summaryrefslogtreecommitdiff
path: root/lib/rsa/rsa-verify.c
diff options
context:
space:
mode:
authorHeiko Stuebner <heiko.stuebner@theobroma-systems.com>2020-05-22 16:20:33 +0200
committerTom Rini <trini@konsulko.com>2020-07-08 17:21:46 -0400
commitc89b41b4db4a746647c4f0e6d33c6f4edfe96e38 (patch)
tree387269e837a47126d5a7ccdef2b4d5af60598e16 /lib/rsa/rsa-verify.c
parentbdded2015c1e54038a86557e339b606b4a31968b (diff)
lib: rsa: function to verify a signature against a hash
rsa_verify() expects a memory region and wants to do the hashing itself, but there may be cases where the hashing is done via other means, like hashing a squashfs rootfs. So add rsa_verify_hash() to allow verifiying a signature against an existing hash. As this entails the same verification routines we can just move the relevant code over from rsa_verify() and also call rsa_verify_hash() from there. Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>
Diffstat (limited to 'lib/rsa/rsa-verify.c')
-rw-r--r--lib/rsa/rsa-verify.c56
1 files changed, 32 insertions, 24 deletions
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index 61d98e6e2d..6c4bbc4625 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -478,33 +478,11 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
}
#endif
-int rsa_verify(struct image_sign_info *info,
- const struct image_region region[], int region_count,
- uint8_t *sig, uint sig_len)
+int rsa_verify_hash(struct image_sign_info *info,
+ const uint8_t *hash, uint8_t *sig, uint sig_len)
{
- /* Reserve memory for maximum checksum-length */
- uint8_t hash[info->crypto->key_len];
int ret = -EACCES;
- /*
- * Verify that the checksum-length does not exceed the
- * rsa-signature-length
- */
- if (info->checksum->checksum_len >
- info->crypto->key_len) {
- debug("%s: invlaid checksum-algorithm %s for %s\n",
- __func__, info->checksum->name, info->crypto->name);
- return -EINVAL;
- }
-
- /* Calculate checksum with checksum-algorithm */
- ret = info->checksum->calculate(info->checksum->name,
- region, region_count, hash);
- if (ret < 0) {
- debug("%s: Error in checksum calculation\n", __func__);
- return -EINVAL;
- }
-
if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) {
/* don't rely on fdt properties */
ret = rsa_verify_with_pkey(info, hash, sig, sig_len);
@@ -555,3 +533,33 @@ int rsa_verify(struct image_sign_info *info,
return ret;
}
+
+int rsa_verify(struct image_sign_info *info,
+ const struct image_region region[], int region_count,
+ uint8_t *sig, uint sig_len)
+{
+ /* Reserve memory for maximum checksum-length */
+ uint8_t hash[info->crypto->key_len];
+ int ret = -EACCES;
+
+ /*
+ * Verify that the checksum-length does not exceed the
+ * rsa-signature-length
+ */
+ if (info->checksum->checksum_len >
+ info->crypto->key_len) {
+ debug("%s: invlaid checksum-algorithm %s for %s\n",
+ __func__, info->checksum->name, info->crypto->name);
+ return -EINVAL;
+ }
+
+ /* Calculate checksum with checksum-algorithm */
+ ret = info->checksum->calculate(info->checksum->name,
+ region, region_count, hash);
+ if (ret < 0) {
+ debug("%s: Error in checksum calculation\n", __func__);
+ return -EINVAL;
+ }
+
+ return rsa_verify_hash(info, hash, sig, sig_len);
+}