summaryrefslogtreecommitdiffstats
path: root/include/drivers/auth/auth_common.h
blob: e6859fdb67498d178823709cf5edf8e225cb9c11 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
/*
 * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
 *
 * SPDX-License-Identifier: BSD-3-Clause
 */

#ifndef AUTH_COMMON_H
#define AUTH_COMMON_H

/*
 * Authentication framework common types
 */

/*
 * Type of parameters that can be extracted from an image and
 * used for authentication
 */
typedef enum auth_param_type_enum {
	AUTH_PARAM_NONE,
	AUTH_PARAM_RAW_DATA,		/* Raw image data */
	AUTH_PARAM_SIG,			/* The image signature */
	AUTH_PARAM_SIG_ALG,		/* The image signature algorithm */
	AUTH_PARAM_HASH,		/* A hash (including the algorithm) */
	AUTH_PARAM_PUB_KEY,		/* A public key */
	AUTH_PARAM_NV_CTR,		/* A non-volatile counter */
} auth_param_type_t;

/*
 * Defines an authentication parameter. The cookie will be interpreted by the
 * image parser module.
 */
typedef struct auth_param_type_desc_s {
	auth_param_type_t type;
	void *cookie;
} auth_param_type_desc_t;

/*
 * Store a pointer to the authentication parameter and its length
 */
typedef struct auth_param_data_desc_s {
	void *ptr;
	unsigned int len;
} auth_param_data_desc_t;

/*
 * Authentication parameter descriptor, including type and value
 */
typedef struct auth_param_desc_s {
	auth_param_type_desc_t *type_desc;
	auth_param_data_desc_t data;
} auth_param_desc_t;

/*
 * The method type defines how an image is authenticated
 */
typedef enum auth_method_type_enum {
	AUTH_METHOD_NONE = 0,
	AUTH_METHOD_HASH,	/* Authenticate by hash matching */
	AUTH_METHOD_SIG,	/* Authenticate by PK operation */
	AUTH_METHOD_NV_CTR,	/* Authenticate by Non-Volatile Counter */
	AUTH_METHOD_NUM 	/* Number of methods */
} auth_method_type_t;

/*
 * Parameters for authentication by hash matching
 */
typedef struct auth_method_param_hash_s {
	auth_param_type_desc_t *data;	/* Data to hash */
	auth_param_type_desc_t *hash;	/* Hash to match with */
} auth_method_param_hash_t;

/*
 * Parameters for authentication by signature
 */
typedef struct auth_method_param_sig_s {
	auth_param_type_desc_t *pk;	/* Public key */
	auth_param_type_desc_t *sig;	/* Signature to check */
	auth_param_type_desc_t *alg;	/* Signature algorithm */
	auth_param_type_desc_t *data;	/* Data signed */
} auth_method_param_sig_t;

/*
 * Parameters for authentication by NV counter
 */
typedef struct auth_method_param_nv_ctr_s {
	auth_param_type_desc_t *cert_nv_ctr;	/* NV counter in certificate */
	auth_param_type_desc_t *plat_nv_ctr;	/* NV counter in platform */
} auth_method_param_nv_ctr_t;

/*
 * Authentication method descriptor
 */
typedef struct auth_method_desc_s {
	auth_method_type_t type;
	union {
		auth_method_param_hash_t hash;
		auth_method_param_sig_t sig;
		auth_method_param_nv_ctr_t nv_ctr;
	} param;
} auth_method_desc_t;

/*
 * Helper macro to define an authentication parameter type descriptor
 */
#define AUTH_PARAM_TYPE_DESC(_type, _cookie) \
	{ \
		.type = _type, \
		.cookie = (void *)_cookie \
	}

/*
 * Helper macro to define an authentication parameter data descriptor
 */
#define AUTH_PARAM_DATA_DESC(_ptr, _len) \
	{ \
		.ptr = (void *)_ptr, \
		.len = (unsigned int)_len \
	}

#endif /* AUTH_COMMON_H */