dany/u-boot-megous
1
0
Fork 0
mirror of https://xff.cz/git/u-boot/ synced 2025-09-02 17:22:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

rsa: Add debugging for failure cases

Browse Source 
Add some more debugging to make it easier to see what is being tried and
what fails. Fix a few comment styles while here.

Signed-off-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Simon Glass
2021-11-12 12:28:02 -07:00
parent 2ce07383a4
commit c3675583e9
1 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/rsa/rsa-verify.c
View File

@@ -79,14 +79,14 @@ int padding_pkcs_15_verify(struct image_sign_info *info,
struct checksum_algo *checksum = info->checksum; struct checksum_algo *checksum = info->checksum;
int ret, pad_len = msg_len - checksum->checksum_len; int ret, pad_len = msg_len - checksum->checksum_len;
/* Check pkcs1.5 padding bytes. */ /* Check pkcs1.5 padding bytes */
ret = rsa_verify_padding(msg, pad_len, checksum); ret = rsa_verify_padding(msg, pad_len, checksum);
if (ret) { if (ret) {
debug("In RSAVerify(): Padding check failed!\n"); debug("In RSAVerify(): Padding check failed!\n");
return -EINVAL; return -EINVAL;
} }
/* Check hash. */ /* Check hash */
if (memcmp((uint8_t *)msg + pad_len, hash, msg_len - pad_len)) { if (memcmp((uint8_t *)msg + pad_len, hash, msg_len - pad_len)) {
debug("In RSAVerify(): Hash check failed!\n"); debug("In RSAVerify(): Hash check failed!\n");
return -EACCES; return -EACCES;
@@ -502,7 +502,8 @@ int rsa_verify_hash(struct image_sign_info *info,
if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) { if (CONFIG_IS_ENABLED(RSA_VERIFY_WITH_PKEY) && !info->fdt_blob) {
/* don't rely on fdt properties */ /* don't rely on fdt properties */
ret = rsa_verify_with_pkey(info, hash, sig, sig_len); ret = rsa_verify_with_pkey(info, hash, sig, sig_len);
if (ret)
debug("%s: rsa_verify_with_pkey() failed\n", __func__);
return ret; return ret;
} }
@@ -522,6 +523,9 @@ int rsa_verify_hash(struct image_sign_info *info,
if (info->required_keynode != -1) { if (info->required_keynode != -1) {
ret = rsa_verify_with_keynode(info, hash, sig, sig_len, ret = rsa_verify_with_keynode(info, hash, sig, sig_len,
info->required_keynode); info->required_keynode);
if (ret)
debug("%s: Failed to verify required_keynode\n",
__func__);
return ret; return ret;
} }
@@ -531,6 +535,8 @@ int rsa_verify_hash(struct image_sign_info *info,
ret = rsa_verify_with_keynode(info, hash, sig, sig_len, node); ret = rsa_verify_with_keynode(info, hash, sig, sig_len, node);
if (!ret) if (!ret)
return ret; return ret;
debug("%s: Could not verify key '%s', trying all\n", __func__,
name);
/* No luck, so try each of the keys in turn */ /* No luck, so try each of the keys in turn */
for (ndepth = 0, noffset = fdt_next_node(blob, sig_node, for (ndepth = 0, noffset = fdt_next_node(blob, sig_node,
@@ -546,6 +552,7 @@ int rsa_verify_hash(struct image_sign_info *info,
} }
} }
} }
debug("%s: Failed to verify by any means\n", __func__);
return ret; return ret;
} }