platform: msm_shared: Add api to get fingerprint
Add api to get fingerprint.
Change-Id: I1dfd0214acef32cb668efb21bb852321aa501e27
diff --git a/platform/msm_shared/boot_verifier.c b/platform/msm_shared/boot_verifier.c
index 234f06a..2d90f40 100644
--- a/platform/msm_shared/boot_verifier.c
+++ b/platform/msm_shared/boot_verifier.c
@@ -49,6 +49,8 @@
static uint32_t dev_boot_state = RED;
char KEYSTORE_PTN_NAME[] = "keystore";
RSA *rsa_from_cert = NULL;
+unsigned char fp[EVP_MAX_MD_SIZE];
+uint32_t fp_size;
ASN1_SEQUENCE(AUTH_ATTR) ={
ASN1_SIMPLE(AUTH_ATTR, target, ASN1_PRINTABLESTRING),
@@ -489,9 +491,18 @@
return true;
}
+unsigned char* get_boot_fingerprint(unsigned int* buf_size)
+{
+ *buf_size = fp_size;
+
+ return fp;
+}
+
bool boot_verify_image(unsigned char* img_addr, uint32_t img_size, char *pname)
{
bool ret = false;
+ X509 *cert = NULL;
+ const EVP_MD *fp_type = NULL;
VERIFIED_BOOT_SIG *sig = NULL;
unsigned char* sig_addr = (unsigned char*)(img_addr + img_size);
uint32_t sig_len = read_der_message_length(sig_addr);
@@ -516,6 +527,12 @@
ASSERT(0);
}
+ cert = sig->certificate;
+ fp_type = EVP_sha1();
+ if(!X509_digest(cert, fp_type, (unsigned char *)fp, &fp_size)) {
+ dprintf(INFO,"Fail to create certificate fingerprint.\n");
+ }
+
ret = verify_image_with_sig(img_addr, img_size, pname, sig, user_keystore);
if(sig != NULL)
diff --git a/platform/msm_shared/include/boot_verifier.h b/platform/msm_shared/include/boot_verifier.h
index fe816ec..07fb923 100644
--- a/platform/msm_shared/include/boot_verifier.h
+++ b/platform/msm_shared/include/boot_verifier.h
@@ -177,4 +177,5 @@
bool boot_verify_flash_allowed(const char * entry);
/* Function to send root of trust to trust zone */
bool send_rot_command(uint32_t is_unlocked);
+unsigned char* get_boot_fingerprint(unsigned int* buf_size);
#endif