From c89b41b4db4a746647c4f0e6d33c6f4edfe96e38 Mon Sep 17 00:00:00 2001 From: Heiko Stuebner Date: Fri, 22 May 2020 16:20:33 +0200 Subject: lib: rsa: function to verify a signature against a hash rsa_verify() expects a memory region and wants to do the hashing itself, but there may be cases where the hashing is done via other means, like hashing a squashfs rootfs. So add rsa_verify_hash() to allow verifiying a signature against an existing hash. As this entails the same verification routines we can just move the relevant code over from rsa_verify() and also call rsa_verify_hash() from there. Signed-off-by: Heiko Stuebner --- include/u-boot/rsa.h | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'include') diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h index 2d3024d8b71..a0bae495f05 100644 --- a/include/u-boot/rsa.h +++ b/include/u-boot/rsa.h @@ -82,6 +82,20 @@ static inline int rsa_add_verify_data(struct image_sign_info *info, #endif #if IMAGE_ENABLE_VERIFY +/** + * rsa_verify_hash() - Verify a signature against a hash + * + * Verify a RSA PKCS1.5 signature against an expected hash. + * + * @info: Specifies key and FIT information + * @hash: Hash according to algorithm specified in @info + * @sig: Signature + * @sig_len: Number of bytes in signature + * @return 0 if verified, -ve on error + */ +int rsa_verify_hash(struct image_sign_info *info, + const uint8_t *hash, uint8_t *sig, uint sig_len); + /** * rsa_verify() - Verify a signature against some data * @@ -108,6 +122,13 @@ int padding_pss_verify(struct image_sign_info *info, const uint8_t *hash, int hash_len); #endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */ #else +static inline int rsa_verify_hash(struct image_sign_info *info, + const uint8_t *hash, + uint8_t *sig, uint sig_len) +{ + return -ENXIO; +} + static inline int rsa_verify(struct image_sign_info *info, const struct image_region region[], int region_count, uint8_t *sig, uint sig_len) -- cgit v1.3.1