From 83dd98e012b55b494ac2bf1f9a5d66f684bfbbe8 Mon Sep 17 00:00:00 2001 From: Andrew Duda Date: Tue, 8 Nov 2016 18:53:41 +0000 Subject: image: Combine image_sig_algo with image_sign_info Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA pairings will still fail on verify operations when the hash length is longer than the key length. Follow the same naming scheme "checksum,crytpo" without explicitly defining the string. Indirectly adds support for "sha1,rsa4096" signing/verification. Signed-off-by: Andrew Duda Signed-off-by: aduda Reviewed-by: Simon Glass --- include/image.h | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) (limited to 'include/image.h') diff --git a/include/image.h b/include/image.h index c3c9866738..81315959fe 100644 --- a/include/image.h +++ b/include/image.h @@ -1049,7 +1049,9 @@ struct image_sign_info { const char *keyname; /* Name of key to use */ void *fit; /* Pointer to FIT blob */ int node_offset; /* Offset of signature node */ - struct image_sig_algo *algo; /* Algorithm information */ + const char *name; /* Algorithm name */ + struct checksum_algo *checksum; /* Checksum algorithm information */ + struct crypto_algo *crypto; /* Crypto algorithm information */ const void *fdt_blob; /* FDT containing public keys */ int required_keynode; /* Node offset of key to use: -1=any */ const char *require_keys; /* Value for 'required' property */ @@ -1133,21 +1135,21 @@ struct crypto_algo { uint8_t *sig, uint sig_len); }; -struct image_sig_algo { - const char *name; - /* pointer to cryptosystem algorithm */ - struct crypto_algo *crypto; - /* pointer to checksum algorithm */ - struct checksum_algo *checksum; -}; +/** + * image_get_checksum_algo() - Look up a checksum algorithm + * + * @param full_name Name of algorithm in the form "checksum,crypto" + * @return pointer to algorithm information, or NULL if not found + */ +struct checksum_algo *image_get_checksum_algo(const char *full_name); /** - * image_get_sig_algo() - Look up a signature algortihm + * image_get_crypto_algo() - Look up a cryptosystem algorithm * - * @param name Name of algorithm + * @param full_name Name of algorithm in the form "checksum,crypto" * @return pointer to algorithm information, or NULL if not found */ -struct image_sig_algo *image_get_sig_algo(const char *name); +struct crypto_algo *image_get_crypto_algo(const char *full_name); /** * fit_image_verify_required_sigs() - Verify signatures marked as 'required' -- cgit v1.2.1