static int fit_image_setup_sig(struct image_sign_info *info,
const char *keydir, void *fit, const char *image_name,
int noffset, const char *require_keys)
{
const char *node_name;
char *algo_name;
node_name = fit_get_name(fit, noffset, NULL);
if (fit_image_hash_get_algo(fit, noffset, &algo_name)) {
printf("Can't get algo property for '%s' signature node in '%s' image node\n",
node_name, image_name);
return -1;
}
memset(info, '\0', sizeof(*info));
info->keydir = keydir;
info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
info->fit = fit;
info->node_offset = noffset;
info->algo = image_get_sig_algo(algo_name);
info->require_keys = require_keys;
if (!info->algo) {
printf("Unsupported signature algorithm (%s) for '%s' signature node in '%s' image node\n",
algo_name, node_name, image_name);
return -1;
}
return 0;
}
/**
* fit_image_process_hash - Process a single subnode of the images/ node
*
* Check each subnode and process accordingly. For hash nodes we generate
* a hash of the supplised data and store it in the node.
*
* @fit: pointer to the FIT format image header
* @image_name: name of image being processes (used to display errors)
* @noffset: subnode offset
* @data: data to process
* @size: size of data in bytes
* @return 0 if ok, -1 on error
*/
static int fit_image_process_hash(void *fit, const char *image_name,
int noffset, const void *data, size_t size)
{
uint8_t value[FIT_MAX_HASH_LEN];
const char *node_name;
int value_len;
char *algo;
int ret;
node_name = fit_get_name(fit, noffset, NULL);
if (fit_image_hash_get_algo(fit, noffset, &algo)) {
printf("Can't get hash algo property for '%s' hash node in '%s' image node\n",
node_name, image_name);
return -ENOENT;
}
if (calculate_hash(data, size, algo, value, &value_len)) {
printf("Unsupported hash algorithm (%s) for '%s' hash node in '%s' image node\n",
algo, node_name, image_name);
return -EPROTONOSUPPORT;
}
ret = fit_set_hash_value(fit, noffset, value, value_len);
if (ret) {
printf("Can't set hash value for '%s' hash node in '%s' image node\n",
node_name, image_name);
return ret;
}
return 0;
}
static int fit_image_setup_verify(struct image_sign_info *info,
const void *fit, int noffset, int required_keynode,
char **err_msgp)
{
char *algo_name;
if (fit_image_hash_get_algo(fit, noffset, &algo_name)) {
*err_msgp = "Can't get hash algo property";
return -1;
}
memset(info, '\0', sizeof(*info));
info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
info->fit = (void *)fit;
info->node_offset = noffset;
info->algo = image_get_sig_algo(algo_name);
info->fdt_blob = gd_fdt_blob();
info->required_keynode = required_keynode;
printf("%s:%s", algo_name, info->keyname);
if (!info->algo) {
*err_msgp = "Unknown signature algorithm";
return -1;
}
return 0;
}
/**
* fit_image_print_data() - prints out the hash node details
* @fit: pointer to the FIT format image header
* @noffset: offset of the hash node
* @p: pointer to prefix string
* @type: Type of information to print ("hash" or "sign")
*
* fit_image_print_data() lists properies for the processed hash node
*
* This function avoid using puts() since it prints a newline on the host
* but does not in U-Boot.
*
* returns:
* no returned results
*/
static void fit_image_print_data(const void *fit, int noffset, const char *p,
const char *type)
{
const char *keyname;
uint8_t *value;
int value_len;
char *algo;
int required;
int ret, i;
debug("%s %s node: '%s'\n", p, type,
fit_get_name(fit, noffset, NULL));
printf("%s %s algo: ", p, type);
if (fit_image_hash_get_algo(fit, noffset, &algo)) {
printf("invalid/unsupported\n");
return;
}
printf("%s", algo);
keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
required = fdt_getprop(fit, noffset, "required", NULL) != NULL;
if (keyname)
printf(":%s", keyname);
if (required)
printf(" (required)");
printf("\n");
ret = fit_image_hash_get_value(fit, noffset, &value,
&value_len);
printf("%s %s value: ", p, type);
if (ret) {
printf("unavailable\n");
} else {
for (i = 0; i < value_len; i++)
printf("%02x", value[i]);
printf("\n");
}
debug("%s %s len: %d\n", p, type, value_len);
/* Signatures have a time stamp */
if (IMAGE_ENABLE_TIMESTAMP && keyname) {
time_t timestamp;
printf("%s Timestamp: ", p);
if (fit_get_timestamp(fit, noffset, ×tamp))
printf("unavailable\n");
else
genimg_print_time(timestamp);
}
}
static int fit_image_check_hash(const void *fit, int noffset, const void *data,
size_t size, char **err_msgp)
{
uint8_t value[FIT_MAX_HASH_LEN];
int value_len;
char *algo;
uint8_t *fit_value;
int fit_value_len;
int ignore;
*err_msgp = NULL;
if (fit_image_hash_get_algo(fit, noffset, &algo)) {
*err_msgp = "Can't get hash algo property";
return -1;
}
printf("%s", algo);
if (IMAGE_ENABLE_IGNORE) {
fit_image_hash_get_ignore(fit, noffset, &ignore);
if (ignore) {
printf("-skipped ");
return 0;
}
}
if (fit_image_hash_get_value(fit, noffset, &fit_value,
&fit_value_len)) {
*err_msgp = "Can't get hash value property";
return -1;
}
if (calculate_hash(data, size, algo, value, &value_len)) {
*err_msgp = "Unsupported hash algorithm";
return -1;
}
if (value_len != fit_value_len) {
*err_msgp = "Bad hash value len";
return -1;
} else if (memcmp(value, fit_value, value_len) != 0) {
*err_msgp = "Bad hash value";
return -1;
}
return 0;
}
