X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=tools%2Fimage-host.c;h=8e43671714b8936f572c47bd2971d492c7cbad71;hb=040b2583c3a87c83606b3df64ea653ccaf3aea62;hp=11046952fcf0d4b65cdd85bd1362d5bc43c25c23;hpb=c98b171e1098f94b2ff7720c45a25a602882f876;p=u-boot

diff --git a/tools/image-host.c b/tools/image-host.c
index 11046952fc..8e43671714 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -1,3 +1,4 @@
+// SPDX-License-Identifier: GPL-2.0+
 /*
  * Copyright (c) 2013, Google Inc.
  *
@@ -5,8 +6,6 @@
  *
  * (C) Copyright 2000-2006
  * Wolfgang Denk, DENX Software Engineering, wd@denx.de.
- *
- * SPDX-License-Identifier:	GPL-2.0+
  */
 
 #include "mkimage.h"
@@ -149,7 +148,7 @@ static int fit_image_write_sig(void *fit, int noffset, uint8_t *value,
 
 static int fit_image_setup_sig(struct image_sign_info *info,
 		const char *keydir, void *fit, const char *image_name,
-		int noffset, const char *require_keys)
+		int noffset, const char *require_keys, const char *engine_id)
 {
 	const char *node_name;
 	char *algo_name;
@@ -166,9 +165,12 @@ static int fit_image_setup_sig(struct image_sign_info *info,
 	info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
 	info->fit = fit;
 	info->node_offset = noffset;
-	info->algo = image_get_sig_algo(algo_name);
+	info->name = strdup(algo_name);
+	info->checksum = image_get_checksum_algo(algo_name);
+	info->crypto = image_get_crypto_algo(algo_name);
 	info->require_keys = require_keys;
-	if (!info->algo) {
+	info->engine_id = engine_id;
+	if (!info->checksum || !info->crypto) {
 		printf("Unsupported signature algorithm (%s) for '%s' signature node in '%s' image node\n",
 		       algo_name, node_name, image_name);
 		return -1;
@@ -192,12 +194,13 @@ static int fit_image_setup_sig(struct image_sign_info *info,
  * @size:	size of data in bytes
  * @comment:	Comment to add to signature nodes
  * @require_keys: Mark all keys as 'required'
+ * @engine_id:	Engine to use for signing
  * @return 0 if ok, -1 on error
  */
 static int fit_image_process_sig(const char *keydir, void *keydest,
 		void *fit, const char *image_name,
 		int noffset, const void *data, size_t size,
-		const char *comment, int require_keys)
+		const char *comment, int require_keys, const char *engine_id)
 {
 	struct image_sign_info info;
 	struct image_region region;
@@ -207,13 +210,13 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
 	int ret;
 
 	if (fit_image_setup_sig(&info, keydir, fit, image_name, noffset,
-				require_keys ? "image" : NULL))
+				require_keys ? "image" : NULL, engine_id))
 		return -1;
 
 	node_name = fit_get_name(fit, noffset, NULL);
 	region.data = data;
 	region.size = size;
-	ret = info.algo->sign(&info, &region, 1, &value, &value_len);
+	ret = info.crypto->sign(&info, &region, 1, &value, &value_len);
 	if (ret) {
 		printf("Failed to sign '%s' signature node in '%s' image node: %d\n",
 		       node_name, image_name, ret);
@@ -238,18 +241,19 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
 	/* Get keyname again, as FDT has changed and invalidated our pointer */
 	info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
 
-	if (keydest)
-		ret = info.algo->add_verify_data(&info, keydest);
-	else
-		return -1;
-
 	/*
 	 * Write the public key into the supplied FDT file; this might fail
 	 * several times, since we try signing with successively increasing
 	 * size values
 	 */
-	if (keydest && ret)
-		return ret;
+	if (keydest) {
+		ret = info.crypto->add_verify_data(&info, keydest);
+		if (ret) {
+			printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
+			       node_name, image_name);
+			return ret;
+		}
+	}
 
 	return 0;
 }
@@ -265,16 +269,16 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
  *
  * Input component image node structure:
  *
- * o image@1 (at image_noffset)
+ * o image-1 (at image_noffset)
  *   | - data = [binary data]
- *   o hash@1
+ *   o hash-1
  *     |- algo = "sha1"
  *
  * Output component image node structure:
  *
- * o image@1 (at image_noffset)
+ * o image-1 (at image_noffset)
  *   | - data = [binary data]
- *   o hash@1
+ *   o hash-1
  *     |- algo = "sha1"
  *     |- value = sha1(data)
  *
@@ -286,11 +290,12 @@ static int fit_image_process_sig(const char *keydir, void *keydest,
  * @image_noffset: Requested component image node
  * @comment:	Comment to add to signature nodes
  * @require_keys: Mark all keys as 'required'
+ * @engine_id:	Engine to use for signing
  * @return: 0 on success, <0 on failure
  */
 int fit_image_add_verification_data(const char *keydir, void *keydest,
 		void *fit, int image_noffset, const char *comment,
-		int require_keys)
+		int require_keys, const char *engine_id)
 {
 	const char *image_name;
 	const void *data;
@@ -315,7 +320,7 @@ int fit_image_add_verification_data(const char *keydir, void *keydest,
 		/*
 		 * Check subnode name, must be equal to "hash" or "signature".
 		 * Multiple hash nodes require unique unit node
-		 * names, e.g. hash@1, hash@2, signature@1, etc.
+		 * names, e.g. hash-1, hash-2, signature-1, etc.
 		 */
 		node_name = fit_get_name(fit, noffset, NULL);
 		if (!strncmp(node_name, FIT_HASH_NODENAME,
@@ -327,7 +332,7 @@ int fit_image_add_verification_data(const char *keydir, void *keydest,
 				strlen(FIT_SIG_NODENAME))) {
 			ret = fit_image_process_sig(keydir, keydest,
 				fit, image_name, noffset, data, size,
-				comment, require_keys);
+				comment, require_keys, engine_id);
 		}
 		if (ret)
 			return ret;
@@ -508,7 +513,7 @@ static int fit_config_get_data(void *fit, int conf_noffset, int noffset,
 	int ret, len;
 
 	conf_name = fit_get_name(fit, conf_noffset, NULL);
-	sig_name = fit_get_name(fit, conf_noffset, NULL);
+	sig_name = fit_get_name(fit, noffset, NULL);
 	debug("%s: conf='%s', sig='%s'\n", __func__, conf_name, sig_name);
 
 	/* Get a list of nodes we want to hash */
@@ -567,7 +572,8 @@ static int fit_config_get_data(void *fit, int conf_noffset, int noffset,
 
 static int fit_config_process_sig(const char *keydir, void *keydest,
 		void *fit, const char *conf_name, int conf_noffset,
-		int noffset, const char *comment, int require_keys)
+		int noffset, const char *comment, int require_keys,
+		const char *engine_id)
 {
 	struct image_sign_info info;
 	const char *node_name;
@@ -585,10 +591,11 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
 		return -1;
 
 	if (fit_image_setup_sig(&info, keydir, fit, conf_name, noffset,
-				require_keys ? "conf" : NULL))
+				require_keys ? "conf" : NULL, engine_id))
 		return -1;
 
-	ret = info.algo->sign(&info, region, region_count, &value, &value_len);
+	ret = info.crypto->sign(&info, region, region_count, &value,
+				&value_len);
 	free(region);
 	if (ret) {
 		printf("Failed to sign '%s' signature node in '%s' conf node\n",
@@ -617,11 +624,9 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
 
 	/* Write the public key into the supplied FDT file */
 	if (keydest) {
-		ret = info.algo->add_verify_data(&info, keydest);
-		if (ret == -ENOSPC)
-			return -ENOSPC;
+		ret = info.crypto->add_verify_data(&info, keydest);
 		if (ret) {
-			printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
+			printf("Failed to add verification data for '%s' signature node in '%s' configuration node\n",
 			       node_name, conf_name);
 		}
 		return ret;
@@ -632,7 +637,7 @@ static int fit_config_process_sig(const char *keydir, void *keydest,
 
 static int fit_config_add_verification_data(const char *keydir, void *keydest,
 		void *fit, int conf_noffset, const char *comment,
-		int require_keys)
+		int require_keys, const char *engine_id)
 {
 	const char *conf_name;
 	int noffset;
@@ -651,7 +656,7 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest,
 			     strlen(FIT_SIG_NODENAME))) {
 			ret = fit_config_process_sig(keydir, keydest,
 				fit, conf_name, conf_noffset, noffset, comment,
-				require_keys);
+				require_keys, engine_id);
 		}
 		if (ret)
 			return ret;
@@ -661,7 +666,8 @@ static int fit_config_add_verification_data(const char *keydir, void *keydest,
 }
 
 int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
-			      const char *comment, int require_keys)
+			      const char *comment, int require_keys,
+			      const char *engine_id)
 {
 	int images_noffset, confs_noffset;
 	int noffset;
@@ -684,7 +690,7 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
 		 * i.e. component image node.
 		 */
 		ret = fit_image_add_verification_data(keydir, keydest,
-				fit, noffset, comment, require_keys);
+				fit, noffset, comment, require_keys, engine_id);
 		if (ret)
 			return ret;
 	}
@@ -707,7 +713,8 @@ int fit_add_verification_data(const char *keydir, void *keydest, void *fit,
 	     noffset = fdt_next_subnode(fit, noffset)) {
 		ret = fit_config_add_verification_data(keydir, keydest,
 						       fit, noffset, comment,
-						       require_keys);
+						       require_keys,
+						       engine_id);
 		if (ret)
 			return ret;
 	}