TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / shared / psa-adac / bc39ded227e406003934f43cef069c4118bd5961 / . / psa_crypto / adac_crypto_psa_pk.c
blob: b5dab4bdf4c8149e916735a97771af854c86c405 [file] [log] [blame]
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]1/*
Maulik Patelbc39ded2024-11-19 11:08:40 +0000[diff] [blame^]2 * Copyright (c) 2020-2024, Arm Limited. All rights reserved.
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 *
6 */
7
8#include "adac_crypto_psa.h"
9#include "psa_adac_debug.h"
10#include "psa_adac_config.h"
11
12#include <string.h>
13
Maulik Patelbc39ded2024-11-19 11:08:40 +0000[diff] [blame^]14#ifdef ADAC_STATIC_PUB_KEYS
15/* Since thin psa crypto layer in BL2 does not copy the key data, statically
16 * allocate key buffer
17 */
18#define ADAC_STATIC static
19#else
20#define ADAC_STATIC
21#endif /* ADAC_STATIC_PUB_KEYS */
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]22
23#if defined(PSA_ADAC_RSA3072) || defined(PSA_ADAC_RSA4096)
24#define ENCODED_EXPONENT_SIZE 5U
25static const uint8_t encoded_exponent[ENCODED_EXPONENT_SIZE] =
26 {0x02, 0x03, 0x01, 0x00, 0x01};
27#endif
28
29#ifdef PSA_ADAC_RSA3072
30
31#define RSA3072_HEADER_SIZE 8U
32#define RSA3072_KEY_SIZE 384U /* 3072 bits */
33#define RSA3072_ENCODED_PUB_KEY_SIZE (RSA3072_HEADER_SIZE + \
34 RSA3072_KEY_SIZE + \
35 ENCODED_EXPONENT_SIZE)
36
37/* If MSB of the unsigned modulus is set, then an extra byte (0x00) needs to be
38 * inserted before modulus
39 */
40#define RSA3072_ENCODED_PUB_KEY_MAX_SIZE (RSA3072_ENCODED_PUB_KEY_SIZE + 1U)
41
42static const uint8_t rsa3072_header[RSA3072_HEADER_SIZE] = {
43 0x30, /* Start of sequence */
44 0x82, /* Length field indicator */
45 0x01, 0x89, /* 0x189 (hex) or 393 (dec) bytes is length of data to follow */
46 0x02, /* Integer tag */
47 0x82, /* Length field indicator */
48 0x01, 0x80 /* 0x180 (hex) or 384 (dec) bytes modulus size */
49};
50
51/* RFC3279 Section 2.3.1 - For rsa public keys, it expects key format as DER
52 * encoding of the representation defined by Algorithms and IDs for
53 * Internet X.509 PKI Certificate & CRL Profile
54 */
55static psa_status_t load_rsa_3072_public_key(uint8_t *key,
56 size_t key_size,
57 psa_key_handle_t *handle)
58{
59 psa_status_t ret;
Maulik Patelbc39ded2024-11-19 11:08:40 +0000[diff] [blame^]60 ADAC_STATIC uint8_t pub_key[RSA3072_ENCODED_PUB_KEY_MAX_SIZE];
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]61 size_t offset = RSA3072_HEADER_SIZE;
62 size_t pub_size = RSA3072_ENCODED_PUB_KEY_SIZE;
63
64 if (key_size == RSA_3072_PUBLIC_KEY_SIZE) {
65 /* Copy the header */
66 (void) memcpy(pub_key, rsa3072_header, sizeof(rsa3072_header));
67
68 /* If MSB is set, modulus need to be prefixed by 0x00 value */
69 if ((key[0] & (uint8_t) 0x80U) != 0x00U) {
70 /* Insert 0x00 after header */
71 pub_key[offset] = 0x00;
72 /* Increase the lengths by 1 */
73 pub_key[3] = 0x8aU;
74 pub_key[7] = 0x81U;
75 offset += 1UL;
76 pub_size += 1UL;
77 }
78
79 (void) memcpy(&(pub_key[offset]), key, RSA_3072_PUBLIC_KEY_SIZE);
80 offset += RSA_3072_PUBLIC_KEY_SIZE;
81 (void) memcpy(&(pub_key[offset]), encoded_exponent,
82 sizeof(encoded_exponent));
83
84 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
85 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
86 psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
87 psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH));
88 psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
89 psa_set_key_bits(&attributes, 3072);
90
91 ret = psa_import_key(&attributes, pub_key, pub_size, handle);
92 } else {
93 ret = PSA_ERROR_INVALID_ARGUMENT;
94 }
95
96 return ret;
97}
98
99#endif /* PSA_ADAC_RSA3072 */
100
101#ifdef PSA_ADAC_RSA4096
102
103#define RSA4096_HEADER_SIZE 8U
104#define RSA4096_KEY_SIZE 512U /* 4096 bits */
105#define RSA4096_ENCODED_PUB_KEY_SIZE (RSA4096_HEADER_SIZE + \
106 RSA4096_KEY_SIZE + \
107 ENCODED_EXPONENT_SIZE)
108
109/* If MSB of the unsigned modulus is set, then an extra byte (0x00) needs to be
110 * inserted before modulus
111 */
112#define RSA4096_ENCODED_PUB_KEY_MAX_SIZE (RSA4096_ENCODED_PUB_KEY_SIZE + 1U)
113
114static const uint8_t rsa4096_header[RSA4096_HEADER_SIZE] = {
115 0x30, /* Start of sequence */
116 0x82, /* Length field indicator */
117 0x02, 0x09, /* 0x209 (hex) or 521 (dec) bytes is length of data to follow */
118 0x02, /* Integer tag */
119 0x82, /* Length field indicator */
120 0x02, 0x00 /* 0x200 (hex) or 512 (dec) bytes modulus size */
121};
122
123/* RFC3279 Section 2.3.1 - For rsa public keys, it expects key format as DER
124 * encoding of the representation defined by Algorithms and IDs for
125 * Internet X.509 PKI Certificate & CRL Profile
126 */
127static psa_status_t load_rsa_4096_public_key(uint8_t *key,
128 size_t key_size,
129 psa_key_handle_t *handle)
130{
131 psa_status_t ret;
Maulik Patelbc39ded2024-11-19 11:08:40 +0000[diff] [blame^]132 ADAC_STATIC uint8_t pub_key[RSA4096_ENCODED_PUB_KEY_MAX_SIZE];
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]133 size_t offset = RSA4096_HEADER_SIZE;
134 size_t pub_size = RSA4096_ENCODED_PUB_KEY_SIZE;
135
136 if (RSA_4096_PUBLIC_KEY_SIZE == key_size) {
137
138 /* Copy the header */
139 (void) memcpy(pub_key, rsa4096_header, sizeof(rsa4096_header));
140
141 /* If MSB is set, modulus need to be prefixed by 0x00 value */
142 if ((key[0] & (uint8_t) 0x80) != 0x00U) {
143 /* Insert 0x00 after header */
144 pub_key[offset] = 0x00;
145 /* Increase the lengths by 1 */
146 pub_key[3] = 0x0a;
147 pub_key[7] = 0x01;
148 offset += 1UL;
149 pub_size += 1UL;
150 }
151
152 (void) memcpy(&(pub_key[offset]), key, RSA_4096_PUBLIC_KEY_SIZE);
153 offset += RSA_4096_PUBLIC_KEY_SIZE;
154 (void) memcpy(&(pub_key[offset]), encoded_exponent,
155 sizeof(encoded_exponent));
156
157 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
158 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
159 psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_PUBLIC_KEY);
160 psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PSS(PSA_ALG_ANY_HASH));
161 psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
162 psa_set_key_bits(&attributes, 4096);
163
164 ret = psa_import_key(&attributes, pub_key, pub_size, handle);
165 } else {
166 ret = PSA_ERROR_INVALID_ARGUMENT;
167 }
168
169 return ret;
170}
171
172#endif /* PSA_ADAC_RSA4096 */
173
174#ifdef PSA_ADAC_EC_P256
175
176static psa_status_t load_ecdsa_p256_public_key(uint8_t *key,
177 size_t key_size,
178 psa_key_handle_t *handle)
179{
180 psa_status_t ret;
Maulik Patelbc39ded2024-11-19 11:08:40 +0000[diff] [blame^]181 ADAC_STATIC uint8_t pub_key[ECDSA_P256_PUBLIC_KEY_SIZE + 1] = {0x04};
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]182
183 if (ECDSA_P256_PUBLIC_KEY_SIZE == key_size) {
184
185 (void) memcpy(&(pub_key[1]), key, ECDSA_P256_PUBLIC_KEY_SIZE);
186 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
187 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
188 psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
189 psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
190 psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
191 psa_set_key_bits(&attributes, 256);
192
193 ret = psa_import_key(&attributes, pub_key, sizeof(pub_key), handle);
194 } else {
195
196 ret = PSA_ERROR_INVALID_ARGUMENT;
197 }
198
199 return ret;
200}
201
202#endif /* PSA_ADAC_EC_P256 */
203
204#ifdef PSA_ADAC_EC_P521
205
206static psa_status_t load_ecdsa_p521_public_key(uint8_t *key,
207 size_t key_size,
208 psa_key_handle_t *handle)
209{
210 psa_status_t ret;
Maulik Patelbc39ded2024-11-19 11:08:40 +0000[diff] [blame^]211 ADAC_STATIC uint8_t pub_key[ECDSA_P521_PUBLIC_KEY_SIZE + 1] = {0x04};
Maulik Patel5204dc02023-11-08 08:36:31 +0000[diff] [blame]212
213 if (ECDSA_P521_PUBLIC_KEY_SIZE == key_size) {
214
215 (void) memcpy(&(pub_key[1]), key, ECDSA_P521_PUBLIC_KEY_SIZE);
216 psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
217 psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_VERIFY_HASH);
218 psa_set_key_type(&attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
219 psa_set_key_algorithm(&attributes, PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_512));
220 psa_set_key_lifetime(&attributes, PSA_KEY_LIFETIME_VOLATILE);
221 psa_set_key_bits(&attributes, 521);
222
223 ret = psa_import_key(&attributes, pub_key, sizeof(pub_key), handle);
224 } else {
225 ret = PSA_ERROR_INVALID_ARGUMENT;
226 }
227
228 return ret;
229}
230
231#endif /* PSA_ADAC_EC_P521 */
232
233psa_status_t psa_adac_load_public_key(uint8_t key_type,
234 uint8_t *key,
235 size_t key_size,
236 psa_key_handle_t *handle)
237{
238 psa_status_t ret = PSA_ERROR_NOT_SUPPORTED;
239
240 if (key_type == ECDSA_P256_SHA256) {
241#ifdef PSA_ADAC_EC_P256
242 PSA_ADAC_LOG_TRACE("psa-crypto", "Load EcdsaP256 Public-key\n");
243 ret = load_ecdsa_p256_public_key(key, key_size, handle);
244#endif /* PSA_ADAC_EC_P256 */
245 } else if (key_type == ECDSA_P521_SHA512) {
246#ifdef PSA_ADAC_EC_P521
247 PSA_ADAC_LOG_TRACE("psa-crypto", "Load EcdsaP521 Public-key\n");
248 ret = load_ecdsa_p521_public_key(key, key_size, handle);
249#endif /* PSA_ADAC_EC_P521 */
250 } else if (key_type == RSA_3072_SHA256) {
251#ifdef PSA_ADAC_RSA3072
252 PSA_ADAC_LOG_TRACE("psa-crypto", "Load Rsa3072 Public-key\n");
253 ret = load_rsa_3072_public_key(key, key_size, handle);
254#endif /* PSA_ADAC_RSA3072 */
255 } else if (key_type == RSA_4096_SHA256) {
256#ifdef PSA_ADAC_RSA4096
257 PSA_ADAC_LOG_TRACE("psa-crypto", "Load Rsa4096 Public-key\n");
258 ret = load_rsa_4096_public_key(key, key_size, handle);
259#endif /* PSA_ADAC_RSA4096 */
260 } else {
261 ret = PSA_ERROR_NOT_SUPPORTED;
262 }
263
264 return ret;
265}
266
267psa_status_t psa_adac_verify_signature(uint8_t key_type,
268 uint8_t *key,
269 size_t key_size,
270 psa_algorithm_t hash_algo,
271 const uint8_t *inputs[],
272 size_t input_sizes[],
273 size_t input_count,
274 psa_algorithm_t sig_algo,
275 uint8_t *sig, size_t sig_size)
276{
277 uint8_t hash[PSA_HASH_MAX_SIZE];
278 size_t hash_size;
279 psa_key_handle_t handle;
280 psa_status_t ret;
281
282 if ((PSA_ALG_IS_VENDOR_DEFINED(sig_algo) != 0) ||
283 (sig_algo == PSA_ALG_HMAC(PSA_ALG_SHA_256)) || (sig_algo == PSA_ALG_CMAC)) {
284 ret = psa_adac_verify_vendor(key_type, key, key_size, hash_algo,
285 inputs, input_sizes, input_count,
286 sig_algo, sig, sig_size);
287 } else {
288 ret = psa_adac_load_public_key(key_type, key, key_size, &handle);
289 if (PSA_SUCCESS != ret) {
290 PSA_ADAC_LOG_ERR("psa-crypto", "Error loading public key (%d)\n", ret);
291 } else {
292 ret = psa_adac_hash_multiple(hash_algo, inputs, input_sizes, input_count,
293 hash, sizeof(hash), &hash_size);
294 if (PSA_SUCCESS != ret) {
295 PSA_ADAC_LOG_ERR("psa-crypto", "Error hashing content (%d)\n", ret);
296 } else {
297 PSA_ADAC_LOG_TRACE("psa-crypto", "Verify signature\n");
298 ret = psa_verify_hash(handle, sig_algo, hash, hash_size, sig, sig_size);
299 PSA_ADAC_LOG_DEBUG("psa-crypto", "Signature verification %s\n",
300 (ret == PSA_SUCCESS) ? "successful" : "failed");
301 }
302
303 psa_destroy_key(handle);
304 }
305 }
306
307 return ret;
308}