diff options
author | Aneesh Bansal <aneesh.bansal@freescale.com> | 2015-12-08 14:14:14 +0530 |
---|---|---|
committer | York Sun <york.sun@nxp.com> | 2016-01-25 08:24:16 -0800 |
commit | 6629261ddd9d78c3cd8193b05c00a2a9bdc74796 (patch) | |
tree | d0b8041ad14137601570f1496bc9ea8b24f50b35 /board/freescale | |
parent | 94ba5e41402719ab8a58bf55b925867e50abcb35 (diff) | |
download | u-boot-imx-6629261ddd9d78c3cd8193b05c00a2a9bdc74796.zip u-boot-imx-6629261ddd9d78c3cd8193b05c00a2a9bdc74796.tar.gz u-boot-imx-6629261ddd9d78c3cd8193b05c00a2a9bdc74796.tar.bz2 |
SECURE BOOT: separate function created for signature
The code for image hash calculation, hash calculation from
RSA signature and comparison of hashes has been mobed to a
separate function.
Signed-off-by: Saksham Jain <saksham@freescale.com>
Signed-off-by: Aneesh Bansal <aneesh.bansal@freescale.com>
Acked-by: Ruchika Gupta <ruchika.gupta@nxp.com>
Reviewed-by: York Sun <york.sun@nxp.com>
Diffstat (limited to 'board/freescale')
-rw-r--r-- | board/freescale/common/fsl_validate.c | 98 |
1 files changed, 54 insertions, 44 deletions
diff --git a/board/freescale/common/fsl_validate.c b/board/freescale/common/fsl_validate.c index ef7a5ae..08a2f79 100644 --- a/board/freescale/common/fsl_validate.c +++ b/board/freescale/common/fsl_validate.c @@ -721,6 +721,58 @@ static inline int str2longbe(const char *p, ulong *num) return *p != '\0' && *endptr == '\0'; } +/* Function to calculate the ESBC Image Hash + * and hash from Digital signature. + * The Two hash's are compared to yield the + * result of signature validation. + */ +static int calculate_cmp_img_sig(struct fsl_secboot_img_priv *img) +{ + int ret; + uint32_t key_len; + struct key_prop prop; +#if !defined(USE_HOSTCC) + struct udevice *mod_exp_dev; +#endif + ret = calc_esbchdr_esbc_hash(img); + if (ret) + return ret; + + /* Construct encoded hash EM' wrt PKCSv1.5 */ + construct_img_encoded_hash_second(img); + + /* Fill prop structure for public key */ + memset(&prop, 0, sizeof(struct key_prop)); + key_len = get_key_len(img) / 2; + prop.modulus = img->img_key; + prop.public_exponent = img->img_key + key_len; + prop.num_bits = key_len * 8; + prop.exp_len = key_len; + + ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev); + if (ret) { + printf("RSA: Can't find Modular Exp implementation\n"); + return -EINVAL; + } + + ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len, + &prop, img->img_encoded_hash); + if (ret) + return ret; + + /* + * compare the encoded messages EM' and EM wrt RSA PKCSv1.5 + * memcmp returns zero on success + * memcmp returns non-zero on failure + */ + ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash, + img->hdr.sign_len); + + if (ret) + return ERROR_ESBC_CLIENT_HASH_COMPARE_EM; + + return 0; +} int fsl_secboot_validate(ulong haddr, char *arg_hash_str) { @@ -732,11 +784,6 @@ int fsl_secboot_validate(ulong haddr, char *arg_hash_str) void *esbc; int ret, i, hash_cmd = 0; u32 srk_hash[8]; - uint32_t key_len; - struct key_prop prop; -#if !defined(USE_HOSTCC) - struct udevice *mod_exp_dev; -#endif if (arg_hash_str != NULL) { const char *cp = arg_hash_str; @@ -821,46 +868,9 @@ int fsl_secboot_validate(ulong haddr, char *arg_hash_str) goto exit; } - ret = calc_esbchdr_esbc_hash(img); - if (ret) { - fsl_secblk_handle_error(ret); - goto exit; - } - - /* Construct encoded hash EM' wrt PKCSv1.5 */ - construct_img_encoded_hash_second(img); - - /* Fill prop structure for public key */ - memset(&prop, 0, sizeof(struct key_prop)); - key_len = get_key_len(img) / 2; - prop.modulus = img->img_key; - prop.public_exponent = img->img_key + key_len; - prop.num_bits = key_len * 8; - prop.exp_len = key_len; - - ret = uclass_get_device(UCLASS_MOD_EXP, 0, &mod_exp_dev); - if (ret) { - printf("RSA: Can't find Modular Exp implementation\n"); - return -EINVAL; - } - - ret = rsa_mod_exp(mod_exp_dev, img->img_sign, img->hdr.sign_len, - &prop, img->img_encoded_hash); - if (ret) { - fsl_secblk_handle_error(ret); - goto exit; - } - - /* - * compare the encoded messages EM' and EM wrt RSA PKCSv1.5 - * memcmp returns zero on success - * memcmp returns non-zero on failure - */ - ret = memcmp(&img->img_encoded_hash_second, &img->img_encoded_hash, - img->hdr.sign_len); - + ret = calculate_cmp_img_sig(img); if (ret) { - fsl_secboot_handle_error(ERROR_ESBC_CLIENT_HASH_COMPARE_EM); + fsl_secboot_handle_error(ret); goto exit; } |