On 09.06.20 07:13, AKASHI Takahiro wrote:
This function will be called from x509_check_for_self_signed() and pkcs7_verify_one(), which will be imported from linux in a later patch.
While it does exist in linux code and has a similar functionality of rsa_verify(), it calls further linux-specific interfaces inside. That could lead to more files being imported from linux.
So simply re-implement it here instead of re-using the code.
Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org
include/crypto/public_key.h | 2 +- lib/crypto/public_key.c | 56 ++++++++++++++++++++++++++++++++++++- 2 files changed, 56 insertions(+), 2 deletions(-)
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 436a1ee1ee64..3ba90fcc3483 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -82,9 +82,9 @@ extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *); extern int create_signature(struct kernel_pkey_params *, const void *, void *); extern int verify_signature(const struct key *, const struct public_key_signature *); +#endif /* __UBOOT__ */
int public_key_verify_signature(const struct public_key *pkey, const struct public_key_signature *sig); -#endif /* !__UBOOT__ */
#endif /* _LINUX_PUBLIC_KEY_H */ diff --git a/lib/crypto/public_key.c b/lib/crypto/public_key.c index e12ebbb3d0c5..232e79d086ae 100644 --- a/lib/crypto/public_key.c +++ b/lib/crypto/public_key.c @@ -25,7 +25,10 @@ #include <keys/asymmetric-subtype.h> #endif #include <crypto/public_key.h> -#ifndef __UBOOT__ +#ifdef __UBOOT__ +#include <image.h> +#include <u-boot/rsa.h> +#else #include <crypto/akcipher.h> #endif
@@ -80,6 +83,57 @@ void public_key_signature_free(struct public_key_signature *sig) } EXPORT_SYMBOL_GPL(public_key_signature_free);
+/*
- Verify a signature using a public key.
Please, supply a function description according to https://www.kernel.org/doc/html/latest/doc-guide/kernel-doc.html#function-do...
Best regards
Heinrich
- */
+int public_key_verify_signature(const struct public_key *pkey,
const struct public_key_signature *sig)+{
- struct image_sign_info info;
- struct image_region region;
- int ret;
- pr_devel("==>%s()\n", __func__);
- if (!pkey || !sig)
return -EINVAL;- if (pkey->key_is_private)
return -EINVAL;- memset(&info, '\0', sizeof(info));
- info.padding = image_get_padding_algo("pkcs-1.5");
- /*
* Note: image_get_[checksum|crypto]_algo takes an string* argument like "<checksum>,<crypto>"* TODO: support other hash algorithms*/- if (!strcmp(sig->hash_algo, "sha1")) {
info.checksum = image_get_checksum_algo("sha1,rsa2048");info.name = "sha1,rsa2048";- } else if (!strcmp(sig->hash_algo, "sha256")) {
info.checksum = image_get_checksum_algo("sha256,rsa2048");info.name = "sha256,rsa2048";- } else {
pr_warn("unknown msg digest algo: %s\n", sig->hash_algo);return -ENOPKG;- }
- info.crypto = image_get_crypto_algo(info.name);
- info.key = pkey->key;
- info.keylen = pkey->keylen;
- region.data = sig->digest;
- region.size = sig->digest_size;
- if (rsa_verify_with_pkey(&info, sig->digest, sig->s, sig->s_size))
ret = -EKEYREJECTED;- else
ret = 0;- pr_devel("<==%s() = %d\n", __func__, ret);
- return ret;
+} #else /*
- Destroy a public key algorithm key.