drivers/nxp/auth/csf_hdr_parser/csf_hdr_parser.c - trusted-firmware-a - Git at Google

 /*
  * Copyright (c) 2014-2016, Freescale Semiconductor, Inc.
  * Copyright 2017-2021 NXP
  *
  * SPDX-License-Identifier: BSD-3-Clause
  *
  */

 #include <assert.h>
 #include <stddef.h>
 #include <stdint.h>
 #include <string.h>

 #include <arch_helpers.h>
 #include <cassert.h>
 #include <common/debug.h>
 #include <csf_hdr.h>
 #include <dcfg.h>
 #include <drivers/auth/crypto_mod.h>
 #include <lib/utils.h>
 #include <sfp.h>

 /* Maximum OID string length ("a.b.c.d.e.f ...") */
 #define MAX_OID_STR_LEN			64

 #define LIB_NAME	"NXP CSFv2"

 #ifdef CSF_HDR_CH3
 /* Barker Code for LS Ch3 ESBC Header */
 static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 };
 #else
 static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 };
 #endif

 #define CHECK_KEY_LEN(key_len)	(((key_len) == 2 * RSA_1K_KEY_SZ_BYTES) || \
 				 ((key_len) == 2 * RSA_2K_KEY_SZ_BYTES) || \
 				 ((key_len) == 2 * RSA_4K_KEY_SZ_BYTES))

 /* Flag to indicate if values are there in rotpk_hash_table */
 bool rotpk_not_dpld =  true;
 uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES];
 uint32_t num_rotpk_hash_entries;

 /*
  * This function deploys the hashes of the various platform keys in
  * rotpk_hash_table. This is done in case of secure boot after comparison
  * of table's hash with the hash in SFP fuses. This installation is done
  * only in the first header parsing.
  */
 static int deploy_rotpk_hash_table(void *srk_buffer, uint16_t num_srk)
 {
 	void *ctx;
 	int ret = 0;
 	int i, j = 0;
 	unsigned int digest_size = SHA256_BYTES;
 	enum hash_algo algo = SHA256;
 	uint8_t hash[SHA256_BYTES];
 	uint32_t srk_hash[SHA256_BYTES/4] __aligned(CACHE_WRITEBACK_GRANULE);
 	struct srk_table *srktbl = (void *)srk_buffer;
 	struct sfp_ccsr_regs_t *sfp_ccsr_regs = (void *)(get_sfp_addr()
 							+ SFP_FUSE_REGS_OFFSET);


 	if (num_srk > MAX_KEY_ENTRIES) {
 		return -1;
 	}

 	ret = hash_init(algo, &ctx);
 	if (ret != 0) {
 		return -1;
 	}

 	/* Update hash with that of SRK table */
 	ret = hash_update(algo, ctx, (uint8_t *)((uint8_t *)srk_buffer),
 			  num_srk * sizeof(struct srk_table));
 	if (ret != 0) {
 		return -1;
 	}

 	/* Copy hash at destination buffer */
 	ret = hash_final(algo, ctx, hash, digest_size);
 	if (ret != 0) {
 		return -1;
 	}

 	/* Add comparison of hash with SFP hash here */
 	for (i = 0; i < SHA256_BYTES/4; i++) {
 		srk_hash[i] =
 			mmio_read_32((uintptr_t)&sfp_ccsr_regs->srk_hash[i]);
 	}

 	VERBOSE("SRK table HASH\n");
 	for (i = 0; i < 8; i++) {
 		VERBOSE("%x\n", *((uint32_t *)hash + i));
 	}

 	if (memcmp(hash, srk_hash, SHA256_BYTES) != 0) {
 		ERROR("Error in installing ROTPK table\n");
 		ERROR("SRK hash doesn't match the fuse hash\n");
 		return -1;
 	}

 	/* Hash table already deployed */
 	if (rotpk_not_dpld == false) {
 		return 0;
 	}

 	for (i = 0; i < num_srk; i++) {
 		ret = hash_init(algo, &ctx);
 		if (ret != 0) {
 			return -1;
 		}

 		/* Update hash with that of SRK table */
 		ret = hash_update(algo, ctx, srktbl[i].pkey, srktbl[i].key_len);
 		if (ret != 0) {
 			return -1;
 		}

 		/* Copy hash at destination buffer */
 		ret = hash_final(algo, ctx, rotpk_hash_table[i], digest_size);
 		if (ret != 0) {
 			return -1;
 		}
 		VERBOSE("Table key %d HASH\n", i);
 		for (j = 0; j < 8; j++) {
 			VERBOSE("%x\n", *((uint32_t *)rotpk_hash_table[i] + j));
 		}
 	}
 	rotpk_not_dpld = false;
 	num_rotpk_hash_entries = num_srk;

 	return 0;
 }

 /*
  * Calculate hash of ESBC hdr and ESBC. This function calculates the
  * single hash of ESBC header and ESBC image
  */
 int calc_img_hash(struct csf_hdr *hdr,
 		  void *img_addr, uint32_t img_size,
 		  uint8_t *img_hash, uint32_t *hash_len)
 {
 	void *ctx;
 	int ret = 0;
 	unsigned int digest_size = SHA256_BYTES;
 	enum hash_algo algo = SHA256;

 	ret = hash_init(algo, &ctx);
 	/* Copy hash at destination buffer */
 	if (ret != 0) {
 		return -1;
 	}

 	/* Update hash for CSF Header */
 	ret = hash_update(algo, ctx, (uint8_t *)hdr, sizeof(struct csf_hdr));
 	if (ret != 0) {
 		return -1;
 	}

 	/* Update hash with that of SRK table */
 	ret = hash_update(algo, ctx,
 			  (uint8_t *)((uint8_t *)hdr + hdr->srk_tbl_off),
 			  hdr->len_kr.num_srk * sizeof(struct srk_table));
 	if (ret != 0) {
 		return -1;
 	}

 	/* Update hash for actual Image */
 	ret = hash_update(algo, ctx, (uint8_t *)(img_addr), img_size);
 	if (ret != 0) {
 		return -1;
 	}

 	/* Copy hash at destination buffer */
 	ret = hash_final(algo, ctx, img_hash, digest_size);
 	if (ret != 0) {
 		return -1;
 	}

 	*hash_len = digest_size;

 	VERBOSE("IMG encoded HASH\n");
 	for (int i = 0; i < 8; i++) {
 		VERBOSE("%x\n", *((uint32_t *)img_hash + i));
 	}

 	return 0;
 }

 /* This function checks if selected key is revoked or not.*/
 static uint32_t is_key_revoked(uint32_t keynum, uint32_t rev_flag)
 {
 	if (keynum == UNREVOCABLE_KEY) {
 		return 0;
 	}

 	if (((uint32_t)(1 << (REVOC_KEY_ALIGN - keynum)) & rev_flag) != 0) {
 		return 1;
 	}

 	return 0;
 }

 /* Parse the header to extract the type of key,
  * Check if key is not revoked
  * and return the key , key length and key_type
  */
 static int32_t get_key(struct csf_hdr *hdr, uint8_t **key, uint32_t *len,
 			enum sig_alg *key_type)
 {
 	int i = 0;
 	uint32_t ret = 0U;
 	uint32_t key_num, key_revoc_flag;
 	void *esbc = hdr;
 	struct srk_table *srktbl = (void *)((uint8_t *)esbc + hdr->srk_tbl_off);
 	bool sb;
 	uint32_t mode;

 	/* We currently support only RSA keys and signature */
 	*key_type = RSA;

 	/* Check for number of SRK entries */
 	if ((hdr->len_kr.num_srk == 0) ||
 	    (hdr->len_kr.num_srk > MAX_KEY_ENTRIES)) {
 		ERROR("Error in NUM entries in SRK Table\n");
 		return -1;
 	}

 	/*
 	 * Check the key number field. It should be not greater than
 	 * number of entries in SRK table.
 	 */
 	key_num = hdr->len_kr.srk_sel;
 	if ((key_num == 0) || (key_num > hdr->len_kr.num_srk)) {
 		ERROR("Invalid Key number\n");
 		return -1;
 	}

 	/* Get revoc key from sfp */
 	key_revoc_flag = get_key_revoc();

 	/* Check if selected key has been revoked */
 	ret = is_key_revoked(key_num, key_revoc_flag);
 	if (ret != 0) {
 		ERROR("Selected key has been revoked\n");
 		return -1;
 	}

 	/* Check for valid key length - allowed key sized 1k, 2k and 4K */
 	for (i = 0; i < hdr->len_kr.num_srk; i++) {
 		if (CHECK_KEY_LEN(srktbl[i].key_len) == 0) {
 			ERROR("Invalid key length\n");
 			return -1;
 		}
 	}

 	/* We don't return error from here. While parsing we just try to
 	 * install the srk table. Failure needs to be taken care of in
 	 * case of secure boot. This failure will be handled at the time
 	 * of rotpk comparison in plat_get_rotpk_info function
 	 */
 	sb = check_boot_mode_secure(&mode);
 	if (sb) {
 		ret = deploy_rotpk_hash_table(srktbl, hdr->len_kr.num_srk);
 		if (ret != 0) {
 			ERROR("ROTPK FAILURE\n");
 			/* For ITS =1 , return failure */
 			if (mode != 0) {
 				return -1;
 			}
 			ERROR("SECURE BOOT DEV-ENV MODE:\n");
 			ERROR("\tCHECK ROTPK !\n");
 			ERROR("\tCONTINUING ON FAILURE...\n");
 		}
 	}

 	/* Return the length of the selected key */
 	*len = srktbl[key_num - 1].key_len;

 	/* Point key to the selected key */
 	*key =  (uint8_t *)&(srktbl[key_num - 1].pkey);

 	return 0;
 }

 /*
  * This function would parse the CSF header and do the following:
  * 1. Basic integrity checks
  * 2. Key checks and extract the key from SRK/IE Table
  * 3. Key hash comparison with SRKH in fuses in case of SRK Table
  * 4. OEM/UID checks - To be added
  * 5. Hash calculation for various components used in signature
  * 6. Signature integrity checks
  * return -> 0 on success, -1 on failure
  */
 int validate_esbc_header(void *img_hdr, void **img_key, uint32_t *key_len,
 			 void **img_sign, uint32_t *sign_len,
 			 enum sig_alg *algo)
 {
 	struct csf_hdr *hdr = img_hdr;
 	uint8_t *s;
 	int32_t ret = 0;
 	void *esbc = (uint8_t *)img_hdr;
 	uint8_t *key;
 	uint32_t klen;

 	/* check barker code */
 	if (memcmp(hdr->barker, barker_code, CSF_BARKER_LEN) != 0) {
 		ERROR("Wrong barker code in header\n");
 		return -1;
 	}

 	ret = get_key(hdr, &key, &klen, algo);
 	if (ret != 0) {
 		return -1;
 	}

 	/* check signaure */
 	if (klen == (2 * hdr->sign_len)) {
 		/* check signature length */
 		if (((hdr->sign_len == RSA_1K_KEY_SZ_BYTES) ||
 		    (hdr->sign_len == RSA_2K_KEY_SZ_BYTES) ||
 		    (hdr->sign_len == RSA_4K_KEY_SZ_BYTES)) == 0) {
 			ERROR("Wrong Signature length in header\n");
 			return -1;
 		}
 	} else {
 		ERROR("RSA key length not twice the signature length\n");
 		return -1;
 	}

 	/* modulus most significant bit should be set */

 	if ((key[0] & 0x80) == 0U) {
 		ERROR("RSA Public key MSB not set\n");
 		return -1;
 	}

 	/* modulus value should be odd */
 	if ((key[klen / 2 - 1] & 0x1) == 0U) {
 		ERROR("Public key Modulus in header not odd\n");
 		return -1;
 	}

 	/* Check signature value < modulus value */
 	s =  (uint8_t *)(esbc + hdr->psign);

 	if (!(memcmp(s, key, hdr->sign_len) < 0)) {
 		ERROR("Signature not less than modulus");
 		return -1;
 	}

 	/* Populate the return addresses */
 	*img_sign = (void *)(s);

 	/* Save the length of signature */
 	*sign_len = hdr->sign_len;

 	*img_key = (uint8_t *)key;

 	*key_len = klen;

 	return ret;
 }
	/*
	* Copyright (c) 2014-2016, Freescale Semiconductor, Inc.
	* Copyright 2017-2021 NXP
	*
	* SPDX-License-Identifier: BSD-3-Clause
	*
	*/

	#include <assert.h>
	#include <stddef.h>
	#include <stdint.h>
	#include <string.h>

	#include <arch_helpers.h>
	#include <cassert.h>
	#include <common/debug.h>
	#include <csf_hdr.h>
	#include <dcfg.h>
	#include <drivers/auth/crypto_mod.h>
	#include <lib/utils.h>
	#include <sfp.h>

	/* Maximum OID string length ("a.b.c.d.e.f ...") */
	#define MAX_OID_STR_LEN 64

	#define LIB_NAME "NXP CSFv2"

	#ifdef CSF_HDR_CH3
	/* Barker Code for LS Ch3 ESBC Header */
	static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x12, 0x19, 0x20, 0x01 };
	#else
	static const uint8_t barker_code[CSF_BARKER_LEN] = { 0x68, 0x39, 0x27, 0x81 };
	#endif

	#define CHECK_KEY_LEN(key_len) (((key_len) == 2 * RSA_1K_KEY_SZ_BYTES) \|\| \
	((key_len) == 2 * RSA_2K_KEY_SZ_BYTES) \|\| \
	((key_len) == 2 * RSA_4K_KEY_SZ_BYTES))

	/* Flag to indicate if values are there in rotpk_hash_table */
	bool rotpk_not_dpld = true;
	uint8_t rotpk_hash_table[MAX_KEY_ENTRIES][SHA256_BYTES];
	uint32_t num_rotpk_hash_entries;

	/*
	* This function deploys the hashes of the various platform keys in
	* rotpk_hash_table. This is done in case of secure boot after comparison
	* of table's hash with the hash in SFP fuses. This installation is done
	* only in the first header parsing.
	*/
	static int deploy_rotpk_hash_table(void *srk_buffer, uint16_t num_srk)
	{
	void *ctx;
	int ret = 0;
	int i, j = 0;
	unsigned int digest_size = SHA256_BYTES;
	enum hash_algo algo = SHA256;
	uint8_t hash[SHA256_BYTES];
	uint32_t srk_hash[SHA256_BYTES/4] __aligned(CACHE_WRITEBACK_GRANULE);
	struct srk_table srktbl = (void )srk_buffer;
	struct sfp_ccsr_regs_t sfp_ccsr_regs = (void )(get_sfp_addr()
	+ SFP_FUSE_REGS_OFFSET);


	if (num_srk > MAX_KEY_ENTRIES) {
	return -1;
	}

	ret = hash_init(algo, &ctx);
	if (ret != 0) {
	return -1;
	}

	/* Update hash with that of SRK table */
	ret = hash_update(algo, ctx, (uint8_t )((uint8_t )srk_buffer),
	num_srk * sizeof(struct srk_table));
	if (ret != 0) {
	return -1;
	}

	/* Copy hash at destination buffer */
	ret = hash_final(algo, ctx, hash, digest_size);
	if (ret != 0) {
	return -1;
	}

	/* Add comparison of hash with SFP hash here */
	for (i = 0; i < SHA256_BYTES/4; i++) {
	srk_hash[i] =
	mmio_read_32((uintptr_t)&sfp_ccsr_regs->srk_hash[i]);
	}

	VERBOSE("SRK table HASH\n");
	for (i = 0; i < 8; i++) {
	VERBOSE("%x\n", ((uint32_t )hash + i));
	}

	if (memcmp(hash, srk_hash, SHA256_BYTES) != 0) {
	ERROR("Error in installing ROTPK table\n");
	ERROR("SRK hash doesn't match the fuse hash\n");
	return -1;
	}

	/* Hash table already deployed */
	if (rotpk_not_dpld == false) {
	return 0;
	}

	for (i = 0; i < num_srk; i++) {
	ret = hash_init(algo, &ctx);
	if (ret != 0) {
	return -1;
	}

	/* Update hash with that of SRK table */
	ret = hash_update(algo, ctx, srktbl[i].pkey, srktbl[i].key_len);
	if (ret != 0) {
	return -1;
	}

	/* Copy hash at destination buffer */
	ret = hash_final(algo, ctx, rotpk_hash_table[i], digest_size);
	if (ret != 0) {
	return -1;
	}
	VERBOSE("Table key %d HASH\n", i);
	for (j = 0; j < 8; j++) {
	VERBOSE("%x\n", ((uint32_t )rotpk_hash_table[i] + j));
	}
	}
	rotpk_not_dpld = false;
	num_rotpk_hash_entries = num_srk;

	return 0;
	}

	/*
	* Calculate hash of ESBC hdr and ESBC. This function calculates the
	* single hash of ESBC header and ESBC image
	*/
	int calc_img_hash(struct csf_hdr *hdr,
	void *img_addr, uint32_t img_size,
	uint8_t img_hash, uint32_t hash_len)
	{
	void *ctx;
	int ret = 0;
	unsigned int digest_size = SHA256_BYTES;
	enum hash_algo algo = SHA256;

	ret = hash_init(algo, &ctx);
	/* Copy hash at destination buffer */
	if (ret != 0) {
	return -1;
	}

	/* Update hash for CSF Header */
	ret = hash_update(algo, ctx, (uint8_t *)hdr, sizeof(struct csf_hdr));
	if (ret != 0) {
	return -1;
	}

	/* Update hash with that of SRK table */
	ret = hash_update(algo, ctx,
	(uint8_t )((uint8_t )hdr + hdr->srk_tbl_off),
	hdr->len_kr.num_srk * sizeof(struct srk_table));
	if (ret != 0) {
	return -1;
	}

	/* Update hash for actual Image */
	ret = hash_update(algo, ctx, (uint8_t *)(img_addr), img_size);
	if (ret != 0) {
	return -1;
	}

	/* Copy hash at destination buffer */
	ret = hash_final(algo, ctx, img_hash, digest_size);
	if (ret != 0) {
	return -1;
	}

	*hash_len = digest_size;

	VERBOSE("IMG encoded HASH\n");
	for (int i = 0; i < 8; i++) {
	VERBOSE("%x\n", ((uint32_t )img_hash + i));
	}

	return 0;
	}

	/* This function checks if selected key is revoked or not.*/
	static uint32_t is_key_revoked(uint32_t keynum, uint32_t rev_flag)
	{
	if (keynum == UNREVOCABLE_KEY) {
	return 0;
	}

	if (((uint32_t)(1 << (REVOC_KEY_ALIGN - keynum)) & rev_flag) != 0) {
	return 1;
	}

	return 0;
	}

	/* Parse the header to extract the type of key,
	* Check if key is not revoked
	* and return the key , key length and key_type
	*/
	static int32_t get_key(struct csf_hdr hdr, uint8_t key, uint32_t len,
	enum sig_alg *key_type)
	{
	int i = 0;
	uint32_t ret = 0U;
	uint32_t key_num, key_revoc_flag;
	void *esbc = hdr;
	struct srk_table srktbl = (void )((uint8_t *)esbc + hdr->srk_tbl_off);
	bool sb;
	uint32_t mode;

	/* We currently support only RSA keys and signature */
	*key_type = RSA;

	/* Check for number of SRK entries */
	if ((hdr->len_kr.num_srk == 0) \|\|
	(hdr->len_kr.num_srk > MAX_KEY_ENTRIES)) {
	ERROR("Error in NUM entries in SRK Table\n");
	return -1;
	}

	/*
	* Check the key number field. It should be not greater than
	* number of entries in SRK table.
	*/
	key_num = hdr->len_kr.srk_sel;
	if ((key_num == 0) \|\| (key_num > hdr->len_kr.num_srk)) {
	ERROR("Invalid Key number\n");
	return -1;
	}

	/* Get revoc key from sfp */
	key_revoc_flag = get_key_revoc();

	/* Check if selected key has been revoked */
	ret = is_key_revoked(key_num, key_revoc_flag);
	if (ret != 0) {
	ERROR("Selected key has been revoked\n");
	return -1;
	}

	/* Check for valid key length - allowed key sized 1k, 2k and 4K */
	for (i = 0; i < hdr->len_kr.num_srk; i++) {
	if (CHECK_KEY_LEN(srktbl[i].key_len) == 0) {
	ERROR("Invalid key length\n");
	return -1;
	}
	}

	/* We don't return error from here. While parsing we just try to
	* install the srk table. Failure needs to be taken care of in
	* case of secure boot. This failure will be handled at the time
	* of rotpk comparison in plat_get_rotpk_info function
	*/
	sb = check_boot_mode_secure(&mode);
	if (sb) {
	ret = deploy_rotpk_hash_table(srktbl, hdr->len_kr.num_srk);
	if (ret != 0) {
	ERROR("ROTPK FAILURE\n");
	/* For ITS =1 , return failure */
	if (mode != 0) {
	return -1;
	}
	ERROR("SECURE BOOT DEV-ENV MODE:\n");
	ERROR("\tCHECK ROTPK !\n");
	ERROR("\tCONTINUING ON FAILURE...\n");
	}
	}

	/* Return the length of the selected key */
	*len = srktbl[key_num - 1].key_len;

	/* Point key to the selected key */
	key = (uint8_t )&(srktbl[key_num - 1].pkey);

	return 0;
	}

	/*
	* This function would parse the CSF header and do the following:
	* 1. Basic integrity checks
	* 2. Key checks and extract the key from SRK/IE Table
	* 3. Key hash comparison with SRKH in fuses in case of SRK Table
	* 4. OEM/UID checks - To be added
	* 5. Hash calculation for various components used in signature
	* 6. Signature integrity checks
	* return -> 0 on success, -1 on failure
	*/
	int validate_esbc_header(void img_hdr, void img_key, uint32_t key_len,
	void *img_sign, uint32_t sign_len,
	enum sig_alg *algo)
	{
	struct csf_hdr *hdr = img_hdr;
	uint8_t *s;
	int32_t ret = 0;
	void esbc = (uint8_t )img_hdr;
	uint8_t *key;
	uint32_t klen;

	/* check barker code */
	if (memcmp(hdr->barker, barker_code, CSF_BARKER_LEN) != 0) {
	ERROR("Wrong barker code in header\n");
	return -1;
	}

	ret = get_key(hdr, &key, &klen, algo);
	if (ret != 0) {
	return -1;
	}

	/* check signaure */
	if (klen == (2 * hdr->sign_len)) {
	/* check signature length */
	if (((hdr->sign_len == RSA_1K_KEY_SZ_BYTES) \|\|
	(hdr->sign_len == RSA_2K_KEY_SZ_BYTES) \|\|
	(hdr->sign_len == RSA_4K_KEY_SZ_BYTES)) == 0) {
	ERROR("Wrong Signature length in header\n");
	return -1;
	}
	} else {
	ERROR("RSA key length not twice the signature length\n");
	return -1;
	}

	/* modulus most significant bit should be set */

	if ((key[0] & 0x80) == 0U) {
	ERROR("RSA Public key MSB not set\n");
	return -1;
	}

	/* modulus value should be odd */
	if ((key[klen / 2 - 1] & 0x1) == 0U) {
	ERROR("Public key Modulus in header not odd\n");
	return -1;
	}

	/* Check signature value < modulus value */
	s = (uint8_t *)(esbc + hdr->psign);

	if (!(memcmp(s, key, hdr->sign_len) < 0)) {
	ERROR("Signature not less than modulus");
	return -1;
	}

	/* Populate the return addresses */
	img_sign = (void )(s);

	/* Save the length of signature */
	*sign_len = hdr->sign_len;

	img_key = (uint8_t )key;

	*key_len = klen;

	return ret;
	}