X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=common%2Fimage-sig.c;h=639a1124504f5c0450e950912e98e8f5c1023fa0;hb=97a72bc28613733572b9632a51ab9c8680d45406;hp=5d860e1266379356a0f6ae4d0bf437abb6441a98;hpb=f1c85688ab13f154ebe1b1480def233a22e7f66b;p=oweals%2Fu-boot.git diff --git a/common/image-sig.c b/common/image-sig.c index 5d860e1266..639a112450 100644 --- a/common/image-sig.c +++ b/common/image-sig.c @@ -71,11 +71,39 @@ struct crypto_algo crypto_algos[] = { }; +struct padding_algo padding_algos[] = { + { + .name = "pkcs-1.5", + .verify = padding_pkcs_15_verify, + }, +#ifdef CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT + { + .name = "pss", + .verify = padding_pss_verify, + } +#endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */ +}; + struct checksum_algo *image_get_checksum_algo(const char *full_name) { int i; const char *name; +#if !defined(USE_HOSTCC) && defined(CONFIG_NEEDS_MANUAL_RELOC) + static bool done; + + if (!done) { + done = true; + for (i = 0; i < ARRAY_SIZE(checksum_algos); i++) { + checksum_algos[i].name += gd->reloc_off; +#if IMAGE_ENABLE_SIGN + checksum_algos[i].calculate_sign += gd->reloc_off; +#endif + checksum_algos[i].calculate += gd->reloc_off; + } + } +#endif + for (i = 0; i < ARRAY_SIZE(checksum_algos); i++) { name = checksum_algos[i].name; /* Make sure names match and next char is a comma */ @@ -92,6 +120,20 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name) int i; const char *name; +#if !defined(USE_HOSTCC) && defined(CONFIG_NEEDS_MANUAL_RELOC) + static bool done; + + if (!done) { + done = true; + for (i = 0; i < ARRAY_SIZE(crypto_algos); i++) { + crypto_algos[i].name += gd->reloc_off; + crypto_algos[i].sign += gd->reloc_off; + crypto_algos[i].add_verify_data += gd->reloc_off; + crypto_algos[i].verify += gd->reloc_off; + } + } +#endif + /* Move name to after the comma */ name = strchr(full_name, ','); if (!name) @@ -106,6 +148,21 @@ struct crypto_algo *image_get_crypto_algo(const char *full_name) return NULL; } +struct padding_algo *image_get_padding_algo(const char *name) +{ + int i; + + if (!name) + return NULL; + + for (i = 0; i < ARRAY_SIZE(padding_algos); i++) { + if (!strcmp(padding_algos[i].name, name)) + return &padding_algos[i]; + } + + return NULL; +} + /** * fit_region_make_list() - Make a list of image regions * @@ -155,6 +212,7 @@ static int fit_image_setup_verify(struct image_sign_info *info, char **err_msgp) { char *algo_name; + const char *padding_name; if (fdt_totalsize(fit) > CONFIG_FIT_SIGNATURE_MAX_SIZE) { *err_msgp = "Total size too large"; @@ -165,6 +223,11 @@ static int fit_image_setup_verify(struct image_sign_info *info, *err_msgp = "Can't get hash algo property"; return -1; } + + padding_name = fdt_getprop(fit, noffset, "padding", NULL); + if (!padding_name) + padding_name = RSA_DEFAULT_PADDING_NAME; + memset(info, '\0', sizeof(*info)); info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); info->fit = (void *)fit; @@ -172,11 +235,12 @@ static int fit_image_setup_verify(struct image_sign_info *info, info->name = algo_name; info->checksum = image_get_checksum_algo(algo_name); info->crypto = image_get_crypto_algo(algo_name); + info->padding = image_get_padding_algo(padding_name); info->fdt_blob = gd_fdt_blob(); info->required_keynode = required_keynode; printf("%s:%s", algo_name, info->keyname); - if (!info->checksum || !info->crypto) { + if (!info->checksum || !info->crypto || !info->padding) { *err_msgp = "Unknown signature algorithm"; return -1; }