1 /*
2 * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #define CC_PAL_LOG_CUR_COMPONENT CC_LOG_MASK_SECURE_BOOT
8
9 /************* Include Files ****************/
10
11 #include "secureboot_basetypes.h"
12 #include "secureboot_stage_defs.h"
13 #include "secureboot_defs.h"
14 #include "cc_crypto_x509_defs.h"
15 #include "secureboot_base_func.h"
16 #include "sb_x509_error.h"
17 #include "sb_x509_cert_parser.h"
18 #include "util_asn1_parser.h"
19 #include "util_base64.h"
20 #include "util_x509_parser.h"
21 #include "cc_pal_log.h"
22 #include "cc_crypto_boot_defs.h"
23 #ifdef CC_SB_SUPPORT_IOT
24 #include "secureboot_stage_defs.h"
25 #else
26 #include "sbrom_bsv_api.h"
27 #include "bootimagesverifierx509_def.h"
28 #include "sbrom_bsv_error.h"
29 #include "sb_x509_ext_parser.h"
30 #endif
31
32 /*!
33 * @brief Parse and validate TBS header certificate
34 *
35 * @param[in] ppAsn1Cert - pointer to X509 certificate as ASN.1 byte array
36 * @param[in] certMaxSize - certificate max size (according to certificate type)
37 * @param[out] pSignCertSize - certificate TBS size, used for signature
38 * @param[out] pTbsStartOffset - certificate TBS start offset, used for signature
39 * @param[out] pOutPubKey - certificate public key modulus (exponent is constant)
40 *
41 * @return uint32_t - On success: the value CC_OK is returned,
42 * On failure: a value from sbrom_bsv_error.h
43 */
SB_X509_VerifyCertTbsHeader(uint8_t ** ppAsn1Cert,uint32_t certMaxSize,uint32_t * pSignCertSize,uint32_t * pTbsStartOffset,CCSbNParams_t * pOutPubKey,CCX509CertHeaderInfo_t * pOutCertHeaderInfo,unsigned long startAddress,unsigned long endAddress)44 CCError_t SB_X509_VerifyCertTbsHeader(uint8_t **ppAsn1Cert,
45 uint32_t certMaxSize,
46 uint32_t *pSignCertSize,
47 uint32_t *pTbsStartOffset,
48 CCSbNParams_t *pOutPubKey,
49 CCX509CertHeaderInfo_t *pOutCertHeaderInfo,
50 unsigned long startAddress,
51 unsigned long endAddress)
52 {
53 uint32_t rc = 0;
54 uint32_t strSize = 0;
55 CCSbCertAsn1Data_t asn1Data;
56 uint8_t algId[] = CC_X509_CERT_SHA256RSAPSS_ID;
57 uint8_t objSha256Id[] = CC_X509_CERT_SHA256_ID;
58 uint8_t objMgf1Id[] = CC_X509_CERT_MGF1_ID;
59 uint32_t notBeforeStrSize = 0;
60 uint32_t notAfterStrSize = 0;
61
62 /* validate inputs */
63 if ((NULL == ppAsn1Cert) ||
64 (NULL == pOutPubKey) ||
65 (NULL == pSignCertSize) ||
66 (NULL == pTbsStartOffset) ||
67 (certMaxSize == 0)) {
68 CC_PAL_LOG_ERR("Invalid inputs\n");
69 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
70 }
71
72 /* set default output values */
73 *pSignCertSize = 0;
74 *pTbsStartOffset = 0;
75 UTIL_MemSet((uint8_t *)pOutPubKey, 0, sizeof(CCSbNParams_t));
76
77 /* 1. get certificate size , validate tag + size */
78 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_SEQ_TAG_ID, startAddress, endAddress);
79 if (rc != CC_OK) {
80 CC_PAL_LOG_ERR("Failed to UTIL_Asn1ReadItemVerifyTagFW 0x%x for CC_X509_CERT_SEQ_TAG_ID\n", rc);
81 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
82 }
83
84 if (asn1Data.itemSize > certMaxSize){
85 CC_PAL_LOG_ERR("asn1Data.itemSize > certTypeMaxSize[certType]\n");
86 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
87 }
88
89 /* certificate signature is on all TBS */
90 *pTbsStartOffset = asn1Data.index;
91
92 /* 2. get TBS size - no need to verify size */
93 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_SEQ_TAG_ID, startAddress, endAddress);
94 if (rc != CC_OK) {
95 CC_PAL_LOG_ERR("Failed to UTIL_Asn1ReadItemVerifyTagFW 0x%x for CC_X509_CERT_SEQ_TAG_ID\n", rc);
96 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
97 }
98
99 /* certificate signature is on all TBS */
100 *pSignCertSize = asn1Data.itemSize + asn1Data.index;
101 if (*pSignCertSize > certMaxSize ){ /* the size of the certificate to be verified cannot be bigger than certMaxSize*/
102 CC_PAL_LOG_ERR("asn1Data.itemSize > certTypeMaxSize\n");
103 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
104 }
105
106 /* 3. get version and verify it is v3 */
107 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_CTX_SPEC_TAG_ID, startAddress, endAddress);
108 if (rc != CC_OK) {
109 CC_PAL_LOG_ERR("Failed to UTIL_Asn1ReadItemVerifyTagFW 0x%x for CC_X509_CERT_CTX_SPEC_TAG_ID\n", rc);
110 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
111 }
112 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_INT_TAG_ID, startAddress, endAddress);
113 if (rc != CC_OK) {
114 CC_PAL_LOG_ERR("Failed to UTIL_Asn1ReadItemVerifyTagFW 0x%x for CC_X509_CERT_INT_TAG_ID\n", rc);
115 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
116 }
117
118 if (**ppAsn1Cert != CC_X509_CERT_VERSION ){
119 CC_PAL_LOG_ERR("Ilegal certificate version 0x%x\n", **ppAsn1Cert);
120 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
121 }
122
123 UTIL_ASN1_GET_NEXT_ITEM_RET(*ppAsn1Cert, asn1Data.itemSize, startAddress, endAddress);
124
125
126 /* 4. get the serial number */
127 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_INT_TAG_ID, startAddress, endAddress);
128 if (rc != CC_OK) {
129 CC_PAL_LOG_ERR("Failed to CC_X509_CERT_INT_TAG_ID for serial number\n");
130 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
131 }
132 if (pOutCertHeaderInfo != NULL){
133 UTIL_MemCopy((uint8_t*)&(pOutCertHeaderInfo->serialNum), (uint8_t*)*ppAsn1Cert, sizeof(uint32_t));
134 #ifndef BIG__ENDIAN
135 UTIL_ReverseBuff((uint8_t*)&(pOutCertHeaderInfo->serialNum),sizeof(uint32_t));
136 #endif
137 pOutCertHeaderInfo->setSerialNum = 1;
138 }
139
140 UTIL_ASN1_GET_NEXT_ITEM_RET(*ppAsn1Cert, asn1Data.itemSize, startAddress, endAddress);
141
142 /* 5. get the alg id and verify it */
143 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_SEQ_TAG_ID, startAddress, endAddress);
144 if (rc != CC_OK) {
145 CC_PAL_LOG_ERR("Failed to CC_X509_CERT_SEQ_TAG_ID for algId\n");
146 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
147 }
148 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_OBJ_IDENTIFIER_TAG_ID, startAddress, endAddress);
149 if (rc != CC_OK || asn1Data.itemSize != sizeof(algId)) {
150 CC_PAL_LOG_ERR("Failed to CC_X509_CERT_OBJ_IDENTIFIER_TAG_ID for algId\n");
151 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
152 }
153 if ((rc = UTIL_MemCmp(*ppAsn1Cert, algId, sizeof(algId))) != CC_TRUE) {
154 CC_PAL_LOG_ERR("Failed to UTIL_MemCmp algId\n");
155 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
156 }
157 UTIL_ASN1_GET_NEXT_ITEM_RET(*ppAsn1Cert, asn1Data.itemSize, startAddress, endAddress);
158
159 /* verify sha256 + PSS + mgf1 attributes signature */
160 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_SEQ_TAG_ID, startAddress, endAddress);
161 if (rc != CC_OK) {
162 CC_PAL_LOG_ERR("Failed to CC_X509_CERT_SEQ_TAG_ID for PSS\n");
163 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
164 }
165 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_CTX_SPEC_TAG_ID, startAddress, endAddress);
166 if (rc != CC_OK) {
167 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
168 }
169 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_SEQ_TAG_ID, startAddress, endAddress);
170 if (rc != CC_OK) {
171 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
172 }
173 /* verify sha256 */
174 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_OBJ_IDENTIFIER_TAG_ID, startAddress, endAddress);
175 if ((rc != CC_OK) || (asn1Data.itemSize != sizeof(objSha256Id))) {
176 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
177 }
178 if ((rc = UTIL_MemCmp(*ppAsn1Cert, objSha256Id, sizeof(objSha256Id))) != CC_TRUE){
179 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
180 }
181 UTIL_ASN1_GET_NEXT_ITEM_RET(*ppAsn1Cert, asn1Data.itemSize, startAddress, endAddress);
182 /* verify mgf1 + sha256 */
183 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_CTX_SPEC_TAG1_ID, startAddress, endAddress);
184 if (rc != CC_OK) {
185 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
186 }
187 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_SEQ_TAG_ID, startAddress, endAddress);
188 if (rc != CC_OK) {
189 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
190 }
191 /* verify mgf1 */
192 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_OBJ_IDENTIFIER_TAG_ID, startAddress, endAddress);
193 if ((rc != CC_OK) || (asn1Data.itemSize != sizeof(objMgf1Id))) {
194 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
195 }
196 if ((rc = UTIL_MemCmp(*ppAsn1Cert, objMgf1Id, sizeof(objMgf1Id))) != CC_TRUE){
197 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
198 }
199 UTIL_ASN1_GET_NEXT_ITEM_RET(*ppAsn1Cert, asn1Data.itemSize, startAddress, endAddress);
200 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_SEQ_TAG_ID, startAddress, endAddress);
201 if (rc != CC_OK) {
202 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
203 }
204 /* verify sha256 */
205 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_OBJ_IDENTIFIER_TAG_ID, startAddress, endAddress);
206 if ((rc != CC_OK) || (asn1Data.itemSize != sizeof(objSha256Id))) {
207 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
208 }
209 if ((rc = UTIL_MemCmp(*ppAsn1Cert, objSha256Id, sizeof(objSha256Id))) != CC_TRUE){
210 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
211 }
212 UTIL_ASN1_GET_NEXT_ITEM_RET(*ppAsn1Cert, asn1Data.itemSize, startAddress, endAddress);
213
214 /* verify last special tag size */
215 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_CTX_SPEC_TAG2_ID, startAddress, endAddress);
216 if (rc != CC_OK) {
217 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
218 }
219 if (asn1Data.itemSize != CC_X509_CERT_CTX_SPEC_TAG2_SIZE){
220 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
221 }
222 UTIL_ASN1_GET_NEXT_ITEM_RET(*ppAsn1Cert, asn1Data.itemSize, startAddress, endAddress);
223
224 /* 6. get the issuer name and verify it */
225 rc = UTIL_X509VerifyStr(ppAsn1Cert, &strSize, startAddress, endAddress);
226 if (rc != CC_OK || strSize > X509_ISSUER_NAME_MAX_STRING_SIZE ) {
227 CC_PAL_LOG_ERR("Failed to UTIL_X509VerifyStr for issuer Name\n");
228 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
229 }
230 if (pOutCertHeaderInfo != NULL){
231 if (strSize>0){
232 UTIL_MemCopy((uint8_t*)pOutCertHeaderInfo->IssuerName, (uint8_t*)*ppAsn1Cert, strSize);
233 pOutCertHeaderInfo->IssuerName[strSize]=0;
234 pOutCertHeaderInfo->setIssuerName = 1;
235 } else {
236 pOutCertHeaderInfo->setIssuerName = 0;
237 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
238 }
239 }
240
241 UTIL_ASN1_GET_NEXT_ITEM_RET(*ppAsn1Cert, strSize, startAddress, endAddress);
242
243 /* 7. skip over the validity period */
244 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_SEQ_TAG_ID, startAddress, endAddress);
245 if (rc != CC_OK) {
246 CC_PAL_LOG_ERR("Failed to CC_X509_CERT_SEQ_TAG_ID for vallidity period\n");
247 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
248 }
249 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_UTC_TIME_TAG_ID, startAddress, endAddress);
250 if (rc != CC_OK || asn1Data.itemSize > X509_VALIDITY_PERIOD_MAX_STRING_SIZE) {
251 CC_PAL_LOG_ERR("Failed to CC_X509_CERT_UTC_TIME_TAG_ID for notBefore\n");
252 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
253 }
254
255 if (pOutCertHeaderInfo != NULL) {
256 if ((asn1Data.itemSize>0) && (asn1Data.itemSize<sizeof(pOutCertHeaderInfo->NotBeforeStr))){
257 UTIL_MemCopy((uint8_t*)pOutCertHeaderInfo->NotBeforeStr, (uint8_t*)*ppAsn1Cert, asn1Data.itemSize);
258 pOutCertHeaderInfo->NotBeforeStr[asn1Data.itemSize] = 0;
259 notBeforeStrSize = asn1Data.itemSize;
260 pOutCertHeaderInfo->setNotBeforeStr = 1;
261 } else {
262 pOutCertHeaderInfo->setNotBeforeStr = 0;
263 }
264 }
265
266 UTIL_ASN1_GET_NEXT_ITEM_RET(*ppAsn1Cert, asn1Data.itemSize, startAddress, endAddress);
267
268 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_UTC_TIME_TAG_ID, startAddress, endAddress);
269 if (rc != CC_OK) {
270 rc = UTIL_Asn1ReadItemVerifyTagFW(ppAsn1Cert, &asn1Data, CC_X509_CERT_GENERALIZED_TIME_TAG_ID, startAddress, endAddress);
271 if (rc != CC_OK || asn1Data.itemSize > X509_VALIDITY_PERIOD_MAX_STRING_SIZE) {
272 CC_PAL_LOG_ERR("Failed to CC_X509_CERT_GENERALIZED_TIME_TAG_ID for notAfter\n");
273 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
274 }
275 }
276 if (pOutCertHeaderInfo != NULL) {
277 if ((asn1Data.itemSize>0) && (asn1Data.itemSize<sizeof(pOutCertHeaderInfo->NotAfterStr))){
278 UTIL_MemCopy((uint8_t*)pOutCertHeaderInfo->NotAfterStr, (uint8_t*)*ppAsn1Cert, asn1Data.itemSize);
279 pOutCertHeaderInfo->NotAfterStr[asn1Data.itemSize] = 0;
280 notAfterStrSize = asn1Data.itemSize;
281 pOutCertHeaderInfo->setNotAfterStr = 1;
282 } else {
283 pOutCertHeaderInfo->setNotAfterStr = 0;
284 }
285
286 rc = CC_PalVerifyCertValidity(pOutCertHeaderInfo->NotBeforeStr,
287 notBeforeStrSize,
288 pOutCertHeaderInfo->setNotBeforeStr,
289 pOutCertHeaderInfo->NotAfterStr,
290 notAfterStrSize,
291 pOutCertHeaderInfo->setNotAfterStr);
292
293 if (rc != CC_OK) {
294 CC_PAL_LOG_ERR("Failed to verify certificate validity\n");
295 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
296 }
297 }
298
299 UTIL_ASN1_GET_NEXT_ITEM_RET(*ppAsn1Cert, asn1Data.itemSize, startAddress, endAddress);
300
301 /* 8. get the subject name and verify it */
302 rc = UTIL_X509VerifyStr(ppAsn1Cert, &strSize, startAddress, endAddress);
303 if (rc != CC_OK || strSize > X509_SUBJECT_NAME_MAX_STRING_SIZE) {
304 CC_PAL_LOG_ERR("Failed to UTIL_X509VerifyStr for subject Name\n");
305 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
306 }
307
308 if (pOutCertHeaderInfo != NULL){
309 UTIL_MemCopy((uint8_t*)pOutCertHeaderInfo->SubjectName, (uint8_t*)*ppAsn1Cert, strSize);
310 pOutCertHeaderInfo->SubjectName[strSize]=0;
311 pOutCertHeaderInfo->setSubjectName = 1;
312 }
313 UTIL_ASN1_GET_NEXT_ITEM_RET(*ppAsn1Cert, strSize, startAddress, endAddress);
314
315 /* 9. get the pub key */
316 rc = UTIL_X509VerifyPubKey(ppAsn1Cert, pOutPubKey, startAddress, endAddress);
317 if (rc != CC_OK) {
318 CC_PAL_LOG_ERR("Failed to UTIL_X509VerifyPubKey\n");
319 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
320 }
321
322
323 return CC_OK;
324 }
325
326
327 /*!
328 * @brief Parse and validate certificate package header
329 *
330 * @param[in] pPkgHeader - pointer to debug certificate package
331 * @param[in] pkgType - certificate package type
332 * @param[out] pDbg2CertInfo - secondary debug certificate offset and size
333 * @param[out] pHbkFormat - HBK format for comparison with OTP
334 *
335 * @return uint32_t - On success: the value CC_OK is returned,
336 * On failure: a value from sbrom_bsv_error.h
337 */
SB_X509_ParseCertPkg(CCX509PkgHeader_t * pPkgHeader,CCX509CertType_t pkgType,CCX509CertInfo_t * pDbg2CertInfo,CCSbPubKeyIndexType_t * pHbkFormat)338 CCError_t SB_X509_ParseCertPkg(CCX509PkgHeader_t *pPkgHeader,
339 CCX509CertType_t pkgType,
340 CCX509CertInfo_t *pDbg2CertInfo,
341 CCSbPubKeyIndexType_t *pHbkFormat)
342 {
343 uint32_t hbkFormat = 0;
344
345 /* verify Inputs */
346 if ((NULL == pPkgHeader) ||
347 (NULL == pDbg2CertInfo) ||
348 (NULL == pHbkFormat) ||
349 ((pkgType >= CC_X509_CERT_TYPE_MAX) || (pkgType <= CC_X509_CERT_TYPE_MIN))) {
350 CC_PAL_LOG_ERR("Invalid inputs\n");
351 return CC_SB_X509_CERT_PARSE_ILLEGAL_VAL;
352 }
353 /* set default outputs */
354 pDbg2CertInfo->certInfoWord = 0;
355 *pHbkFormat = CC_SB_HASH_BOOT_NOT_USED;
356
357 /* verify certificate package Token */
358 if (pPkgHeader->pkgToken != CC_X509_CERT_PKG_TOKEN) {
359 CC_PAL_LOG_ERR("Invalid Debug package Token 0x%X\n", pPkgHeader->pkgToken);
360 return CC_SB_X509_CERT_ILLEGAL_TOKEN;
361 }
362 /* verify certificate package Version */
363 if (pPkgHeader->pkgVer != CC_X509_CERT_PKG_VERSION) {
364 CC_PAL_LOG_ERR("Invalid Debug package Version 0x%X\n", pPkgHeader->pkgVer);
365 return CC_SB_X509_CERT_ILLEGAL_VERSION;
366 }
367 /* verify certificate package certificate type */
368 if (pPkgHeader->pkgFlags.pkgFlagsBits.certType != pkgType) {
369 CC_PAL_LOG_ERR("Invalid Debug package type 0x%X\n", pPkgHeader->pkgFlags.pkgFlagsBits.certType);
370 return CC_SB_X509_CERT_ILLEGAL_CERT_TYPE;
371 }
372 /* verify certificate package HBK format */
373 hbkFormat = pPkgHeader->pkgFlags.pkgFlagsBits.hbkType;
374 if ((hbkFormat != CC_SB_HASH_BOOT_KEY_0_128B) &&
375 (hbkFormat != CC_SB_HASH_BOOT_KEY_1_128B) &&
376 (hbkFormat != CC_SB_HASH_BOOT_KEY_256B) &&
377 ((hbkFormat == CC_SB_HASH_BOOT_NOT_USED) && (pkgType != CC_X509_CERT_TYPE_CONTENT))){
378 CC_PAL_LOG_ERR("Invalid Debug package HBK type 0x%X\n", hbkFormat);
379 return CC_SB_X509_CERT_INV_PARAM;
380 }
381 *pHbkFormat = (CCSbPubKeyIndexType_t)hbkFormat;
382
383 /* get certificate offset and size */
384 pDbg2CertInfo->certInfoWord = pPkgHeader->certInfo.certInfoWord;
385
386
387 return CC_OK;
388 }
389
390
