Message ID | 20210219184520.616270-11-mr.nuke.me@gmail.com |
---|---|
State | Accepted |
Commit | eb22759e2be9c45b0f39ee7ab028e6e4144ce629 |
Delegated to: | Tom Rini |
Headers | show |
Series | Add support for ECDSA image signing | expand |
On Fri, Feb 19, 2021 at 12:45:19PM -0600, Alexandru Gagniuc wrote: > Keys can be derived from keydir, and the "key-name-hint" property of > the FIT. They can also be specified ad-literam via 'keyfile'. Update > the ECDSA signing path to use the appropriate one. > > Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> > Reviewed-by: Simon Glass <sjg@chromium.org> Applied to u-boot/master, thanks!
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c index 322880963f..1757a14562 100644 --- a/lib/ecdsa/ecdsa-libcrypto.c +++ b/lib/ecdsa/ecdsa-libcrypto.c @@ -140,8 +140,20 @@ static int read_key(struct signer *ctx, const char *key_name) /* Prepare a 'signer' context that's ready to sign and verify. */ static int prepare_ctx(struct signer *ctx, const struct image_sign_info *info) { - const char *kname = info->keydir; int key_len_bytes, ret; + char kname[1024]; + + memset(ctx, 0, sizeof(*ctx)); + + if (info->keyfile) { + snprintf(kname, sizeof(kname), "%s", info->keyfile); + } else if (info->keydir && info->keyname) { + snprintf(kname, sizeof(kname), "%s/%s.pem", info->keydir, + info->keyname); + } else { + fprintf(stderr, "keyfile, keyname, or key-name-hint missing\n"); + return -EINVAL; + } ret = alloc_ctx(ctx, info); if (ret)