From 4ac5b3949d874c4e0cd74fce8360a554bfd4cd3f Mon Sep 17 00:00:00 2001 From: Yann Gautier Date: Tue, 24 Jan 2023 09:39:47 +0100 Subject: [PATCH] refactor(auth): replace plat_convert_pk Following discussions in the reviews of the patch that introduced plat_convert_pk() function [1], it was decided to deprecate it to avoid weak function declaration. A new optional function pointer convert_pk is added to crypto_lib_desc_t. A new function crypto_mod_convert_pk() will either call crypto_lib_desc.convert_pk() if it is defined, or do the same as what was done by the weak function otherwise. [1] https://review.trustedfirmware.org/c/TF-A/trusted-firmware-a/+/17174 Signed-off-by: Yann Gautier Change-Id: I9358867f8bfd5e96b5ee238c066877da368e43c6 --- docs/design/auth-framework.rst | 22 ++++++++++++++- docs/porting-guide.rst | 28 ------------------- drivers/auth/auth_mod.c | 12 +------- drivers/auth/crypto_mod.c | 16 ++++++++++- .../auth/cryptocell/712/cryptocell_crypto.c | 2 +- .../auth/cryptocell/713/cryptocell_crypto.c | 2 +- drivers/auth/mbedtls/mbedtls_crypto.c | 8 +++--- drivers/nxp/crypto/caam/src/auth/nxp_crypto.c | 2 +- include/drivers/auth/crypto_mod.h | 19 +++++++++---- include/plat/common/platform.h | 2 -- plat/st/common/stm32mp_crypto_lib.c | 17 +++++------ 11 files changed, 67 insertions(+), 63 deletions(-) diff --git a/docs/design/auth-framework.rst b/docs/design/auth-framework.rst index 508a82fac..597f955ec 100644 --- a/docs/design/auth-framework.rst +++ b/docs/design/auth-framework.rst @@ -256,7 +256,8 @@ These functions are registered in the CM using the macro: _verify_signature, _calc_hash, _verify_hash, - _auth_decrypt); + _auth_decrypt, + _convert_pk); ``_name`` must be a string containing the name of the CL. This name is used for debugging purposes. @@ -266,6 +267,25 @@ return the hash of the given data using the provided hash algorithm. This function is mainly used in the ``MEASURED_BOOT`` and ``DRTM_SUPPORT`` features to calculate the hashes of various images/data. +Optionally, a platform function can be provided to convert public key +(_convert_pk). It is only used if the platform saves a hash of the ROTPK. +Most platforms save the hash of the ROTPK, but some may save slightly different +information - e.g the hash of the ROTPK plus some related information. +Defining this function allows to transform the ROTPK used to verify +the signature to the buffer (a platform specific public key) which +hash is saved in OTP. + +.. code:: c + + int (*convert_pk)(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len); + + +- ``full_pk_ptr``: Pointer to Distinguished Encoding Rules (DER) ROTPK. +- ``full_pk_len``: DER ROTPK size. +- ``hashed_pk_ptr``: to return a pointer to a buffer, which hash should be the one saved in OTP. +- ``hashed_pk_len``: previous buffer size + Image Parser Module (IPM) ^^^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/docs/porting-guide.rst b/docs/porting-guide.rst index bc9c00f3c..25b55e813 100644 --- a/docs/porting-guide.rst +++ b/docs/porting-guide.rst @@ -894,34 +894,6 @@ The function returns 0 on success. Any other value means the counter value either could not be updated or the authentication image descriptor indicates that it is not allowed to be updated. -Function: plat_convert_pk() -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -:: - - Argument : void *, unsigned int, void **, unsigned int * - Return : int - -This function is optional when Trusted Board Boot is enabled, and only -used if the platform saves a hash of the ROTPK. -First argument is the Distinguished Encoding Rules (DER) ROTPK. -Second argument is its size. -Third argument is used to return a pointer to a buffer, which hash should -be the one saved in OTP. -Fourth argument is a pointer to return its size. - -Most platforms save the hash of the ROTPK, but some may save slightly different -information - e.g the hash of the ROTPK plus some related information. -Defining this function allows to transform the ROTPK used to verify -the signature to the buffer (a platform specific public key) which -hash is saved in OTP. - -The default implementation copies the input key and length to the output without -modification. - -The function returns 0 on success. Any other value means the expected -public key buffer cannot be extracted. - Dynamic Root of Trust for Measurement support (in BL31) ------------------------------------------------------- diff --git a/drivers/auth/auth_mod.c b/drivers/auth/auth_mod.c index f15306537..7a9cca8e3 100644 --- a/drivers/auth/auth_mod.c +++ b/drivers/auth/auth_mod.c @@ -31,7 +31,6 @@ } while (0) #pragma weak plat_set_nv_ctr2 -#pragma weak plat_convert_pk static int cmp_auth_param_type_desc(const auth_param_type_desc_t *a, const auth_param_type_desc_t *b) @@ -209,7 +208,7 @@ static int auth_signature(const auth_method_param_sig_t *param, * platform may store the hash of a prefixed, * suffixed or modified pk */ - rc = plat_convert_pk(pk_ptr, pk_len, &pk_ptr, &pk_len); + rc = crypto_mod_convert_pk(pk_ptr, pk_len, &pk_ptr, &pk_len); return_if_error(rc); /* @@ -330,15 +329,6 @@ int plat_set_nv_ctr2(void *cookie, const auth_img_desc_t *img_desc __unused, return plat_set_nv_ctr(cookie, nv_ctr); } -int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, - void **hashed_pk_ptr, unsigned int *hashed_pk_len) -{ - *hashed_pk_ptr = full_pk_ptr; - *hashed_pk_len = full_pk_len; - - return 0; -} - /* * Return the parent id in the output parameter '*parent_id' * diff --git a/drivers/auth/crypto_mod.c b/drivers/auth/crypto_mod.c index fa1adb4f7..e36b2858a 100644 --- a/drivers/auth/crypto_mod.c +++ b/drivers/auth/crypto_mod.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -142,6 +142,20 @@ int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, #endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ +int crypto_mod_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len) +{ + if (crypto_lib_desc.convert_pk != NULL) { + return crypto_lib_desc.convert_pk(full_pk_ptr, full_pk_len, + hashed_pk_ptr, hashed_pk_len); + } + + *hashed_pk_ptr = full_pk_ptr; + *hashed_pk_len = full_pk_len; + + return 0; +} + /* * Authenticated decryption of data * diff --git a/drivers/auth/cryptocell/712/cryptocell_crypto.c b/drivers/auth/cryptocell/712/cryptocell_crypto.c index e2b189bb5..b6a3f7bda 100644 --- a/drivers/auth/cryptocell/712/cryptocell_crypto.c +++ b/drivers/auth/cryptocell/712/cryptocell_crypto.c @@ -330,5 +330,5 @@ static int verify_hash(void *data_ptr, unsigned int data_len, /* * Register crypto library descriptor */ -REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL); +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL); diff --git a/drivers/auth/cryptocell/713/cryptocell_crypto.c b/drivers/auth/cryptocell/713/cryptocell_crypto.c index 388264ed3..506cf1cf5 100644 --- a/drivers/auth/cryptocell/713/cryptocell_crypto.c +++ b/drivers/auth/cryptocell/713/cryptocell_crypto.c @@ -302,4 +302,4 @@ static int verify_hash(void *data_ptr, unsigned int data_len, /* * Register crypto library descriptor */ -REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL); +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL); diff --git a/drivers/auth/mbedtls/mbedtls_crypto.c b/drivers/auth/mbedtls/mbedtls_crypto.c index 4241d2161..df4763d9b 100644 --- a/drivers/auth/mbedtls/mbedtls_crypto.c +++ b/drivers/auth/mbedtls/mbedtls_crypto.c @@ -396,17 +396,17 @@ static int auth_decrypt(enum crypto_dec_algo dec_algo, void *data_ptr, #if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC #if TF_MBEDTLS_USE_AES_GCM REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash, - auth_decrypt); + auth_decrypt, NULL); #else REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, calc_hash, - NULL); + NULL, NULL); #endif #elif CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY #if TF_MBEDTLS_USE_AES_GCM REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, - auth_decrypt); + auth_decrypt, NULL); #else -REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL); +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL); #endif #elif CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY REGISTER_CRYPTO_LIB(LIB_NAME, init, calc_hash); diff --git a/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c b/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c index 646e981f7..a7fb898b0 100644 --- a/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c +++ b/drivers/nxp/crypto/caam/src/auth/nxp_crypto.c @@ -120,4 +120,4 @@ static int verify_hash(void *data_ptr, unsigned int data_len, /* * Register crypto library descriptor */ -REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL); +REGISTER_CRYPTO_LIB(LIB_NAME, init, verify_signature, verify_hash, NULL, NULL); diff --git a/include/drivers/auth/crypto_mod.h b/include/drivers/auth/crypto_mod.h index 3a23df4b7..498fdcb79 100644 --- a/include/drivers/auth/crypto_mod.h +++ b/include/drivers/auth/crypto_mod.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2015-2022, Arm Limited and Contributors. All rights reserved. + * Copyright (c) 2015-2023, Arm Limited and Contributors. All rights reserved. * * SPDX-License-Identifier: BSD-3-Clause */ @@ -74,6 +74,10 @@ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC #endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ + /* Convert Public key (optional) */ + int (*convert_pk)(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len); + /* * Authenticated decryption. Return one of the * 'enum crypto_ret_value' options. @@ -119,27 +123,32 @@ int crypto_mod_calc_hash(enum crypto_md_algo alg, void *data_ptr, #endif /* CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY || \ CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC */ +int crypto_mod_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len); + #if CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_AND_HASH_CALC /* Macro to register a cryptographic library */ #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ - _calc_hash, _auth_decrypt) \ + _calc_hash, _auth_decrypt, _convert_pk) \ const crypto_lib_desc_t crypto_lib_desc = { \ .name = _name, \ .init = _init, \ .verify_signature = _verify_signature, \ .verify_hash = _verify_hash, \ .calc_hash = _calc_hash, \ - .auth_decrypt = _auth_decrypt \ + .auth_decrypt = _auth_decrypt, \ + .convert_pk = _convert_pk \ } #elif CRYPTO_SUPPORT == CRYPTO_AUTH_VERIFY_ONLY #define REGISTER_CRYPTO_LIB(_name, _init, _verify_signature, _verify_hash, \ - _auth_decrypt) \ + _auth_decrypt, _convert_pk) \ const crypto_lib_desc_t crypto_lib_desc = { \ .name = _name, \ .init = _init, \ .verify_signature = _verify_signature, \ .verify_hash = _verify_hash, \ - .auth_decrypt = _auth_decrypt \ + .auth_decrypt = _auth_decrypt, \ + .convert_pk = _convert_pk \ } #elif CRYPTO_SUPPORT == CRYPTO_HASH_CALC_ONLY #define REGISTER_CRYPTO_LIB(_name, _init, _calc_hash) \ diff --git a/include/plat/common/platform.h b/include/plat/common/platform.h index 72d316018..d146a2945 100644 --- a/include/plat/common/platform.h +++ b/include/plat/common/platform.h @@ -352,8 +352,6 @@ int plat_get_nv_ctr(void *cookie, unsigned int *nv_ctr); int plat_set_nv_ctr(void *cookie, unsigned int nv_ctr); int plat_set_nv_ctr2(void *cookie, const struct auth_img_desc_s *img_desc, unsigned int nv_ctr); -int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, - void **hashed_pk_ptr, unsigned int *hash_pk_len); int get_mbedtls_heap_helper(void **heap_addr, size_t *heap_size); int plat_get_enc_key_info(enum fw_enc_status_t fw_enc_status, uint8_t *key, size_t *key_len, unsigned int *flags, diff --git a/plat/st/common/stm32mp_crypto_lib.c b/plat/st/common/stm32mp_crypto_lib.c index 0da00193a..373a00815 100644 --- a/plat/st/common/stm32mp_crypto_lib.c +++ b/plat/st/common/stm32mp_crypto_lib.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2022, STMicroelectronics - All Rights Reserved + * Copyright (c) 2022-2023, STMicroelectronics - All Rights Reserved * * SPDX-License-Identifier: BSD-3-Clause */ @@ -167,8 +167,8 @@ uint32_t verify_signature(uint8_t *hash_in, uint8_t *pubkey_in, return ret; } -int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, - void **hashed_pk_ptr, unsigned int *hashed_pk_len) +static int crypto_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len) { return get_plain_pk_from_asn1(full_pk_ptr, full_pk_len, hashed_pk_ptr, hashed_pk_len, NULL); } @@ -220,8 +220,8 @@ static uint32_t verify_signature(uint8_t *hash_in, uint8_t *pubkey_in, return 0; } -int plat_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, - void **hashed_pk_ptr, unsigned int *hashed_pk_len) +static int crypto_convert_pk(void *full_pk_ptr, unsigned int full_pk_len, + void **hashed_pk_ptr, unsigned int *hashed_pk_len) { static uint8_t st_pk[CRYPTO_PUBKEY_MAX_SIZE + sizeof(uint32_t)]; int ret; @@ -650,13 +650,14 @@ REGISTER_CRYPTO_LIB("stm32_crypto_lib", crypto_lib_init, crypto_verify_signature, crypto_verify_hash, - crypto_auth_decrypt); + crypto_auth_decrypt, + crypto_convert_pk); #else /* No decryption support */ REGISTER_CRYPTO_LIB("stm32_crypto_lib", crypto_lib_init, crypto_verify_signature, crypto_verify_hash, - NULL); - + NULL, + crypto_convert_pk); #endif -- 2.39.5