GitHub-Mirror/u-boot
2
0
Fork 0
mirror of https://github.com/Fishwaldo/u-boot.git synced 2025-06-26 00:21:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

image: Combine image_sig_algo with image_sign_info

Browse source 
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Andrew Duda 2016-11-08 18:53:41 +00:00 committed by Tom Rini
parent 0c1d74fda7
commit 83dd98e012
5 changed files with 65 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

16
tools/image-host.c
View file

@ -166,9 +166,11 @@ static int fit_image_setup_sig(struct image_sign_info *info,
info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
info->fit = fit;
info->node_offset = noffset;
info->algo = image_get_sig_algo(algo_name);
info->name = algo_name;
info->checksum = image_get_checksum_algo(algo_name);
info->crypto = image_get_crypto_algo(algo_name);
info->require_keys = require_keys;
if (!info->algo) {
if (!info->checksum || !info->crypto) {
printf("Unsupported signature algorithm (%s) for '%s' signature node in '%s' image node\n",
algo_name, node_name, image_name);
return -1;
@ -213,7 +215,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
node_name = fit_get_name(fit, noffset, NULL);
region.data = data;
region.size = size;
ret = info.algo->crypto->sign(&info, &region, 1, &value, &value_len);
ret = info.crypto->sign(&info, &region, 1, &value, &value_len);
if (ret) {
printf("Failed to sign '%s' signature node in '%s' image node: %d\n",
node_name, image_name, ret);
@ -239,7 +241,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
if (keydest)
ret = info.algo->crypto->add_verify_data(&info, keydest);
ret = info.crypto->add_verify_data(&info, keydest);
else
return -1;
@ -588,8 +590,8 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
require_keys ? "conf" : NULL))
return -1;
ret = info.algo->crypto->sign(&info, region, region_count, &value,
&value_len);
ret = info.crypto->sign(&info, region, region_count, &value,
&value_len);
free(region);
if (ret) {
printf("Failed to sign '%s' signature node in '%s' conf node\n",
@ -618,7 +620,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
/* Write the public key into the supplied FDT file */
if (keydest) {
ret = info.algo->crypto->add_verify_data(&info, keydest);
ret = info.crypto->add_verify_data(&info, keydest);
if (ret == -ENOSPC)
return -ENOSPC;
if (ret) {