image: Add crypto_algo struct for RSA info
Cut down on the repetition of algorithm information by defining separate checksum and crypto structs. image_sig_algos are now simply pairs of unique checksum and crypto algos. Signed-off-by: Andrew Duda <aduda@meraki.com> Signed-off-by: aduda <aduda@meraki.com> Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Andrew Duda
+11
-8
@@ -68,14 +68,14 @@ static int rsa_verify_padding(const uint8_t *msg, const int pad_len,
|
||||
* @sig: Signature
|
||||
* @sig_len: Number of bytes in signature
|
||||
* @hash: Pointer to the expected hash
|
||||
* @algo: Checksum algo structure having information on RSA padding etc.
|
||||
* @key_len: Number of bytes in rsa key
|
||||
* @algo: Checksum algo structure having information on DER encoding etc.
|
||||
* @return 0 if verified, -ve on error
|
||||
*/
|
||||
static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig,
|
||||
const uint32_t sig_len, const uint8_t *hash,
|
||||
struct checksum_algo *algo)
|
||||
const uint32_t key_len, struct checksum_algo *algo)
|
||||
{
|
||||
const uint8_t *padding;
|
||||
int pad_len;
|
||||
int ret;
|
||||
#if !defined(USE_HOSTCC)
|
||||
@@ -117,7 +117,7 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig,
|
||||
return ret;
|
||||
}
|
||||
|
||||
pad_len = algo->key_len - algo->checksum_len;
|
||||
pad_len = key_len - algo->checksum_len;
|
||||
|
||||
/* Check pkcs1.5 padding bytes. */
|
||||
ret = rsa_verify_padding(buf, pad_len, algo);
|
||||
@@ -183,7 +183,9 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
|
||||
return -EFAULT;
|
||||
}
|
||||
|
||||
ret = rsa_verify_key(&prop, sig, sig_len, hash, info->algo->checksum);
|
||||
ret = rsa_verify_key(&prop, sig, sig_len, hash,
|
||||
info->algo->crypto->key_len,
|
||||
info->algo->checksum);
|
||||
|
||||
return ret;
|
||||
}
|
||||
@@ -194,7 +196,7 @@ int rsa_verify(struct image_sign_info *info,
|
||||
{
|
||||
const void *blob = info->fdt_blob;
|
||||
/* Reserve memory for maximum checksum-length */
|
||||
uint8_t hash[info->algo->checksum->key_len];
|
||||
uint8_t hash[info->algo->crypto->key_len];
|
||||
int ndepth, noffset;
|
||||
int sig_node, node;
|
||||
char name[100];
|
||||
@@ -205,9 +207,10 @@ int rsa_verify(struct image_sign_info *info,
|
||||
* rsa-signature-length
|
||||
*/
|
||||
if (info->algo->checksum->checksum_len >
|
||||
info->algo->checksum->key_len) {
|
||||
info->algo->crypto->key_len) {
|
||||
debug("%s: invlaid checksum-algorithm %s for %s\n",
|
||||
__func__, info->algo->checksum->name, info->algo->name);
|
||||
__func__, info->algo->checksum->name,
|
||||
info->algo->crypto->name);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user