1/* 2 * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7#ifndef __AUTH_COMMON_H__ 8#define __AUTH_COMMON_H__ 9 10/* 11 * Authentication framework common types 12 */ 13 14/* 15 * Type of parameters that can be extracted from an image and 16 * used for authentication 17 */ 18typedef enum auth_param_type_enum { 19 AUTH_PARAM_NONE, 20 AUTH_PARAM_RAW_DATA, /* Raw image data */ 21 AUTH_PARAM_SIG, /* The image signature */ 22 AUTH_PARAM_SIG_ALG, /* The image signature algorithm */ 23 AUTH_PARAM_HASH, /* A hash (including the algorithm) */ 24 AUTH_PARAM_PUB_KEY, /* A public key */ 25 AUTH_PARAM_NV_CTR, /* A non-volatile counter */ 26} auth_param_type_t; 27 28/* 29 * Defines an authentication parameter. The cookie will be interpreted by the 30 * image parser module. 31 */ 32typedef struct auth_param_type_desc_s { 33 auth_param_type_t type; 34 void *cookie; 35} auth_param_type_desc_t; 36 37/* 38 * Store a pointer to the authentication parameter and its length 39 */ 40typedef struct auth_param_data_desc_s { 41 void *ptr; 42 unsigned int len; 43} auth_param_data_desc_t; 44 45/* 46 * Authentication parameter descriptor, including type and value 47 */ 48typedef struct auth_param_desc_s { 49 auth_param_type_desc_t *type_desc; 50 auth_param_data_desc_t data; 51} auth_param_desc_t; 52 53/* 54 * The method type defines how an image is authenticated 55 */ 56typedef enum auth_method_type_enum { 57 AUTH_METHOD_NONE = 0, 58 AUTH_METHOD_HASH, /* Authenticate by hash matching */ 59 AUTH_METHOD_SIG, /* Authenticate by PK operation */ 60 AUTH_METHOD_NV_CTR, /* Authenticate by Non-Volatile Counter */ 61 AUTH_METHOD_NUM /* Number of methods */ 62} auth_method_type_t; 63 64/* 65 * Parameters for authentication by hash matching 66 */ 67typedef struct auth_method_param_hash_s { 68 auth_param_type_desc_t *data; /* Data to hash */ 69 auth_param_type_desc_t *hash; /* Hash to match with */ 70} auth_method_param_hash_t; 71 72/* 73 * Parameters for authentication by signature 74 */ 75typedef struct auth_method_param_sig_s { 76 auth_param_type_desc_t *pk; /* Public key */ 77 auth_param_type_desc_t *sig; /* Signature to check */ 78 auth_param_type_desc_t *alg; /* Signature algorithm */ 79 auth_param_type_desc_t *data; /* Data signed */ 80} auth_method_param_sig_t; 81 82/* 83 * Parameters for authentication by NV counter 84 */ 85typedef struct auth_method_param_nv_ctr_s { 86 auth_param_type_desc_t *cert_nv_ctr; /* NV counter in certificate */ 87 auth_param_type_desc_t *plat_nv_ctr; /* NV counter in platform */ 88} auth_method_param_nv_ctr_t; 89 90/* 91 * Authentication method descriptor 92 */ 93typedef struct auth_method_desc_s { 94 auth_method_type_t type; 95 union { 96 auth_method_param_hash_t hash; 97 auth_method_param_sig_t sig; 98 auth_method_param_nv_ctr_t nv_ctr; 99 } param; 100} auth_method_desc_t; 101 102/* 103 * Helper macro to define an authentication parameter type descriptor 104 */ 105#define AUTH_PARAM_TYPE_DESC(_type, _cookie) \ 106 { \ 107 .type = _type, \ 108 .cookie = (void *)_cookie \ 109 } 110 111/* 112 * Helper macro to define an authentication parameter data descriptor 113 */ 114#define AUTH_PARAM_DATA_DESC(_ptr, _len) \ 115 { \ 116 .ptr = (void *)_ptr, \ 117 .len = (unsigned int)_len \ 118 } 119 120#endif /* __AUTH_COMMON_H__ */ 121