image: Combine image_sig_algo with image_sign_info
Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.
Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.
Indirectly adds support for "sha1,rsa4096" signing/verification.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
diff --git a/common/image-sig.c b/common/image-sig.c
index 8b4314d..455f2b9 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c
@@ -72,32 +72,36 @@
};
-struct image_sig_algo image_sig_algos[] = {
- {
- "sha1,rsa2048",
- &crypto_algos[0],
- &checksum_algos[0],
- },
- {
- "sha256,rsa2048",
- &crypto_algos[0],
- &checksum_algos[1],
- },
- {
- "sha256,rsa4096",
- &crypto_algos[1],
- &checksum_algos[1],
- }
-
-};
-
-struct image_sig_algo *image_get_sig_algo(const char *name)
+struct checksum_algo *image_get_checksum_algo(const char *full_name)
{
int i;
+ const char *name;
- for (i = 0; i < ARRAY_SIZE(image_sig_algos); i++) {
- if (!strcmp(image_sig_algos[i].name, name))
- return &image_sig_algos[i];
+ for (i = 0; i < ARRAY_SIZE(checksum_algos); i++) {
+ name = checksum_algos[i].name;
+ /* Make sure names match and next char is a comma */
+ if (!strncmp(name, full_name, strlen(name)) &&
+ full_name[strlen(name)] == ',')
+ return &checksum_algos[i];
+ }
+
+ return NULL;
+}
+
+struct crypto_algo *image_get_crypto_algo(const char *full_name)
+{
+ int i;
+ const char *name;
+
+ /* Move name to after the comma */
+ name = strchr(full_name, ',');
+ if (!name)
+ return NULL;
+ name += 1;
+
+ for (i = 0; i < ARRAY_SIZE(crypto_algos); i++) {
+ if (!strcmp(crypto_algos[i].name, name))
+ return &crypto_algos[i];
}
return NULL;
@@ -161,12 +165,14 @@
info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
info->fit = (void *)fit;
info->node_offset = noffset;
- info->algo = image_get_sig_algo(algo_name);
+ info->name = algo_name;
+ info->checksum = image_get_checksum_algo(algo_name);
+ info->crypto = image_get_crypto_algo(algo_name);
info->fdt_blob = gd_fdt_blob();
info->required_keynode = required_keynode;
printf("%s:%s", algo_name, info->keyname);
- if (!info->algo) {
+ if (!info->checksum || !info->crypto) {
*err_msgp = "Unknown signature algorithm";
return -1;
}
@@ -196,8 +202,7 @@
region.data = data;
region.size = size;
- if (info.algo->crypto->verify(&info, ®ion, 1, fit_value,
- fit_value_len)) {
+ if (info.crypto->verify(&info, ®ion, 1, fit_value, fit_value_len)) {
*err_msgp = "Verification failed";
return -1;
}
@@ -378,8 +383,8 @@
struct image_region region[count];
fit_region_make_list(fit, fdt_regions, count, region);
- if (info.algo->crypto->verify(&info, region, count, fit_value,
- fit_value_len)) {
+ if (info.crypto->verify(&info, region, count, fit_value,
+ fit_value_len)) {
*err_msgp = "Verification failed";
return -1;
}