diff options
author | Andrew Duda | 2016-11-08 18:53:41 +0000 |
---|---|---|
committer | Tom Rini | 2016-11-21 14:07:31 -0500 |
commit | 0c1d74fda7c0063eeca4d8d9fa8674e6ec2ef685 (patch) | |
tree | 44482dc837d5bbd88006520062b443d43ab28fdb /lib | |
parent | da29f2991d75fc8aa3289407a0e686a4a22f8c9e (diff) |
image: Add crypto_algo struct for RSA info
Cut down on the repetition of algorithm information by defining separate
checksum and crypto structs. image_sig_algos are now simply pairs of
unique checksum and crypto algos.
Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/rsa/rsa-verify.c | 19 |
1 files changed, 11 insertions, 8 deletions
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c index ee8988d6463..61dc4c2e706 100644 --- a/lib/rsa/rsa-verify.c +++ b/lib/rsa/rsa-verify.c @@ -68,14 +68,14 @@ static int rsa_verify_padding(const uint8_t *msg, const int pad_len, * @sig: Signature * @sig_len: Number of bytes in signature * @hash: Pointer to the expected hash - * @algo: Checksum algo structure having information on RSA padding etc. + * @key_len: Number of bytes in rsa key + * @algo: Checksum algo structure having information on DER encoding etc. * @return 0 if verified, -ve on error */ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig, const uint32_t sig_len, const uint8_t *hash, - struct checksum_algo *algo) + const uint32_t key_len, struct checksum_algo *algo) { - const uint8_t *padding; int pad_len; int ret; #if !defined(USE_HOSTCC) @@ -117,7 +117,7 @@ static int rsa_verify_key(struct key_prop *prop, const uint8_t *sig, return ret; } - pad_len = algo->key_len - algo->checksum_len; + pad_len = key_len - algo->checksum_len; /* Check pkcs1.5 padding bytes. */ ret = rsa_verify_padding(buf, pad_len, algo); @@ -183,7 +183,9 @@ static int rsa_verify_with_keynode(struct image_sign_info *info, return -EFAULT; } - ret = rsa_verify_key(&prop, sig, sig_len, hash, info->algo->checksum); + ret = rsa_verify_key(&prop, sig, sig_len, hash, + info->algo->crypto->key_len, + info->algo->checksum); return ret; } @@ -194,7 +196,7 @@ int rsa_verify(struct image_sign_info *info, { const void *blob = info->fdt_blob; /* Reserve memory for maximum checksum-length */ - uint8_t hash[info->algo->checksum->key_len]; + uint8_t hash[info->algo->crypto->key_len]; int ndepth, noffset; int sig_node, node; char name[100]; @@ -205,9 +207,10 @@ int rsa_verify(struct image_sign_info *info, * rsa-signature-length */ if (info->algo->checksum->checksum_len > - info->algo->checksum->key_len) { + info->algo->crypto->key_len) { debug("%s: invlaid checksum-algorithm %s for %s\n", - __func__, info->algo->checksum->name, info->algo->name); + __func__, info->algo->checksum->name, + info->algo->crypto->name); return -EINVAL; } |