X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=tools%2Fimage-host.c;h=5e4d690714160dcd68932f8eb6cf728640532ea6;hb=0a9ef45158d586017839d4b6fccd7f8f16672156;hp=dac85b4b747ed312f6683c1a46674fab3a171c47;hpb=0c1d74fda7c0063eeca4d8d9fa8674e6ec2ef685;p=u-boot diff --git a/tools/image-host.c b/tools/image-host.c index dac85b4b74..5e4d690714 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -149,7 +149,7 @@ static int fit_image_write_sig(void *fit, int noffset, uint8_t *value, static int fit_image_setup_sig(struct image_sign_info *info, const char *keydir, void *fit, const char *image_name, - int noffset, const char *require_keys) + int noffset, const char *require_keys, const char *engine_id) { const char *node_name; char *algo_name; @@ -166,9 +166,12 @@ static int fit_image_setup_sig(struct image_sign_info *info, info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); info->fit = fit; info->node_offset = noffset; - info->algo = image_get_sig_algo(algo_name); + info->name = algo_name; + info->checksum = image_get_checksum_algo(algo_name); + info->crypto = image_get_crypto_algo(algo_name); info->require_keys = require_keys; - if (!info->algo) { + info->engine_id = engine_id; + if (!info->checksum || !info->crypto) { printf("Unsupported signature algorithm (%s) for '%s' signature node in '%s' image node\n", algo_name, node_name, image_name); return -1; @@ -192,12 +195,13 @@ static int fit_image_setup_sig(struct image_sign_info *info, * @size: size of data in bytes * @comment: Comment to add to signature nodes * @require_keys: Mark all keys as 'required' + * @engine_id: Engine to use for signing * @return 0 if ok, -1 on error */ static int fit_image_process_sig(const char *keydir, void *keydest, void *fit, const char *image_name, int noffset, const void *data, size_t size, - const char *comment, int require_keys) + const char *comment, int require_keys, const char *engine_id) { struct image_sign_info info; struct image_region region; @@ -207,13 +211,13 @@ static int fit_image_process_sig(const char *keydir, void *keydest, int ret; if (fit_image_setup_sig(&info, keydir, fit, image_name, noffset, - require_keys ? "image" : NULL)) + require_keys ? "image" : NULL, engine_id)) return -1; node_name = fit_get_name(fit, noffset, NULL); region.data = data; region.size = size; - ret = info.algo->crypto->sign(&info, ®ion, 1, &value, &value_len); + ret = info.crypto->sign(&info, ®ion, 1, &value, &value_len); if (ret) { printf("Failed to sign '%s' signature node in '%s' image node: %d\n", node_name, image_name, ret); @@ -239,7 +243,7 @@ static int fit_image_process_sig(const char *keydir, void *keydest, info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL); if (keydest) - ret = info.algo->crypto->add_verify_data(&info, keydest); + ret = info.crypto->add_verify_data(&info, keydest); else return -1; @@ -286,11 +290,12 @@ static int fit_image_process_sig(const char *keydir, void *keydest, * @image_noffset: Requested component image node * @comment: Comment to add to signature nodes * @require_keys: Mark all keys as 'required' + * @engine_id: Engine to use for signing * @return: 0 on success, <0 on failure */ int fit_image_add_verification_data(const char *keydir, void *keydest, void *fit, int image_noffset, const char *comment, - int require_keys) + int require_keys, const char *engine_id) { const char *image_name; const void *data; @@ -327,7 +332,7 @@ int fit_image_add_verification_data(const char *keydir, void *keydest, strlen(FIT_SIG_NODENAME))) { ret = fit_image_process_sig(keydir, keydest, fit, image_name, noffset, data, size, - comment, require_keys); + comment, require_keys, engine_id); } if (ret) return ret; @@ -567,7 +572,8 @@ static int fit_config_get_data(void *fit, int conf_noffset, int noffset, static int fit_config_process_sig(const char *keydir, void *keydest, void *fit, const char *conf_name, int conf_noffset, - int noffset, const char *comment, int require_keys) + int noffset, const char *comment, int require_keys, + const char *engine_id) { struct image_sign_info info; const char *node_name; @@ -585,11 +591,11 @@ static int fit_config_process_sig(const char *keydir, void *keydest, return -1; if (fit_image_setup_sig(&info, keydir, fit, conf_name, noffset, - require_keys ? "conf" : NULL)) + require_keys ? "conf" : NULL, engine_id)) return -1; - ret = info.algo->crypto->sign(&info, region, region_count, &value, - &value_len); + ret = info.crypto->sign(&info, region, region_count, &value, + &value_len); free(region); if (ret) { printf("Failed to sign '%s' signature node in '%s' conf node\n", @@ -618,7 +624,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest, /* Write the public key into the supplied FDT file */ if (keydest) { - ret = info.algo->crypto->add_verify_data(&info, keydest); + ret = info.crypto->add_verify_data(&info, keydest); if (ret == -ENOSPC) return -ENOSPC; if (ret) { @@ -633,7 +639,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest, static int fit_config_add_verification_data(const char *keydir, void *keydest, void *fit, int conf_noffset, const char *comment, - int require_keys) + int require_keys, const char *engine_id) { const char *conf_name; int noffset; @@ -652,7 +658,7 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest, strlen(FIT_SIG_NODENAME))) { ret = fit_config_process_sig(keydir, keydest, fit, conf_name, conf_noffset, noffset, comment, - require_keys); + require_keys, engine_id); } if (ret) return ret; @@ -662,7 +668,8 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest, } int fit_add_verification_data(const char *keydir, void *keydest, void *fit, - const char *comment, int require_keys) + const char *comment, int require_keys, + const char *engine_id) { int images_noffset, confs_noffset; int noffset; @@ -685,7 +692,7 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, * i.e. component image node. */ ret = fit_image_add_verification_data(keydir, keydest, - fit, noffset, comment, require_keys); + fit, noffset, comment, require_keys, engine_id); if (ret) return ret; } @@ -708,7 +715,8 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit, noffset = fdt_next_subnode(fit, noffset)) { ret = fit_config_add_verification_data(keydir, keydest, fit, noffset, comment, - require_keys); + require_keys, + engine_id); if (ret) return ret; }