On 09.06.20 07:13, AKASHI Takahiro wrote: > This function will be called from x509_check_for_self_signed() and > pkcs7_verify_one(), which will be imported from linux in a later patch. > > While it does exist in linux code and has a similar functionality of > rsa_verify(), it calls further linux-specific interfaces inside. > That could lead to more files being imported from linux. > > So simply re-implement it here instead of re-using the code. > > Signed-off-by: AKASHI Takahiro <takahiro.aka...@linaro.org> > --- > include/crypto/public_key.h | 2 +- > lib/crypto/public_key.c | 56 ++++++++++++++++++++++++++++++++++++- > 2 files changed, 56 insertions(+), 2 deletions(-) > > diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h > index 436a1ee1ee64..3ba90fcc3483 100644 > --- a/include/crypto/public_key.h > +++ b/include/crypto/public_key.h > @@ -82,9 +82,9 @@ extern int decrypt_blob(struct kernel_pkey_params *, const > void *, void *); > extern int create_signature(struct kernel_pkey_params *, const void *, void > *); > extern int verify_signature(const struct key *, > const struct public_key_signature *); > +#endif /* __UBOOT__ */ > > int public_key_verify_signature(const struct public_key *pkey, > const struct public_key_signature *sig); > -#endif /* !__UBOOT__ */ > > #endif /* _LINUX_PUBLIC_KEY_H */ > diff --git a/lib/crypto/public_key.c b/lib/crypto/public_key.c > index e12ebbb3d0c5..232e79d086ae 100644 > --- a/lib/crypto/public_key.c > +++ b/lib/crypto/public_key.c > @@ -25,7 +25,10 @@ > #include <keys/asymmetric-subtype.h> > #endif > #include <crypto/public_key.h> > -#ifndef __UBOOT__ > +#ifdef __UBOOT__ > +#include <image.h> > +#include <u-boot/rsa.h> > +#else > #include <crypto/akcipher.h> > #endif > > @@ -80,6 +83,57 @@ void public_key_signature_free(struct public_key_signature > *sig) > } > EXPORT_SYMBOL_GPL(public_key_signature_free); > > +/* > + * Verify a signature using a public key.
Please, supply a function description according to https://www.kernel.org/doc/html/latest/doc-guide/kernel-doc.html#function-documentation Best regards Heinrich > + */ > +int public_key_verify_signature(const struct public_key *pkey, > + const struct public_key_signature *sig) > +{ > + struct image_sign_info info; > + struct image_region region; > + int ret; > + > + pr_devel("==>%s()\n", __func__); > + > + if (!pkey || !sig) > + return -EINVAL; > + > + if (pkey->key_is_private) > + return -EINVAL; > + > + memset(&info, '\0', sizeof(info)); > + info.padding = image_get_padding_algo("pkcs-1.5"); > + /* > + * Note: image_get_[checksum|crypto]_algo takes an string > + * argument like "<checksum>,<crypto>" > + * TODO: support other hash algorithms > + */ > + if (!strcmp(sig->hash_algo, "sha1")) { > + info.checksum = image_get_checksum_algo("sha1,rsa2048"); > + info.name = "sha1,rsa2048"; > + } else if (!strcmp(sig->hash_algo, "sha256")) { > + info.checksum = image_get_checksum_algo("sha256,rsa2048"); > + info.name = "sha256,rsa2048"; > + } else { > + pr_warn("unknown msg digest algo: %s\n", sig->hash_algo); > + return -ENOPKG; > + } > + info.crypto = image_get_crypto_algo(info.name); > + > + info.key = pkey->key; > + info.keylen = pkey->keylen; > + > + region.data = sig->digest; > + region.size = sig->digest_size; > + > + if (rsa_verify_with_pkey(&info, sig->digest, sig->s, sig->s_size)) > + ret = -EKEYREJECTED; > + else > + ret = 0; > + > + pr_devel("<==%s() = %d\n", __func__, ret); > + return ret; > +} > #else > /* > * Destroy a public key algorithm key. >
