1*54fd6939SJiyong Park /* 2*54fd6939SJiyong Park * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. 3*54fd6939SJiyong Park * 4*54fd6939SJiyong Park * SPDX-License-Identifier: BSD-3-Clause 5*54fd6939SJiyong Park */ 6*54fd6939SJiyong Park 7*54fd6939SJiyong Park #ifndef AUTH_COMMON_H 8*54fd6939SJiyong Park #define AUTH_COMMON_H 9*54fd6939SJiyong Park 10*54fd6939SJiyong Park /* 11*54fd6939SJiyong Park * Authentication framework common types 12*54fd6939SJiyong Park */ 13*54fd6939SJiyong Park 14*54fd6939SJiyong Park /* 15*54fd6939SJiyong Park * Type of parameters that can be extracted from an image and 16*54fd6939SJiyong Park * used for authentication 17*54fd6939SJiyong Park */ 18*54fd6939SJiyong Park typedef enum auth_param_type_enum { 19*54fd6939SJiyong Park AUTH_PARAM_NONE, 20*54fd6939SJiyong Park AUTH_PARAM_RAW_DATA, /* Raw image data */ 21*54fd6939SJiyong Park AUTH_PARAM_SIG, /* The image signature */ 22*54fd6939SJiyong Park AUTH_PARAM_SIG_ALG, /* The image signature algorithm */ 23*54fd6939SJiyong Park AUTH_PARAM_HASH, /* A hash (including the algorithm) */ 24*54fd6939SJiyong Park AUTH_PARAM_PUB_KEY, /* A public key */ 25*54fd6939SJiyong Park AUTH_PARAM_NV_CTR, /* A non-volatile counter */ 26*54fd6939SJiyong Park } auth_param_type_t; 27*54fd6939SJiyong Park 28*54fd6939SJiyong Park /* 29*54fd6939SJiyong Park * Defines an authentication parameter. The cookie will be interpreted by the 30*54fd6939SJiyong Park * image parser module. 31*54fd6939SJiyong Park */ 32*54fd6939SJiyong Park typedef struct auth_param_type_desc_s { 33*54fd6939SJiyong Park auth_param_type_t type; 34*54fd6939SJiyong Park void *cookie; 35*54fd6939SJiyong Park } auth_param_type_desc_t; 36*54fd6939SJiyong Park 37*54fd6939SJiyong Park /* 38*54fd6939SJiyong Park * Store a pointer to the authentication parameter and its length 39*54fd6939SJiyong Park */ 40*54fd6939SJiyong Park typedef struct auth_param_data_desc_s { 41*54fd6939SJiyong Park void *ptr; 42*54fd6939SJiyong Park unsigned int len; 43*54fd6939SJiyong Park } auth_param_data_desc_t; 44*54fd6939SJiyong Park 45*54fd6939SJiyong Park /* 46*54fd6939SJiyong Park * Authentication parameter descriptor, including type and value 47*54fd6939SJiyong Park */ 48*54fd6939SJiyong Park typedef struct auth_param_desc_s { 49*54fd6939SJiyong Park auth_param_type_desc_t *type_desc; 50*54fd6939SJiyong Park auth_param_data_desc_t data; 51*54fd6939SJiyong Park } auth_param_desc_t; 52*54fd6939SJiyong Park 53*54fd6939SJiyong Park /* 54*54fd6939SJiyong Park * The method type defines how an image is authenticated 55*54fd6939SJiyong Park */ 56*54fd6939SJiyong Park typedef enum auth_method_type_enum { 57*54fd6939SJiyong Park AUTH_METHOD_NONE = 0, 58*54fd6939SJiyong Park AUTH_METHOD_HASH, /* Authenticate by hash matching */ 59*54fd6939SJiyong Park AUTH_METHOD_SIG, /* Authenticate by PK operation */ 60*54fd6939SJiyong Park AUTH_METHOD_NV_CTR, /* Authenticate by Non-Volatile Counter */ 61*54fd6939SJiyong Park AUTH_METHOD_NUM /* Number of methods */ 62*54fd6939SJiyong Park } auth_method_type_t; 63*54fd6939SJiyong Park 64*54fd6939SJiyong Park /* 65*54fd6939SJiyong Park * Parameters for authentication by hash matching 66*54fd6939SJiyong Park */ 67*54fd6939SJiyong Park typedef struct auth_method_param_hash_s { 68*54fd6939SJiyong Park auth_param_type_desc_t *data; /* Data to hash */ 69*54fd6939SJiyong Park auth_param_type_desc_t *hash; /* Hash to match with */ 70*54fd6939SJiyong Park } auth_method_param_hash_t; 71*54fd6939SJiyong Park 72*54fd6939SJiyong Park /* 73*54fd6939SJiyong Park * Parameters for authentication by signature 74*54fd6939SJiyong Park */ 75*54fd6939SJiyong Park typedef struct auth_method_param_sig_s { 76*54fd6939SJiyong Park auth_param_type_desc_t *pk; /* Public key */ 77*54fd6939SJiyong Park auth_param_type_desc_t *sig; /* Signature to check */ 78*54fd6939SJiyong Park auth_param_type_desc_t *alg; /* Signature algorithm */ 79*54fd6939SJiyong Park auth_param_type_desc_t *data; /* Data signed */ 80*54fd6939SJiyong Park } auth_method_param_sig_t; 81*54fd6939SJiyong Park 82*54fd6939SJiyong Park /* 83*54fd6939SJiyong Park * Parameters for authentication by NV counter 84*54fd6939SJiyong Park */ 85*54fd6939SJiyong Park typedef struct auth_method_param_nv_ctr_s { 86*54fd6939SJiyong Park auth_param_type_desc_t *cert_nv_ctr; /* NV counter in certificate */ 87*54fd6939SJiyong Park auth_param_type_desc_t *plat_nv_ctr; /* NV counter in platform */ 88*54fd6939SJiyong Park } auth_method_param_nv_ctr_t; 89*54fd6939SJiyong Park 90*54fd6939SJiyong Park /* 91*54fd6939SJiyong Park * Authentication method descriptor 92*54fd6939SJiyong Park */ 93*54fd6939SJiyong Park typedef struct auth_method_desc_s { 94*54fd6939SJiyong Park auth_method_type_t type; 95*54fd6939SJiyong Park union { 96*54fd6939SJiyong Park auth_method_param_hash_t hash; 97*54fd6939SJiyong Park auth_method_param_sig_t sig; 98*54fd6939SJiyong Park auth_method_param_nv_ctr_t nv_ctr; 99*54fd6939SJiyong Park } param; 100*54fd6939SJiyong Park } auth_method_desc_t; 101*54fd6939SJiyong Park 102*54fd6939SJiyong Park /* 103*54fd6939SJiyong Park * Helper macro to define an authentication parameter type descriptor 104*54fd6939SJiyong Park */ 105*54fd6939SJiyong Park #define AUTH_PARAM_TYPE_DESC(_type, _cookie) \ 106*54fd6939SJiyong Park { \ 107*54fd6939SJiyong Park .type = _type, \ 108*54fd6939SJiyong Park .cookie = (void *)_cookie \ 109*54fd6939SJiyong Park } 110*54fd6939SJiyong Park 111*54fd6939SJiyong Park /* 112*54fd6939SJiyong Park * Helper macro to define an authentication parameter data descriptor 113*54fd6939SJiyong Park */ 114*54fd6939SJiyong Park #define AUTH_PARAM_DATA_DESC(_ptr, _len) \ 115*54fd6939SJiyong Park { \ 116*54fd6939SJiyong Park .ptr = (void *)_ptr, \ 117*54fd6939SJiyong Park .len = (unsigned int)_len \ 118*54fd6939SJiyong Park } 119*54fd6939SJiyong Park 120*54fd6939SJiyong Park #endif /* AUTH_COMMON_H */ 121