1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
|
/*
* Copyright 2021 NXP
*
* SPDX-License-Identifier: BSD-3-Clause
*
*/
#include <stddef.h>
#include <string.h>
#include "caam.h"
#include <common/debug.h>
#include <drivers/auth/crypto_mod.h>
#include "hash.h"
#include "rsa.h"
#define LIB_NAME "NXP crypto"
/*
* Initialize the library and export the descriptor
*/
static void init(void)
{
/* Initialize NXP crypto library`:*/
NOTICE("Initializing & configuring SEC block.\n");
if (config_sec_block() < 0) {
ERROR("Init & config failure for caam.\n");
}
}
/*
* Verify a signature.
*
* For IMG_PLAT - data points to a PKCS#1.5 encoded HASH
* sig_alg will be RSA or ECC
* Parameters are passed using the DER encoding format following the ASN.1
* structures detailed above.
*/
static int verify_signature(void *data_ptr, unsigned int data_len,
void *sig_ptr, unsigned int sig_len,
void *sign_alg, unsigned int sig_alg_len,
void *pk_ptr, unsigned int pk_len)
{
int ret = CRYPTO_SUCCESS;
enum sig_alg alg = *(enum sig_alg *)sign_alg;
switch (alg) {
case RSA:
NOTICE("Verifying RSA\n");
ret = rsa_verify_signature(data_ptr, data_len, sig_ptr, sig_len,
pk_ptr, pk_len);
break;
case ECC:
default:
ret = CRYPTO_ERR_SIGNATURE;
break;
}
if (ret != 0) {
ERROR("RSA verification Failed\n");
}
return ret;
}
/*
* Match a hash
*
* Digest info is passed as a table of SHA-26 hashes and digest_info_len
* is number of entries in the table
* This implementation is very specific to the CSF header parser ROTPK
* comparison.
*/
static int verify_hash(void *data_ptr, unsigned int data_len,
void *digest_info_ptr, unsigned int digest_info_len)
{
void *ctx = NULL;
int i = 0, ret = 0;
enum hash_algo algo = SHA256;
uint8_t hash[SHA256_BYTES] __aligned(CACHE_WRITEBACK_GRANULE) = {0};
uint32_t digest_size = SHA256_BYTES;
uint8_t *hash_tbl = digest_info_ptr;
NOTICE("Verifying hash\n");
ret = hash_init(algo, &ctx);
if (ret != 0) {
return CRYPTO_ERR_HASH;
}
/* Update hash with that of SRK table */
ret = hash_update(algo, ctx, data_ptr, data_len);
if (ret != 0) {
return CRYPTO_ERR_HASH;
}
/* Copy hash at destination buffer */
ret = hash_final(algo, ctx, hash, digest_size);
if (ret != 0) {
return CRYPTO_ERR_HASH;
}
VERBOSE("%s Calculated hash\n", __func__);
for (i = 0; i < SHA256_BYTES/4; i++) {
VERBOSE("%x\n", *((uint32_t *)hash + i));
}
for (i = 0; i < digest_info_len; i++) {
if (memcmp(hash, (hash_tbl + (i * digest_size)),
digest_size) == 0) {
return CRYPTO_SUCCESS;
}
}
return CRYPTO_ERR_HASH;
}
/*
* Register crypto library descriptor
*/
REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);
|
