From f1e693a77548950cfffcb1d5a4b67cf349e0aed9 Mon Sep 17 00:00:00 2001 From: Manish V Badarkhe Date: Fri, 10 Mar 2023 19:00:02 +0000 Subject: feat(auth): compare platform and certificate ROTPK for authentication Compared the full ROTPK with the ROTPK obtained from the certificate when the platform supports full ROTPK instead of hash of ROTPK. Additionally, changed the code to verify the ROTPK before relying on it for signature verification. Change-Id: I52bb9deb1a1dd5b184d3156bddad14c238692de7 Signed-off-by: Manish V Badarkhe --- include/plat/common/platform.h | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'include') diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index a14d77504..72d316018 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -44,10 +44,17 @@ enum fw_enc_status_t; * plat_get_rotpk_info() flags ******************************************************************************/ #define ROTPK_IS_HASH (1 << 0) + /* Flag used to skip verification of the certificate ROTPK while the platform ROTPK is not deployed */ #define ROTPK_NOT_DEPLOYED (1 << 1) +static inline bool is_rotpk_flags_valid(unsigned int flags) +{ + unsigned int valid_flags = ROTPK_IS_HASH; + return (flags == ROTPK_NOT_DEPLOYED) || ((flags & ~valid_flags) == 0); +} + /******************************************************************************* * plat_get_enc_key_info() flags ******************************************************************************/ -- cgit v1.2.1 From 4ac5b3949d874c4e0cd74fce8360a554bfd4cd3f Mon Sep 17 00:00:00 2001 From: Yann Gautier Date: Tue, 24 Jan 2023 09:39:47 +0100 Subject: refactor(auth): replace plat_convert_pk Following discussions in the reviews of the patch that introduced plat_convert_pk() function [1], it was decided to deprecate it to avoid weak function declaration. A new optional function pointer convert_pk is added to crypto_lib_desc_t. A new function crypto_mod_convert_pk() will either call crypto_lib_desc.convert_pk() if it is defined, or do the same as what was done by the weak function otherwise. [1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/17174 Signed-off-by: Yann Gautier Change-Id: I9358867f8bfd5e96b5ee238c066877da368e43c6 --- include/drivers/auth/crypto_mod.h | 19 ++++++++++++++----- include/plat/common/platform.h | 2 -- 2 files changed, 14 insertions(+), 7 deletions(-) (limited to 'include') diff --git a/include/drivers/auth/crypto_mod.h b/include/drivers/auth/crypto_mod.h index 3a23df4b7..498fdcb79 100644 --- a/include/drivers/auth/crypto_mod.h +++ b/include/drivers/auth/crypto_mod.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -74,6 +74,10 @@ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC #endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ + /* Convert Public key (optional) */ + int (*convert_pk)(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len); + /* * Authenticated decryption. Return one of the * 'enum crypto_ret_value' options. @@ -119,27 +123,32 @@ int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, #endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ +int crypto_mod_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len); + #if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC /* Macro to register a cryptographic library */ #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ - _calc_hash, _auth_decrypt) \ + _calc_hash, _auth_decrypt, _convert_pk) \ const crypto_lib_desc_t crypto_lib_desc = { \ .name = _name, \ .init = _init, \ .verify_signature = _verify_signature, \ .verify_hash = _verify_hash, \ .calc_hash = _calc_hash, \ - .auth_decrypt = _auth_decrypt \ + .auth_decrypt = _auth_decrypt, \ + .convert_pk = _convert_pk \ } #elif CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ - _auth_decrypt) \ + _auth_decrypt, _convert_pk) \ const crypto_lib_desc_t crypto_lib_desc = { \ .name = _name, \ .init = _init, \ .verify_signature = _verify_signature, \ .verify_hash = _verify_hash, \ - .auth_decrypt = _auth_decrypt \ + .auth_decrypt = _auth_decrypt, \ + .convert_pk = _convert_pk \ } #elif CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY #define REGISTER_CRYPTO_LIB(_name, _init, _calc_hash) \ diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index 72d316018..d146a2945 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -352,8 +352,6 @@ int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr); int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr); int plat_set_nv_ctr2(void *cookie, const struct auth_img_desc_s *img_desc, unsigned int nv_ctr); -int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, - void **hashed_pk_ptr, unsigned int *hash_pk_len); int get_mbedtls_heap_helper(void **heap_addr, size_t *heap_size); int plat_get_enc_key_info(enum fw_enc_status_t fw_enc_status, uint8_t *key, size_t *key_len, unsigned int *flags, -- cgit v1.2.1 From dee99f10b1dcea09091f4a1d53185153802dfb64 Mon Sep 17 00:00:00 2001 From: Yann Gautier Date: Wed, 15 Mar 2023 11:31:25 +0100 Subject: refactor(auth)!: unify REGISTER_CRYPTO_LIB Have only one definition for REGISTER_CRYPTO_LIB macro, with all the possible fields. Worst case adds 4 u64 to crypto_lib_desc. While at it, correct some MISRA violations: MC3R1.R12.1: (advisory) The precedence of operators within expressions should be made explicit. Signed-off-by: Yann Gautier Change-Id: I1342a20e6eef2354753182c2a81ff959e03e5c81 --- include/drivers/auth/crypto_mod.h | 44 +++++++-------------------------------- 1 file changed, 8 insertions(+), 36 deletions(-) (limited to 'include') diff --git a/include/drivers/auth/crypto_mod.h b/include/drivers/auth/crypto_mod.h index 498fdcb79..00ea8c620 100644 --- a/include/drivers/auth/crypto_mod.h +++ b/include/drivers/auth/crypto_mod.h @@ -52,8 +52,6 @@ typedef struct crypto_lib_desc_s { /* Verify a digital signature. Return one of the * 'enum crypto_ret_value' options */ -#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \ -CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC int (*verify_signature)(void *data_ptr, unsigned int data_len, void *sig_ptr, unsigned int sig_len, void *sig_alg, unsigned int sig_alg_len, @@ -62,17 +60,11 @@ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC /* Verify a hash. Return one of the 'enum crypto_ret_value' options */ int (*verify_hash)(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len); -#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \ - CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ -#if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ -CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC /* Calculate a hash. Return hash value */ int (*calc_hash)(enum crypto_md_algo md_alg, void *data_ptr, unsigned int data_len, unsigned char output[CRYPTO_MD_MAX_SIZE]); -#endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ - CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ /* Convert Public key (optional) */ int (*convert_pk)(void *full_pk_ptr, unsigned int full_pk_len, @@ -98,16 +90,16 @@ static inline void crypto_mod_init(void) } #endif /* CRYPTO_SUPPORT */ -#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \ -CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC +#if (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY) || \ + (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC) int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len, void *sig_ptr, unsigned int sig_len, void *sig_alg_ptr, unsigned int sig_alg_len, void *pk_ptr, unsigned int pk_len); int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len, void *digest_info_ptr, unsigned int digest_info_len); -#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY || \ - CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ +#endif /* (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY) || \ + (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC) */ int crypto_mod_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, size_t len, const void *key, unsigned int key_len, @@ -115,18 +107,17 @@ int crypto_mod_auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, unsigned int iv_len, const void *tag, unsigned int tag_len); -#if CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ -CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC +#if (CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY) || \ + (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC) int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, unsigned int data_len, unsigned char output[CRYPTO_MD_MAX_SIZE]); -#endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ - CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ +#endif /* (CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY) || \ + (CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC) */ int crypto_mod_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, void **hashed_pk_ptr, unsigned int *hashed_pk_len); -#if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC /* Macro to register a cryptographic library */ #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ _calc_hash, _auth_decrypt, _convert_pk) \ @@ -139,25 +130,6 @@ int crypto_mod_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, .auth_decrypt = _auth_decrypt, \ .convert_pk = _convert_pk \ } -#elif CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY -#define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ - _auth_decrypt, _convert_pk) \ - const crypto_lib_desc_t crypto_lib_desc = { \ - .name = _name, \ - .init = _init, \ - .verify_signature = _verify_signature, \ - .verify_hash = _verify_hash, \ - .auth_decrypt = _auth_decrypt, \ - .convert_pk = _convert_pk \ - } -#elif CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY -#define REGISTER_CRYPTO_LIB(_name, _init, _calc_hash) \ - const crypto_lib_desc_t crypto_lib_desc = { \ - .name = _name, \ - .init = _init, \ - .calc_hash = _calc_hash, \ - } -#endif /* CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ extern const crypto_lib_desc_t crypto_lib_desc; -- cgit v1.2.1