diff options
| author | Andrew Duda <aduda@meraki.com> | 2016-11-08 18:53:41 (GMT) |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2016-11-21 19:07:31 (GMT) |
| commit | 83dd98e012b55b494ac2bf1f9a5d66f684bfbbe8 (patch) | |
| tree | 8c4e069f185d6ca6d5afaba1945b7a3ab954a6cc /include/image.h | |
| parent | 0c1d74fda7c0063eeca4d8d9fa8674e6ec2ef685 (diff) | |
| download | u-boot-83dd98e012b55b494ac2bf1f9a5d66f684bfbbe8.tar.xz | |
image: Combine image_sig_algo with image_sign_info
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.
Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.
Indirectly adds support for "sha1,rsa4096" signing/verification.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'include/image.h')
| -rw-r--r-- | include/image.h | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/include/image.h b/include/image.h index c3c9866..8131595 100644 --- a/include/image.h +++ b/include/image.h @@ -1049,7 +1049,9 @@ struct image_sign_info { const char *keyname; /* Name of key to use */ void *fit; /* Pointer to FIT blob */ int node_offset; /* Offset of signature node */ - struct image_sig_algo *algo; /* Algorithm information */ + const char *name; /* Algorithm name */ + struct checksum_algo *checksum; /* Checksum algorithm information */ + struct crypto_algo *crypto; /* Crypto algorithm information */ const void *fdt_blob; /* FDT containing public keys */ int required_keynode; /* Node offset of key to use: -1=any */ const char *require_keys; /* Value for 'required' property */ @@ -1133,21 +1135,21 @@ struct crypto_algo { uint8_t *sig, uint sig_len); }; -struct image_sig_algo { - const char *name; - /* pointer to cryptosystem algorithm */ - struct crypto_algo *crypto; - /* pointer to checksum algorithm */ - struct checksum_algo *checksum; -}; +/** + * image_get_checksum_algo() - Look up a checksum algorithm + * + * @param full_name Name of algorithm in the form "checksum,crypto" + * @return pointer to algorithm information, or NULL if not found + */ +struct checksum_algo *image_get_checksum_algo(const char *full_name); /** - * image_get_sig_algo() - Look up a signature algortihm + * image_get_crypto_algo() - Look up a cryptosystem algorithm * - * @param name Name of algorithm + * @param full_name Name of algorithm in the form "checksum,crypto" * @return pointer to algorithm information, or NULL if not found */ -struct image_sig_algo *image_get_sig_algo(const char *name); +struct crypto_algo *image_get_crypto_algo(const char *full_name); /** * fit_image_verify_required_sigs() - Verify signatures marked as 'required' |