[U-Boot] [RFC 6/9] lib: crypto: add public_key_verify_signature()

[AKASHI Takahiro]

Signed-off-by: AKASHI Takahiro <takahiro.akashi at linaro.org>
---
 include/crypto/public_key.h   |  2 +-
 lib/crypto/Makefile           |  2 +-
 lib/crypto/public_key_local.c | 69 +++++++++++++++++++++++++++++++++++
 3 files changed, 71 insertions(+), 2 deletions(-)
 create mode 100644 lib/crypto/public_key_local.c

diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
index 91b1f2615294..f361d756119d 100644
--- a/include/crypto/public_key.h
+++ b/include/crypto/public_key.h
@@ -81,9 +81,9 @@ extern int decrypt_blob(struct kernel_pkey_params *, const void *, void *);
 extern int create_signature(struct kernel_pkey_params *, const void *, void *);
 extern int verify_signature(const struct key *,
 			    const struct public_key_signature *);
+#endif /* !__UBOOT__ */
 
 int public_key_verify_signature(const struct public_key *pkey,
 				const struct public_key_signature *sig);
-#endif /* !__UBOOT__ */
 
 #endif /* _LINUX_PUBLIC_KEY_H */
diff --git a/lib/crypto/Makefile b/lib/crypto/Makefile
index a284de9e0411..870d2a90b181 100644
--- a/lib/crypto/Makefile
+++ b/lib/crypto/Makefile
@@ -7,4 +7,4 @@ obj-$(CONFIG_ASYMMETRIC_KEY_TYPE) += asymmetric_keys.o
 
 asymmetric_keys-y := asymmetric_type.o
 
-obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o
+obj-$(CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE) += public_key.o public_key_local.o
diff --git a/lib/crypto/public_key_local.c b/lib/crypto/public_key_local.c
new file mode 100644
index 000000000000..19721f319dbd
--- /dev/null
+++ b/lib/crypto/public_key_local.c
@@ -0,0 +1,69 @@
+// SPDX-License-Identifier: GPL-2.0+
+/*
+ *  Public key utilities
+ *
+ * Copyright (c) 2019 AKASHI Takahiro, Linaro Limited
+ */
+
+#include <common.h>
+#include <crypto/public_key.h>
+#include <u-boot/rsa.h>
+#include <u-boot/sha256.h>
+
+/*
+ * U-Boot version of kernel's public_key_verify_signature() --
+ *   Verify a signature using a public key
+ */
+int public_key_verify_signature(const struct public_key *pkey,
+				const struct public_key_signature *sig)
+{
+/*
+ * FIXME
+ * Currently, x509_check_for_self_signed() failed
+ * due to sig->digest == NULL
+ */
+#ifndef __UBOOT__
+	struct image_sign_info info;
+	struct image_region reg;
+	int ret;
+
+	memset(&info, '\0', sizeof(info));
+	/*
+	 * FIXME: Algo names here are hard-coded
+	 */
+	if (!strcmp(sig->encoding, "pkcs1"))
+		info.padding = image_get_padding_algo("pkcs-1.5");
+	else
+		return -ENOPKG;
+
+	/*
+	 * Note: image_get_[checksum|crypto]_algo takes an string
+	 * argument like "<checksum>,<crypto>"
+	 */
+	if (!strcmp(sig->hash_algo, "sha256"))
+		info.checksum = image_get_checksum_algo("sha256,");
+	else
+		return -ENOPKG;
+
+	if (!strcmp(sig->pkey_algo, "rsa")) {
+		info.name = "sha256,rsa2048";
+		info.crypto = image_get_crypto_algo(info.name);
+	} else {
+		return -ENOPKG;
+	}
+
+	info.key = pkey->key;
+	info.keylen = pkey->keylen;
+
+	reg.data = sig->s;
+	reg.size = sig->s_size;
+
+	ret = rsa_verify(&info, &reg, 1, sig->digest, sig->digest_size);
+	if (ret) {
+		debug("%s: Verifying a signature failed\n", __func__);
+		return -EKEYREJECTED;
+	}
+#endif /* __UBOOT__ */
+
+	return 0;
+}
-- 
2.21.0