diff options
Diffstat (limited to 'common/auth/polarssl/polarssl.c')
| -rw-r--r-- | common/auth/polarssl/polarssl.c | 583 |
1 files changed, 0 insertions, 583 deletions
diff --git a/common/auth/polarssl/polarssl.c b/common/auth/polarssl/polarssl.c deleted file mode 100644 index e099f50c..00000000 --- a/common/auth/polarssl/polarssl.c +++ /dev/null @@ -1,583 +0,0 @@ -/* - * Copyright (c) 2015, ARM Limited and Contributors. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions are met: - * - * Redistributions of source code must retain the above copyright notice, this - * list of conditions and the following disclaimer. - * - * Redistributions in binary form must reproduce the above copyright notice, - * this list of conditions and the following disclaimer in the documentation - * and/or other materials provided with the distribution. - * - * Neither the name of ARM nor the names of its contributors may be used - * to endorse or promote products derived from this software without specific - * prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" - * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE - * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR - * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF - * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS - * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN - * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE - * POSSIBILITY OF SUCH DAMAGE. - */ - -/* Authentication module based on PolarSSL */ - -#include <stddef.h> - -#include <assert.h> -#include <auth.h> -#include <debug.h> -#include <platform.h> -#include <platform_def.h> -#include <platform_oid.h> - -#include <polarssl/memory_buffer_alloc.h> -#include <polarssl/oid.h> -#include <polarssl/platform.h> -#include <polarssl/sha256.h> -#include <polarssl/x509_crt.h> - -/* - * At each authentication stage, the module is responsible for extracting and - * storing those elements (keys, hashes, etc.) that will be needed later on - * during the Trusted Boot process. - */ - -/* SHA256 algorithm */ -#define SHA_BYTES 32 - -/* - * An 8 KB stack has been proven to be enough for the current Trusted Boot - * process - */ -#define POLARSSL_HEAP_SIZE (8*1024) -static unsigned char heap[POLARSSL_HEAP_SIZE]; - -/* - * RSA public keys: - * SubjectPublicKeyInfo ::= SEQUENCE { 1 + 3 - * algorithm AlgorithmIdentifier, 1 + 1 (sequence) - * + 1 + 1 + 9 (rsa oid) - * + 1 + 1 (params null) - * subjectPublicKey BIT STRING } 1 + 3 + (1 + below) - * RSAPublicKey ::= SEQUENCE { 1 + 3 - * modulus INTEGER, -- n 1 + 3 + MPI_MAX + 1 - * publicExponent INTEGER -- e 1 + 3 + MPI_MAX + 1 - * } - * - * POLARSSL_MPI_MAX_SIZE is set to 256 bytes (RSA-2048 bit keys) in the - * configuration file - */ -#define RSA_PUB_DER_MAX_BYTES 38 + 2 * POLARSSL_MPI_MAX_SIZE - -/* - * Buffer for storing public keys extracted from certificates while they are - * verified - */ -static unsigned char pk_buf[RSA_PUB_DER_MAX_BYTES]; - -/* We use this variable to parse and authenticate the certificates */ -static x509_crt cert; - -/* BL specific variables */ -#if IMAGE_BL1 -static unsigned char sha_bl2[SHA_BYTES]; -#elif IMAGE_BL2 -/* Buffers to store the hash of BL3-x images */ -static unsigned char sha_bl30[SHA_BYTES]; -static unsigned char sha_bl31[SHA_BYTES]; -static unsigned char sha_bl32[SHA_BYTES]; -static unsigned char sha_bl33[SHA_BYTES]; -/* Buffers to store the Trusted and Non-Trusted world public keys */ -static unsigned char tz_world_pk[RSA_PUB_DER_MAX_BYTES]; -static unsigned char ntz_world_pk[RSA_PUB_DER_MAX_BYTES]; -static size_t tz_world_pk_len, ntz_world_pk_len; -/* Buffer to store the BL3-x public keys */ -static unsigned char content_pk[RSA_PUB_DER_MAX_BYTES]; -static size_t content_pk_len; -#endif - - -static int x509_get_crt_ext_data(const unsigned char **ext_data, - size_t *ext_len, - x509_crt *crt, - const char *oid) -{ - int ret; - size_t len; - unsigned char *end_ext_data, *end_ext_octet; - unsigned char *p; - const unsigned char *end; - char oid_str[64]; - - p = crt->v3_ext.p; - end = crt->v3_ext.p + crt->v3_ext.len; - - ret = asn1_get_tag(&p, end, &len, ASN1_CONSTRUCTED | ASN1_SEQUENCE); - if (ret != 0) - return POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret; - - if (end != p + len) - return POLARSSL_ERR_X509_INVALID_EXTENSIONS + - POLARSSL_ERR_ASN1_LENGTH_MISMATCH; - - while (p < end) { - /* - * Extension ::= SEQUENCE { - * extnID OBJECT IDENTIFIER, - * critical BOOLEAN DEFAULT FALSE, - * extnValue OCTET STRING } - */ - x509_buf extn_oid = {0, 0, NULL}; - int is_critical = 0; /* DEFAULT FALSE */ - - ret = asn1_get_tag(&p, end, &len, - ASN1_CONSTRUCTED | ASN1_SEQUENCE); - if (ret != 0) - return POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret; - - end_ext_data = p + len; - - /* Get extension ID */ - extn_oid.tag = *p; - - ret = asn1_get_tag(&p, end, &extn_oid.len, ASN1_OID); - if (ret != 0) - return POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret; - - extn_oid.p = p; - p += extn_oid.len; - - if ((end - p) < 1) - return POLARSSL_ERR_X509_INVALID_EXTENSIONS + - POLARSSL_ERR_ASN1_OUT_OF_DATA; - - /* Get optional critical */ - ret = asn1_get_bool(&p, end_ext_data, &is_critical); - if (ret != 0 && (ret != POLARSSL_ERR_ASN1_UNEXPECTED_TAG)) - return POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret; - - /* Data should be octet string type */ - ret = asn1_get_tag(&p, end_ext_data, &len, ASN1_OCTET_STRING); - if (ret != 0) - return POLARSSL_ERR_X509_INVALID_EXTENSIONS + ret; - - end_ext_octet = p + len; - - if (end_ext_octet != end_ext_data) - return POLARSSL_ERR_X509_INVALID_EXTENSIONS + - POLARSSL_ERR_ASN1_LENGTH_MISMATCH; - - /* Detect requested extension */ - oid_get_numeric_string(oid_str, 64, &extn_oid); - if (memcmp(oid, oid_str, sizeof(oid)) == 0) { - *ext_data = p; - *ext_len = len; - return 0; - } - - /* Next */ - p = end_ext_octet; - } - - if (p != end) - return POLARSSL_ERR_X509_INVALID_EXTENSIONS + - POLARSSL_ERR_ASN1_LENGTH_MISMATCH; - - return POLARSSL_ERR_X509_UNKNOWN_OID; -} - -#if IMAGE_BL1 -/* - * Parse and verify the BL2 certificate - * - * This function verifies the integrity of the BL2 certificate, checks that it - * has been signed with the ROT key and extracts the BL2 hash stored in the - * certificate so it can be matched later against the calculated hash. - * - * Return: 0 = success, Otherwise = error - */ -static int check_bl2_cert(unsigned char *buf, size_t len) -{ - const unsigned char *p; - size_t sz; - int err, flags; - - x509_crt_init(&cert); - - /* Parse the BL2 certificate */ - err = x509_crt_parse(&cert, buf, len); - if (err) { - ERROR("BL2 certificate parse error %d.\n", err); - goto error; - } - - /* Check that it has been signed with the ROT key */ - err = pk_write_pubkey_der(&cert.pk, pk_buf, sizeof(pk_buf)); - if (err < 0) { - ERROR("Error loading ROT key in DER format %d.\n", err); - goto error; - } - - sz = (size_t)err; - p = pk_buf + sizeof(pk_buf) - sz; - - err = plat_match_rotpk(p, sz); - if (err) { - ERROR("ROT and BL2 certificate key mismatch\n"); - goto error; - } - - /* Verify certificate */ - err = x509_crt_verify(&cert, &cert, NULL, NULL, &flags, NULL, NULL); - if (err) { - ERROR("BL2 certificate verification error %d. Flags: 0x%x.\n", - err, flags); - goto error; - } - - /* Extract BL2 image hash from certificate */ - err = x509_get_crt_ext_data(&p, &sz, &cert, BL2_HASH_OID); - if (err) { - ERROR("Cannot read BL2 hash from certificate\n"); - goto error; - } - - assert(sz == SHA_BYTES + 2); - - /* Skip the tag and length bytes and copy the hash */ - p += 2; - memcpy(sha_bl2, p, SHA_BYTES); - -error: - x509_crt_free(&cert); - - return err; -} -#endif /* IMAGE_BL1 */ - -#if IMAGE_BL2 -static int check_trusted_key_cert(unsigned char *buf, size_t len) -{ - const unsigned char *p; - size_t sz; - int err, flags; - - x509_crt_init(&cert); - - /* Parse the Trusted Key certificate */ - err = x509_crt_parse(&cert, buf, len); - if (err) { - ERROR("Trusted Key certificate parse error %d.\n", err); - goto error; - } - - /* Verify Trusted Key certificate */ - err = x509_crt_verify(&cert, &cert, NULL, NULL, &flags, NULL, NULL); - if (err) { - ERROR("Trusted Key certificate verification error %d. Flags: " - "0x%x.\n", err, flags); - goto error; - } - - /* Check that it has been signed with the ROT key */ - err = pk_write_pubkey_der(&cert.pk, pk_buf, sizeof(pk_buf)); - if (err < 0) { - ERROR("Error loading ROT key in DER format %d.\n", err); - goto error; - } - - sz = (size_t)err; - p = pk_buf + sizeof(pk_buf) - sz; - - if (plat_match_rotpk(p, sz)) { - ERROR("ROT and Trusted Key certificate key mismatch\n"); - goto error; - } - - /* Extract Trusted World key from extensions */ - err = x509_get_crt_ext_data(&p, &tz_world_pk_len, - &cert, TZ_WORLD_PK_OID); - if (err) { - ERROR("Cannot read Trusted World key\n"); - goto error; - } - - assert(tz_world_pk_len <= RSA_PUB_DER_MAX_BYTES); - memcpy(tz_world_pk, p, tz_world_pk_len); - - /* Extract Non-Trusted World key from extensions */ - err = x509_get_crt_ext_data(&p, &ntz_world_pk_len, - &cert, NTZ_WORLD_PK_OID); - if (err) { - ERROR("Cannot read Non-Trusted World key\n"); - goto error; - } - - assert(tz_world_pk_len <= RSA_PUB_DER_MAX_BYTES); - memcpy(ntz_world_pk, p, ntz_world_pk_len); - -error: - x509_crt_free(&cert); - - return err; -} - -static int check_bl3x_key_cert(const unsigned char *buf, size_t len, - const unsigned char *i_key, size_t i_key_len, - unsigned char *s_key, size_t *s_key_len, - const char *key_oid) -{ - const unsigned char *p; - size_t sz; - int err, flags; - - x509_crt_init(&cert); - - /* Parse key certificate */ - err = x509_crt_parse(&cert, buf, len); - if (err) { - ERROR("Key certificate parse error %d.\n", err); - goto error; - } - - /* Verify certificate */ - err = x509_crt_verify(&cert, &cert, NULL, NULL, &flags, NULL, NULL); - if (err) { - ERROR("Key certificate verification error %d. Flags: " - "0x%x.\n", err, flags); - goto error; - } - - /* Check that the certificate has been signed by the issuer */ - err = pk_write_pubkey_der(&cert.pk, pk_buf, sizeof(pk_buf)); - if (err < 0) { - ERROR("Error loading key in DER format %d.\n", err); - goto error; - } - - sz = (size_t)err; - p = pk_buf + sizeof(pk_buf) - sz; - if ((sz != i_key_len) || memcmp(p, i_key, sz)) { - ERROR("Key certificate not signed with issuer key\n"); - err = 1; - goto error; - } - - /* Get the content certificate key */ - err = x509_get_crt_ext_data(&p, &sz, &cert, key_oid); - if (err) { - ERROR("Extension %s not found in Key certificate\n", key_oid); - goto error; - } - - assert(sz <= RSA_PUB_DER_MAX_BYTES); - memcpy(s_key, p, sz); - *s_key_len = sz; - -error: - x509_crt_free(&cert); - - return err; -} - -static int check_bl3x_cert(unsigned char *buf, size_t len, - const unsigned char *i_key, size_t i_key_len, - const char *hash_oid, unsigned char *sha) -{ - const unsigned char *p; - size_t sz; - int err, flags; - - x509_crt_init(&cert); - - /* Parse BL31 content certificate */ - err = x509_crt_parse(&cert, buf, len); - if (err) { - ERROR("Content certificate parse error %d.\n", err); - goto error; - } - - /* Verify certificate */ - err = x509_crt_verify(&cert, &cert, NULL, NULL, &flags, NULL, NULL); - if (err) { - ERROR("Content certificate verification error %d. Flags: " - "0x%x.\n", err, flags); - goto error; - } - - /* Check that content certificate has been signed with the content - * certificate key corresponding to this image */ - sz = pk_write_pubkey_der(&cert.pk, pk_buf, sizeof(pk_buf)); - p = pk_buf + sizeof(pk_buf) - sz; - - if ((sz != i_key_len) || memcmp(p, i_key, sz)) { - ERROR("Content certificate not signed with content " - "certificate key\n"); - err = 1; - goto error; - } - - /* Extract image hash from certificate */ - err = x509_get_crt_ext_data(&p, &sz, &cert, hash_oid); - if (err) { - ERROR("Cannot read hash from certificate\n"); - goto error; - } - - assert(sz == SHA_BYTES + 2); - - /* Skip the tag and length bytes and copy the hash */ - p += 2; - memcpy(sha, p, SHA_BYTES); - -error: - x509_crt_free(&cert); - - return err; -} -#endif /* IMAGE_BL2 */ - -/* - * Calculate the hash of the image and check it against the hash extracted - * previously from the certificate - * - * Parameters: - * buf: buffer where image is loaded - * len: size of the image - * sha: matching hash (extracted from the image certificate) - * - * Return: 0 = match, Otherwise = mismatch - */ -static int check_bl_img(unsigned char *buf, size_t len, - const unsigned char *sha) -{ - unsigned char img_sha[SHA_BYTES]; - - /* Calculate the hash of the image */ - sha256(buf, len, img_sha, 0); - - /* Match the hash with the one extracted from the certificate */ - if (memcmp(img_sha, sha, SHA_BYTES)) { - ERROR("Image hash mismatch\n"); - return 1; - } - - return 0; -} - -/* - * Object verification function - * - * The id parameter will indicate the expected format of the object - * (certificate, image, etc). - * - * Return: 0 = success, Otherwise = error - */ -static int polarssl_mod_verify(unsigned int id, uintptr_t obj, size_t len) -{ - int ret; - - switch (id) { -#if IMAGE_BL1 - case AUTH_BL2_IMG_CERT: - ret = check_bl2_cert((unsigned char *)obj, len); - break; - case AUTH_BL2_IMG: - ret = check_bl_img((unsigned char *)obj, len, sha_bl2); - break; -#endif /* IMAGE_BL1 */ - -#if IMAGE_BL2 - case AUTH_TRUSTED_KEY_CERT: - ret = check_trusted_key_cert((unsigned char *)obj, len); - break; - case AUTH_BL30_KEY_CERT: - ret = check_bl3x_key_cert((unsigned char *)obj, len, - tz_world_pk, tz_world_pk_len, - content_pk, &content_pk_len, - BL30_CONTENT_CERT_PK_OID); - break; - case AUTH_BL31_KEY_CERT: - ret = check_bl3x_key_cert((unsigned char *)obj, len, - tz_world_pk, tz_world_pk_len, - content_pk, &content_pk_len, - BL31_CONTENT_CERT_PK_OID); - break; - case AUTH_BL32_KEY_CERT: - ret = check_bl3x_key_cert((unsigned char *)obj, len, - tz_world_pk, tz_world_pk_len, - content_pk, &content_pk_len, - BL32_CONTENT_CERT_PK_OID); - break; - case AUTH_BL33_KEY_CERT: - ret = check_bl3x_key_cert((unsigned char *)obj, len, - ntz_world_pk, ntz_world_pk_len, - content_pk, &content_pk_len, - BL33_CONTENT_CERT_PK_OID); - break; - case AUTH_BL30_IMG_CERT: - ret = check_bl3x_cert((unsigned char *)obj, len, - content_pk, content_pk_len, - BL30_HASH_OID, sha_bl30); - break; - case AUTH_BL31_IMG_CERT: - ret = check_bl3x_cert((unsigned char *)obj, len, - content_pk, content_pk_len, - BL31_HASH_OID, sha_bl31); - break; - case AUTH_BL32_IMG_CERT: - ret = check_bl3x_cert((unsigned char *)obj, len, - content_pk, content_pk_len, - BL32_HASH_OID, sha_bl32); - break; - case AUTH_BL33_IMG_CERT: - ret = check_bl3x_cert((unsigned char *)obj, len, - content_pk, content_pk_len, - BL33_HASH_OID, sha_bl33); - break; - case AUTH_BL30_IMG: - ret = check_bl_img((unsigned char *)obj, len, sha_bl30); - break; - case AUTH_BL31_IMG: - ret = check_bl_img((unsigned char *)obj, len, sha_bl31); - break; - case AUTH_BL32_IMG: - ret = check_bl_img((unsigned char *)obj, len, sha_bl32); - break; - case AUTH_BL33_IMG: - ret = check_bl_img((unsigned char *)obj, len, sha_bl33); - break; -#endif /* IMAGE_BL2 */ - default: - ret = -1; - break; - } - - return ret; -} - -/* - * Module initialization function - * - * Return: 0 = success, Otherwise = error - */ -static int polarssl_mod_init(void) -{ - /* Initialize the PolarSSL heap */ - return memory_buffer_alloc_init(heap, POLARSSL_HEAP_SIZE); -} - -const auth_mod_t auth_mod = { - .name = "PolarSSL", - .init = polarssl_mod_init, - .verify = polarssl_mod_verify -}; |