From 604f23dde0b9e6d554b0445a89a809ebd398d515 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Tue, 7 May 2013 06:11:54 +0000 Subject: image: Move HOSTCC image code to tools/ This code is never compiled into U-Boot, so move it into a separate file in tools/ to avoid the large #ifdef. Signed-off-by: Simon Glass Reviewed-by: Marek Vasut --- tools/image-host.c | 201 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) create mode 100644 tools/image-host.c (limited to 'tools/image-host.c') diff --git a/tools/image-host.c b/tools/image-host.c new file mode 100644 index 0000000000..82b6ceea5c --- /dev/null +++ b/tools/image-host.c @@ -0,0 +1,201 @@ +/* + * Copyright (c) 2013, Google Inc. + * + * (C) Copyright 2008 Semihalf + * + * (C) Copyright 2000-2006 + * Wolfgang Denk, DENX Software Engineering, wd@denx.de. + * + * See file CREDITS for list of people who contributed to this + * project. + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of + * the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, + * MA 02111-1307 USA + */ + +#include "mkimage.h" +#include +#include +#include +#include +#include +#include + +/** + * fit_set_hashes - process FIT component image nodes and calculate hashes + * @fit: pointer to the FIT format image header + * + * fit_set_hashes() adds hash values for all component images in the FIT blob. + * Hashes are calculated for all component images which have hash subnodes + * with algorithm property set to one of the supported hash algorithms. + * + * returns + * 0, on success + * libfdt error code, on failure + */ +int fit_set_hashes(void *fit) +{ + int images_noffset; + int noffset; + int ndepth; + int ret; + + /* Find images parent node offset */ + images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); + if (images_noffset < 0) { + printf("Can't find images parent node '%s' (%s)\n", + FIT_IMAGES_PATH, fdt_strerror(images_noffset)); + return images_noffset; + } + + /* Process its subnodes, print out component images details */ + for (ndepth = 0, noffset = fdt_next_node(fit, images_noffset, &ndepth); + (noffset >= 0) && (ndepth > 0); + noffset = fdt_next_node(fit, noffset, &ndepth)) { + if (ndepth == 1) { + /* + * Direct child node of the images parent node, + * i.e. component image node. + */ + ret = fit_image_set_hashes(fit, noffset); + if (ret) + return ret; + } + } + + return 0; +} + +/** + * fit_image_set_hashes - calculate/set hashes for given component image node + * @fit: pointer to the FIT format image header + * @image_noffset: requested component image node + * + * fit_image_set_hashes() adds hash values for an component image node. All + * existing hash subnodes are checked, if algorithm property is set to one of + * the supported hash algorithms, hash value is computed and corresponding + * hash node property is set, for example: + * + * Input component image node structure: + * + * o image@1 (at image_noffset) + * | - data = [binary data] + * o hash@1 + * |- algo = "sha1" + * + * Output component image node structure: + * + * o image@1 (at image_noffset) + * | - data = [binary data] + * o hash@1 + * |- algo = "sha1" + * |- value = sha1(data) + * + * returns: + * 0 on sucess + * <0 on failure + */ +int fit_image_set_hashes(void *fit, int image_noffset) +{ + const void *data; + size_t size; + char *algo; + uint8_t value[FIT_MAX_HASH_LEN]; + int value_len; + int noffset; + int ndepth; + + /* Get image data and data length */ + if (fit_image_get_data(fit, image_noffset, &data, &size)) { + printf("Can't get image data/size\n"); + return -1; + } + + /* Process all hash subnodes of the component image node */ + for (ndepth = 0, noffset = fdt_next_node(fit, image_noffset, &ndepth); + (noffset >= 0) && (ndepth > 0); + noffset = fdt_next_node(fit, noffset, &ndepth)) { + if (ndepth == 1) { + /* Direct child node of the component image node */ + + /* + * Check subnode name, must be equal to "hash". + * Multiple hash nodes require unique unit node + * names, e.g. hash@1, hash@2, etc. + */ + if (strncmp(fit_get_name(fit, noffset, NULL), + FIT_HASH_NODENAME, + strlen(FIT_HASH_NODENAME)) != 0) { + /* Not a hash subnode, skip it */ + continue; + } + + if (fit_image_hash_get_algo(fit, noffset, &algo)) { + printf("Can't get hash algo property for '%s' hash node in '%s' image node\n", + fit_get_name(fit, noffset, NULL), + fit_get_name(fit, image_noffset, NULL)); + return -1; + } + + if (calculate_hash(data, size, algo, value, + &value_len)) { + printf("Unsupported hash algorithm (%s) for '%s' hash node in '%s' image node\n", + algo, fit_get_name(fit, noffset, NULL), + fit_get_name(fit, image_noffset, NULL)); + return -1; + } + + if (fit_image_hash_set_value(fit, noffset, value, + value_len)) { + printf("Can't set hash value for '%s' hash node in '%s' image node\n", + fit_get_name(fit, noffset, NULL), + fit_get_name(fit, image_noffset, NULL)); + return -1; + } + } + } + + return 0; +} + +/** + * fit_image_hash_set_value - set hash value in requested has node + * @fit: pointer to the FIT format image header + * @noffset: hash node offset + * @value: hash value to be set + * @value_len: hash value length + * + * fit_image_hash_set_value() attempts to set hash value in a node at offset + * given and returns operation status to the caller. + * + * returns + * 0, on success + * -1, on failure + */ +int fit_image_hash_set_value(void *fit, int noffset, uint8_t *value, + int value_len) +{ + int ret; + + ret = fdt_setprop(fit, noffset, FIT_VALUE_PROP, value, value_len); + if (ret) { + printf("Can't set hash '%s' property for '%s' node(%s)\n", + FIT_VALUE_PROP, fit_get_name(fit, noffset, NULL), + fdt_strerror(ret)); + return -1; + } + + return 0; +} -- cgit v1.2.3 From 94e5fa46a0d1516ee441a394aa2141db663322f6 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Tue, 7 May 2013 06:11:55 +0000 Subject: image: Split hash node processing into its own function This function has become quite long and much of the body is indented quite a bit. Move it into a separate function to make it easier to work with. Signed-off-by: Simon Glass Acked-by: Marek Vasut --- tools/image-host.c | 96 ++++++++++++++++++++++++++++++++---------------------- 1 file changed, 57 insertions(+), 39 deletions(-) (limited to 'tools/image-host.c') diff --git a/tools/image-host.c b/tools/image-host.c index 82b6ceea5c..6648215981 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -78,6 +78,56 @@ int fit_set_hashes(void *fit) return 0; } +/** + * fit_image_process_hash - Process a single subnode of the images/ node + * + * Check each subnode and process accordingly. For hash nodes we generate + * a hash of the supplised data and store it in the node. + * + * @fit: pointer to the FIT format image header + * @image_name: name of image being processes (used to display errors) + * @noffset: subnode offset + * @data: data to process + * @size: size of data in bytes + * @return 0 if ok, -1 on error + */ +static int fit_image_process_hash(void *fit, const char *image_name, + int noffset, const void *data, size_t size) +{ + uint8_t value[FIT_MAX_HASH_LEN]; + int value_len; + char *algo; + + /* + * Check subnode name, must be equal to "hash". + * Multiple hash nodes require unique unit node + * names, e.g. hash@1, hash@2, etc. + */ + if (strncmp(fit_get_name(fit, noffset, NULL), + FIT_HASH_NODENAME, strlen(FIT_HASH_NODENAME)) != 0) + return 0; + + if (fit_image_hash_get_algo(fit, noffset, &algo)) { + printf("Can't get hash algo property for '%s' hash node in '%s' image node\n", + fit_get_name(fit, noffset, NULL), image_name); + return -1; + } + + if (calculate_hash(data, size, algo, value, &value_len)) { + printf("Unsupported hash algorithm (%s) for '%s' hash node in '%s' image node\n", + algo, fit_get_name(fit, noffset, NULL), image_name); + return -1; + } + + if (fit_image_hash_set_value(fit, noffset, value, value_len)) { + printf("Can't set hash value for '%s' hash node in '%s' image node\n", + fit_get_name(fit, noffset, NULL), image_name); + return -1; + } + + return 0; +} + /** * fit_image_set_hashes - calculate/set hashes for given component image node * @fit: pointer to the FIT format image header @@ -111,11 +161,9 @@ int fit_image_set_hashes(void *fit, int image_noffset) { const void *data; size_t size; - char *algo; - uint8_t value[FIT_MAX_HASH_LEN]; - int value_len; int noffset; int ndepth; + const char *image_name; /* Get image data and data length */ if (fit_image_get_data(fit, image_noffset, &data, &size)) { @@ -123,47 +171,17 @@ int fit_image_set_hashes(void *fit, int image_noffset) return -1; } + image_name = fit_get_name(fit, image_noffset, NULL); + /* Process all hash subnodes of the component image node */ for (ndepth = 0, noffset = fdt_next_node(fit, image_noffset, &ndepth); - (noffset >= 0) && (ndepth > 0); - noffset = fdt_next_node(fit, noffset, &ndepth)) { + (noffset >= 0) && (ndepth > 0); + noffset = fdt_next_node(fit, noffset, &ndepth)) { if (ndepth == 1) { /* Direct child node of the component image node */ - - /* - * Check subnode name, must be equal to "hash". - * Multiple hash nodes require unique unit node - * names, e.g. hash@1, hash@2, etc. - */ - if (strncmp(fit_get_name(fit, noffset, NULL), - FIT_HASH_NODENAME, - strlen(FIT_HASH_NODENAME)) != 0) { - /* Not a hash subnode, skip it */ - continue; - } - - if (fit_image_hash_get_algo(fit, noffset, &algo)) { - printf("Can't get hash algo property for '%s' hash node in '%s' image node\n", - fit_get_name(fit, noffset, NULL), - fit_get_name(fit, image_noffset, NULL)); - return -1; - } - - if (calculate_hash(data, size, algo, value, - &value_len)) { - printf("Unsupported hash algorithm (%s) for '%s' hash node in '%s' image node\n", - algo, fit_get_name(fit, noffset, NULL), - fit_get_name(fit, image_noffset, NULL)); - return -1; - } - - if (fit_image_hash_set_value(fit, noffset, value, - value_len)) { - printf("Can't set hash value for '%s' hash node in '%s' image node\n", - fit_get_name(fit, noffset, NULL), - fit_get_name(fit, image_noffset, NULL)); + if (fit_image_process_hash(fit, image_name, noffset, + data, size)) return -1; - } } } -- cgit v1.2.3 From b7260910dca95b8a608d3721e0584484e887d756 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Tue, 7 May 2013 06:11:56 +0000 Subject: image: Convert fit_image_hash_set_value() to static, and rename This function doesn't need to be exported, and with verification we want to use it for setting the 'value' property in any node, so rename it. Signed-off-by: Simon Glass Reviewed-by: Marek Vasut --- include/image.h | 2 -- tools/image-host.c | 62 +++++++++++++++++++++++++++--------------------------- 2 files changed, 31 insertions(+), 33 deletions(-) (limited to 'tools/image-host.c') diff --git a/include/image.h b/include/image.h index 21d92137e8..dc8f8b10c4 100644 --- a/include/image.h +++ b/include/image.h @@ -614,8 +614,6 @@ int fit_image_hash_get_ignore(const void *fit, int noffset, int *ignore); int fit_set_timestamp(void *fit, int noffset, time_t timestamp); int fit_set_hashes(void *fit); int fit_image_set_hashes(void *fit, int image_noffset); -int fit_image_hash_set_value(void *fit, int noffset, uint8_t *value, - int value_len); int fit_image_check_hashes(const void *fit, int noffset); int fit_all_image_check_hashes(const void *fit); diff --git a/tools/image-host.c b/tools/image-host.c index 6648215981..a6b4f6ba0c 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -78,6 +78,36 @@ int fit_set_hashes(void *fit) return 0; } +/** + * fit_set_hash_value - set hash value in requested has node + * @fit: pointer to the FIT format image header + * @noffset: hash node offset + * @value: hash value to be set + * @value_len: hash value length + * + * fit_set_hash_value() attempts to set hash value in a node at offset + * given and returns operation status to the caller. + * + * returns + * 0, on success + * -1, on failure + */ +static int fit_set_hash_value(void *fit, int noffset, uint8_t *value, + int value_len) +{ + int ret; + + ret = fdt_setprop(fit, noffset, FIT_VALUE_PROP, value, value_len); + if (ret) { + printf("Can't set hash '%s' property for '%s' node(%s)\n", + FIT_VALUE_PROP, fit_get_name(fit, noffset, NULL), + fdt_strerror(ret)); + return -1; + } + + return 0; +} + /** * fit_image_process_hash - Process a single subnode of the images/ node * @@ -119,7 +149,7 @@ static int fit_image_process_hash(void *fit, const char *image_name, return -1; } - if (fit_image_hash_set_value(fit, noffset, value, value_len)) { + if (fit_set_hash_value(fit, noffset, value, value_len)) { printf("Can't set hash value for '%s' hash node in '%s' image node\n", fit_get_name(fit, noffset, NULL), image_name); return -1; @@ -187,33 +217,3 @@ int fit_image_set_hashes(void *fit, int image_noffset) return 0; } - -/** - * fit_image_hash_set_value - set hash value in requested has node - * @fit: pointer to the FIT format image header - * @noffset: hash node offset - * @value: hash value to be set - * @value_len: hash value length - * - * fit_image_hash_set_value() attempts to set hash value in a node at offset - * given and returns operation status to the caller. - * - * returns - * 0, on success - * -1, on failure - */ -int fit_image_hash_set_value(void *fit, int noffset, uint8_t *value, - int value_len) -{ - int ret; - - ret = fdt_setprop(fit, noffset, FIT_VALUE_PROP, value, value_len); - if (ret) { - printf("Can't set hash '%s' property for '%s' node(%s)\n", - FIT_VALUE_PROP, fit_get_name(fit, noffset, NULL), - fdt_strerror(ret)); - return -1; - } - - return 0; -} -- cgit v1.2.3 From bbb467dc3c79537eebc4d3551576a17f627e5e41 Mon Sep 17 00:00:00 2001 From: Simon Glass Date: Tue, 7 May 2013 06:12:01 +0000 Subject: image: Rename fit_add_hashes() to fit_add_verification_data() We intend to add signatures to FITs also, so rename this function so that it is not specific to hashing. Also rename fit_image_set_hashes() and make it static since it is not used outside this file. Signed-off-by: Simon Glass Reviewed-by: Marek Vasut --- include/image.h | 10 +++- tools/fit_image.c | 2 +- tools/image-host.c | 143 +++++++++++++++++++++++++---------------------------- 3 files changed, 75 insertions(+), 80 deletions(-) (limited to 'tools/image-host.c') diff --git a/include/image.h b/include/image.h index 6d7cd54a9c..f82d709ae1 100644 --- a/include/image.h +++ b/include/image.h @@ -614,8 +614,14 @@ int fit_image_hash_get_value(const void *fit, int noffset, uint8_t **value, int *value_len); int fit_set_timestamp(void *fit, int noffset, time_t timestamp); -int fit_set_hashes(void *fit); -int fit_image_set_hashes(void *fit, int image_noffset); + +/** + * fit_add_verification_data() - Calculate and add hashes to FIT + * + * @fit: Fit image to process + * @return 0 if ok, <0 for error + */ +int fit_add_verification_data(void *fit); int fit_image_verify(const void *fit, int noffset); int fit_all_image_verify(const void *fit); diff --git a/tools/fit_image.c b/tools/fit_image.c index 76bbba125a..8f511591a0 100644 --- a/tools/fit_image.c +++ b/tools/fit_image.c @@ -125,7 +125,7 @@ static int fit_handle_file (struct mkimage_params *params) } /* set hashes for images in the blob */ - if (fit_set_hashes (ptr)) { + if (fit_add_verification_data(ptr)) { fprintf (stderr, "%s Can't add hashes to FIT blob", params->cmdname); unlink (tmpfile); diff --git a/tools/image-host.c b/tools/image-host.c index a6b4f6ba0c..d944d0ff4e 100644 --- a/tools/image-host.c +++ b/tools/image-host.c @@ -33,51 +33,6 @@ #include #include -/** - * fit_set_hashes - process FIT component image nodes and calculate hashes - * @fit: pointer to the FIT format image header - * - * fit_set_hashes() adds hash values for all component images in the FIT blob. - * Hashes are calculated for all component images which have hash subnodes - * with algorithm property set to one of the supported hash algorithms. - * - * returns - * 0, on success - * libfdt error code, on failure - */ -int fit_set_hashes(void *fit) -{ - int images_noffset; - int noffset; - int ndepth; - int ret; - - /* Find images parent node offset */ - images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); - if (images_noffset < 0) { - printf("Can't find images parent node '%s' (%s)\n", - FIT_IMAGES_PATH, fdt_strerror(images_noffset)); - return images_noffset; - } - - /* Process its subnodes, print out component images details */ - for (ndepth = 0, noffset = fdt_next_node(fit, images_noffset, &ndepth); - (noffset >= 0) && (ndepth > 0); - noffset = fdt_next_node(fit, noffset, &ndepth)) { - if (ndepth == 1) { - /* - * Direct child node of the images parent node, - * i.e. component image node. - */ - ret = fit_image_set_hashes(fit, noffset); - if (ret) - return ret; - } - } - - return 0; -} - /** * fit_set_hash_value - set hash value in requested has node * @fit: pointer to the FIT format image header @@ -125,33 +80,27 @@ static int fit_image_process_hash(void *fit, const char *image_name, int noffset, const void *data, size_t size) { uint8_t value[FIT_MAX_HASH_LEN]; + const char *node_name; int value_len; char *algo; - /* - * Check subnode name, must be equal to "hash". - * Multiple hash nodes require unique unit node - * names, e.g. hash@1, hash@2, etc. - */ - if (strncmp(fit_get_name(fit, noffset, NULL), - FIT_HASH_NODENAME, strlen(FIT_HASH_NODENAME)) != 0) - return 0; + node_name = fit_get_name(fit, noffset, NULL); if (fit_image_hash_get_algo(fit, noffset, &algo)) { printf("Can't get hash algo property for '%s' hash node in '%s' image node\n", - fit_get_name(fit, noffset, NULL), image_name); + node_name, image_name); return -1; } if (calculate_hash(data, size, algo, value, &value_len)) { printf("Unsupported hash algorithm (%s) for '%s' hash node in '%s' image node\n", - algo, fit_get_name(fit, noffset, NULL), image_name); + algo, node_name, image_name); return -1; } if (fit_set_hash_value(fit, noffset, value, value_len)) { printf("Can't set hash value for '%s' hash node in '%s' image node\n", - fit_get_name(fit, noffset, NULL), image_name); + node_name, image_name); return -1; } @@ -159,14 +108,13 @@ static int fit_image_process_hash(void *fit, const char *image_name, } /** - * fit_image_set_hashes - calculate/set hashes for given component image node - * @fit: pointer to the FIT format image header - * @image_noffset: requested component image node + * fit_image_add_verification_data() - calculate/set hash data for image node * - * fit_image_set_hashes() adds hash values for an component image node. All - * existing hash subnodes are checked, if algorithm property is set to one of - * the supported hash algorithms, hash value is computed and corresponding - * hash node property is set, for example: + * This adds hash values for a component image node. + * + * All existing hash subnodes are checked, if algorithm property is set to + * one of the supported hash algorithms, hash value is computed and + * corresponding hash node property is set, for example: * * Input component image node structure: * @@ -183,17 +131,18 @@ static int fit_image_process_hash(void *fit, const char *image_name, * |- algo = "sha1" * |- value = sha1(data) * - * returns: - * 0 on sucess - * <0 on failure + * For signature details, please see doc/uImage.FIT/signature.txt + * + * @fit: Pointer to the FIT format image header + * @image_noffset: Requested component image node + * @return: 0 on success, <0 on failure */ -int fit_image_set_hashes(void *fit, int image_noffset) +int fit_image_add_verification_data(void *fit, int image_noffset) { + const char *image_name; const void *data; size_t size; int noffset; - int ndepth; - const char *image_name; /* Get image data and data length */ if (fit_image_get_data(fit, image_noffset, &data, &size)) { @@ -204,15 +153,55 @@ int fit_image_set_hashes(void *fit, int image_noffset) image_name = fit_get_name(fit, image_noffset, NULL); /* Process all hash subnodes of the component image node */ - for (ndepth = 0, noffset = fdt_next_node(fit, image_noffset, &ndepth); - (noffset >= 0) && (ndepth > 0); - noffset = fdt_next_node(fit, noffset, &ndepth)) { - if (ndepth == 1) { - /* Direct child node of the component image node */ - if (fit_image_process_hash(fit, image_name, noffset, - data, size)) - return -1; + for (noffset = fdt_first_subnode(fit, image_noffset); + noffset >= 0; + noffset = fdt_next_subnode(fit, noffset)) { + const char *node_name; + int ret = 0; + + /* + * Check subnode name, must be equal to "hash" or "signature". + * Multiple hash nodes require unique unit node + * names, e.g. hash@1, hash@2, signature@1, etc. + */ + node_name = fit_get_name(fit, noffset, NULL); + if (!strncmp(node_name, FIT_HASH_NODENAME, + strlen(FIT_HASH_NODENAME))) { + ret = fit_image_process_hash(fit, image_name, noffset, + data, size); } + if (ret) + return -1; + } + + return 0; +} + +int fit_add_verification_data(void *fit) +{ + int images_noffset; + int noffset; + int ret; + + /* Find images parent node offset */ + images_noffset = fdt_path_offset(fit, FIT_IMAGES_PATH); + if (images_noffset < 0) { + printf("Can't find images parent node '%s' (%s)\n", + FIT_IMAGES_PATH, fdt_strerror(images_noffset)); + return images_noffset; + } + + /* Process its subnodes, print out component images details */ + for (noffset = fdt_first_subnode(fit, images_noffset); + noffset >= 0; + noffset = fdt_next_subnode(fit, noffset)) { + /* + * Direct child node of the images parent node, + * i.e. component image node. + */ + ret = fit_image_add_verification_data(fit, noffset); + if (ret) + return ret; } return 0; -- cgit v1.2.3