commit 83dd98e012b55b494ac2bf1f9a5d66f684bfbbe8
author Andrew Duda <aduda@meraki.com> Tue Nov 08 18:53:41 2016 +0000
committer Tom Rini <trini@konsulko.com> Mon Nov 21 14:07:31 2016 -0500
tree 8c4e069f185d6ca6d5afaba1945b7a3ab954a6cc
parent 0c1d74fda7c0063eeca4d8d9fa8674e6ec2ef685

image: Combine image_sig_algo with image_sign_info

Remove the need to explicitly add SHA/RSA pairings. Invalid SHA/RSA
pairings will still fail on verify operations when the hash length is
longer than the key length.

Follow the same naming scheme "checksum,crytpo" without explicitly
defining the string.

Indirectly adds support for "sha1,rsa4096" signing/verification.

Signed-off-by: Andrew Duda <aduda@meraki.com>
Signed-off-by: aduda <aduda@meraki.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

tools/image-host.c

diff --git a/tools/image-host.c b/tools/image-host.c
index dac85b4..c1a0122 100644
--- a/tools/image-host.c
+++ b/tools/image-host.c
@@ -166,9 +166,11 @@
 	info->keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
 	info->fit = fit;
 	info->node_offset = noffset;
-	info->algo = image_get_sig_algo(algo_name);
+	info->name = algo_name;
+	info->checksum = image_get_checksum_algo(algo_name);
+	info->crypto = image_get_crypto_algo(algo_name);
 	info->require_keys = require_keys;
-	if (!info->algo) {
+	if (!info->checksum || !info->crypto) {
 		printf("Unsupported signature algorithm (%s) for '%s' signature node in '%s' image node\n",
 		       algo_name, node_name, image_name);
 		return -1;
@@ -213,7 +215,7 @@
 	node_name = fit_get_name(fit, noffset, NULL);
 	region.data = data;
 	region.size = size;
-	ret = info.algo->crypto->sign(&info, &region, 1, &value, &value_len);
+	ret = info.crypto->sign(&info, &region, 1, &value, &value_len);
 	if (ret) {
 		printf("Failed to sign '%s' signature node in '%s' image node: %d\n",
 		       node_name, image_name, ret);
@@ -239,7 +241,7 @@
 	info.keyname = fdt_getprop(fit, noffset, "key-name-hint", NULL);
 
 	if (keydest)
-		ret = info.algo->crypto->add_verify_data(&info, keydest);
+		ret = info.crypto->add_verify_data(&info, keydest);
 	else
 		return -1;
 
@@ -588,8 +590,8 @@
 				require_keys ? "conf" : NULL))
 		return -1;
 
-	ret = info.algo->crypto->sign(&info, region, region_count, &value,
-				      &value_len);
+	ret = info.crypto->sign(&info, region, region_count, &value,
+				&value_len);
 	free(region);
 	if (ret) {
 		printf("Failed to sign '%s' signature node in '%s' conf node\n",
@@ -618,7 +620,7 @@
 
 	/* Write the public key into the supplied FDT file */
 	if (keydest) {
-		ret = info.algo->crypto->add_verify_data(&info, keydest);
+		ret = info.crypto->add_verify_data(&info, keydest);
 		if (ret == -ENOSPC)
 			return -ENOSPC;
 		if (ret) {