1*91f16700Schasinglulu /* 2*91f16700Schasinglulu * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. 3*91f16700Schasinglulu * 4*91f16700Schasinglulu * SPDX-License-Identifier: BSD-3-Clause 5*91f16700Schasinglulu */ 6*91f16700Schasinglulu 7*91f16700Schasinglulu #ifndef AUTH_COMMON_H 8*91f16700Schasinglulu #define AUTH_COMMON_H 9*91f16700Schasinglulu 10*91f16700Schasinglulu /* 11*91f16700Schasinglulu * Authentication framework common types 12*91f16700Schasinglulu */ 13*91f16700Schasinglulu 14*91f16700Schasinglulu /* 15*91f16700Schasinglulu * Type of parameters that can be extracted from an image and 16*91f16700Schasinglulu * used for authentication 17*91f16700Schasinglulu */ 18*91f16700Schasinglulu typedef enum auth_param_type_enum { 19*91f16700Schasinglulu AUTH_PARAM_NONE, 20*91f16700Schasinglulu AUTH_PARAM_RAW_DATA, /* Raw image data */ 21*91f16700Schasinglulu AUTH_PARAM_SIG, /* The image signature */ 22*91f16700Schasinglulu AUTH_PARAM_SIG_ALG, /* The image signature algorithm */ 23*91f16700Schasinglulu AUTH_PARAM_HASH, /* A hash (including the algorithm) */ 24*91f16700Schasinglulu AUTH_PARAM_PUB_KEY, /* A public key */ 25*91f16700Schasinglulu AUTH_PARAM_NV_CTR, /* A non-volatile counter */ 26*91f16700Schasinglulu } auth_param_type_t; 27*91f16700Schasinglulu 28*91f16700Schasinglulu /* 29*91f16700Schasinglulu * Defines an authentication parameter. The cookie will be interpreted by the 30*91f16700Schasinglulu * image parser module. 31*91f16700Schasinglulu */ 32*91f16700Schasinglulu typedef struct auth_param_type_desc_s { 33*91f16700Schasinglulu auth_param_type_t type; 34*91f16700Schasinglulu void *cookie; 35*91f16700Schasinglulu } auth_param_type_desc_t; 36*91f16700Schasinglulu 37*91f16700Schasinglulu /* 38*91f16700Schasinglulu * Store a pointer to the authentication parameter and its length 39*91f16700Schasinglulu */ 40*91f16700Schasinglulu typedef struct auth_param_data_desc_s { 41*91f16700Schasinglulu void *ptr; 42*91f16700Schasinglulu unsigned int len; 43*91f16700Schasinglulu } auth_param_data_desc_t; 44*91f16700Schasinglulu 45*91f16700Schasinglulu /* 46*91f16700Schasinglulu * Authentication parameter descriptor, including type and value 47*91f16700Schasinglulu */ 48*91f16700Schasinglulu typedef struct auth_param_desc_s { 49*91f16700Schasinglulu auth_param_type_desc_t *type_desc; 50*91f16700Schasinglulu auth_param_data_desc_t data; 51*91f16700Schasinglulu } auth_param_desc_t; 52*91f16700Schasinglulu 53*91f16700Schasinglulu /* 54*91f16700Schasinglulu * The method type defines how an image is authenticated 55*91f16700Schasinglulu */ 56*91f16700Schasinglulu typedef enum auth_method_type_enum { 57*91f16700Schasinglulu AUTH_METHOD_NONE = 0, 58*91f16700Schasinglulu AUTH_METHOD_HASH, /* Authenticate by hash matching */ 59*91f16700Schasinglulu AUTH_METHOD_SIG, /* Authenticate by PK operation */ 60*91f16700Schasinglulu AUTH_METHOD_NV_CTR, /* Authenticate by Non-Volatile Counter */ 61*91f16700Schasinglulu AUTH_METHOD_NUM /* Number of methods */ 62*91f16700Schasinglulu } auth_method_type_t; 63*91f16700Schasinglulu 64*91f16700Schasinglulu /* 65*91f16700Schasinglulu * Parameters for authentication by hash matching 66*91f16700Schasinglulu */ 67*91f16700Schasinglulu typedef struct auth_method_param_hash_s { 68*91f16700Schasinglulu auth_param_type_desc_t *data; /* Data to hash */ 69*91f16700Schasinglulu auth_param_type_desc_t *hash; /* Hash to match with */ 70*91f16700Schasinglulu } auth_method_param_hash_t; 71*91f16700Schasinglulu 72*91f16700Schasinglulu /* 73*91f16700Schasinglulu * Parameters for authentication by signature 74*91f16700Schasinglulu */ 75*91f16700Schasinglulu typedef struct auth_method_param_sig_s { 76*91f16700Schasinglulu auth_param_type_desc_t *pk; /* Public key */ 77*91f16700Schasinglulu auth_param_type_desc_t *sig; /* Signature to check */ 78*91f16700Schasinglulu auth_param_type_desc_t *alg; /* Signature algorithm */ 79*91f16700Schasinglulu auth_param_type_desc_t *data; /* Data signed */ 80*91f16700Schasinglulu } auth_method_param_sig_t; 81*91f16700Schasinglulu 82*91f16700Schasinglulu /* 83*91f16700Schasinglulu * Parameters for authentication by NV counter 84*91f16700Schasinglulu */ 85*91f16700Schasinglulu typedef struct auth_method_param_nv_ctr_s { 86*91f16700Schasinglulu auth_param_type_desc_t *cert_nv_ctr; /* NV counter in certificate */ 87*91f16700Schasinglulu auth_param_type_desc_t *plat_nv_ctr; /* NV counter in platform */ 88*91f16700Schasinglulu } auth_method_param_nv_ctr_t; 89*91f16700Schasinglulu 90*91f16700Schasinglulu /* 91*91f16700Schasinglulu * Authentication method descriptor 92*91f16700Schasinglulu */ 93*91f16700Schasinglulu typedef struct auth_method_desc_s { 94*91f16700Schasinglulu auth_method_type_t type; 95*91f16700Schasinglulu union { 96*91f16700Schasinglulu auth_method_param_hash_t hash; 97*91f16700Schasinglulu auth_method_param_sig_t sig; 98*91f16700Schasinglulu auth_method_param_nv_ctr_t nv_ctr; 99*91f16700Schasinglulu } param; 100*91f16700Schasinglulu } auth_method_desc_t; 101*91f16700Schasinglulu 102*91f16700Schasinglulu /* 103*91f16700Schasinglulu * Helper macro to define an authentication parameter type descriptor 104*91f16700Schasinglulu */ 105*91f16700Schasinglulu #define AUTH_PARAM_TYPE_DESC(_type, _cookie) \ 106*91f16700Schasinglulu { \ 107*91f16700Schasinglulu .type = _type, \ 108*91f16700Schasinglulu .cookie = (void *)_cookie \ 109*91f16700Schasinglulu } 110*91f16700Schasinglulu 111*91f16700Schasinglulu /* 112*91f16700Schasinglulu * Helper macro to define an authentication parameter data descriptor 113*91f16700Schasinglulu */ 114*91f16700Schasinglulu #define AUTH_PARAM_DATA_DESC(_ptr, _len) \ 115*91f16700Schasinglulu { \ 116*91f16700Schasinglulu .ptr = (void *)_ptr, \ 117*91f16700Schasinglulu .len = (unsigned int)_len \ 118*91f16700Schasinglulu } 119*91f16700Schasinglulu 120*91f16700Schasinglulu #endif /* AUTH_COMMON_H */ 121