[U-Boot] [PATCH 1/2] FIT: add ability to check hashes of all images in FIT, improve output

[Bartlomiej Sieka <tur@semihalf.com>]

- add function fit_all_image_check_hashes() that verifies if all hashes of all
  images in the FIT are valid
- improve output of fit_image_check_hashes() when the hash check fails

Signed-off-by: Bartlomiej Sieka <tur@semihalf.com>
---
 common/image.c  |   61 ++++++++++++++++++++++++++++++++++++++++++++++++++----
 include/image.h |    1 +
 2 files changed, 57 insertions(+), 5 deletions(-)

diff --git a/common/image.c b/common/image.c
index 94f01ad..7f55695 100644
--- a/common/image.c
+++ b/common/image.c
@@ -2645,27 +2645,29 @@ int fit_image_check_hashes (const void *fit, int image_noffset)
 				continue;
 
 			if (fit_image_hash_get_algo (fit, noffset, &algo)) {
-				err_msg = "Can't get hash algo property";
+				err_msg = " error!\nCan't get hash algo "
+						"property";
 				goto error;
 			}
 			printf ("%s", algo);
 
 			if (fit_image_hash_get_value (fit, noffset, &fit_value,
 							&fit_value_len)) {
-				err_msg = "Can't get hash value property";
+				err_msg = " error!\nCan't get hash value "
+						"property";
 				goto error;
 			}
 
 			if (calculate_hash (data, size, algo, value, &value_len)) {
-				err_msg = "Unsupported hash algorithm";
+				err_msg = " error!\nUnsupported hash algorithm";
 				goto error;
 			}
 
 			if (value_len != fit_value_len) {
-				err_msg = "Bad hash value len";
+				err_msg = " error !\nBad hash value len";
 				goto error;
 			} else if (memcmp (value, fit_value, value_len) != 0) {
-				err_msg = "Bad hash value";
+				err_msg = " error!\nBad hash value";
 				goto error;
 			}
 			printf ("+ ");
@@ -2682,6 +2684,55 @@ error:
 }
 
 /**
+ * fit_all_image_check_hashes - verify data intergity for all images
+ * @fit: pointer to the FIT format image header
+ *
+ * fit_all_image_check_hashes() goes over all images in the FIT and
+ * for every images checks if all it's hashes are valid.
+ *
+ * returns:
+ *     1, if all hashes of all images are valid
+ *     0, otherwise (or on error)
+ */
+int fit_all_image_check_hashes (const void *fit)
+{
+	int images_noffset;
+	int noffset;
+	int ndepth;
+	int count;
+
+	/* Find images parent node offset */
+	images_noffset = fdt_path_offset (fit, FIT_IMAGES_PATH);
+	if (images_noffset < 0) {
+		printf ("Can't find images parent node '%s' (%s)\n",
+			FIT_IMAGES_PATH, fdt_strerror (images_noffset));
+		return 0;
+	}
+
+	/* Process all image subnodes, check hashes for each */
+	printf ("## Checking hash(es) for FIT Image@%08lx ...\n",
+		(ulong)fit);
+	for (ndepth = 0, count = 0,
+		noffset = fdt_next_node (fit, images_noffset, &ndepth);
+		(noffset >= 0) && (ndepth > 0);
+		noffset = fdt_next_node (fit, noffset, &ndepth)) {
+		if (ndepth == 1) {
+			/*
+			 * Direct child node of the images parent node,
+			 * i.e. component image node.
+			 */
+			printf ("   Hash(es) for Image %u (%s): ", count++,
+					fit_get_name (fit, noffset, NULL));
+
+			if (!fit_image_check_hashes (fit, noffset))
+				return 0;
+			printf ("\n");
+		}
+	}
+	return 1;
+}
+
+/**
  * fit_image_check_os - check whether image node is of a given os type
  * @fit: pointer to the FIT format image header
  * @noffset: component image node offset
diff --git a/include/image.h b/include/image.h
index 9be806e..e4de513 100644
--- a/include/image.h
+++ b/include/image.h
@@ -573,6 +573,7 @@ int fit_image_hash_set_value (void *fit, int noffset, uint8_t *value,
 				int value_len);
 
 int fit_image_check_hashes (const void *fit, int noffset);
+int fit_all_image_check_hashes (const void *fit);
 int fit_image_check_os (const void *fit, int noffset, uint8_t os);
 int fit_image_check_arch (const void *fit, int noffset, uint8_t arch);
 int fit_image_check_type (const void *fit, int noffset, uint8_t type);
-- 
1.5.3.4