From patchwork Mon Mar 18 23:51:35 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Glass X-Patchwork-Id: 228852 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from theia.denx.de (theia.denx.de [85.214.87.163]) by ozlabs.org (Postfix) with ESMTP id DE44A2C0097 for ; Tue, 19 Mar 2013 10:57:30 +1100 (EST) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 790364A036; Tue, 19 Mar 2013 00:56:13 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at theia.denx.de Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zmC-TmUzr4yN; Tue, 19 Mar 2013 00:56:13 +0100 (CET) Received: from theia.denx.de (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 6384D4A09C; Tue, 19 Mar 2013 00:54:08 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by theia.denx.de (Postfix) with ESMTP id 071ED4A03C for ; Tue, 19 Mar 2013 00:53:34 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at theia.denx.de Received: from theia.denx.de ([127.0.0.1]) by localhost (theia.denx.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z85jTRYeVVHw for ; Tue, 19 Mar 2013 00:53:33 +0100 (CET) X-policyd-weight: NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_SPAMCOP=-1.5 NOT_IN_BL_NJABL=-1.5 (only DNSBL check requested) Received: from mail-qe0-f73.google.com (mail-qe0-f73.google.com [209.85.128.73]) by theia.denx.de (Postfix) with ESMTPS id 36F364A04C for ; Tue, 19 Mar 2013 00:53:21 +0100 (CET) Received: by mail-qe0-f73.google.com with SMTP id a11so640795qen.4 for ; Mon, 18 Mar 2013 16:53:19 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:to:cc:subject:date:message-id:x-mailer:in-reply-to :references:x-gm-message-state; bh=96lzKODzUhpqXu4wCy8bOfUTNyERHxapqsg7eqjy2jg=; b=dXBDCl403zmR6b3e13plj6ZeVOpm0PpTTq3bXDkt5IeEJYheRyoTwfU4OUEGh9GpOj 7yO0rVEUL6yggBw2Oy4oJhHFVgWeHdfOMMVlAkz0MmcVSmXM1H7c3eGRfMX3yadeeDYq tCOSdtB3+rmxNv0+59cUEG2NraW26rbXVGrDP+MqM/s3q+iINculDJ1UP5C73hb76ZbE D/7fwOd4+ND7qY+GztGuAL72TgUdocc7XIoHvWj9BhM4RZ/qhTIbOGeXy6df5/lLYiv7 ualaHj8U0kao+B9B5Z0xnbBuKdgXUOI4Wlsvh4RbhPmqoSaOpRPTzO2WUJGEUswdQbeh 0QVA== X-Received: by 10.58.74.170 with SMTP id u10mr15391977vev.2.1363650799665; Mon, 18 Mar 2013 16:53:19 -0700 (PDT) Received: from corp2gmr1-1.hot.corp.google.com (corp2gmr1-1.hot.corp.google.com [172.24.189.92]) by gmr-mx.google.com with ESMTPS id b67si2189791yhi.2.2013.03.18.16.53.19 (version=TLSv1.1 cipher=AES128-SHA bits=128/128); Mon, 18 Mar 2013 16:53:19 -0700 (PDT) Received: from kaka.mtv.corp.google.com (kaka.mtv.corp.google.com [172.22.73.79]) by corp2gmr1-1.hot.corp.google.com (Postfix) with ESMTP id 6B9B731C00F; Mon, 18 Mar 2013 16:53:19 -0700 (PDT) Received: by kaka.mtv.corp.google.com (Postfix, from userid 121222) id 4A92D160341; Mon, 18 Mar 2013 16:53:19 -0700 (PDT) From: Simon Glass To: U-Boot Mailing List Date: Mon, 18 Mar 2013 16:51:35 -0700 Message-Id: <1363650725-30459-16-git-send-email-sjg@chromium.org> X-Mailer: git-send-email 1.8.1.3 In-Reply-To: <1363650725-30459-1-git-send-email-sjg@chromium.org> References: <1363650725-30459-1-git-send-email-sjg@chromium.org> X-Gm-Message-State: ALoCoQkHERkkusR8q6uW1eGjBfSYl6HjHVHtBDcvGI1prNOPH8jYgm5eHbnPP0WDMfMEXfsGLlP9G+2FcMRjRj+DWxVuSN46WhuV0fXQPEb0Oa2S3QaI4xpsdBE7N8WRGcpn2u4YPuWRrWzXLOvIyjhE/RTAzYQx8m7/E8bRExWUcdic7fPd3xMFJwHD95ioTW++5iv2yS1S Cc: Joel A Fernandes , Will Drewry , Joe Hershberger , u-boot-review@google.com, Bill Richardson , Randall Spangler , Tom Rini , Vadim Bendebury , =?UTF-8?q?Andreas=20B=C3=A4ck?= , Kees Cook Subject: [U-Boot] [PATCH v2 15/45] image: Rename fit_add_hashes() to fit_add_verification_data() X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.11 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: u-boot-bounces@lists.denx.de Errors-To: u-boot-bounces@lists.denx.de We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass Reviewed-by: Marek Vasut --- Changes in v2: - Rebase on previous patches include/image.h | 10 +++- tools/fit_image.c | 2 +- tools/image-host.c | 146 +++++++++++++++++++++++++---------------------------- 3 files changed, 79 insertions(+), 79 deletions(-) diff --git a/include/image.h b/include/image.h index c5e8844..4901ce7 100644 --- a/include/image.h +++ b/include/image.h @@ -613,8 +613,14 @@ int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value, int *value_len); int fit_set_timestamp(void *fit, int noffset, time_t timestamp); -int fit_set_hashes(void *fit); -int fit_image_set_hashes(void *fit, int image_noffset); + +/** + * fit_add_verification_data() - Calculate and add hashes to FIT + * + * @fit: Fit image to process + * @return 0 if ok, <0 for error + */ +int fit_add_verification_data(void *fit); int fit_image_verify(const void *fit, int noffset); int fit_all_image_verify(const void *fit); diff --git a/tools/fit_image.c b/tools/fit_image.c index 76bbba1..8f51159 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -125,7 +125,7 @@ static int fit_handle_file (struct mkimage_params *params) } /* set hashes for images in the blob */ - if (fit_set_hashes (ptr)) { + if (fit_add_verification_data(ptr)) { fprintf (stderr, "%s Can't add hashes to FIT blob", params->cmdname); unlink (tmpfile); diff --git a/tools/image-host.c b/tools/image-host.c index a6b4f6b..3ba05de 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -34,51 +34,6 @@ #include /** - * fit_set_hashes - process FIT component image nodes and calculate hashes - * @fit: pointer to the FIT format image header - * - * fit_set_hashes() adds hash values for all component images in the FIT blob. - * Hashes are calculated for all component images which have hash subnodes - * with algorithm property set to one of the supported hash algorithms. - * - * returns - * 0, on success - * libfdt error code, on failure - */ -int fit_set_hashes(void *fit) -{ - int images_noffset; - int noffset; - int ndepth; - int ret; - - /* Find images parent node offset */ - images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); - if (images_noffset < 0) { - printf("Can't find images parent node '%s' (%s)\n", - FIT_IMAGES_PATH, fdt_strerror(images_noffset)); - return images_noffset; - } - - /* Process its subnodes, print out component images details */ - for (ndepth = 0, noffset = fdt_next_node(fit, images_noffset, &ndepth); - (noffset >= 0) && (ndepth > 0); - noffset = fdt_next_node(fit, noffset, &ndepth)) { - if (ndepth == 1) { - /* - * Direct child node of the images parent node, - * i.e. component image node. - */ - ret = fit_image_set_hashes(fit, noffset); - if (ret) - return ret; - } - } - - return 0; -} - -/** * fit_set_hash_value - set hash value in requested has node * @fit: pointer to the FIT format image header * @noffset: hash node offset @@ -125,33 +80,27 @@ static int fit_image_process_hash(void *fit, const char *image_name, int noffset, const void *data, size_t size) { uint8_t value[FIT_MAX_HASH_LEN]; + const char *node_name; int value_len; char *algo; - /* - * Check subnode name, must be equal to "hash". - * Multiple hash nodes require unique unit node - * names, e.g. hash@1, hash@2, etc. - */ - if (strncmp(fit_get_name(fit, noffset, NULL), - FIT_HASH_NODENAME, strlen(FIT_HASH_NODENAME)) != 0) - return 0; + node_name = fit_get_name(fit, noffset, NULL); if (fit_image_hash_get_algo(fit, noffset, &algo)) { printf("Can't get hash algo property for '%s' hash node in '%s' image node\n", - fit_get_name(fit, noffset, NULL), image_name); + node_name, image_name); return -1; } if (calculate_hash(data, size, algo, value, &value_len)) { printf("Unsupported hash algorithm (%s) for '%s' hash node in '%s' image node\n", - algo, fit_get_name(fit, noffset, NULL), image_name); + algo, node_name, image_name); return -1; } if (fit_set_hash_value(fit, noffset, value, value_len)) { printf("Can't set hash value for '%s' hash node in '%s' image node\n", - fit_get_name(fit, noffset, NULL), image_name); + node_name, image_name); return -1; } @@ -159,14 +108,13 @@ static int fit_image_process_hash(void *fit, const char *image_name, } /** - * fit_image_set_hashes - calculate/set hashes for given component image node - * @fit: pointer to the FIT format image header - * @image_noffset: requested component image node + * fit_image_add_verification_data() - calculate/set hash data for image node * - * fit_image_set_hashes() adds hash values for an component image node. All - * existing hash subnodes are checked, if algorithm property is set to one of - * the supported hash algorithms, hash value is computed and corresponding - * hash node property is set, for example: + * This adds hash values for a component image node. + * + * All existing hash subnodes are checked, if algorithm property is set to + * one of the supported hash algorithms, hash value is computed and + * corresponding hash node property is set, for example: * * Input component image node structure: * @@ -183,17 +131,19 @@ static int fit_image_process_hash(void *fit, const char *image_name, * |- algo = "sha1" * |- value = sha1(data) * - * returns: - * 0 on sucess - * <0 on failure + * For signature details, please see doc/uImage.FIT/signature.txt + * + * @fit: Pointer to the FIT format image header + * @image_noffset: Requested component image node + * @return: 0 on success, <0 on failure */ -int fit_image_set_hashes(void *fit, int image_noffset) +int fit_image_add_verification_data(void *fit, int image_noffset) { + const char *image_name; const void *data; size_t size; int noffset; int ndepth; - const char *image_name; /* Get image data and data length */ if (fit_image_get_data(fit, image_noffset, &data, &size)) { @@ -204,15 +154,59 @@ int fit_image_set_hashes(void *fit, int image_noffset) image_name = fit_get_name(fit, image_noffset, NULL); /* Process all hash subnodes of the component image node */ - for (ndepth = 0, noffset = fdt_next_node(fit, image_noffset, &ndepth); - (noffset >= 0) && (ndepth > 0); - noffset = fdt_next_node(fit, noffset, &ndepth)) { - if (ndepth == 1) { - /* Direct child node of the component image node */ - if (fit_image_process_hash(fit, image_name, noffset, - data, size)) - return -1; + for (ndepth = 0, + noffset = fdt_next_subnode(fit, image_noffset, &ndepth); + noffset >= 0; + noffset = fdt_next_subnode(fit, noffset, &ndepth)) { + const char *node_name; + int ret = 0; + + /* + * Check subnode name, must be equal to "hash" or "signature". + * Multiple hash nodes require unique unit node + * names, e.g. hash@1, hash@2, signature@1, etc. + */ + node_name = fit_get_name(fit, noffset, NULL); + if (!strncmp(node_name, FIT_HASH_NODENAME, + strlen(FIT_HASH_NODENAME))) { + ret = fit_image_process_hash(fit, image_name, noffset, + data, size); } + if (ret) + return -1; + } + + return 0; +} + +int fit_add_verification_data(void *fit) +{ + int images_noffset; + int noffset; + int ndepth; + int ret; + + /* Find images parent node offset */ + images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); + if (images_noffset < 0) { + printf("Can't find images parent node '%s' (%s)\n", + FIT_IMAGES_PATH, fdt_strerror(images_noffset)); + return images_noffset; + } + + /* Process its subnodes, print out component images details */ + for (ndepth = 0, + noffset = fdt_next_subnode(fit, images_noffset, + &ndepth); + noffset >= 0; + noffset = fdt_next_subnode(fit, noffset, &ndepth)) { + /* + * Direct child node of the images parent node, + * i.e. component image node. + */ + ret = fit_image_add_verification_data(fit, noffset); + if (ret) + return ret; } return 0;