diff options
| author | Andrew Duda <aduda@meraki.com> | 2016-11-08 18:53:41 (GMT) |
|---|---|---|
| committer | Tom Rini <trini@konsulko.com> | 2016-11-21 19:07:31 (GMT) |
| commit | 83dd98e012b55b494ac2bf1f9a5d66f684bfbbe8 (patch) | |
| tree | 8c4e069f185d6ca6d5afaba1945b7a3ab954a6cc /lib/rsa | |
| parent | 0c1d74fda7c0063eeca4d8d9fa8674e6ec2ef685 (diff) | |
| download | u-boot-83dd98e012b55b494ac2bf1f9a5d66f684bfbbe8.tar.xz | |
image: Combine image_sig_algo with image_sign_info
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.
Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.
Indirectly adds support for "sha1,rsa4096" signing/verification.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'lib/rsa')
| -rw-r--r-- | lib/rsa/rsa-sign.c | 4 | ||||
| -rw-r--r-- | lib/rsa/rsa-verify.c | 14 |
2 files changed, 8 insertions, 10 deletions
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index c26f741..9a09280 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -244,7 +244,7 @@ int rsa_sign(struct image_sign_info *info, ret = rsa_get_priv_key(info->keydir, info->keyname, &rsa); if (ret) goto err_priv; - ret = rsa_sign_with_key(rsa, info->algo->checksum, region, + ret = rsa_sign_with_key(rsa, info->checksum, region, region_count, sigp, sig_len); if (ret) goto err_sign; @@ -508,7 +508,7 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest) } if (!ret) { ret = fdt_setprop_string(keydest, node, FIT_ALGO_PROP, - info->algo->name); + info->name); } if (!ret && info->require_keys) { ret = fdt_setprop_string(keydest, node, "required", diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index 61dc4c2..0d548f8 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -184,8 +184,7 @@ static int rsa_verify_with_keynode(struct image_sign_info *info, } ret = rsa_verify_key(&prop, sig, sig_len, hash, - info->algo->crypto->key_len, - info->algo->checksum); + info->crypto->key_len, info->checksum); return ret; } @@ -196,7 +195,7 @@ int rsa_verify(struct image_sign_info *info, { const void *blob = info->fdt_blob; /* Reserve memory for maximum checksum-length */ - uint8_t hash[info->algo->crypto->key_len]; + uint8_t hash[info->crypto->key_len]; int ndepth, noffset; int sig_node, node; char name[100]; @@ -206,11 +205,10 @@ int rsa_verify(struct image_sign_info *info, * Verify that the checksum-length does not exceed the * rsa-signature-length */ - if (info->algo->checksum->checksum_len > - info->algo->crypto->key_len) { + if (info->checksum->checksum_len > + info->crypto->key_len) { debug("%s: invlaid checksum-algorithm %s for %s\n", - __func__, info->algo->checksum->name, - info->algo->crypto->name); + __func__, info->checksum->name, info->crypto->name); return -EINVAL; } @@ -221,7 +219,7 @@ int rsa_verify(struct image_sign_info *info, } /* Calculate checksum with checksum-algorithm */ - ret = info->algo->checksum->calculate(info->algo->checksum->name, + ret = info->checksum->calculate(info->checksum->name, region, region_count, hash); if (ret < 0) { debug("%s: Error in checksum calculation\n", __func__); |