[PATCH v4 2/6] lib: ecdsa: Add skeleton to implement ecdsa verification in u-boot

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Alex G. <mr.nuke.me@gmail.com>
To: u-boot@lists.denx.de
Subject: [PATCH v4 2/6] lib: ecdsa: Add skeleton to implement ecdsa verification in u-boot
Date: Wed, 5 May 2021 12:49:53 -0500	[thread overview]
Message-ID: <b7774e7e-0a1d-43bb-c7bb-a7fe86728f9c@gmail.com> (raw)
In-Reply-To: <CAPnjgZ0y1+x+nNxuDr6jre7NEBoKHOEnzroiE4MsjTNXvWt_mA@mail.gmail.com>



On 5/4/21 11:58 AM, Simon Glass wrote:
> Hi Alex,
> 
> On Thu, 29 Apr 2021 at 10:10, Simon Glass <sjg@chromium.org> wrote:
>>
>> Hi Alex,
>>
>> On Mon, 26 Apr 2021 at 07:21, Alex G. <mr.nuke.me@gmail.com> wrote:
>>>
>>>
>>>
>>> On 4/23/21 11:56 PM, Simon Glass wrote:
>>>> Hi Tom, Alex,
>>>>
>>>> On Fri, 23 Apr 2021 at 12:47, Tom Rini <trini@konsulko.com> wrote:
>>>>>
>>>>> On Fri, Apr 23, 2021 at 11:55:57AM +1200, Simon Glass wrote:
>>>>>> Hi Alex,
>>>>>>
>>>>>> On Thu, 22 Apr 2021 at 07:30, Alex G. <mr.nuke.me@gmail.com> wrote:
>>>>>>>
>>>>>>> On 4/21/21 2:15 AM, Simon Glass wrote:
>>>>>>>> Hi Alexandru,
>>>>>>>>
>>>>>>>> On Fri, 16 Apr 2021 at 08:07, Alexandru Gagniuc <mr.nuke.me@gmail.com> wrote:
>>>>>>>>>
>>>>>>>>> Prepare the source tree for accepting implementations of the ECDSA
>>>>>>>>> algorithm. This patch deals with the boring aspects of Makefiles and
>>>>>>>>> Kconfig files.
>>>>>>>>>
>>>>>>>>> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
>>>>>>>>> ---
>>>>>>>>>     include/image.h          | 10 +++++-----
>>>>>>>>>     include/u-boot/rsa.h     |  2 +-
>>>>>>>>>     lib/Kconfig              |  1 +
>>>>>>>>>     lib/Makefile             |  1 +
>>>>>>>>>     lib/ecdsa/Kconfig        | 23 +++++++++++++++++++++++
>>>>>>>>>     lib/ecdsa/Makefile       |  1 +
>>>>>>>>>     lib/ecdsa/ecdsa-verify.c | 13 +++++++++++++
>>>>>>>>>     7 files changed, 45 insertions(+), 6 deletions(-)
>>>>>>>>>     create mode 100644 lib/ecdsa/Kconfig
>>>>>>>>>     create mode 100644 lib/ecdsa/Makefile
>>>>>>>>>     create mode 100644 lib/ecdsa/ecdsa-verify.c
>>>>>>>>
>>>>>>>> Reviewed-by: Simon Glass <sjg@chromium.org>
>>>>>>>>
>>>>>>>> nit below
>>>>>>>>
>>>>>>>>>
>>>>>>>>> diff --git a/include/image.h b/include/image.h
>>>>>>>>> index 3ff3c035a7..9b95f6783b 100644
>>>>>>>>> --- a/include/image.h
>>>>>>>>> +++ b/include/image.h
>>>>>>>>> @@ -1224,20 +1224,20 @@ int calculate_hash(const void *data, int data_len, const char *algo,
>>>>>>>>>     #if defined(USE_HOSTCC)
>>>>>>>>>     # if defined(CONFIG_FIT_SIGNATURE)
>>>>>>>>>     #  define IMAGE_ENABLE_SIGN    1
>>>>>>>>> -#  define IMAGE_ENABLE_VERIFY  1
>>>>>>>>> +#  define IMAGE_ENABLE_VERIFY_RSA      1
>>>>>>>>>     #  define IMAGE_ENABLE_VERIFY_ECDSA    1
>>>>>>>>>     #  define FIT_IMAGE_ENABLE_VERIFY      1
>>>>>>>>>     #  include <openssl/evp.h>
>>>>>>>>>     # else
>>>>>>>>>     #  define IMAGE_ENABLE_SIGN    0
>>>>>>>>> -#  define IMAGE_ENABLE_VERIFY  0
>>>>>>>>> +#  define IMAGE_ENABLE_VERIFY_RSA      0
>>>>>>>>>     # define IMAGE_ENABLE_VERIFY_ECDSA     0
>>>>>>>>>     #  define FIT_IMAGE_ENABLE_VERIFY      0
>>>>>>>>>     # endif
>>>>>>>>>     #else
>>>>>>>>>     # define IMAGE_ENABLE_SIGN     0
>>>>>>>>> -# define IMAGE_ENABLE_VERIFY           CONFIG_IS_ENABLED(RSA_VERIFY)
>>>>>>>>> -# define IMAGE_ENABLE_VERIFY_ECDSA     0
>>>>>>>>> +# define IMAGE_ENABLE_VERIFY_RSA       CONFIG_IS_ENABLED(RSA_VERIFY)
>>>>>>>>> +# define IMAGE_ENABLE_VERIFY_ECDSA     CONFIG_IS_ENABLED(ECDSA_VERIFY)
>>>>>>>>
>>>>>>>> Since we are using Kconfig now, can we drop this IMAGE_... stuff and
>>>>>>>> just use CONFIG_IS_ENABLED() in the code?
>>>>>>>
>>>>>>> CONFIG_IS_ENABLED() doesn't work for host tools.
>>>>>>
>>>>>> I wonder if that and IS_ENABLED() can be fixed?
>>>>>
>>>>> Not super easily?  Some sort of seeing about cleaning up the code we
>>>>> share with userspace would be nice, yes.  But it should also probably
>>>>> means that for the user side of things we always enable a bunch of stuff
>>>>> so that in the end we end up with (nearly) target-agnostic tools.
>>>>
>>>> (just to be clear, this discussion should not hold up this patch IMO)
>>>>
>>>> Yes and in fact at present we allow some things to be disabled in
>>>> tools where we probably should not.
>>>>
>>>> My original question was about CONFIG_IS_ENABLED(). I wonder if it
>>>> doesn't work because the CONFIG is not enabled or because of some
>>>> other reason?
>>>
>>> CONFIG_IS_ENABLED() macro isn't available when compiling host tools. I
>>> suspect nobody implemented it host-side?
>>
>> I think it should map to IS_ENABLED(). But also, do we include
>> kconfig.h in the tools?
> 
> Just a note that I sent a series to enable CONFIG_IS_ENABLED on the host.

Do I need to rebase on your series?

> Regards,
> Simon
>

next prev parent reply	other threads:[~2021-05-05 17:49 UTC|newest]

Thread overview: 21+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-15 20:05 [PATCH v4 0/6] nable ECDSA FIT verification for stm32mp Alexandru Gagniuc
2021-04-15 20:05 ` [PATCH v4 1/6] dm: crypto: Define UCLASS API for ECDSA signature verification Alexandru Gagniuc
2021-04-21  7:15   ` Simon Glass
2021-04-15 20:05 ` [PATCH v4 2/6] lib: ecdsa: Add skeleton to implement ecdsa verification in u-boot Alexandru Gagniuc
2021-04-21  7:15   ` Simon Glass
2021-04-21 19:30     ` Alex G.
2021-04-22 23:55       ` Simon Glass
2021-04-23  0:47         ` Tom Rini
2021-04-24  4:56           ` Simon Glass
2021-04-26 14:21             ` Alex G.
2021-04-29 16:10               ` Simon Glass
2021-05-04 16:58                 ` Simon Glass
2021-05-05 17:49                   ` Alex G. [this message]
2021-05-05 18:43                     ` Simon Glass
2021-05-05 18:56                       ` Alex G.
2021-04-15 20:05 ` [PATCH v4 3/6] lib: ecdsa: Implement signature verification for crypto_algo API Alexandru Gagniuc
2021-04-15 20:05 ` [PATCH v4 4/6] arm: stm32mp1: Implement ECDSA signature verification Alexandru Gagniuc
2021-04-15 20:05 ` [PATCH v4 5/6] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY Alexandru Gagniuc
2021-04-15 20:05 ` [PATCH v4 6/6] test: dm: Add test for ECDSA UCLASS support Alexandru Gagniuc
2021-04-21  7:15   ` Simon Glass
2021-04-21  7:14 ` [PATCH v4 0/6] nable ECDSA FIT verification for stm32mp Simon Glass

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=b7774e7e-0a1d-43bb-c7bb-a7fe86728f9c@gmail.com \
    --to=mr.nuke.me@gmail.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox