Home | History | Annotate | Download | only in auth 
      1 /*
      2  * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
      3  *
      4  * SPDX-License-Identifier: BSD-3-Clause
      5  */
      6 
      7 #include <assert.h>
      8 #include <crypto_mod.h>
      9 #include <debug.h>
     10 
     11 /* Variable exported by the crypto library through REGISTER_CRYPTO_LIB() */
     12 extern const crypto_lib_desc_t crypto_lib_desc;
     13 
     14 /*
     15  * The crypto module is responsible for verifying digital signatures and hashes.
     16  * It relies on a crypto library to perform the cryptographic operations.
     17  *
     18  * The crypto module itself does not impose any specific format on signatures,
     19  * signature algorithm, keys or hashes, but most cryptographic libraries will
     20  * take the parameters as the following DER encoded ASN.1 structures:
     21  *
     22  *     AlgorithmIdentifier ::= SEQUENCE  {
     23  *         algorithm        OBJECT IDENTIFIER,
     24  *         parameters       ANY DEFINED BY algorithm OPTIONAL
     25  *     }
     26  *
     27  *     DigestInfo ::= SEQUENCE {
     28  *         digestAlgorithm  AlgorithmIdentifier,
     29  *         digest           OCTET STRING
     30  *     }
     31  *
     32  *     SubjectPublicKeyInfo ::= SEQUENCE  {
     33  *         algorithm        AlgorithmIdentifier,
     34  *         subjectPublicKey BIT STRING
     35  *     }
     36  *
     37  *     SignatureAlgorithm ::= AlgorithmIdentifier
     38  *
     39  *     SignatureValue ::= BIT STRING
     40  */
     41 
     42 /*
     43  * Perform some static checking and call the library initialization function
     44  */
     45 void crypto_mod_init(void)
     46 {
     47 	assert(crypto_lib_desc.name != NULL);
     48 	assert(crypto_lib_desc.init != NULL);
     49 	assert(crypto_lib_desc.verify_signature != NULL);
     50 	assert(crypto_lib_desc.verify_hash != NULL);
     51 
     52 	/* Initialize the cryptographic library */
     53 	crypto_lib_desc.init();
     54 	INFO("Using crypto library '%s'\n", crypto_lib_desc.name);
     55 }
     56 
     57 /*
     58  * Function to verify a digital signature
     59  *
     60  * Parameters:
     61  *
     62  *   data_ptr, data_len: signed data
     63  *   sig_ptr, sig_len: the digital signature
     64  *   sig_alg_ptr, sig_alg_len: the digital signature algorithm
     65  *   pk_ptr, pk_len: the public key
     66  */
     67 int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len,
     68 				void *sig_ptr, unsigned int sig_len,
     69 				void *sig_alg_ptr, unsigned int sig_alg_len,
     70 				void *pk_ptr, unsigned int pk_len)
     71 {
     72 	assert(data_ptr != NULL);
     73 	assert(data_len != 0);
     74 	assert(sig_ptr != NULL);
     75 	assert(sig_len != 0);
     76 	assert(sig_alg_ptr != NULL);
     77 	assert(sig_alg_len != 0);
     78 	assert(pk_ptr != NULL);
     79 	assert(pk_len != 0);
     80 
     81 	return crypto_lib_desc.verify_signature(data_ptr, data_len,
     82 						sig_ptr, sig_len,
     83 						sig_alg_ptr, sig_alg_len,
     84 						pk_ptr, pk_len);
     85 }
     86 
     87 /*
     88  * Verify a hash by comparison
     89  *
     90  * Parameters:
     91  *
     92  *   data_ptr, data_len: data to be hashed
     93  *   digest_info_ptr, digest_info_len: hash to be compared
     94  */
     95 int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len,
     96 			   void *digest_info_ptr, unsigned int digest_info_len)
     97 {
     98 	assert(data_ptr != NULL);
     99 	assert(data_len != 0);
    100 	assert(digest_info_ptr != NULL);
    101 	assert(digest_info_len != 0);
    102 
    103 	return crypto_lib_desc.verify_hash(data_ptr, data_len,
    104 					   digest_info_ptr, digest_info_len);
    105 }
    106