- if (!region)
- return NULL;
- for (i = 0; i < count; i++) {
- debug("%10x %10x\n", fdt_regions[i].offset,
- fdt_regions[i].size);
- region[i].data = fit + fdt_regions[i].offset;
- region[i].size = fdt_regions[i].size;
- }
-
- return region;
-}
-
-static int fit_image_setup_verify(struct image_sign_info *info,
- const void *fit, int noffset, int required_keynode,
- char **err_msgp)
-{
- char *algo_name;
-
- if (fit_image_hash_get_algo(fit, noffset, &algo_name)) {
- *err_msgp = "Can't get hash algo property";
- return -1;
- }
- memset(info, '\0', sizeof(*info));
- info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
- info->fit = (void *)fit;
- info->node_offset = noffset;
- info->algo = image_get_sig_algo(algo_name);
- info->fdt_blob = gd_fdt_blob();
- info->required_keynode = required_keynode;
- printf("%s:%s", algo_name, info->keyname);
-
- if (!info->algo) {
- *err_msgp = "Unknown signature algorithm";
- return -1;
- }
-
- return 0;
-}
-
-int fit_image_check_sig(const void *fit, int noffset, const void *data,
- size_t size, int required_keynode, char **err_msgp)
-{
- struct image_sign_info info;
- struct image_region region;
- uint8_t *fit_value;
- int fit_value_len;
-
- *err_msgp = NULL;
- if (fit_image_setup_verify(&info, fit, noffset, required_keynode,
- err_msgp))
- return -1;
-
- if (fit_image_hash_get_value(fit, noffset, &fit_value,
- &fit_value_len)) {
- *err_msgp = "Can't get hash value property";
- return -1;
- }
-
- region.data = data;
- region.size = size;
-
- if (info.algo->verify(&info, ®ion, 1, fit_value, fit_value_len)) {
- *err_msgp = "Verification failed";
- return -1;
- }
-
- return 0;
-}
-
-static int fit_image_verify_sig(const void *fit, int image_noffset,
- const char *data, size_t size, const void *sig_blob,
- int sig_offset)
-{
- int noffset;
- char *err_msg = "";
- int verified = 0;
- int ret;
-
- /* Process all hash subnodes of the component image node */
- for (noffset = fdt_first_subnode(fit, image_noffset);
- noffset >= 0;
- noffset = fdt_next_subnode(fit, noffset)) {
- const char *name = fit_get_name(fit, noffset, NULL);
-
- if (!strncmp(name, FIT_SIG_NODENAME,
- strlen(FIT_SIG_NODENAME))) {
- ret = fit_image_check_sig(fit, noffset, data,
- size, -1, &err_msg);
- if (ret) {
- puts("- ");
- } else {
- puts("+ ");
- verified = 1;
- break;
- }