summaryrefslogtreecommitdiff
path: root/lib/ecdsa/ecdsa-libcrypto.c
diff options
context:
space:
mode:
Diffstat (limited to 'lib/ecdsa/ecdsa-libcrypto.c')
-rw-r--r--lib/ecdsa/ecdsa-libcrypto.c56
1 files changed, 47 insertions, 9 deletions
diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 403dfe0b97c..1c5dde60691 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -272,7 +272,8 @@ int ecdsa_verify(struct image_sign_info *info,
return ret;
}
-static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
+static int do_add(struct signer *ctx, void *fdt, const char *key_node_name,
+ struct image_sign_info *info)
{
int signature_node, key_node, ret, key_bits;
const char *curve_name;
@@ -281,16 +282,35 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
BIGNUM *x, *y;
signature_node = fdt_subnode_offset(fdt, 0, FIT_SIG_NODENAME);
- if (signature_node < 0) {
- fprintf(stderr, "Could not find 'signature node: %s\n",
+ if (signature_node == -FDT_ERR_NOTFOUND) {
+ signature_node = fdt_add_subnode(fdt, 0, FIT_SIG_NODENAME);
+ if (signature_node < 0) {
+ if (signature_node != -FDT_ERR_NOSPACE) {
+ fprintf(stderr, "Couldn't create signature node: %s\n",
+ fdt_strerror(signature_node));
+ }
+ return signature_node;
+ }
+ } else if (signature_node < 0) {
+ fprintf(stderr, "Cannot select keys signature_node: %s\n",
fdt_strerror(signature_node));
return signature_node;
}
- key_node = fdt_add_subnode(fdt, signature_node, key_node_name);
- if (key_node < 0) {
- fprintf(stderr, "Could not create '%s' node: %s\n",
- key_node_name, fdt_strerror(key_node));
+ /* Either create or overwrite the named key node */
+ key_node = fdt_subnode_offset(fdt, signature_node, key_node_name);
+ if (key_node == -FDT_ERR_NOTFOUND) {
+ key_node = fdt_add_subnode(fdt, signature_node, key_node_name);
+ if (key_node < 0) {
+ if (key_node != -FDT_ERR_NOSPACE) {
+ fprintf(stderr, "Could not create key subnode: %s\n",
+ fdt_strerror(key_node));
+ }
+ return key_node;
+ }
+ } else if (key_node < 0) {
+ fprintf(stderr, "Cannot select keys key_node: %s\n",
+ fdt_strerror(key_node));
return key_node;
}
@@ -303,6 +323,11 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
point = EC_KEY_get0_public_key(ctx->ecdsa_key);
EC_POINT_get_affine_coordinates(group, point, x, y, NULL);
+ ret = fdt_setprop_string(fdt, key_node, FIT_KEY_HINT,
+ info->keyname);
+ if (ret < 0)
+ return ret;
+
ret = fdt_setprop_string(fdt, key_node, "ecdsa,curve", curve_name);
if (ret < 0)
return ret;
@@ -315,6 +340,16 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
if (ret < 0)
return ret;
+ ret = fdt_setprop_string(fdt, key_node, FIT_ALGO_PROP,
+ info->name);
+ if (ret < 0)
+ return ret;
+
+ ret = fdt_setprop_string(fdt, key_node, FIT_KEY_REQUIRED,
+ info->require_keys);
+ if (ret < 0)
+ return ret;
+
return key_node;
}
@@ -326,8 +361,11 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt)
fdt_key_name = info->keyname ? info->keyname : "default-key";
ret = prepare_ctx(&ctx, info);
- if (ret >= 0)
- ret = do_add(&ctx, fdt, fdt_key_name);
+ if (ret >= 0) {
+ ret = do_add(&ctx, fdt, fdt_key_name, info);
+ if (ret < 0)
+ ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
+ }
free_ctx(&ctx);
return ret;
generated by cgit v1.2.3 (git 2.0.4) at 2025-10-07 11:17:55 +0000