[PATCH] mkimage: ecdsa: add nodes to signature/key node

From: Matthias Pritschet matthias.pritschet@itk-engineering.de
Add the "required", "algo", and "key-name-hint" nodes to the signature/key node if ecdsa256 is used.
This change is mainly copy&paste from rsa_add_verify_data which already adds these nodes.
Signed-off-by: Matthias Pritschet matthias.pritschet@itk-engineering.de --- lib/ecdsa/ecdsa-libcrypto.c | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c index db0a828a29..4513703d08 100644 --- a/lib/ecdsa/ecdsa-libcrypto.c +++ b/lib/ecdsa/ecdsa-libcrypto.c @@ -272,7 +272,8 @@ int ecdsa_verify(struct image_sign_info *info, return ret; }
-static int do_add(struct signer *ctx, void *fdt, const char *key_node_name) +static int do_add(struct signer *ctx, void *fdt, const char *key_node_name, + struct image_sign_info *info) { int signature_node, key_node, ret, key_bits; const char *curve_name; @@ -322,6 +322,11 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name) point = EC_KEY_get0_public_key(ctx->ecdsa_key); EC_POINT_get_affine_coordinates(group, point, x, y, NULL);
+ ret = fdt_setprop_string(fdt, key_node, FIT_KEY_HINT, + info->keyname); + if (ret < 0) + return ret; + ret = fdt_setprop_string(fdt, key_node, "ecdsa,curve", curve_name); if (ret < 0) return ret; @@ -334,6 +339,16 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name) if (ret < 0) return ret;
+ ret = fdt_setprop_string(fdt, key_node, FIT_ALGO_PROP, + info->name); + if (ret < 0) + return ret; + + ret = fdt_setprop_string(fdt, key_node, FIT_KEY_REQUIRED, + info->require_keys); + if (ret < 0) + return ret; + return key_node; }
@@ -346,7 +361,7 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt) fdt_key_name = info->keyname ? info->keyname : "default-key"; ret = prepare_ctx(&ctx, info); if (ret >= 0){ - ret = do_add(&ctx, fdt, fdt_key_name); + ret = do_add(&ctx, fdt, fdt_key_name, info); if (ret < 0) ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO; }

On Thu, 29 Aug 2024 14:44:47 +0200, Matthias Pritschet wrote:
Add the "required", "algo", and "key-name-hint" nodes to the signature/key node if ecdsa256 is used.
This change is mainly copy&paste from rsa_add_verify_data which already adds these nodes.
[...]
Applied to u-boot/master, thanks!
participants (2)
-
Matthias Pritschet
-
Tom Rini