summaryrefslogtreecommitdiff
path: root/board/freescale
diff options
context:
space:
mode:
authorAneesh Bansal <aneesh.bansal@freescale.com>2015-12-08 14:14:14 +0530
committerYork Sun <york.sun@nxp.com>2016-01-25 08:24:16 -0800
commit6629261ddd9d78c3cd8193b05c00a2a9bdc74796 (patch)
treed0b8041ad14137601570f1496bc9ea8b24f50b35 /board/freescale
parent94ba5e41402719ab8a58bf55b925867e50abcb35 (diff)
SECURE BOOT: separate function created for signature
The code for image hash calculation, hash calculation from RSA signature and comparison of hashes has been mobed to a separate function. Signed-off-by: Saksham Jain <saksham@freescale.com> Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com> Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com> Reviewed-by: York Sun <york.sun@nxp.com>
Diffstat (limited to 'board/freescale')
-rw-r--r--board/freescale/common/fsl_validate.c98
1 files changed, 54 insertions, 44 deletions
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c
index ef7a5aed3a..08a2f7960d 100644
--- a/board/freescale/common/fsl_validate.c
+++ b/board/freescale/common/fsl_validate.c
@@ -721,6 +721,58 @@ static inline int str2longbe(const char *p, ulong *num)
return *p != '\0' && *endptr == '\0';
}
+/* Function to calculate the ESBC Image Hash
+ * and hash from Digital signature.
+ * The Two hash's are compared to yield the
+ * result of signature validation.
+ */
+static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img)
+{
+ int ret;
+ uint32_t key_len;
+ struct key_prop prop;
+#if !defined(USE_HOSTCC)
+ struct udevice *mod_exp_dev;
+#endif
+ ret = calc_esbchdr_esbc_hash(img);
+ if (ret)
+ return ret;
+
+ /* Construct encoded hash EM' wrt PKCSv1.5 */
+ construct_img_encoded_hash_second(img);
+
+ /* Fill prop structure for public key */
+ memset(&prop, 0, sizeof(struct key_prop));
+ key_len = get_key_len(img) / 2;
+ prop.modulus = img->img_key;
+ prop.public_exponent = img->img_key + key_len;
+ prop.num_bits = key_len * 8;
+ prop.exp_len = key_len;
+
+ ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
+ if (ret) {
+ printf("RSA: Can't find Modular Exp implementation\n");
+ return -EINVAL;
+ }
+
+ ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
+ &prop, img->img_encoded_hash);
+ if (ret)
+ return ret;
+
+ /*
+ * compare the encoded messages EM' and EM wrt RSA PKCSv1.5
+ * memcmp returns zero on success
+ * memcmp returns non-zero on failure
+ */
+ ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash,
+ img->hdr.sign_len);
+
+ if (ret)
+ return ERROR_ESBC_CLIENT_HASH_COMPARE_EM;
+
+ return 0;
+}
int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
{
@@ -732,11 +784,6 @@ int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
void *esbc;
int ret, i, hash_cmd = 0;
u32 srk_hash[8];
- uint32_t key_len;
- struct key_prop prop;
-#if !defined(USE_HOSTCC)
- struct udevice *mod_exp_dev;
-#endif
if (arg_hash_str != NULL) {
const char *cp = arg_hash_str;
@@ -821,46 +868,9 @@ int fsl_secboot_validate(ulong haddr, char *arg_hash_str)
goto exit;
}
- ret = calc_esbchdr_esbc_hash(img);
- if (ret) {
- fsl_secblk_handle_error(ret);
- goto exit;
- }
-
- /* Construct encoded hash EM' wrt PKCSv1.5 */
- construct_img_encoded_hash_second(img);
-
- /* Fill prop structure for public key */
- memset(&prop, 0, sizeof(struct key_prop));
- key_len = get_key_len(img) / 2;
- prop.modulus = img->img_key;
- prop.public_exponent = img->img_key + key_len;
- prop.num_bits = key_len * 8;
- prop.exp_len = key_len;
-
- ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev);
- if (ret) {
- printf("RSA: Can't find Modular Exp implementation\n");
- return -EINVAL;
- }
-
- ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len,
- &prop, img->img_encoded_hash);
- if (ret) {
- fsl_secblk_handle_error(ret);
- goto exit;
- }
-
- /*
- * compare the encoded messages EM' and EM wrt RSA PKCSv1.5
- * memcmp returns zero on success
- * memcmp returns non-zero on failure
- */
- ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash,
- img->hdr.sign_len);
-
+ ret = calculate_cmp_img_sig(img);
if (ret) {
- fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_EM);
+ fsl_secboot_handle_error(ret);
goto exit;
}