From patchwork Sat Jan 5 01:51:44 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 209609 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id 8646C2C0085 for ; Sat, 5 Jan 2013 12:59:14 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id EA5504A044; Sat, 5 Jan 2013 02:58:51 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at theia.denx.de Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4vnLzyPei5a6; Sat, 5 Jan 2013 02:58:51 +0100 (CET) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 04C024A051; Sat, 5 Jan 2013 02:57:05 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 026044A046 for ; Sat, 5 Jan 2013 02:56:50 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at theia.denx.de Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FHs9FcHfkKfW for ; Sat, 5 Jan 2013 02:56:47 +0100 (CET) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from mail-we0-f202.google.com (mail-we0-f202.google.com [74.125.82.202]) by theia.denx.de (Postfix) with ESMTPS id 2DEBD4A047 for ; Sat, 5 Jan 2013 02:56:38 +0100 (CET) Received: by mail-we0-f202.google.com with SMTP id t57so1064706wey.5 for ; Fri, 04 Jan 2013 17:56:38 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references:x-gm-message-state; bh=2g7mpBh3w6ygz3NClNldFnEvy/xjD4rpk4Yi2IKTDKE=; b=gIVdfMCYePMJtX92Dt8PyxNbMA2bRhonVw5S3dul1Z8E+o6M+jI2lLeY7wjiWsiJgG iuHX9EnlcOSDyaM/7u7kcfAxfJGDK/vjy8ei9I/DYtqjRIvANvF/CKVaWbeHb0bUP0r/ qD5daJx6kbSLsoalf5Ws+24dlrkypBTvRGGO1R9aKZiOeEfs8dG+Whzn61N2lzjF1rHF Eyg3Qe2csDyr5kXuEymj1kGg53+ot8A/10PJzHXkmaLp0H+p8/PiZODxn7dPaB9nIhiH BhDAZfBD0DZN7QVTnCAbJ6kiayAAvoVChBU3PLn6y6QxZzYZNEQr1ivZ4DLDBvSuddPL 5zsw== X-Received: by 10.14.180.2 with SMTP id i2mr69187011eem.1.1357350998131; Fri, 04 Jan 2013 17:56:38 -0800 (PST) Received: from hpza10.eem.corp.google.com ([74.125.121.33]) by gmr-mx.google.com with ESMTPS id z44si19167152een.0.2013.01.04.17.56.38 (version=TLSv1/SSLv3 cipher=AES128-SHA); Fri, 04 Jan 2013 17:56:38 -0800 (PST) Received: from kaka.mtv.corp.google.com (kaka.mtv.corp.google.com [172.22.73.79]) by hpza10.eem.corp.google.com (Postfix) with ESMTP id 7776E200057; Fri, 4 Jan 2013 17:56:37 -0800 (PST) Received: by kaka.mtv.corp.google.com (Postfix, from userid 121222) id C9AFC161197; Fri, 4 Jan 2013 17:56:36 -0800 (PST) From: Simon Glass To: U-Boot Mailing List Date: Fri, 4 Jan 2013 17:51:44 -0800 Message-Id: <1357350734-13737-16-git-send-email-sjg@chromium.org> X-Mailer: git-send-email 1.7.7.3 In-Reply-To: <1357350734-13737-1-git-send-email-sjg@chromium.org> References: <1357350734-13737-1-git-send-email-sjg@chromium.org> X-Gm-Message-State: ALoCoQnpZLC2z8mYYsJUuPa77bsIyI2rk++00Y+eB0EDd3NF1ippIwTOrNPQrJ57trbukgbXL+9kHLd3lXiSJbbYHBXjUOHFQjgpnzT9TCvNPW8oCtjFLt2CUk4wTmZVAC8qR+dUM1ZntnN0ctHKh75kmEmscxcbghzAdiMrXR0wd4lRP7j3rzYtt5uwxVltqgpwJCjiSVkz Cc: Joel A Fernandes , Joe Hershberger , Tom Rini , Vadim Bendebury , =?UTF-8?q?Andreas=20B=C3=A4ck?= Subject: [U-Boot] [RFC PATCH 15/44] image: Rename fit_add_hashes() to fit_add_verification_data() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.11 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: u-boot-bounces@lists.denx.de Errors-To: u-boot-bounces@lists.denx.de We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass --- include/image.h | 10 +++- tools/fit_image.c | 2 +- tools/image-host.c | 147 +++++++++++++++++++++++++--------------------------- 3 files changed, 79 insertions(+), 80 deletions(-) diff --git a/include/image.h b/include/image.h index d933bad..ca612f3 100644 --- a/include/image.h +++ b/include/image.h @@ -609,8 +609,14 @@ int fit_image_hash_get_ignore(const void *fit, int noffset, int *ignore); #endif int fit_set_timestamp(void *fit, int noffset, time_t timestamp); -int fit_set_hashes(void *fit); -int fit_image_set_hashes(void *fit, int image_noffset); + +/** + * fit_add_verification_data() - Calculate and add hashes to FIT + * + * @fit: Fit image to process + * @return 0 if ok, <0 for error + */ +int fit_add_verification_data(void *fit); int fit_image_verify(const void *fit, int noffset); int fit_all_image_verify(const void *fit); diff --git a/tools/fit_image.c b/tools/fit_image.c index 76bbba1..8f51159 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -125,7 +125,7 @@ static int fit_handle_file (struct mkimage_params *params) } /* set hashes for images in the blob */ - if (fit_set_hashes (ptr)) { + if (fit_add_verification_data(ptr)) { fprintf (stderr, "%s Can't add hashes to FIT blob", params->cmdname); unlink (tmpfile); diff --git a/tools/image-host.c b/tools/image-host.c index d127fc1..4c589af 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -34,51 +34,6 @@ #include /** - * fit_set_hashes - process FIT component image nodes and calculate hashes - * @fit: pointer to the FIT format image header - * - * fit_set_hashes() adds hash values for all component images in the FIT blob. - * Hashes are calculated for all component images which have hash subnodes - * with algorithm property set to one of the supported hash algorithms. - * - * returns - * 0, on success - * libfdt error code, on failure - */ -int fit_set_hashes(void *fit) -{ - int images_noffset; - int noffset; - int ndepth; - int ret; - - /* Find images parent node offset */ - images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); - if (images_noffset < 0) { - printf("Can't find images parent node '%s' (%s)\n", - FIT_IMAGES_PATH, fdt_strerror(images_noffset)); - return images_noffset; - } - - /* Process its subnodes, print out component images details */ - for (ndepth = 0, noffset = fdt_next_node(fit, images_noffset, &ndepth); - (noffset >= 0) && (ndepth > 0); - noffset = fdt_next_node(fit, noffset, &ndepth)) { - if (ndepth == 1) { - /* - * Direct child node of the images parent node, - * i.e. component image node. - */ - ret = fit_image_set_hashes(fit, noffset); - if (ret) - return ret; - } - } - - return 0; -} - -/** * fit_set_hash_value - set hash value in requested has node * @fit: pointer to the FIT format image header * @noffset: hash node offset @@ -125,23 +80,16 @@ static int fit_image_process_hash(void *fit, const char *image_name, int noffset, const void *data, size_t size) { uint8_t value[FIT_MAX_HASH_LEN]; + const char *node_name; int value_len; char *algo; - /* - * Check subnode name, must be equal to "hash". - * Multiple hash nodes require unique unit node - * names, e.g. hash@1, hash@2, etc. - */ - if (strncmp(fit_get_name(fit, noffset, NULL), - FIT_HASH_NODENAME, - strlen(FIT_HASH_NODENAME)) != 0) - return 0; + node_name = fit_get_name(fit, noffset, NULL); if (fit_image_hash_get_algo(fit, noffset, &algo)) { printf("Can't get hash algo property for " "'%s' hash node in '%s' image node\n", - fit_get_name(fit, noffset, NULL), image_name); + node_name, image_name); return -1; } @@ -149,7 +97,7 @@ static int fit_image_process_hash(void *fit, const char *image_name, &value_len)) { printf("Unsupported hash algorithm (%s) for " "'%s' hash node in '%s' image node\n", - algo, fit_get_name(fit, noffset, NULL), image_name); + algo, node_name, image_name); return -1; } @@ -157,7 +105,7 @@ static int fit_image_process_hash(void *fit, const char *image_name, value_len)) { printf("Can't set hash value for " "'%s' hash node in '%s' image node\n", - fit_get_name(fit, noffset, NULL), image_name); + node_name, image_name); return -1; } @@ -165,14 +113,13 @@ static int fit_image_process_hash(void *fit, const char *image_name, } /** - * fit_image_set_hashes - calculate/set hashes for given component image node - * @fit: pointer to the FIT format image header - * @image_noffset: requested component image node + * fit_image_add_verification_data() - calculate/set hash data for image node * - * fit_image_set_hashes() adds hash values for an component image node. All - * existing hash subnodes are checked, if algorithm property is set to one of - * the supported hash algorithms, hash value is computed and corresponding - * hash node property is set, for example: + * This adds hash values for a component image node. + * + * All existing hash subnodes are checked, if algorithm property is set to + * one of the supported hash algorithms, hash value is computed and + * corresponding hash node property is set, for example: * * Input component image node structure: * @@ -189,17 +136,19 @@ static int fit_image_process_hash(void *fit, const char *image_name, * |- algo = "sha1" * |- value = sha1(data) * - * returns: - * 0 on sucess - * <0 on failure + * For signature details, please see doc/uImage.FIT/signature.txt + * + * @fit: Pointer to the FIT format image header + * @image_noffset: Requested component image node + * @return: 0 on success, <0 on failure */ -int fit_image_set_hashes(void *fit, int image_noffset) +int fit_image_add_verification_data(void *fit, int image_noffset) { + const char *image_name; const void *data; size_t size; int noffset; int ndepth; - const char *image_name; /* Get image data and data length */ if (fit_image_get_data(fit, image_noffset, &data, &size)) { @@ -210,15 +159,59 @@ int fit_image_set_hashes(void *fit, int image_noffset) image_name = fit_get_name(fit, image_noffset, NULL); /* Process all hash subnodes of the component image node */ - for (ndepth = 0, noffset = fdt_next_node(fit, image_noffset, &ndepth); - (noffset >= 0) && (ndepth > 0); - noffset = fdt_next_node(fit, noffset, &ndepth)) { - if (ndepth == 1) { - /* Direct child node of the component image node */ - if (fit_image_process_hash(fit, image_name, noffset, - data, size)) - return -1; + for (ndepth = 0, + noffset = fdt_next_subnode(fit, image_noffset, &ndepth); + noffset >= 0; + noffset = fdt_next_subnode(fit, noffset, &ndepth)) { + const char *node_name; + int ret = 0; + + /* + * Check subnode name, must be equal to "hash" or "signature". + * Multiple hash nodes require unique unit node + * names, e.g. hash@1, hash@2, signature@1, etc. + */ + node_name = fit_get_name(fit, noffset, NULL); + if (!strncmp(node_name, FIT_HASH_NODENAME, + strlen(FIT_HASH_NODENAME))) { + ret = fit_image_process_hash(fit, image_name, noffset, + data, size); } + if (ret) + return -1; + } + + return 0; +} + +int fit_add_verification_data(void *fit) +{ + int images_noffset; + int noffset; + int ndepth; + int ret; + + /* Find images parent node offset */ + images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); + if (images_noffset < 0) { + printf("Can't find images parent node '%s' (%s)\n", + FIT_IMAGES_PATH, fdt_strerror(images_noffset)); + return images_noffset; + } + + /* Process its subnodes, print out component images details */ + for (ndepth = 0, + noffset = fdt_next_subnode(fit, images_noffset, + &ndepth); + noffset >= 0; + noffset = fdt_next_subnode(fit, noffset, &ndepth)) { + /* + * Direct child node of the images parent node, + * i.e. component image node. + */ + ret = fit_image_add_verification_data(fit, noffset); + if (ret) + return ret; } return 0;