mirror of
https://github.com/ARM-software/arm-trusted-firmware.git
synced 2025-04-08 05:43:53 +00:00

Enforce full include path for includes. Deprecate old paths. The following folders inside include/lib have been left unchanged: - include/lib/cpus/${ARCH} - include/lib/el3_runtime/${ARCH} The reason for this change is that having a global namespace for includes isn't a good idea. It defeats one of the advantages of having folders and it introduces problems that are sometimes subtle (because you may not know the header you are actually including if there are two of them). For example, this patch had to be created because two headers were called the same way:e0ea0928d5
("Fix gpio includes of mt8173 platform to avoid collision."). More recently, this patch has had similar problems:46f9b2c3a2
("drivers: add tzc380 support"). This problem was introduced in commit4ecca33988
("Move include and source files to logical locations"). At that time, there weren't too many headers so it wasn't a real issue. However, time has shown that this creates problems. Platforms that want to preserve the way they include headers may add the removed paths to PLAT_INCLUDES, but this is discouraged. Change-Id: I39dc53ed98f9e297a5966e723d1936d6ccf2fc8f Signed-off-by: Antonio Nino Diaz <antonio.ninodiaz@arm.com>
105 lines
2.9 KiB
C
105 lines
2.9 KiB
C
/*
|
|
* Copyright (c) 2015-2018, ARM Limited and Contributors. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#include <assert.h>
|
|
|
|
#include <common/debug.h>
|
|
#include <drivers/auth/crypto_mod.h>
|
|
|
|
/* Variable exported by the crypto library through REGISTER_CRYPTO_LIB() */
|
|
|
|
/*
|
|
* The crypto module is responsible for verifying digital signatures and hashes.
|
|
* It relies on a crypto library to perform the cryptographic operations.
|
|
*
|
|
* The crypto module itself does not impose any specific format on signatures,
|
|
* signature algorithm, keys or hashes, but most cryptographic libraries will
|
|
* take the parameters as the following DER encoded ASN.1 structures:
|
|
*
|
|
* AlgorithmIdentifier ::= SEQUENCE {
|
|
* algorithm OBJECT IDENTIFIER,
|
|
* parameters ANY DEFINED BY algorithm OPTIONAL
|
|
* }
|
|
*
|
|
* DigestInfo ::= SEQUENCE {
|
|
* digestAlgorithm AlgorithmIdentifier,
|
|
* digest OCTET STRING
|
|
* }
|
|
*
|
|
* SubjectPublicKeyInfo ::= SEQUENCE {
|
|
* algorithm AlgorithmIdentifier,
|
|
* subjectPublicKey BIT STRING
|
|
* }
|
|
*
|
|
* SignatureAlgorithm ::= AlgorithmIdentifier
|
|
*
|
|
* SignatureValue ::= BIT STRING
|
|
*/
|
|
|
|
/*
|
|
* Perform some static checking and call the library initialization function
|
|
*/
|
|
void crypto_mod_init(void)
|
|
{
|
|
assert(crypto_lib_desc.name != NULL);
|
|
assert(crypto_lib_desc.init != NULL);
|
|
assert(crypto_lib_desc.verify_signature != NULL);
|
|
assert(crypto_lib_desc.verify_hash != NULL);
|
|
|
|
/* Initialize the cryptographic library */
|
|
crypto_lib_desc.init();
|
|
INFO("Using crypto library '%s'\n", crypto_lib_desc.name);
|
|
}
|
|
|
|
/*
|
|
* Function to verify a digital signature
|
|
*
|
|
* Parameters:
|
|
*
|
|
* data_ptr, data_len: signed data
|
|
* sig_ptr, sig_len: the digital signature
|
|
* sig_alg_ptr, sig_alg_len: the digital signature algorithm
|
|
* pk_ptr, pk_len: the public key
|
|
*/
|
|
int crypto_mod_verify_signature(void *data_ptr, unsigned int data_len,
|
|
void *sig_ptr, unsigned int sig_len,
|
|
void *sig_alg_ptr, unsigned int sig_alg_len,
|
|
void *pk_ptr, unsigned int pk_len)
|
|
{
|
|
assert(data_ptr != NULL);
|
|
assert(data_len != 0);
|
|
assert(sig_ptr != NULL);
|
|
assert(sig_len != 0);
|
|
assert(sig_alg_ptr != NULL);
|
|
assert(sig_alg_len != 0);
|
|
assert(pk_ptr != NULL);
|
|
assert(pk_len != 0);
|
|
|
|
return crypto_lib_desc.verify_signature(data_ptr, data_len,
|
|
sig_ptr, sig_len,
|
|
sig_alg_ptr, sig_alg_len,
|
|
pk_ptr, pk_len);
|
|
}
|
|
|
|
/*
|
|
* Verify a hash by comparison
|
|
*
|
|
* Parameters:
|
|
*
|
|
* data_ptr, data_len: data to be hashed
|
|
* digest_info_ptr, digest_info_len: hash to be compared
|
|
*/
|
|
int crypto_mod_verify_hash(void *data_ptr, unsigned int data_len,
|
|
void *digest_info_ptr, unsigned int digest_info_len)
|
|
{
|
|
assert(data_ptr != NULL);
|
|
assert(data_len != 0);
|
|
assert(digest_info_ptr != NULL);
|
|
assert(digest_info_len != 0);
|
|
|
|
return crypto_lib_desc.verify_hash(data_ptr, data_len,
|
|
digest_info_ptr, digest_info_len);
|
|
}
|