refactor(auth): replace plat_convert_pk

Following discussions in the reviews of the patch that introduced
plat_convert_pk() function [1], it was decided to deprecate it to
avoid weak function declaration.
A new optional function pointer convert_pk is added to crypto_lib_desc_t.
A new function crypto_mod_convert_pk() will either call
crypto_lib_desc.convert_pk() if it is defined, or do the same
as what was done by the weak function otherwise.

[1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/17174

Signed-off-by: Yann Gautier <yann.gautier@foss.st.com>
Change-Id: I9358867f8bfd5e96b5ee238c066877da368e43c6

docs/design/auth-framework.rst

@@ -256,7 +256,8 @@ These functions are registered in the CM using the macro:
                         _verify_signature,
                         _calc_hash,
                         _verify_hash,
-                        _auth_decrypt);
+                        _auth_decrypt,
+                        _convert_pk);
 
 ``_name`` must be a string containing the name of the CL. This name is used for
 debugging purposes.
@@ -266,6 +267,25 @@ return the hash of the given data using the provided hash algorithm.
 This function is mainly used in the ``MEASURED_BOOT`` and ``DRTM_SUPPORT``
 features to calculate the hashes of various images/data.
 
+Optionally, a platform function can be provided to convert public key
+(_convert_pk). It is only used if the platform saves a hash of the ROTPK.
+Most platforms save the hash of the ROTPK, but some may save slightly different
+information - e.g the hash of the ROTPK plus some related information.
+Defining this function allows to transform the ROTPK used to verify
+the signature to the buffer (a platform specific public key) which
+hash is saved in OTP.
+
+.. code:: c
+
+    int (*convert_pk)(void *full_pk_ptr, unsigned int full_pk_len,
+                      void **hashed_pk_ptr, unsigned int *hashed_pk_len);
+
+
+-  ``full_pk_ptr``: Pointer to Distinguished Encoding Rules (DER) ROTPK.
+-  ``full_pk_len``: DER ROTPK size.
+-  ``hashed_pk_ptr``: to return a pointer to a buffer, which hash should be the one saved in OTP.
+-  ``hashed_pk_len``: previous buffer size
+
 Image Parser Module (IPM)
 ^^^^^^^^^^^^^^^^^^^^^^^^^
 

docs/porting-guide.rst

@@ -894,34 +894,6 @@ The function returns 0 on success. Any other value means the counter value
 either could not be updated or the authentication image descriptor indicates
 that it is not allowed to be updated.
 
-Function: plat_convert_pk()
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-::
-
-    Argument : void *, unsigned int, void **, unsigned int *
-    Return   : int
-
-This function is optional when Trusted Board Boot is enabled, and only
-used if the platform saves a hash of the ROTPK.
-First argument is the Distinguished Encoding Rules (DER) ROTPK.
-Second argument is its size.
-Third argument is used to return a pointer to a buffer, which hash should
-be the one saved in OTP.
-Fourth argument is a pointer to return its size.
-
-Most platforms save the hash of the ROTPK, but some may save slightly different
-information - e.g the hash of the ROTPK plus some related information.
-Defining this function allows to transform the ROTPK used to verify
-the signature to the buffer (a platform specific public key) which
-hash is saved in OTP.
-
-The default implementation copies the input key and length to the output without
-modification.
-
-The function returns 0 on success. Any other value means the expected
-public key buffer cannot be extracted.
-
 Dynamic Root of Trust for Measurement support (in BL31)
 -------------------------------------------------------
 

drivers/auth/auth_mod.c

@@ -31,7 +31,6 @@
 	} while (0)
 
 #pragma weak plat_set_nv_ctr2
-#pragma weak plat_convert_pk
 
 static int cmp_auth_param_type_desc(const auth_param_type_desc_t *a,
 		const auth_param_type_desc_t *b)
@@ -209,7 +208,7 @@ static int auth_signature(const auth_method_param_sig_t *param,
 			 * platform may store the hash of a prefixed,
 			 * suffixed or modified pk
 			 */
-			rc = plat_convert_pk(pk_ptr, pk_len, &pk_ptr, &pk_len);
+			rc = crypto_mod_convert_pk(pk_ptr, pk_len, &pk_ptr, &pk_len);
 			return_if_error(rc);
 
 			/*
@@ -330,15 +329,6 @@ int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc __unused,
 	return plat_set_nv_ctr(cookie, nv_ctr);
 }
 
-int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len,
-		    void **hashed_pk_ptr, unsigned int *hashed_pk_len)
-{
-	*hashed_pk_ptr = full_pk_ptr;
-	*hashed_pk_len = full_pk_len;
-
-	return 0;
-}
-
 /*
  * Return the parent id in the output parameter '*parent_id'
  *

drivers/auth/crypto_mod.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -142,6 +142,20 @@ int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr,
 #endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
 	  CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
 
+int crypto_mod_convert_pk(void *full_pk_ptr, unsigned int full_pk_len,
+			  void **hashed_pk_ptr, unsigned int *hashed_pk_len)
+{
+	if (crypto_lib_desc.convert_pk != NULL) {
+		return crypto_lib_desc.convert_pk(full_pk_ptr, full_pk_len,
+						  hashed_pk_ptr, hashed_pk_len);
+	}
+
+	*hashed_pk_ptr = full_pk_ptr;
+	*hashed_pk_len = full_pk_len;
+
+	return 0;
+}
+
 /*
  * Authenticated decryption of data
  *

drivers/auth/cryptocell/712/cryptocell_crypto.c

@@ -330,5 +330,5 @@ static int verify_hash(void *data_ptr, unsigned int data_len,
 /*
  * Register crypto library descriptor
  */
-REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);
+REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL);
 

drivers/auth/cryptocell/713/cryptocell_crypto.c

@@ -302,4 +302,4 @@ static int verify_hash(void *data_ptr, unsigned int data_len,
 /*
  * Register crypto library descriptor
  */
-REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);
+REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL);

drivers/auth/mbedtls/mbedtls_crypto.c

@@ -396,17 +396,17 @@ static int auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr,
 #if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
 #if TF_MBEDTLS_USE_AES_GCM
 REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
-		    auth_decrypt);
+		    auth_decrypt, NULL);
 #else
 REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash,
-		    NULL);
+		    NULL, NULL);
 #endif
 #elif CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY
 #if TF_MBEDTLS_USE_AES_GCM
 REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash,
-		    auth_decrypt);
+		    auth_decrypt, NULL);
 #else
-REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);
+REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL);
 #endif
 #elif CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY
 REGISTER_CRYPTO_LIB(LIB_NAME, init, calc_hash);

drivers/nxp/crypto/caam/src/auth/nxp_crypto.c

@@ -120,4 +120,4 @@ static int verify_hash(void *data_ptr, unsigned int data_len,
 /*
  * Register crypto library descriptor
  */
-REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL);
+REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL);

include/drivers/auth/crypto_mod.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -74,6 +74,10 @@ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
 #endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
 	  CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
 
+	/* Convert Public key (optional) */
+	int (*convert_pk)(void *full_pk_ptr, unsigned int full_pk_len,
+			  void **hashed_pk_ptr, unsigned int *hashed_pk_len);
+
 	/*
 	 * Authenticated decryption. Return one of the
 	 * 'enum crypto_ret_value' options.
@@ -119,27 +123,32 @@ int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr,
 #endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \
 	  CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */
 
+int crypto_mod_convert_pk(void *full_pk_ptr, unsigned int full_pk_len,
+			  void **hashed_pk_ptr, unsigned int *hashed_pk_len);
+
 #if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC
 /* Macro to register a cryptographic library */
 #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \
-			    _calc_hash, _auth_decrypt) \
+			    _calc_hash, _auth_decrypt, _convert_pk) \
 	const crypto_lib_desc_t crypto_lib_desc = { \
 		.name = _name, \
 		.init = _init, \
 		.verify_signature = _verify_signature, \
 		.verify_hash = _verify_hash, \
 		.calc_hash = _calc_hash, \
-		.auth_decrypt = _auth_decrypt \
+		.auth_decrypt = _auth_decrypt, \
+		.convert_pk = _convert_pk \
 	}
 #elif CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY
 #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \
-			    _auth_decrypt) \
+			    _auth_decrypt, _convert_pk) \
 	const crypto_lib_desc_t crypto_lib_desc = { \
 		.name = _name, \
 		.init = _init, \
 		.verify_signature = _verify_signature, \
 		.verify_hash = _verify_hash, \
-		.auth_decrypt = _auth_decrypt \
+		.auth_decrypt = _auth_decrypt, \
+		.convert_pk = _convert_pk \
 	}
 #elif CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY
 #define REGISTER_CRYPTO_LIB(_name, _init, _calc_hash) \

include/plat/common/platform.h

@@ -352,8 +352,6 @@ int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr);
 int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr);
 int plat_set_nv_ctr2(void *cookie, const struct auth_img_desc_s *img_desc,
 		unsigned int nv_ctr);
-int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len,
-		    void **hashed_pk_ptr, unsigned int *hash_pk_len);
 int get_mbedtls_heap_helper(void **heap_addr, size_t *heap_size);
 int plat_get_enc_key_info(enum fw_enc_status_t fw_enc_status, uint8_t *key,
 			  size_t *key_len, unsigned int *flags,

plat/st/common/stm32mp_crypto_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2022, STMicroelectronics - All Rights Reserved
+ * Copyright (c) 2022-2023, STMicroelectronics - All Rights Reserved
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -167,8 +167,8 @@ uint32_t verify_signature(uint8_t *hash_in, uint8_t *pubkey_in,
 	return ret;
 }
 
-int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len,
-		    void **hashed_pk_ptr, unsigned int *hashed_pk_len)
+static int crypto_convert_pk(void *full_pk_ptr, unsigned int full_pk_len,
+			     void **hashed_pk_ptr, unsigned int *hashed_pk_len)
 {
 	return get_plain_pk_from_asn1(full_pk_ptr, full_pk_len, hashed_pk_ptr, hashed_pk_len, NULL);
 }
@@ -220,8 +220,8 @@ static uint32_t verify_signature(uint8_t *hash_in, uint8_t *pubkey_in,
 	return 0;
 }
 
-int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len,
-		    void **hashed_pk_ptr, unsigned int *hashed_pk_len)
+static int crypto_convert_pk(void *full_pk_ptr, unsigned int full_pk_len,
+			     void **hashed_pk_ptr, unsigned int *hashed_pk_len)
 {
 	static uint8_t st_pk[CRYPTO_PUBKEY_MAX_SIZE + sizeof(uint32_t)];
 	int ret;
@@ -650,13 +650,14 @@ REGISTER_CRYPTO_LIB("stm32_crypto_lib",
 		    crypto_lib_init,
 		    crypto_verify_signature,
 		    crypto_verify_hash,
-		    crypto_auth_decrypt);
+		    crypto_auth_decrypt,
+		    crypto_convert_pk);
 
 #else /* No decryption support */
 REGISTER_CRYPTO_LIB("stm32_crypto_lib",
 		    crypto_lib_init,
 		    crypto_verify_signature,
 		    crypto_verify_hash,
-		    NULL);
-
+		    NULL,
+		    crypto_convert_pk);
 #endif