TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / 66a56fc43bf9111425a08f0f96cea8fe6d108b80 / . / bl2 / ext / mcuboot / bootutil / src / image_validate.c
blob: 83bf50ef634e7cc59a94f41e752ea77e4e020fc5 [file] [log] [blame]
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]1/*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
Oliver Swedef9982442018-08-24 18:37:44 +0100[diff] [blame]20/*
21 * Original code taken from mcuboot project at:
David Vincze39e78552018-10-10 17:10:01 +0200[diff] [blame]22 * https://github.com/JuulLabs-OSS/mcuboot
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]23 * Git SHA of the original version: 61fd888a7f4d741714553f36839dd49fb0065731
David Vincze39e78552018-10-10 17:10:01 +0200[diff] [blame]24 * Modifications are Copyright (c) 2018-2019 Arm Limited.
Oliver Swedef9982442018-08-24 18:37:44 +0100[diff] [blame]25 */
26
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]27#include <assert.h>
28#include <stddef.h>
29#include <inttypes.h>
30#include <string.h>
31
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]32#include "flash_map/flash_map.h"
33#include "bootutil/image.h"
34#include "bootutil/sha256.h"
35#include "bootutil/sign_key.h"
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]36#include "security_cnt.h"
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]37
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]38#if defined(MCUBOOT_SIGN_RSA)
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]39#include "mbedtls/rsa.h"
40#endif
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]41
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]42#include "mbedtls/asn1.h"
43
44#include "bootutil_priv.h"
45
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]46#ifdef MCUBOOT_HW_KEY
47#include "platform/include/tfm_plat_crypto_keys.h"
48#endif
49
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]50/*
51 * Compute SHA256 over the image.
52 */
53static int
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]54bootutil_img_hash(int image_index,
55 struct image_header *hdr, const struct flash_area *fap,
56 uint8_t *tmp_buf, uint32_t tmp_buf_sz, uint8_t *hash_result,
57 uint8_t *seed, int seed_len)
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]58{
59 bootutil_sha256_context sha256_ctx;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]60 uint32_t size;
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]61#ifndef MCUBOOT_RAM_LOADING
62 uint32_t blk_sz;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]63 uint32_t off;
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]64 int rc;
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]65#endif /* MCUBOOT_RAM_LOADING */
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]66
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]67 (void)image_index;
68
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]69 bootutil_sha256_init(&sha256_ctx);
70
71 /* in some cases (split image) the hash is seeded with data from
72 * the loader image */
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]73 if (seed && (seed_len > 0)) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]74 bootutil_sha256_update(&sha256_ctx, seed, seed_len);
75 }
76
David Vinczedb32b212019-04-16 17:43:57 +0200[diff] [blame]77 /* Hash is computed over image header and image itself. */
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]78 size = BOOT_TLV_OFF(hdr);
David Vinczedb32b212019-04-16 17:43:57 +0200[diff] [blame]79
David Vincze219a1752019-10-14 11:35:09 +0200[diff] [blame]80 /* If protected TLVs are present (e.g. security counter TLV) then the
81 * TLV info header and these TLVs must be included in the hash calculation.
David Vinczedb32b212019-04-16 17:43:57 +0200[diff] [blame]82 */
83 if (hdr->ih_protect_tlv_size != 0) {
84 size += hdr->ih_protect_tlv_size;
85 }
86
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]87#ifdef MCUBOOT_RAM_LOADING
88 bootutil_sha256_update(&sha256_ctx,(void*)(hdr->ih_load_addr), size);
89#else
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]90 for (off = 0; off < size; off += blk_sz) {
91 blk_sz = size - off;
92 if (blk_sz > tmp_buf_sz) {
93 blk_sz = tmp_buf_sz;
94 }
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]95 rc = flash_area_read(fap, off, tmp_buf, blk_sz);
96 if (rc) {
97 return rc;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]98 }
99 bootutil_sha256_update(&sha256_ctx, tmp_buf, blk_sz);
100 }
Raef Coles27a61452019-09-25 15:32:25 +0100[diff] [blame]101#endif
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]102 bootutil_sha256_finish(&sha256_ctx, hash_result);
103
104 return 0;
105}
106
107/*
108 * Currently, we only support being able to verify one type of
109 * signature, because there is a single verification function that we
110 * call. List the type of TLV we are expecting. If we aren't
111 * configured for any signature, don't define this macro.
112 */
Tamas Ban81daed02019-05-20 15:05:22 +0100[diff] [blame]113
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]114#if defined(MCUBOOT_SIGN_RSA)
Tamas Ban81daed02019-05-20 15:05:22 +0100[diff] [blame]115# if MCUBOOT_SIGN_RSA_LEN == 2048
116# define EXPECTED_SIG_TLV IMAGE_TLV_RSA2048_PSS
117# elif MCUBOOT_SIGN_RSA_LEN == 3072
118# define EXPECTED_SIG_TLV IMAGE_TLV_RSA3072_PSS
119# else
120# error "Unsupported RSA signature length"
121# endif
122# define SIG_BUF_SIZE (MCUBOOT_SIGN_RSA_LEN / 8)
123# define EXPECTED_SIG_LEN(x) ((x) == SIG_BUF_SIZE)
124#else
125# define SIG_BUF_SIZE 32 /* no signing, sha256 digest only */
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]126#endif
127
128#ifdef EXPECTED_SIG_TLV
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]129#ifdef MCUBOOT_HW_KEY
130extern unsigned int pub_key_len;
131static int
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]132bootutil_find_key(uint8_t image_id, uint8_t *key, uint16_t key_len)
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]133{
134 bootutil_sha256_context sha256_ctx;
135 uint8_t hash[32];
136 uint8_t key_hash[32];
137 uint32_t key_hash_size= sizeof(key_hash);
138 enum tfm_plat_err_t plat_err;
139
140 bootutil_sha256_init(&sha256_ctx);
141 bootutil_sha256_update(&sha256_ctx, key, key_len);
142 bootutil_sha256_finish(&sha256_ctx, hash);
143
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]144 plat_err = tfm_plat_get_rotpk_hash(image_id, key_hash, &key_hash_size);
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]145 if (plat_err != TFM_PLAT_ERR_SUCCESS) {
146 return -1;
147 }
Raef Coles25b857a2019-09-05 13:59:55 +0100[diff] [blame]148 if (!boot_secure_memequal(hash, key_hash, key_hash_size)) {
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]149 bootutil_keys[0].key = key;
150 pub_key_len = key_len;
151 return 0;
152 }
153 return -1;
154}
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]155#else /* !MCUBOOT_HW_KEY */
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]156static int
157bootutil_find_key(uint8_t *keyhash, uint8_t keyhash_len)
158{
159 bootutil_sha256_context sha256_ctx;
160 int i;
161 const struct bootutil_key *key;
162 uint8_t hash[32];
163
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]164 if (keyhash_len > 32) {
165 return -1;
166 }
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]167
168 for (i = 0; i < bootutil_key_cnt; i++) {
169 key = &bootutil_keys[i];
170 bootutil_sha256_init(&sha256_ctx);
171 bootutil_sha256_update(&sha256_ctx, key->key, *key->len);
172 bootutil_sha256_finish(&sha256_ctx, hash);
Raef Coles25b857a2019-09-05 13:59:55 +0100[diff] [blame]173 if (!boot_secure_memequal(hash, keyhash, keyhash_len)) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]174 return i;
175 }
176 }
177 return -1;
178}
179#endif
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]180#endif
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]181
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]182/**
183 * Reads the value of an image's security counter.
184 *
185 * @param hdr Pointer to the image header structure.
186 * @param fap Pointer to a description structure of the image's
187 * flash area.
188 * @param security_cnt Pointer to store the security counter value.
189 *
190 * @return 0 on success; nonzero on failure.
191 */
192int32_t
193bootutil_get_img_security_cnt(struct image_header *hdr,
194 const struct flash_area *fap,
195 uint32_t *img_security_cnt)
196{
David Vincze66a56fc2019-10-25 14:15:05 +0200[diff] [blame^]197 struct image_tlv_iter it;
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]198 uint32_t off;
David Vincze66a56fc2019-10-25 14:15:05 +0200[diff] [blame^]199 uint16_t len;
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]200 uint32_t found = 0;
201 int32_t rc;
202
203 if ((hdr == NULL) ||
204 (fap == NULL) ||
205 (img_security_cnt == NULL)) {
206 /* Invalid parameter. */
207 return BOOT_EBADARGS;
208 }
209
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]210 /* The security counter TLV is in the protected part of the TLV area. */
David Vinczec2566122019-10-25 13:18:54 +0200[diff] [blame]211 if (hdr->ih_protect_tlv_size == 0) {
212 return BOOT_EBADIMAGE;
213 }
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]214
David Vincze66a56fc2019-10-25 14:15:05 +0200[diff] [blame^]215 rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_SEC_CNT, true);
David Vinczec2566122019-10-25 13:18:54 +0200[diff] [blame]216 if (rc) {
217 return rc;
218 }
219
David Vinczec2566122019-10-25 13:18:54 +0200[diff] [blame]220 /* Traverse through the protected TLV area to find
221 * the security counter TLV.
222 */
David Vincze66a56fc2019-10-25 14:15:05 +0200[diff] [blame^]223 while (true) {
224 rc = bootutil_tlv_iter_next(&it, &off, &len, NULL);
225 if (rc < 0) {
226 return -1;
227 } else if (rc > 0) {
228 break;
229 }
230
231 if (len != sizeof(*img_security_cnt)) {
232 /* Security counter is not valid. */
233 return BOOT_EBADIMAGE;
234 }
235
236 rc = LOAD_IMAGE_DATA(hdr, fap, off, img_security_cnt, len);
David Vinczec2566122019-10-25 13:18:54 +0200[diff] [blame]237 if (rc != 0) {
238 return BOOT_EFLASH;
239 }
240
David Vincze66a56fc2019-10-25 14:15:05 +0200[diff] [blame^]241 /* Security counter has been found. */
242 found = 1;
243 break;
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]244 }
245
246 if (found) {
247 return 0;
248 }
249
250 return -1;
251}
252
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]253/*
254 * Verify the integrity of the image.
255 * Return non-zero if image could not be validated/does not validate.
256 */
257int
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]258bootutil_img_validate(int image_index,
259 struct image_header *hdr, const struct flash_area *fap,
260 uint8_t *tmp_buf, uint32_t tmp_buf_sz, uint8_t *seed,
261 int seed_len, uint8_t *out_hash)
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]262{
263 uint32_t off;
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]264 uint16_t len;
265 uint8_t type;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]266 int sha256_valid = 0;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]267#ifdef EXPECTED_SIG_TLV
268 int valid_signature = 0;
269 int key_id = -1;
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]270#ifdef MCUBOOT_HW_KEY
271 /* Few extra bytes for encoding and for public exponent */
272 uint8_t key_buf[SIG_BUF_SIZE + 24];
273#endif
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]274#endif
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]275 struct image_tlv_iter it;
Tamas Ban81daed02019-05-20 15:05:22 +0100[diff] [blame]276 uint8_t buf[SIG_BUF_SIZE];
Tamas Ban581034a2017-12-19 19:54:37 +0000[diff] [blame]277 uint8_t hash[32] = {0};
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]278 uint32_t security_cnt;
279 uint32_t img_security_cnt;
280 int32_t security_counter_valid = 0;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]281 int rc;
282
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]283 rc = bootutil_img_hash(image_index, hdr, fap, tmp_buf,
284 tmp_buf_sz, hash, seed, seed_len);
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]285 if (rc) {
286 return rc;
287 }
288
289 if (out_hash) {
290 memcpy(out_hash, hash, 32);
291 }
292
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]293 rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_ANY, false);
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]294 if (rc) {
295 return rc;
296 }
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]297
298 /*
299 * Traverse through all of the TLVs, performing any checks we know
300 * and are able to do.
301 */
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]302 while (true) {
303 rc = bootutil_tlv_iter_next(&it, &off, &len, &type);
304 if (rc < 0) {
305 return -1;
306 } else if (rc > 0) {
307 break;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]308 }
309
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]310 if (type == IMAGE_TLV_SHA256) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]311 /*
312 * Verify the SHA256 image hash. This must always be
313 * present.
314 */
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]315 if (len != sizeof(hash)) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]316 return -1;
317 }
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]318 rc = LOAD_IMAGE_DATA(hdr, fap, off, buf, sizeof(hash));
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]319 if (rc) {
320 return rc;
321 }
Raef Coles25b857a2019-09-05 13:59:55 +0100[diff] [blame]322 if (boot_secure_memequal(hash, buf, sizeof(hash))) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]323 return -1;
324 }
325
326 sha256_valid = 1;
327#ifdef EXPECTED_SIG_TLV
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]328#ifndef MCUBOOT_HW_KEY
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]329 } else if (type == IMAGE_TLV_KEYHASH) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]330 /*
331 * Determine which key we should be checking.
332 */
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]333 if (len > 32) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]334 return -1;
335 }
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]336 rc = LOAD_IMAGE_DATA(hdr, fap, off, buf, len);
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]337 if (rc) {
338 return rc;
339 }
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]340 key_id = bootutil_find_key(buf, len);
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]341 /*
342 * The key may not be found, which is acceptable. There
343 * can be multiple signatures, each preceded by a key.
344 */
David Vinczecea8b592019-10-29 16:09:51 +0100[diff] [blame]345#else /* MCUBOOT_HW_KEY */
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]346 } else if (type == IMAGE_TLV_KEY) {
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]347 /*
348 * Determine which key we should be checking.
349 */
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]350 if (len > sizeof(key_buf)) {
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]351 return -1;
352 }
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]353 rc = LOAD_IMAGE_DATA(hdr, fap, off, key_buf, len);
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]354 if (rc) {
355 return rc;
356 }
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]357 key_id = bootutil_find_key(image_index, key_buf, len);
Tamas Ban1d37c342019-07-11 08:55:55 +0100[diff] [blame]358 /*
359 * The key may not be found, which is acceptable. There
360 * can be multiple signatures, each preceded by a key.
361 */
362#endif /* MCUBOOT_HW_KEY */
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]363 } else if (type == EXPECTED_SIG_TLV) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]364 /* Ignore this signature if it is out of bounds. */
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]365 if (key_id < 0 || key_id >= bootutil_key_cnt) {
366 key_id = -1;
367 continue;
368 }
369 if (!EXPECTED_SIG_LEN(len) || len > sizeof(buf)) {
370 return -1;
371 }
372 rc = LOAD_IMAGE_DATA(hdr, fap, off, buf, len);
373 if (rc) {
374 return -1;
375 }
376 rc = bootutil_verify_sig(hash, sizeof(hash), buf, len, key_id);
377 if (rc == 0) {
378 valid_signature = 1;
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]379 }
380 key_id = -1;
381#endif
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]382 } else if (type == IMAGE_TLV_SEC_CNT) {
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]383 /*
384 * Verify the image's security counter.
385 * This must always be present.
386 */
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]387 if (len != sizeof(img_security_cnt)) {
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]388 /* Security counter is not valid. */
389 return -1;
390 }
391
David Vincze07706a42019-12-12 18:20:12 +0100[diff] [blame]392 rc = LOAD_IMAGE_DATA(hdr, fap, off, &img_security_cnt, len);
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]393 if (rc) {
394 return rc;
395 }
396
397 rc = boot_nv_security_counter_get(0, &security_cnt);
398 if (rc) {
399 return rc;
400 }
401
402 /* Compare the new image's security counter value against the
403 * stored security counter value.
404 */
405 if (img_security_cnt < security_cnt) {
406 /* The image's security counter is not accepted. */
407 return -1;
408 }
409
410 /* The image's security counter has been successfully verified. */
411 security_counter_valid = 1;
412 }
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]413 }
414
David Vincze060968d2019-05-23 01:13:14 +0200[diff] [blame]415 if (!sha256_valid || !security_counter_valid) {
Tamas Banf70ef8c2017-12-19 15:35:09 +0000[diff] [blame]416 return -1;
417 }
418
419#ifdef EXPECTED_SIG_TLV
420 if (!valid_signature) {
421 return -1;
422 }
423#endif
424
425 return 0;
426}