random-mirrors/smaeul-u-boot
1
0
Fork 0
mirror of https://github.com/smaeul/u-boot.git synced 2025-10-14 04:46:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

lib/crypto: Enable more algorithms in cert verification

Browse Source 
Right now the code explicitly limits us to sha1,256 hashes with RSA2048
encryption.  But the limitation is artificial since U-Boot supports
a wider range of algorithms.

The internal image_get_[checksum|crypto]_algo() functions expect an
argument in the format of <checksum>,<crypto>.  So let's remove the size
checking and create the needed string on the fly in order to support
more hash/signing combinations.

Signed-off-by: Ilias Apalodimas <ilias.apalodimas@linaro.org>
This commit is contained in:
Ilias Apalodimas 2022-01-19 13:54:41 +02:00 committed by Heinrich Schuchardt
parent 38040a63a3
commit 8699af63b8
1 changed files with 16 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
lib/crypto/public_key.c
View File

@ -97,6 +97,7 @@ int public_key_verify_signature(const struct public_key *pkey,
const struct public_key_signature *sig) const struct public_key_signature *sig)
{ {
struct image_sign_info info; struct image_sign_info info;
char algo[256];
int ret; int ret;
pr_devel("==>%s()\n", __func__); pr_devel("==>%s()\n", __func__);
@ -108,30 +109,26 @@ int public_key_verify_signature(const struct public_key *pkey,
return -EINVAL; return -EINVAL;
memset(&info, '\0', sizeof(info)); memset(&info, '\0', sizeof(info));
memset(algo, 0, sizeof(algo));
info.padding = image_get_padding_algo("pkcs-1.5"); info.padding = image_get_padding_algo("pkcs-1.5");
/* if (strcmp(sig->pkey_algo, "rsa")) {
* Note: image_get_[checksum|crypto]_algo takes a string pr_err("Encryption is not RSA: %s\n", sig->pkey_algo);
* argument like "<checksum>,<crypto>" return -ENOPKG;
* TODO: support other hash algorithms }
*/ ret = snprintf(algo, sizeof(algo), "%s,%s%d", sig->hash_algo,
if (strcmp(sig->pkey_algo, "rsa") || (sig->s_size * 8) != 2048) {
pr_warn("Encryption is not RSA2048: %s%d\n",
sig->pkey_algo, sig->s_size * 8); sig->pkey_algo, sig->s_size * 8);
return -ENOPKG;
} if (ret >= sizeof(algo))
if (!strcmp(sig->hash_algo, "sha1")) { return -EINVAL;
info.checksum = image_get_checksum_algo("sha1,rsa2048");
info.name = "sha1,rsa2048"; info.checksum = image_get_checksum_algo((const char *)algo);
} else if (!strcmp(sig->hash_algo, "sha256")) { info.name = (const char *)algo;
info.checksum = image_get_checksum_algo("sha256,rsa2048");
info.name = "sha256,rsa2048";
} else {
pr_warn("unknown msg digest algo: %s\n", sig->hash_algo);
return -ENOPKG;
}
info.crypto = image_get_crypto_algo(info.name); info.crypto = image_get_crypto_algo(info.name);
if (IS_ERR(info.checksum) || IS_ERR(info.crypto)) if (!info.checksum || !info.crypto) {
pr_err("<%s> not supported on image_get_(checksum|crypto)_algo()\n",
algo);
return -ENOPKG; return -ENOPKG;
}
info.key = pkey->key; info.key = pkey->key;
info.keylen = pkey->keylen; info.keylen = pkey->keylen;