From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tim Romanski <tromanski@linux.microsoft.com>
Date: Wed, 7 Apr 2021 13:29:55 -0400
Subject: [EXTERNAL] Re: [PATCH v2 6/6] test: dm: Add test for ECDSA UCLASS
 support
In-Reply-To: <DM5PR21MB18156DE5619AA40ED9688304E27D9@DM5PR21MB1815.namprd21.prod.outlook.com>
References: <20210316002432.2581891-1-mr.nuke.me@gmail.com>
 <20210316002432.2581891-7-mr.nuke.me@gmail.com>
 <CAPnjgZ0GYXKjyGWa+TtNGNJJjsb9fmu+xw2pxOZg4L7Z9ODwKQ@mail.gmail.com>
 <5a0ca21a-1a51-f47e-3159-8d4517f483c9@gmail.com>
 <DM5PR21MB18156DE5619AA40ED9688304E27D9@DM5PR21MB1815.namprd21.prod.outlook.com>
Message-ID: <398c678d-e577-5d82-5998-b4748fda4af1@linux.microsoft.com>
List-Id: <u-boot.lists.denx.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: u-boot@lists.denx.de

Update on current progress on U-Boot ECDSA verification: I've isolated 
the OpenSSL code required to verify a signature signed with the 
nistp256v1 curve, and I've written a small test program to show that the 
code works without any external dependencies [1]. Currently fitting the 
code into Alex's fork of U-Boot.

Question for Alex, I see your repo has a few branches related to ECDSA 
(patch-ecdsa-v[1-5], patch-mkimage-keyfile-v{1,2}). You sent me a link 
to 'patch-ecdsa-v1' in a previous email, is that the one that's being 
upstreamed? Should I be working off a different branch or is that one ok?

Tim

[1] https://github.com/timr11/openssl-ecdsa-verify

On 2021-03-30 2:27 p.m., Tim Romanski wrote:
> On 3/30/21 2:17PM, Alexandru Gagniuc <mr.nuke.me@gmail.com> wrote:
>> I don't have any updates from Tim that you don't. I assume he's still silently hacking at it.
> Yep, I'm working on a software implementation of ECDSA. Currently have the OpenSSL implementation for the nistp256 curve isolated, debugging a test program that verifies a signature on data that was randomly generated, then will need to clean up unnecessary code and fit it into U-Boot.
>
> CC'd my @linux.microsoft.com email, I prefer to use that one from now on.
>
> All the best,
> Tim
>
> -----Original Message-----
> From: Alex G. <mr.nuke.me@gmail.com>
> Sent: March 29, 2021 2:43 PM
> To: Simon Glass <sjg@chromium.org>
> Cc: U-Boot Mailing List <u-boot@lists.denx.de>; Tom Rini <trini@konsulko.com>; Tim Romanski <t-tromanski@microsoft.com>
> Subject: [EXTERNAL] Re: [PATCH v2 6/6] test: dm: Add test for ECDSA UCLASS support
>
> + Tim
>
> On 3/29/21 2:43 AM, Simon Glass wrote:
>> Hi Alexandru,
>>
>> On Tue, 16 Mar 2021 at 13:24, Alexandru Gagniuc <mr.nuke.me@gmail.com> wrote:
>>> This test verifies that ECDSA_UCLASS is implemented, and that
>>> ecdsa_verify() works as expected. The definition of "expected" is
>>> "does not find a device, and returns -ENODEV".
>>>
>>> The lack of a hardware-independent ECDSA implementation prevents us
>>> from having one in the sandbox, for now.
>> Yes we do need a software impl at some point. Any update on that?
> I don't have any updates from Tim that you don't. I assume he's still silently hacking at it.
>
> Alex