image: Return destination node for add_verify_data() method

It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-11-12 12:28:11 -07:00 · 2021-11-12 12:28:11 -07:00 · c033dc8c0c
commit c033dc8c0c
parent 99f844ba3a
6 changed files with 16 additions and 11 deletions
--- a/include/image.h
+++ b/include/image.h
@ -1243,7 +1243,8 @@ struct crypto_algo {
 	 *
 	 * @info:	Specifies key and FIT information
 	 * @keydest:	Destination FDT blob for public key data
-	 * @return: 0, on success, -ve on error
+	 * @return: node offset within the FDT blob where the data was written,
+	 *	or -ve on error
 	 */
 	int (*add_verify_data)(struct image_sign_info *info, void *keydest);

--- a/include/u-boot/ecdsa.h
+++ b/include/u-boot/ecdsa.h
@ -44,8 +44,9 @@ int ecdsa_sign(struct image_sign_info *info, const struct image_region region[],
 *
 * @info:	Specifies key and FIT information
 * @keydest:	Destination FDT blob for public key data
- * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space,
- * other -ve value on error
+ * @return: node offset within the FDT blob where the data was written on
+ *	success, -ENOSPC if the keydest FDT blob ran out of space, other -ve
+ *	value on other error
 */
 int ecdsa_add_verify_data(struct image_sign_info *info, void *keydest);

--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@ -61,8 +61,9 @@ int rsa_sign(struct image_sign_info *info,
 *
 * @info:	Specifies key and FIT information
 * @keydest:	Destination FDT blob for public key data
- * @return: 0, on success, -ENOSPC if the keydest FDT blob ran out of space,
-		other -ve value on error
+ * @return: node offset within the FDT blob where the data was written on
+ *	success, -ENOSPC if the keydest FDT blob ran out of space, other -ve
+ *	value on other error
 */
 int rsa_add_verify_data(struct image_sign_info *info, void *keydest);

--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@ -301,7 +301,7 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
 	if (ret < 0)
 		return ret;

-	return 0;
+	return key_node;
 }

 int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt)
@ -313,7 +313,7 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt)
 	fdt_key_name = info->keyname ? info->keyname : "default-key";
 	ret = prepare_ctx(&ctx, info);
 	if (ret >= 0)
-		do_add(&ctx, fdt, fdt_key_name);
+		ret = do_add(&ctx, fdt, fdt_key_name);

 	free_ctx(&ctx);
 	return ret;
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@ -703,5 +703,8 @@ err_get_pub_key:
 	if (info->engine_id)
 		rsa_engine_remove(e);

-	return ret;
+	if (ret)
+		return ret;
+
+	return node;
 }
--- a/tools/image-host.c
+++ b/tools/image-host.c
@ -267,7 +267,7 @@ static int fit_image_process_sig(const char *keydir, const char *keyfile,
 	 */
 	if (keydest) {
 		ret = info.crypto->add_verify_data(&info, keydest);
-		if (ret) {
+		if (ret < 0) {
 			printf("Failed to add verification data for '%s' signature node in '%s' image node\n",
 			       node_name, image_name);
 			return ret;
@ -1037,11 +1037,10 @@ static int fit_config_process_sig(const char *keydir, const char *keyfile,
 	/* Write the public key into the supplied FDT file */
 	if (keydest) {
 		ret = info.crypto->add_verify_data(&info, keydest);
-		if (ret) {
+		if (ret < 0) {
 			printf("Failed to add verification data for '%s' signature node in '%s' configuration node\n",
 			       node_name, conf_name);
 		}
-		return ret;
 	}

 	return 0;