1 /*
2 * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved.
3 *
4 * SPDX-License-Identifier: BSD-3-Clause
5 */
6
7 #define CC_PAL_LOG_CUR_COMPONENT CC_LOG_MASK_SECURE_BOOT
8
9 /************* Include Files ****************/
10
11 #include "secureboot_error.h"
12 #include "secureboot_basetypes.h"
13 #include "secureboot_defs.h"
14 #include "rsa_bsv.h"
15 #include "bootimagesverifier_def.h"
16 #include "bootimagesverifier_error.h"
17 #include "bootimagesverifier_parser.h"
18 #include "cc_pal_log.h"
19
20
21 /************************ Defines ******************************/
22
23 /************************ Enums ******************************/
24
25 /************************ Typedefs ******************************/
26
27 /************************ Global Data ******************************/
28
29 /************************ Internal Functions ******************************/
30
31 /************************ Public Functions ******************************/
32
33
34 /**
35 @brief This function load sizeof(CCSbCertHeader_t ) from flash and get the
36 certificate size from it. Make sure size is within range (smaller than workspace
37 size not including the required space for N, Np and signature).
38 read the certificate according to size from header and copy the certificate content from Flash to RAM.
39 */
CCCertLoadCertificate(CCSbFlashReadFunc flashRead_func,void * userContext,CCAddr_t certAddress,uint32_t * pCert,uint32_t * pCertBufferWordSize)40 uint32_t CCCertLoadCertificate(CCSbFlashReadFunc flashRead_func,
41 void *userContext,
42 CCAddr_t certAddress,
43 uint32_t *pCert,
44 uint32_t *pCertBufferWordSize)
45 {
46 CCError_t error = CC_OK;
47 CCSbCertHeader_t *pCertHeader = (CCSbCertHeader_t *)pCert;
48
49 /* Verify that the certificate buffer size is big enough to contain the header */
50 if (*pCertBufferWordSize < (sizeof(CCSbCertHeader_t) / CC_32BIT_WORD_SIZE)) {
51 CC_PAL_LOG_ERR("certificate buff size too small to contain certificate header\n");
52 return CC_BOOT_IMG_VERIFIER_WORKSPACE_SIZE_TOO_SMALL;
53 }
54
55 /* Read the certificate header from the Flash */
56 error = flashRead_func(certAddress, (uint8_t *)pCertHeader, sizeof(CCSbCertHeader_t), userContext);
57 if (error != CC_OK) {
58 CC_PAL_LOG_ERR("failed flashRead_func for certificate header\n");
59 return error;
60 }
61
62 /* Verify there is no wrap around in the certificate size*/
63 if ((pCertHeader->certSize + SB_CERT_RSA_KEY_SIZE_IN_WORDS) < pCertHeader->certSize){
64 CC_PAL_LOG_ERR("Certificate size too big\n");
65 return CC_BOOT_IMG_VERIFIER_INV_INPUT_PARAM;
66 }
67
68 /* Make sure certificate size is within range (certificate size + signature size) */
69 if ((pCertHeader->certSize + SB_CERT_RSA_KEY_SIZE_IN_WORDS) > *pCertBufferWordSize) {
70 CC_PAL_LOG_ERR("Certificate size too big\n");
71 return CC_BOOT_IMG_VERIFIER_INV_INPUT_PARAM;
72 }
73
74 /* according to the header read the additional certificate buffer -
75 not including the non-signed part in case of content certificate */
76 error = flashRead_func(certAddress + sizeof(CCSbCertHeader_t),
77 (uint8_t *)pCert + sizeof(CCSbCertHeader_t),
78 ((pCertHeader->certSize + SB_CERT_RSA_KEY_SIZE_IN_WORDS) * CC_32BIT_WORD_SIZE) - sizeof(CCSbCertHeader_t),
79 userContext);
80 if (error != CC_OK) {
81 CC_PAL_LOG_ERR("failed flashRead_func for certificate\n");
82 return error;
83 }
84
85 *pCertBufferWordSize = (pCertHeader->certSize + SB_CERT_RSA_KEY_SIZE_IN_WORDS);
86
87 return CC_OK;
88
89 } /* End of CCCertLoadCertificate */
90
91
92 /****************************************************************************************************/
93
