You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
121 lines
3.0 KiB
121 lines
3.0 KiB
/*
|
|
* Copyright (c) 2015, ARM Limited and Contributors. All rights reserved.
|
|
*
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
*/
|
|
|
|
#ifndef AUTH_COMMON_H
|
|
#define AUTH_COMMON_H
|
|
|
|
/*
|
|
* Authentication framework common types
|
|
*/
|
|
|
|
/*
|
|
* Type of parameters that can be extracted from an image and
|
|
* used for authentication
|
|
*/
|
|
typedef enum auth_param_type_enum {
|
|
AUTH_PARAM_NONE,
|
|
AUTH_PARAM_RAW_DATA, /* Raw image data */
|
|
AUTH_PARAM_SIG, /* The image signature */
|
|
AUTH_PARAM_SIG_ALG, /* The image signature algorithm */
|
|
AUTH_PARAM_HASH, /* A hash (including the algorithm) */
|
|
AUTH_PARAM_PUB_KEY, /* A public key */
|
|
AUTH_PARAM_NV_CTR, /* A non-volatile counter */
|
|
} auth_param_type_t;
|
|
|
|
/*
|
|
* Defines an authentication parameter. The cookie will be interpreted by the
|
|
* image parser module.
|
|
*/
|
|
typedef struct auth_param_type_desc_s {
|
|
auth_param_type_t type;
|
|
void *cookie;
|
|
} auth_param_type_desc_t;
|
|
|
|
/*
|
|
* Store a pointer to the authentication parameter and its length
|
|
*/
|
|
typedef struct auth_param_data_desc_s {
|
|
void *ptr;
|
|
unsigned int len;
|
|
} auth_param_data_desc_t;
|
|
|
|
/*
|
|
* Authentication parameter descriptor, including type and value
|
|
*/
|
|
typedef struct auth_param_desc_s {
|
|
auth_param_type_desc_t *type_desc;
|
|
auth_param_data_desc_t data;
|
|
} auth_param_desc_t;
|
|
|
|
/*
|
|
* The method type defines how an image is authenticated
|
|
*/
|
|
typedef enum auth_method_type_enum {
|
|
AUTH_METHOD_NONE = 0,
|
|
AUTH_METHOD_HASH, /* Authenticate by hash matching */
|
|
AUTH_METHOD_SIG, /* Authenticate by PK operation */
|
|
AUTH_METHOD_NV_CTR, /* Authenticate by Non-Volatile Counter */
|
|
AUTH_METHOD_NUM /* Number of methods */
|
|
} auth_method_type_t;
|
|
|
|
/*
|
|
* Parameters for authentication by hash matching
|
|
*/
|
|
typedef struct auth_method_param_hash_s {
|
|
auth_param_type_desc_t *data; /* Data to hash */
|
|
auth_param_type_desc_t *hash; /* Hash to match with */
|
|
} auth_method_param_hash_t;
|
|
|
|
/*
|
|
* Parameters for authentication by signature
|
|
*/
|
|
typedef struct auth_method_param_sig_s {
|
|
auth_param_type_desc_t *pk; /* Public key */
|
|
auth_param_type_desc_t *sig; /* Signature to check */
|
|
auth_param_type_desc_t *alg; /* Signature algorithm */
|
|
auth_param_type_desc_t *data; /* Data signed */
|
|
} auth_method_param_sig_t;
|
|
|
|
/*
|
|
* Parameters for authentication by NV counter
|
|
*/
|
|
typedef struct auth_method_param_nv_ctr_s {
|
|
auth_param_type_desc_t *cert_nv_ctr; /* NV counter in certificate */
|
|
auth_param_type_desc_t *plat_nv_ctr; /* NV counter in platform */
|
|
} auth_method_param_nv_ctr_t;
|
|
|
|
/*
|
|
* Authentication method descriptor
|
|
*/
|
|
typedef struct auth_method_desc_s {
|
|
auth_method_type_t type;
|
|
union {
|
|
auth_method_param_hash_t hash;
|
|
auth_method_param_sig_t sig;
|
|
auth_method_param_nv_ctr_t nv_ctr;
|
|
} param;
|
|
} auth_method_desc_t;
|
|
|
|
/*
|
|
* Helper macro to define an authentication parameter type descriptor
|
|
*/
|
|
#define AUTH_PARAM_TYPE_DESC(_type, _cookie) \
|
|
{ \
|
|
.type = _type, \
|
|
.cookie = (void *)_cookie \
|
|
}
|
|
|
|
/*
|
|
* Helper macro to define an authentication parameter data descriptor
|
|
*/
|
|
#define AUTH_PARAM_DATA_DESC(_ptr, _len) \
|
|
{ \
|
|
.ptr = (void *)_ptr, \
|
|
.len = (unsigned int)_len \
|
|
}
|
|
|
|
#endif /* AUTH_COMMON_H */
|