diff options
author | Philippe Reynes <philippe.reynes@softathome.com> | 2018-11-14 13:51:00 +0100 |
---|---|---|
committer | Tom Rini <trini@konsulko.com> | 2018-12-03 10:44:10 -0500 |
commit | 20031567e12bb312bff95b70767f6275e20f0346 (patch) | |
tree | 00c9c34581da071f3a87ee01c27370cc524cf223 /include | |
parent | 3b5d6979fcb80ffae3b140be6edc04cbde1a0b72 (diff) |
rsa: add a structure for the padding
The rsa signature use a padding algorithm. By default, we use the
padding pkcs-1.5. In order to add some new padding algorithm, we
add a padding framework to manage several padding algorithm.
The choice of the padding is done in the file .its.
Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/image.h | 16 | ||||
-rw-r--r-- | include/u-boot/rsa.h | 13 |
2 files changed, 29 insertions, 0 deletions
diff --git a/include/image.h b/include/image.h index f67502e333e..e75d1763b58 100644 --- a/include/image.h +++ b/include/image.h @@ -1101,6 +1101,7 @@ struct image_sign_info { int node_offset; /* Offset of signature node */ const char *name; /* Algorithm name */ struct checksum_algo *checksum; /* Checksum algorithm information */ + struct padding_algo *padding; /* Padding algorithm information */ struct crypto_algo *crypto; /* Crypto algorithm information */ const void *fdt_blob; /* FDT containing public keys */ int required_keynode; /* Node offset of key to use: -1=any */ @@ -1186,6 +1187,13 @@ struct crypto_algo { uint8_t *sig, uint sig_len); }; +struct padding_algo { + const char *name; + int (*verify)(struct image_sign_info *info, + uint8_t *pad, int pad_len, + const uint8_t *hash, int hash_len); +}; + /** * image_get_checksum_algo() - Look up a checksum algorithm * @@ -1203,6 +1211,14 @@ struct checksum_algo *image_get_checksum_algo(const char *full_name); struct crypto_algo *image_get_crypto_algo(const char *full_name); /** + * image_get_padding_algo() - Look up a padding algorithm + * + * @param name Name of padding algorithm + * @return pointer to algorithm information, or NULL if not found + */ +struct padding_algo *image_get_padding_algo(const char *name); + +/** * fit_image_verify_required_sigs() - Verify signatures marked as 'required' * * @fit: FIT to check diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h index 68bcb14c74d..16b4c4caeea 100644 --- a/include/u-boot/rsa.h +++ b/include/u-boot/rsa.h @@ -97,6 +97,10 @@ static inline int rsa_add_verify_data(struct image_sign_info *info, int rsa_verify(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t *sig, uint sig_len); + +int padding_pkcs_15_verify(struct image_sign_info *info, + uint8_t *msg, int msg_len, + const uint8_t *hash, int hash_len); #else static inline int rsa_verify(struct image_sign_info *info, const struct image_region region[], int region_count, @@ -104,8 +108,17 @@ static inline int rsa_verify(struct image_sign_info *info, { return -ENXIO; } + +static inline int padding_pkcs_15_verify(struct image_sign_info *info, + uint8_t *msg, int msg_len, + const uint8_t *hash, int hash_len) +{ + return -ENXIO; +} #endif +#define RSA_DEFAULT_PADDING_NAME "pkcs-1.5" + #define RSA2048_BYTES (2048 / 8) #define RSA4096_BYTES (4096 / 8) |