@@ -81,9 +81,9 @@ extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
extern int create_signature(struct kernel_pkey_params *, const void *, void *);
extern int verify_signature(const struct key *,
const struct public_key_signature *);
+#endif /* !__UBOOT__ */
int public_key_verify_signature(const struct public_key *pkey,
const struct public_key_signature *sig);
-#endif /* !__UBOOT__ */
#endif /* _LINUX_PUBLIC_KEY_H */
@@ -7,4 +7,4 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
asymmetric_keys-y := asymmetric_type.o
-obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
+obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o public_key_local.o
new file mode 100644
@@ -0,0 +1,69 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ * Public key utilities
+ *
+ * Copyright (c) 2019 AKASHI Takahiro, Linaro Limited
+ */
+
+#include <common.h>
+#include <crypto/public_key.h>
+#include <u-boot/rsa.h>
+#include <u-boot/sha256.h>
+
+/*
+ * U-Boot version of kernel's public_key_verify_signature() --
+ * Verify a signature using a public key
+ */
+int public_key_verify_signature(const struct public_key *pkey,
+ const struct public_key_signature *sig)
+{
+/*
+ * FIXME
+ * Currently, x509_check_for_self_signed() failed
+ * due to sig->digest == NULL
+ */
+#ifndef __UBOOT__
+ struct image_sign_info info;
+ struct image_region reg;
+ int ret;
+
+ memset(&info, '\0', sizeof(info));
+ /*
+ * FIXME: Algo names here are hard-coded
+ */
+ if (!strcmp(sig->encoding, "pkcs1"))
+ info.padding = image_get_padding_algo("pkcs-1.5");
+ else
+ return -ENOPKG;
+
+ /*
+ * Note: image_get_[checksum|crypto]_algo takes an string
+ * argument like "<checksum>,<crypto>"
+ */
+ if (!strcmp(sig->hash_algo, "sha256"))
+ info.checksum = image_get_checksum_algo("sha256,");
+ else
+ return -ENOPKG;
+
+ if (!strcmp(sig->pkey_algo, "rsa")) {
+ info.name = "sha256,rsa2048";
+ info.crypto = image_get_crypto_algo(info.name);
+ } else {
+ return -ENOPKG;
+ }
+
+ info.key = pkey->key;
+ info.keylen = pkey->keylen;
+
+ reg.data = sig->s;
+ reg.size = sig->s_size;
+
+ ret = rsa_verify(&info, ®, 1, sig->digest, sig->digest_size);
+ if (ret) {
+ debug("%s: Verifying a signature failed\n", __func__);
+ return -EKEYREJECTED;
+ }
+#endif /* __UBOOT__ */
+
+ return 0;
+}
Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> --- include/crypto/public_key.h | 2 +- lib/crypto/Makefile | 2 +- lib/crypto/public_key_local.c | 69 +++++++++++++++++++++++++++++++++++ 3 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 lib/crypto/public_key_local.c