lib: rsa: function to verify a signature against a hash

rsa_verify() expects a memory region and wants to do the hashing itself,
but there may be cases where the hashing is done via other means,
like hashing a squashfs rootfs.

So add rsa_verify_hash() to allow verifiying a signature against
an existing hash. As this entails the same verification routines
we can just move the relevant code over from rsa_verify() and also
call rsa_verify_hash() from there.

Signed-off-by: Heiko Stuebner <heiko.stuebner@theobroma-systems.com>

1 files changed, 21 insertions, 0 deletions

diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
index 2d3024d8b7..a0bae495f0 100644
--- a/include/u-boot/rsa.h
+++ b/include/u-boot/rsa.h
@@ -83,6 +83,20 @@ static inline int rsa_add_verify_data(struct image_sign_info *info,
 
 #if IMAGE_ENABLE_VERIFY
 /**
+ * rsa_verify_hash() - Verify a signature against a hash
+ *
+ * Verify a RSA PKCS1.5 signature against an expected hash.
+ *
+ * @info:	Specifies key and FIT information
+ * @hash:	Hash according to algorithm specified in @info
+ * @sig:	Signature
+ * @sig_len:	Number of bytes in signature
+ * @return 0 if verified, -ve on error
+ */
+int rsa_verify_hash(struct image_sign_info *info,
+		    const uint8_t *hash, uint8_t *sig, uint sig_len);
+
+/**
  * rsa_verify() - Verify a signature against some data
  *
  * Verify a RSA PKCS1.5 signature against an expected hash.
@@ -108,6 +122,13 @@ int padding_pss_verify(struct image_sign_info *info,
 		       const uint8_t *hash, int hash_len);
 #endif /* CONFIG_FIT_ENABLE_RSASSA_PSS_SUPPORT */
 #else
+static inline int rsa_verify_hash(struct image_sign_info *info,
+				  const uint8_t *hash,
+				  uint8_t *sig, uint sig_len)
+{
+	return -ENXIO;
+}
+
 static inline int rsa_verify(struct image_sign_info *info,
 		const struct image_region region[], int region_count,
 		uint8_t *sig, uint sig_len)