type, img_ptr, img_len);
+ return_if_error(rc);
+
+ /* Authenticate the image using the methods indicated in the image
+ * descriptor. */
+ for (i = 0 ; i < AUTH_METHOD_NUM ; i++) {
+ auth_method = &img_desc->img_auth_methods[i];
+ switch (auth_method->type) {
+ case AUTH_METHOD_NONE:
+ rc = 0;
+ break;
+ case AUTH_METHOD_HASH:
+ rc = auth_hash(&auth_method->param.hash,
+ img_desc, img_ptr, img_len);
+ break;
+ case AUTH_METHOD_SIG:
+ rc = auth_signature(&auth_method->param.sig,
+ img_desc, img_ptr, img_len);
+ break;
+ default:
+ /* Unknown authentication method */
+ rc = 1;
+ break;
+ }
+ return_if_error(rc);
+ }
+
+ /* Extract the parameters indicated in the image descriptor to
+ * authenticate the children images. */
+ for (i = 0 ; i < COT_MAX_VERIFIED_PARAMS ; i++) {
+ if (img_desc->authenticated_data[i].type_desc == NULL) {
+ continue;
+ }
+
+ /* Get the parameter from the image parser module */
+ rc = img_parser_get_auth_param(img_desc->img_type,
+ img_desc->authenticated_data[i].type_desc,
+ img_ptr, img_len, ¶m_ptr, ¶m_len);
+ return_if_error(rc);
+
+ /* Check parameter size */
+ if (param_len > img_desc->authenticated_data[i].data.len) {
+ return 1;
+ }
+
+ /* Copy the parameter for later use */
+ memcpy((void *)img_desc->authenticated_data[i].data.ptr,
+ (void *)param_ptr, param_len);
+ }
+
+ /* Mark image as authenticated */
+ auth_img_flags[img_desc->img_id] |= IMG_FLAG_AUTHENTICATED;
+
+ return 0;
+}
diff --git a/drivers/auth/crypto_mod.c b/drivers/auth/crypto_mod.c
new file mode 100644
index 0000000000000000000000000000000000000000..b432e6a7d2062da271d0b0b15795fedd4a6870ca
--- /dev/null
+++ b/drivers/auth/crypto_mod.c
@@ -0,0 +1,129 @@
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <assert.h>
+#include <crypto_mod.h>
+#include <debug.h>
+
+/* Variable exported by the crypto library through REGISTER_CRYPTO_LIB() */
+extern const crypto_lib_desc_t crypto_lib_desc;
+
+/*
+ * The crypto module is responsible for verifying digital signatures and hashes.
+ * It relies on a crypto library to perform the cryptographic operations.
+ *
+ * The crypto module itself does not impose any specific format on signatures,
+ * signature algorithm, keys or hashes, but most cryptographic libraries will
+ * take the parameters as the following DER encoded ASN.1 structures:
+ *
+ * AlgorithmIdentifier ::= SEQUENCE {
+ * algorithm OBJECT IDENTIFIER,
+ * parameters ANY DEFINED BY algorithm OPTIONAL
+ * }
+ *
+ * DigestInfo ::= SEQUENCE {
+ * digestAlgorithm AlgorithmIdentifier,
+ * digest OCTET STRING
+ * }
+ *
+ * SubjectPublicKeyInfo ::= SEQUENCE {
+ * algorithm AlgorithmIdentifier,
+ * subjectPublicKey BIT STRING
+ * }
+ *
+ * SignatureAlgorithm ::= AlgorithmIdentifier
+ *
+ * SignatureValue ::= BIT STRING
+ */
+
+/*
+ * Perform some static checking and call the library initialization function
+ */
+void crypto_mod_init(void)
+{
+ assert(crypto_lib_desc.name != NULL);
+ assert(crypto_lib_desc.init != NULL);
+ assert(crypto_lib_desc.verify_signature != NULL);
+ assert(crypto_lib_desc.verify_hash != NULL);
+
+ /* Initialize the cryptographic library */
+ crypto_lib_desc.init();
+ INFO("Using crypto library '%s'\n", crypto_lib_desc.name);
+}
+
+/*
+ * Function to verify a digital signature
+ *
+ * Parameters:
+ *
+ * data_ptr, data_len: signed data
+ * sig_ptr, sig_len: the digital signature
+ * sig_alg_ptr, sig_alg_len: the digital signature algorithm
+ * pk_ptr, pk_len: the public key
+ */
+int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len,
+ void *sig_ptr, unsigned int sig_len,
+ void *sig_alg_ptr, unsigned int sig_alg_len,
+ void *pk_ptr, unsigned int pk_len)
+{
+ assert(data_ptr != NULL);
+ assert(data_len != 0);
+ assert(sig_ptr != NULL);
+ assert(sig_len != 0);
+ assert(sig_alg_ptr != NULL);
+ assert(sig_alg_len != 0);
+ assert(pk_ptr != NULL);
+ assert(pk_len != 0);
+
+ return crypto_lib_desc.verify_signature(data_ptr, data_len,
+ sig_ptr, sig_len,
+ sig_alg_ptr, sig_alg_len,
+ pk_ptr, pk_len);
+}
+
+/*
+ * Verify a hash by comparison
+ *
+ * Parameters:
+ *
+ * data_ptr, data_len: data to be hashed
+ * digest_info_ptr, digest_info_len: hash to be compared
+ */
+int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len,
+ void *digest_info_ptr, unsigned int digest_info_len)
+{
+ assert(data_ptr != NULL);
+ assert(data_len != 0);
+ assert(digest_info_ptr != NULL);
+ assert(digest_info_len != 0);
+
+ return crypto_lib_desc.verify_hash(data_ptr, data_len,
+ digest_info_ptr, digest_info_len);
+}
diff --git a/drivers/auth/img_parser_mod.c b/drivers/auth/img_parser_mod.c
new file mode 100644
index 0000000000000000000000000000000000000000..c8cbe340a918f1e78804cb241924568e0b0216e4
--- /dev/null
+++ b/drivers/auth/img_parser_mod.c
@@ -0,0 +1,151 @@
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include <assert.h>
+#include <auth_common.h>
+#include <debug.h>
+#include <errno.h>
+#include <img_parser_mod.h>
+#include <limits.h>
+#include <stdint.h>
+#include <string.h>
+
+extern uintptr_t __PARSER_LIB_DESCS_START__;
+extern uintptr_t __PARSER_LIB_DESCS_END__;
+#define PARSER_LIB_DESCS_START ((uintptr_t) (&__PARSER_LIB_DESCS_START__))
+#define PARSER_LIB_DESCS_END ((uintptr_t) (&__PARSER_LIB_DESCS_END__))
+static unsigned int parser_lib_indices[IMG_MAX_TYPES];
+static img_parser_lib_desc_t *parser_lib_descs;
+
+#define INVALID_IDX UINT_MAX
+
+static void validate_desc(img_parser_lib_desc_t *desc)
+{
+ assert(desc != NULL);
+ assert(desc->init != NULL);
+ assert(desc->name != NULL);
+ assert(desc->check_integrity != NULL);
+ assert(desc->get_auth_param != NULL);
+}
+
+void img_parser_init(void)
+{
+ unsigned int index, mod_num;
+
+ /* Initialise internal variables to invalid state */
+ for (index = 0; index < IMG_MAX_TYPES; index++) {
+ parser_lib_indices[index] = INVALID_IDX;
+ }
+
+ /* Calculate how many image parsers are registered. At least one parser
+ * must be present */
+ mod_num = PARSER_LIB_DESCS_END - PARSER_LIB_DESCS_START;
+ mod_num /= sizeof(img_parser_lib_desc_t);
+ assert(mod_num > 0);
+
+ parser_lib_descs = (img_parser_lib_desc_t *) PARSER_LIB_DESCS_START;
+ for (index = 0; index < mod_num; index++) {
+
+ /* Check that the image parser library descriptor is valid */
+ validate_desc(&parser_lib_descs[index]);
+
+ /* Initialize image parser */
+ parser_lib_descs[index].init();
+
+ /* Ensure only one parser is registered for each image type */
+ assert(parser_lib_indices[parser_lib_descs[index].img_type] ==
+ INVALID_IDX);
+
+ /* Keep the index of this hash calculator */
+ parser_lib_indices[parser_lib_descs[index].img_type] = index;
+ }
+}
+
+int img_parser_check_integrity(img_type_t img_type,
+ void *img_ptr, unsigned int img_len)
+{
+ unsigned int idx;
+
+ assert(img_ptr != NULL);
+ assert(img_len != 0);
+
+ /* No integrity checks on raw images */
+ if (img_type == IMG_RAW) {
+ return IMG_PARSER_OK;
+ }
+
+ /* Find the index of the required image parser */
+ idx = parser_lib_indices[img_type];
+ assert(idx != INVALID_IDX);
+
+ /* Call the function to check the image integrity */
+ return parser_lib_descs[idx].check_integrity(img_ptr, img_len);
+}
+
+/*
+ * Extract an authentication parameter from an image
+ *
+ * Parameters:
+ * img_type: image type (certificate, raw image, etc)
+ * type_desc: provides info to obtain the parameter
+ * img_ptr: pointer to image data
+ * img_len: image length
+ * param_ptr: [out] stores a pointer to the parameter
+ * param_len: [out] stores the length of the parameter
+ */
+int img_parser_get_auth_param(img_type_t img_type,
+ const auth_param_type_desc_t *type_desc,
+ void *img_ptr, unsigned int img_len,
+ void **param_ptr, unsigned int *param_len)
+{
+ unsigned int idx;
+
+ assert(type_desc != NULL);
+ assert(img_ptr != NULL);
+ assert(img_len != 0);
+ assert(param_ptr != NULL);
+ assert(param_len != NULL);
+
+ /* In a raw image we can only get the data itself */
+ if (img_type == IMG_RAW) {
+ assert(type_desc->type == AUTH_PARAM_RAW_DATA);
+ *param_ptr = img_ptr;
+ *param_len = img_len;
+ return IMG_PARSER_OK;
+ }
+
+ /* Find the index of the required image parser library */
+ idx = parser_lib_indices[img_type];
+ assert(idx != INVALID_IDX);
+
+ /* Call the function to obtain the parameter */
+ return parser_lib_descs[idx].get_auth_param(type_desc, img_ptr, img_len,
+ param_ptr, param_len);
+}
diff --git a/include/drivers/auth/auth_common.h b/include/drivers/auth/auth_common.h
new file mode 100644
index 0000000000000000000000000000000000000000..52a895e4904d6b42807f7f27aa5b53ce2245544d
--- /dev/null
+++ b/include/drivers/auth/auth_common.h
@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __AUTH_COMMON_H__
+#define __AUTH_COMMON_H__
+
+/*
+ * Authentication framework common types
+ */
+
+/*
+ * Type of parameters that can be extracted from an image and
+ * used for authentication
+ */
+typedef enum auth_param_type_enum {
+ AUTH_PARAM_NONE,
+ AUTH_PARAM_RAW_DATA, /* Raw image data */
+ AUTH_PARAM_SIG, /* The image signature */
+ AUTH_PARAM_SIG_ALG, /* The image signature algorithm */
+ AUTH_PARAM_HASH, /* A hash (including the algorithm) */
+ AUTH_PARAM_PUB_KEY, /* A public key */
+} auth_param_type_t;
+
+/*
+ * Defines an authentication parameter. The cookie will be interpreted by the
+ * image parser module.
+ */
+typedef struct auth_param_type_desc_s {
+ auth_param_type_t type;
+ void *cookie;
+} auth_param_type_desc_t;
+
+/*
+ * Store a pointer to the authentication parameter and its length
+ */
+typedef struct auth_param_data_desc_s {
+ void *ptr;
+ unsigned int len;
+} auth_param_data_desc_t;
+
+/*
+ * Authentication parameter descriptor, including type and value
+ */
+typedef struct auth_param_desc_s {
+ auth_param_type_desc_t *type_desc;
+ auth_param_data_desc_t data;
+} auth_param_desc_t;
+
+/*
+ * The method type defines how an image is authenticated
+ */
+typedef enum auth_method_type_enum {
+ AUTH_METHOD_NONE = 0,
+ AUTH_METHOD_HASH, /* Authenticate by hash matching */
+ AUTH_METHOD_SIG, /* Authenticate by PK operation */
+ AUTH_METHOD_NUM /* Number of methods */
+} auth_method_type_t;
+
+/*
+ * Parameters for authentication by hash matching
+ */
+typedef struct auth_method_param_hash_s {
+ auth_param_type_desc_t *data; /* Data to hash */
+ auth_param_type_desc_t *hash; /* Hash to match with */
+} auth_method_param_hash_t;
+
+/*
+ * Parameters for authentication by signature
+ */
+typedef struct auth_method_param_sig_s {
+ auth_param_type_desc_t *pk; /* Public key */
+ auth_param_type_desc_t *sig; /* Signature to check */
+ auth_param_type_desc_t *alg; /* Signature algorithm */
+ auth_param_type_desc_t *data; /* Data signed */
+} auth_method_param_sig_t;
+
+/*
+ * Parameters for authentication by NV counter
+ */
+typedef struct auth_method_param_nv_ctr_s {
+ auth_param_type_desc_t *nv_ctr; /* NV counter value */
+} auth_method_param_nv_ctr_t;
+
+/*
+ * Authentication method descriptor
+ */
+typedef struct auth_method_desc_s {
+ auth_method_type_t type;
+ union {
+ auth_method_param_hash_t hash;
+ auth_method_param_sig_t sig;
+ auth_method_param_nv_ctr_t nv_ctr;
+ } param;
+} auth_method_desc_t;
+
+/*
+ * Helper macro to define an authentication parameter type descriptor
+ */
+#define AUTH_PARAM_TYPE_DESC(_type, _cookie) \
+ { \
+ .type = _type, \
+ .cookie = (void *)_cookie \
+ }
+
+/*
+ * Helper macro to define an authentication parameter data descriptor
+ */
+#define AUTH_PARAM_DATA_DESC(_ptr, _len) \
+ { \
+ .ptr = (void *)_ptr, \
+ .len = (unsigned int)_len \
+ }
+
+#endif /* __AUTH_COMMON_H__ */
diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h
new file mode 100644
index 0000000000000000000000000000000000000000..0f19b5c4c75b7eb8c45536883674d1ecc1ce8c05
--- /dev/null
+++ b/include/drivers/auth/auth_mod.h
@@ -0,0 +1,72 @@
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __AUTH_MOD_H__
+#define __AUTH_MOD_H__
+
+#if TRUSTED_BOARD_BOOT
+
+#include <auth_common.h>
+#include <cot_def.h>
+#include <img_parser_mod.h>
+
+/*
+ * Image flags
+ */
+#define IMG_FLAG_AUTHENTICATED (1 << 0)
+
+
+/*
+ * Authentication image descriptor
+ */
+typedef struct auth_img_desc_s {
+ unsigned int img_id;
+ const struct auth_img_desc_s *parent;
+ img_type_t img_type;
+ auth_method_desc_t img_auth_methods[AUTH_METHOD_NUM];
+ auth_param_desc_t authenticated_data[COT_MAX_VERIFIED_PARAMS];
+} auth_img_desc_t;
+
+/* Public functions */
+void auth_mod_init(void);
+int auth_mod_get_parent_id(unsigned int img_id, unsigned int *parent_id);
+int auth_mod_verify_img(unsigned int img_id,
+ void *img_ptr,
+ unsigned int img_len);
+
+/* Macro to register a CoT defined as an array of auth_img_desc_t */
+#define REGISTER_COT(_cot) \
+ const auth_img_desc_t *const cot_desc_ptr = \
+ (const auth_img_desc_t *const)&_cot[0]; \
+ unsigned int auth_img_flags[sizeof(_cot)/sizeof(_cot[0])];
+
+#endif /* TRUSTED_BOARD_BOOT */
+
+#endif /* __AUTH_MOD_H__ */
diff --git a/include/drivers/auth/crypto_mod.h b/include/drivers/auth/crypto_mod.h
new file mode 100644
index 0000000000000000000000000000000000000000..5a55624949deaa3955ad62f4664f02f63ba77597
--- /dev/null
+++ b/include/drivers/auth/crypto_mod.h
@@ -0,0 +1,84 @@
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __CRYPTO_MOD_H__
+#define __CRYPTO_MOD_H__
+
+/* Return values */
+enum crypto_ret_value {
+ CRYPTO_SUCCESS = 0,
+ CRYPTO_ERR_INIT,
+ CRYPTO_ERR_HASH,
+ CRYPTO_ERR_SIGNATURE,
+ CRYPTO_ERR_UNKNOWN
+};
+
+/*
+ * Cryptographic library descriptor
+ */
+typedef struct crypto_lib_desc_s {
+ const char *name;
+
+ /* Initialize library. This function is not expected to fail. All errors
+ * must be handled inside the function, asserting or panicing in case of
+ * a non-recoverable error */
+ void (*init)(void);
+
+ /* Verify a digital signature. Return one of the
+ * 'enum crypto_ret_value' options */
+ int (*verify_signature)(void *data_ptr, unsigned int data_len,
+ void *sig_ptr, unsigned int sig_len,
+ void *sig_alg, unsigned int sig_alg_len,
+ void *pk_ptr, unsigned int pk_len);
+
+ /* Verify a hash. Return one of the 'enum crypto_ret_value' options */
+ int (*verify_hash)(void *data_ptr, unsigned int data_len,
+ void *digest_info_ptr, unsigned int digest_info_len);
+} crypto_lib_desc_t;
+
+/* Public functions */
+void crypto_mod_init(void);
+int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len,
+ void *sig_ptr, unsigned int sig_len,
+ void *sig_alg, unsigned int sig_alg_len,
+ void *pk_ptr, unsigned int pk_len);
+int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len,
+ void *digest_info_ptr, unsigned int digest_info_len);
+
+/* Macro to register a cryptographic library */
+#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash) \
+ const crypto_lib_desc_t crypto_lib_desc = { \
+ .name = _name, \
+ .init = _init, \
+ .verify_signature = _verify_signature, \
+ .verify_hash = _verify_hash \
+ }
+
+#endif /* __CRYPTO_MOD_H__ */
diff --git a/include/drivers/auth/img_parser_mod.h b/include/drivers/auth/img_parser_mod.h
new file mode 100644
index 0000000000000000000000000000000000000000..d80e0fb7693935b85730e2b659b7a963d1d970af
--- /dev/null
+++ b/include/drivers/auth/img_parser_mod.h
@@ -0,0 +1,88 @@
+/*
+ * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions are met:
+ *
+ * Redistributions of source code must retain the above copyright notice, this
+ * list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of ARM nor the names of its contributors may be used
+ * to endorse or promote products derived from this software without specific
+ * prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#ifndef __IMG_PARSER_MOD_H__
+#define __IMG_PARSER_MOD_H__
+
+#include <auth_common.h>
+
+/*
+ * Return values
+ */
+enum img_parser_ret_value {
+ IMG_PARSER_OK,
+ IMG_PARSER_ERR, /* Parser internal error */
+ IMG_PARSER_ERR_FORMAT, /* Malformed image */
+ IMG_PARSER_ERR_NOT_FOUND /* Authentication data not found */
+};
+
+/*
+ * Image types. A parser should be instantiated and registered for each type
+ */
+typedef enum img_type_enum {
+ IMG_RAW, /* Binary image */
+ IMG_PLAT, /* Platform specific format */
+ IMG_CERT, /* X509v3 certificate */
+ IMG_MAX_TYPES,
+} img_type_t;
+
+/* Image parser library structure */
+typedef struct img_parser_lib_desc_s {
+ img_type_t img_type;
+ const char *name;
+
+ void (*init)(void);
+ int (*check_integrity)(void *img, unsigned int img_len);
+ int (*get_auth_param)(const auth_param_type_desc_t *type_desc,
+ void *img, unsigned int img_len,
+ void **param, unsigned int *param_len);
+} img_parser_lib_desc_t;
+
+/* Exported functions */
+void img_parser_init(void);
+int img_parser_check_integrity(img_type_t img_type,
+ void *img, unsigned int img_len);
+int img_parser_get_auth_param(img_type_t img_type,
+ const auth_param_type_desc_t *type_desc,
+ void *img, unsigned int img_len,
+ void **param_ptr, unsigned int *param_len);
+
+/* Macro to register an image parser library */
+#define REGISTER_IMG_PARSER_LIB(_type, _name, _init, _check_int, _get_param) \
+ static const img_parser_lib_desc_t __img_parser_lib_desc_##_type \
+ __attribute__ ((section(".img_parser_lib_descs"), used)) = { \
+ .img_type = _type, \
+ .name = _name, \
+ .init = _init, \
+ .check_integrity = _check_int, \
+ .get_auth_param = _get_param \
+ }
+
+#endif /* __IMG_PARSER_MOD_H__ */