From: Tom Rini <trini@konsulko.com>
To: u-boot@lists.denx.de
Subject: [PATCH v4 2/6] lib: ecdsa: Add skeleton to implement ecdsa verification in u-boot
Date: Thu, 22 Apr 2021 20:47:34 -0400 [thread overview]
Message-ID: <20210423004734.GJ1310@bill-the-cat> (raw)
In-Reply-To: <CAPnjgZ0a3rS-1NYqBojz89pkiLh8Le+kbitNnaBAdoYBBi32+g@mail.gmail.com>
On Fri, Apr 23, 2021 at 11:55:57AM +1200, Simon Glass wrote:
> Hi Alex,
>
> On Thu, 22 Apr 2021 at 07:30, Alex G. <mr.nuke.me@gmail.com> wrote:
> >
> > On 4/21/21 2:15 AM, Simon Glass wrote:
> > > Hi Alexandru,
> > >
> > > On Fri, 16 Apr 2021 at 08:07, Alexandru Gagniuc <mr.nuke.me@gmail.com> wrote:
> > >>
> > >> Prepare the source tree for accepting implementations of the ECDSA
> > >> algorithm. This patch deals with the boring aspects of Makefiles and
> > >> Kconfig files.
> > >>
> > >> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
> > >> ---
> > >> include/image.h | 10 +++++-----
> > >> include/u-boot/rsa.h | 2 +-
> > >> lib/Kconfig | 1 +
> > >> lib/Makefile | 1 +
> > >> lib/ecdsa/Kconfig | 23 +++++++++++++++++++++++
> > >> lib/ecdsa/Makefile | 1 +
> > >> lib/ecdsa/ecdsa-verify.c | 13 +++++++++++++
> > >> 7 files changed, 45 insertions(+), 6 deletions(-)
> > >> create mode 100644 lib/ecdsa/Kconfig
> > >> create mode 100644 lib/ecdsa/Makefile
> > >> create mode 100644 lib/ecdsa/ecdsa-verify.c
> > >
> > > Reviewed-by: Simon Glass <sjg@chromium.org>
> > >
> > > nit below
> > >
> > >>
> > >> diff --git a/include/image.h b/include/image.h
> > >> index 3ff3c035a7..9b95f6783b 100644
> > >> --- a/include/image.h
> > >> +++ b/include/image.h
> > >> @@ -1224,20 +1224,20 @@ int calculate_hash(const void *data, int data_len, const char *algo,
> > >> #if defined(USE_HOSTCC)
> > >> # if defined(CONFIG_FIT_SIGNATURE)
> > >> # define IMAGE_ENABLE_SIGN 1
> > >> -# define IMAGE_ENABLE_VERIFY 1
> > >> +# define IMAGE_ENABLE_VERIFY_RSA 1
> > >> # define IMAGE_ENABLE_VERIFY_ECDSA 1
> > >> # define FIT_IMAGE_ENABLE_VERIFY 1
> > >> # include <openssl/evp.h>
> > >> # else
> > >> # define IMAGE_ENABLE_SIGN 0
> > >> -# define IMAGE_ENABLE_VERIFY 0
> > >> +# define IMAGE_ENABLE_VERIFY_RSA 0
> > >> # define IMAGE_ENABLE_VERIFY_ECDSA 0
> > >> # define FIT_IMAGE_ENABLE_VERIFY 0
> > >> # endif
> > >> #else
> > >> # define IMAGE_ENABLE_SIGN 0
> > >> -# define IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(RSA_VERIFY)
> > >> -# define IMAGE_ENABLE_VERIFY_ECDSA 0
> > >> +# define IMAGE_ENABLE_VERIFY_RSA CONFIG_IS_ENABLED(RSA_VERIFY)
> > >> +# define IMAGE_ENABLE_VERIFY_ECDSA CONFIG_IS_ENABLED(ECDSA_VERIFY)
> > >
> > > Since we are using Kconfig now, can we drop this IMAGE_... stuff and
> > > just use CONFIG_IS_ENABLED() in the code?
> >
> > CONFIG_IS_ENABLED() doesn't work for host tools.
>
> I wonder if that and IS_ENABLED() can be fixed?
Not super easily? Some sort of seeing about cleaning up the code we
share with userspace would be nice, yes. But it should also probably
means that for the user side of things we always enable a bunch of stuff
so that in the end we end up with (nearly) target-agnostic tools.
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 659 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20210422/8ef26759/attachment.sig>
next prev parent reply other threads:[~2021-04-23 0:47 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-15 20:05 [PATCH v4 0/6] nable ECDSA FIT verification for stm32mp Alexandru Gagniuc
2021-04-15 20:05 ` [PATCH v4 1/6] dm: crypto: Define UCLASS API for ECDSA signature verification Alexandru Gagniuc
2021-04-21 7:15 ` Simon Glass
2021-04-15 20:05 ` [PATCH v4 2/6] lib: ecdsa: Add skeleton to implement ecdsa verification in u-boot Alexandru Gagniuc
2021-04-21 7:15 ` Simon Glass
2021-04-21 19:30 ` Alex G.
2021-04-22 23:55 ` Simon Glass
2021-04-23 0:47 ` Tom Rini [this message]
2021-04-24 4:56 ` Simon Glass
2021-04-26 14:21 ` Alex G.
2021-04-29 16:10 ` Simon Glass
2021-05-04 16:58 ` Simon Glass
2021-05-05 17:49 ` Alex G.
2021-05-05 18:43 ` Simon Glass
2021-05-05 18:56 ` Alex G.
2021-04-15 20:05 ` [PATCH v4 3/6] lib: ecdsa: Implement signature verification for crypto_algo API Alexandru Gagniuc
2021-04-15 20:05 ` [PATCH v4 4/6] arm: stm32mp1: Implement ECDSA signature verification Alexandru Gagniuc
2021-04-15 20:05 ` [PATCH v4 5/6] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY Alexandru Gagniuc
2021-04-15 20:05 ` [PATCH v4 6/6] test: dm: Add test for ECDSA UCLASS support Alexandru Gagniuc
2021-04-21 7:15 ` Simon Glass
2021-04-21 7:14 ` [PATCH v4 0/6] nable ECDSA FIT verification for stm32mp Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210423004734.GJ1310@bill-the-cat \
--to=trini@konsulko.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox