TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / shared / psa-adac / 381aa15956845b51a1e0be47a44a45d15a2bc612 / . / psa_crypto / adac_crypto_psa_pk.c
blob: 05b1c2abf5a81d9e43aa9294d82a2ebb5a04957f [file] [log] [blame]
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]1/*
Mathias Brossard6cff9c22025-02-19 22:25:51 -0600[diff] [blame]2 * Copyright (c) 2020-2025, Arm Limited. All rights reserved.
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#include "adac_crypto_psa.h"
9#include "psa_adac_debug.h"
10#include "psa_adac_config.h"
11
12#include <string.h>
13
Maulik Patelbc39ded2024-11-19 11:08:40 +0000[diff] [blame]14#ifdef ADAC_STATIC_PUB_KEYS
15/* Since thin psa crypto layer in BL2 does not copy the key data, statically
16 * allocate key buffer
17 */
18#define ADAC_STATIC static
19#else
20#define ADAC_STATIC
21#endif /* ADAC_STATIC_PUB_KEYS */
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]22
23#if defined(PSA_ADAC_RSA3072) || defined(PSA_ADAC_RSA4096)
24#define ENCODED_EXPONENT_SIZE 5U
25static const uint8_t encoded_exponent[ENCODED_EXPONENT_SIZE] =
26 {0x02, 0x03, 0x01, 0x00, 0x01};
27#endif
28
29#ifdef PSA_ADAC_RSA3072
30
31#define RSA3072_HEADER_SIZE 8U
32#define RSA3072_KEY_SIZE 384U /* 3072 bits */
33#define RSA3072_ENCODED_PUB_KEY_SIZE (RSA3072_HEADER_SIZE + \
34 RSA3072_KEY_SIZE + \
35 ENCODED_EXPONENT_SIZE)
36
37/* If MSB of the unsigned modulus is set, then an extra byte (0x00) needs to be
38 * inserted before modulus
39 */
40#define RSA3072_ENCODED_PUB_KEY_MAX_SIZE (RSA3072_ENCODED_PUB_KEY_SIZE + 1U)
41
42static const uint8_t rsa3072_header[RSA3072_HEADER_SIZE] = {
43 0x30, /* Start of sequence */
44 0x82, /* Length field indicator */
45 0x01, 0x89, /* 0x189 (hex) or 393 (dec) bytes is length of data to follow */
46 0x02, /* Integer tag */
47 0x82, /* Length field indicator */
48 0x01, 0x80 /* 0x180 (hex) or 384 (dec) bytes modulus size */
49};
50
51/* RFC3279 Section 2.3.1 - For rsa public keys, it expects key format as DER
52 * encoding of the representation defined by Algorithms and IDs for
53 * Internet X.509 PKI Certificate & CRL Profile
54 */
55static psa_status_t load_rsa_3072_public_key(uint8_t *key,
56 size_t key_size,
57 psa_key_handle_t *handle)
58{
59 psa_status_t ret;
Maulik Patelbc39ded2024-11-19 11:08:40 +0000[diff] [blame]60 ADAC_STATIC uint8_t pub_key[RSA3072_ENCODED_PUB_KEY_MAX_SIZE];
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]61 size_t offset = RSA3072_HEADER_SIZE;
62 size_t pub_size = RSA3072_ENCODED_PUB_KEY_SIZE;
63
64 if (key_size == RSA_3072_PUBLIC_KEY_SIZE) {
65 /* Copy the header */
66 (void) memcpy(pub_key, rsa3072_header, sizeof(rsa3072_header));
67
68 /* If MSB is set, modulus need to be prefixed by 0x00 value */
69 if ((key[0] & (uint8_t) 0x80U) != 0x00U) {
70 /* Insert 0x00 after header */
71 pub_key[offset] = 0x00;
72 /* Increase the lengths by 1 */
73 pub_key[3] = 0x8aU;
74 pub_key[7] = 0x81U;
75 offset += 1UL;
76 pub_size += 1UL;
77 }
78
79 (void) memcpy(&(pub_key[offset]), key, RSA_3072_PUBLIC_KEY_SIZE);
80 offset += RSA_3072_PUBLIC_KEY_SIZE;
81 (void) memcpy(&(pub_key[offset]), encoded_exponent,
82 sizeof(encoded_exponent));
83
84 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
85 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
86 psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
87 psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH));
88 psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
89 psa_set_key_bits(&attributes, 3072);
90
91 ret = psa_import_key(&attributes, pub_key, pub_size, handle);
92 } else {
93 ret = PSA_ERROR_INVALID_ARGUMENT;
94 }
95
96 return ret;
97}
98
99#endif /* PSA_ADAC_RSA3072 */
100
101#ifdef PSA_ADAC_RSA4096
102
103#define RSA4096_HEADER_SIZE 8U
104#define RSA4096_KEY_SIZE 512U /* 4096 bits */
105#define RSA4096_ENCODED_PUB_KEY_SIZE (RSA4096_HEADER_SIZE + \
106 RSA4096_KEY_SIZE + \
107 ENCODED_EXPONENT_SIZE)
108
109/* If MSB of the unsigned modulus is set, then an extra byte (0x00) needs to be
110 * inserted before modulus
111 */
112#define RSA4096_ENCODED_PUB_KEY_MAX_SIZE (RSA4096_ENCODED_PUB_KEY_SIZE + 1U)
113
114static const uint8_t rsa4096_header[RSA4096_HEADER_SIZE] = {
115 0x30, /* Start of sequence */
116 0x82, /* Length field indicator */
117 0x02, 0x09, /* 0x209 (hex) or 521 (dec) bytes is length of data to follow */
118 0x02, /* Integer tag */
119 0x82, /* Length field indicator */
120 0x02, 0x00 /* 0x200 (hex) or 512 (dec) bytes modulus size */
121};
122
123/* RFC3279 Section 2.3.1 - For rsa public keys, it expects key format as DER
124 * encoding of the representation defined by Algorithms and IDs for
125 * Internet X.509 PKI Certificate & CRL Profile
126 */
127static psa_status_t load_rsa_4096_public_key(uint8_t *key,
128 size_t key_size,
129 psa_key_handle_t *handle)
130{
131 psa_status_t ret;
Maulik Patelbc39ded2024-11-19 11:08:40 +0000[diff] [blame]132 ADAC_STATIC uint8_t pub_key[RSA4096_ENCODED_PUB_KEY_MAX_SIZE];
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]133 size_t offset = RSA4096_HEADER_SIZE;
134 size_t pub_size = RSA4096_ENCODED_PUB_KEY_SIZE;
135
136 if (RSA_4096_PUBLIC_KEY_SIZE == key_size) {
137
138 /* Copy the header */
139 (void) memcpy(pub_key, rsa4096_header, sizeof(rsa4096_header));
140
141 /* If MSB is set, modulus need to be prefixed by 0x00 value */
142 if ((key[0] & (uint8_t) 0x80) != 0x00U) {
143 /* Insert 0x00 after header */
144 pub_key[offset] = 0x00;
145 /* Increase the lengths by 1 */
146 pub_key[3] = 0x0a;
147 pub_key[7] = 0x01;
148 offset += 1UL;
149 pub_size += 1UL;
150 }
151
152 (void) memcpy(&(pub_key[offset]), key, RSA_4096_PUBLIC_KEY_SIZE);
153 offset += RSA_4096_PUBLIC_KEY_SIZE;
154 (void) memcpy(&(pub_key[offset]), encoded_exponent,
155 sizeof(encoded_exponent));
156
157 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
158 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
159 psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
160 psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH));
161 psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
162 psa_set_key_bits(&attributes, 4096);
163
164 ret = psa_import_key(&attributes, pub_key, pub_size, handle);
165 } else {
166 ret = PSA_ERROR_INVALID_ARGUMENT;
167 }
168
169 return ret;
170}
171
172#endif /* PSA_ADAC_RSA4096 */
173
174#ifdef PSA_ADAC_EC_P256
175
176static psa_status_t load_ecdsa_p256_public_key(uint8_t *key,
177 size_t key_size,
178 psa_key_handle_t *handle)
179{
180 psa_status_t ret;
Maulik Patelbc39ded2024-11-19 11:08:40 +0000[diff] [blame]181 ADAC_STATIC uint8_t pub_key[ECDSA_P256_PUBLIC_KEY_SIZE + 1] = {0x04};
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]182
183 if (ECDSA_P256_PUBLIC_KEY_SIZE == key_size) {
184
185 (void) memcpy(&(pub_key[1]), key, ECDSA_P256_PUBLIC_KEY_SIZE);
186 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
187 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
188 psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
189 psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
190 psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
191 psa_set_key_bits(&attributes, 256);
192
193 ret = psa_import_key(&attributes, pub_key, sizeof(pub_key), handle);
194 } else {
195
196 ret = PSA_ERROR_INVALID_ARGUMENT;
197 }
198
199 return ret;
200}
201
202#endif /* PSA_ADAC_EC_P256 */
203
Mathias Brossard6cff9c22025-02-19 22:25:51 -0600[diff] [blame]204#ifdef PSA_ADAC_EC_P384
205
206static psa_status_t load_ecdsa_p384_public_key(uint8_t *key,
207 size_t key_size,
208 psa_key_handle_t *handle)
209{
210 psa_status_t ret;
211 ADAC_STATIC uint8_t pub_key[ECDSA_P384_PUBLIC_KEY_SIZE + 1] = {0x04};
212
213 if (ECDSA_P384_PUBLIC_KEY_SIZE == key_size) {
214
215 (void) memcpy(&(pub_key[1]), key, ECDSA_P384_PUBLIC_KEY_SIZE);
216 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
217 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
218 psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
219 psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_384));
220 psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
221 psa_set_key_bits(&attributes, 384);
222
223 ret = psa_import_key(&attributes, pub_key, sizeof(pub_key), handle);
224 } else {
225
226 ret = PSA_ERROR_INVALID_ARGUMENT;
227 }
228
229 return ret;
230}
231
232#endif /* PSA_ADAC_EC_P384 */
233
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]234#ifdef PSA_ADAC_EC_P521
235
236static psa_status_t load_ecdsa_p521_public_key(uint8_t *key,
237 size_t key_size,
238 psa_key_handle_t *handle)
239{
240 psa_status_t ret;
Maulik Patelbc39ded2024-11-19 11:08:40 +0000[diff] [blame]241 ADAC_STATIC uint8_t pub_key[ECDSA_P521_PUBLIC_KEY_SIZE + 1] = {0x04};
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]242
243 if (ECDSA_P521_PUBLIC_KEY_SIZE == key_size) {
244
245 (void) memcpy(&(pub_key[1]), key, ECDSA_P521_PUBLIC_KEY_SIZE);
246 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
247 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
248 psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
249 psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_512));
250 psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
251 psa_set_key_bits(&attributes, 521);
252
253 ret = psa_import_key(&attributes, pub_key, sizeof(pub_key), handle);
254 } else {
255 ret = PSA_ERROR_INVALID_ARGUMENT;
256 }
257
258 return ret;
259}
260
261#endif /* PSA_ADAC_EC_P521 */
262
263psa_status_t psa_adac_load_public_key(uint8_t key_type,
264 uint8_t *key,
265 size_t key_size,
266 psa_key_handle_t *handle)
267{
268 psa_status_t ret = PSA_ERROR_NOT_SUPPORTED;
269
270 if (key_type == ECDSA_P256_SHA256) {
271#ifdef PSA_ADAC_EC_P256
272 PSA_ADAC_LOG_TRACE("psa-crypto", "Load EcdsaP256 Public-key\n");
273 ret = load_ecdsa_p256_public_key(key, key_size, handle);
274#endif /* PSA_ADAC_EC_P256 */
Mathias Brossard6cff9c22025-02-19 22:25:51 -0600[diff] [blame]275 } else if (key_type == ECDSA_P384_SHA384) {
276#ifdef PSA_ADAC_EC_P384
277 PSA_ADAC_LOG_TRACE("psa-crypto", "Load EcdsaP384 Public-key\n");
278 ret = load_ecdsa_p384_public_key(key, key_size, handle);
279#endif /* PSA_ADAC_EC_P384 */
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]280 } else if (key_type == ECDSA_P521_SHA512) {
281#ifdef PSA_ADAC_EC_P521
282 PSA_ADAC_LOG_TRACE("psa-crypto", "Load EcdsaP521 Public-key\n");
283 ret = load_ecdsa_p521_public_key(key, key_size, handle);
284#endif /* PSA_ADAC_EC_P521 */
285 } else if (key_type == RSA_3072_SHA256) {
286#ifdef PSA_ADAC_RSA3072
287 PSA_ADAC_LOG_TRACE("psa-crypto", "Load Rsa3072 Public-key\n");
288 ret = load_rsa_3072_public_key(key, key_size, handle);
289#endif /* PSA_ADAC_RSA3072 */
290 } else if (key_type == RSA_4096_SHA256) {
291#ifdef PSA_ADAC_RSA4096
292 PSA_ADAC_LOG_TRACE("psa-crypto", "Load Rsa4096 Public-key\n");
293 ret = load_rsa_4096_public_key(key, key_size, handle);
294#endif /* PSA_ADAC_RSA4096 */
295 } else {
296 ret = PSA_ERROR_NOT_SUPPORTED;
297 }
298
299 return ret;
300}
301
302psa_status_t psa_adac_verify_signature(uint8_t key_type,
303 uint8_t *key,
304 size_t key_size,
305 psa_algorithm_t hash_algo,
306 const uint8_t *inputs[],
307 size_t input_sizes[],
308 size_t input_count,
309 psa_algorithm_t sig_algo,
310 uint8_t *sig, size_t sig_size)
311{
312 uint8_t hash[PSA_HASH_MAX_SIZE];
313 size_t hash_size;
314 psa_key_handle_t handle;
315 psa_status_t ret;
316
317 if ((PSA_ALG_IS_VENDOR_DEFINED(sig_algo) != 0) ||
318 (sig_algo == PSA_ALG_HMAC(PSA_ALG_SHA_256)) || (sig_algo == PSA_ALG_CMAC)) {
319 ret = psa_adac_verify_vendor(key_type, key, key_size, hash_algo,
320 inputs, input_sizes, input_count,
321 sig_algo, sig, sig_size);
322 } else {
323 ret = psa_adac_load_public_key(key_type, key, key_size, &handle);
324 if (PSA_SUCCESS != ret) {
325 PSA_ADAC_LOG_ERR("psa-crypto", "Error loading public key (%d)\n", ret);
326 } else {
327 ret = psa_adac_hash_multiple(hash_algo, inputs, input_sizes, input_count,
328 hash, sizeof(hash), &hash_size);
329 if (PSA_SUCCESS != ret) {
330 PSA_ADAC_LOG_ERR("psa-crypto", "Error hashing content (%d)\n", ret);
331 } else {
332 PSA_ADAC_LOG_TRACE("psa-crypto", "Verify signature\n");
333 ret = psa_verify_hash(handle, sig_algo, hash, hash_size, sig, sig_size);
334 PSA_ADAC_LOG_DEBUG("psa-crypto", "Signature verification %s\n",
335 (ret == PSA_SUCCESS) ? "successful" : "failed");
336 }
337
338 psa_destroy_key(handle);
339 }
340 }
341
342 return ret;
343}