1 /* 2 * Copyright (c) 2001-2019, Arm Limited and Contributors. All rights reserved. 3 * 4 * SPDX-License-Identifier: BSD-3-Clause 5 */ 6 7 8 #ifndef _COMMON_CERT_VERIFY_H 9 #define _COMMON_CERT_VERIFY_H 10 11 #include "common_cert_parser.h" 12 13 /** 14 @brief This function is used for basic verification of all secure boot/debug certificates. 15 it verifies type, size, public key and signature. 16 The function returns pointers to certificate proprietary header, and body. 17 The function: 18 1. calls CCCertFieldsParse() - according to certificate type(x509 or not), 19 copy public key, Np and signature to workspace, 20 and returns pointers to certificate proprietary header, and body. 21 2. Calls CCCertValidateHeader(), and verify cert type (as expected) and size (according to type). 22 3. If expected public key hash is NULL, call CC_BsvPubKeyHashGet() with HBK type defined in certificate to get OTP HBK 23 4. Calls verifyCertPubKeyAndSign() To verify public key and certificate RSA signature. 24 */ 25 CCError_t CCCommonCertVerify(unsigned long hwBaseAddress, 26 BufferInfo32_t *pCertInfo, 27 CertFieldsInfo_t *pCertFields, // in/out 28 CCSbCertInfo_t *pSbCertInfo, //in/out 29 BufferInfo32_t *pWorkspaceInfo, 30 BufferInfo32_t *pX509HeaderInfo); 31 32 33 /** 34 @brief This function verifies key certificate specific fields. 35 */ 36 uint32_t CCCommonKeyCertVerify(unsigned long hwBaseAddress, 37 uint32_t certFlags, 38 uint8_t *pCertMain, 39 CCSbCertInfo_t *pCertPkgInfo); 40 41 /** 42 @brief This function verifies content certificate specific fields 43 Verifies certificate flags, NV counter according to HBK type 44 Call CCCertValidateSWComps() 45 Call CCSbSetNvCounter() 46 */ 47 uint32_t CCCommonContentCertVerify(CCSbFlashReadFunc flashReadFunc, 48 void *userContext, 49 unsigned long hwBaseAddress, 50 CCAddr_t certStoreAddress, 51 CCSbCertInfo_t *certPkgInfo, 52 uint32_t certFlags, 53 uint8_t *pCertMain, 54 BufferInfo32_t *pWorkspaceInfo); 55 56 57 #endif /* _COMMON_CERT_VERIFY_H */ 58 59 60
