Signed-off-by: AKASHI Takahiro takahiro.akashi@linaro.org --- include/crypto/public_key.h | 2 +- lib/crypto/Makefile | 2 +- lib/crypto/public_key_local.c | 69 +++++++++++++++++++++++++++++++++++ 3 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 lib/crypto/public_key_local.c
diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h index 91b1f2615294..f361d756119d 100644 --- a/include/crypto/public_key.h +++ b/include/crypto/public_key.h @@ -81,9 +81,9 @@ extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *); extern int create_signature(struct kernel_pkey_params *, const void *, void *); extern int verify_signature(const struct key *, const struct public_key_signature *); +#endif /* !__UBOOT__ */
int public_key_verify_signature(const struct public_key *pkey, const struct public_key_signature *sig); -#endif /* !__UBOOT__ */
#endif /* _LINUX_PUBLIC_KEY_H */ diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile index a284de9e0411..870d2a90b181 100644 --- a/lib/crypto/Makefile +++ b/lib/crypto/Makefile @@ -7,4 +7,4 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
asymmetric_keys-y := asymmetric_type.o
-obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o +obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o public_key_local.o diff --git a/lib/crypto/public_key_local.c b/lib/crypto/public_key_local.c new file mode 100644 index 000000000000..19721f319dbd --- /dev/null +++ b/lib/crypto/public_key_local.c @@ -0,0 +1,69 @@ +// SPDX-License-Identifier: GPL-2.0+ +/* + * Public key utilities + * + * Copyright (c) 2019 AKASHI Takahiro, Linaro Limited + */ + +#include <common.h> +#include <crypto/public_key.h> +#include <u-boot/rsa.h> +#include <u-boot/sha256.h> + +/* + * U-Boot version of kernel's public_key_verify_signature() -- + * Verify a signature using a public key + */ +int public_key_verify_signature(const struct public_key *pkey, + const struct public_key_signature *sig) +{ +/* + * FIXME + * Currently, x509_check_for_self_signed() failed + * due to sig->digest == NULL + */ +#ifndef __UBOOT__ + struct image_sign_info info; + struct image_region reg; + int ret; + + memset(&info, '\0', sizeof(info)); + /* + * FIXME: Algo names here are hard-coded + */ + if (!strcmp(sig->encoding, "pkcs1")) + info.padding = image_get_padding_algo("pkcs-1.5"); + else + return -ENOPKG; + + /* + * Note: image_get_[checksum|crypto]_algo takes an string + * argument like "<checksum>,<crypto>" + */ + if (!strcmp(sig->hash_algo, "sha256")) + info.checksum = image_get_checksum_algo("sha256,"); + else + return -ENOPKG; + + if (!strcmp(sig->pkey_algo, "rsa")) { + info.name = "sha256,rsa2048"; + info.crypto = image_get_crypto_algo(info.name); + } else { + return -ENOPKG; + } + + info.key = pkey->key; + info.keylen = pkey->keylen; + + reg.data = sig->s; + reg.size = sig->s_size; + + ret = rsa_verify(&info, ®, 1, sig->digest, sig->digest_size); + if (ret) { + debug("%s: Verifying a signature failed\n", __func__); + return -EKEYREJECTED; + } +#endif /* __UBOOT__ */ + + return 0; +}