From: Alex G. <mr.nuke.me@gmail.com>
To: u-boot@lists.denx.de
Subject: [PATCH v3 3/6] lib: Add support for ECDSA image signing
Date: Thu, 14 Jan 2021 09:48:39 -0600 [thread overview]
Message-ID: <cef8b45e-6545-934b-afd5-7a0b1045b320@gmail.com> (raw)
In-Reply-To: <CAPnjgZ196YMTdpveF=kvH_B-Eg9hjW+HPqv_waH3Y7SRB7zSdQ@mail.gmail.com>
On 1/13/21 10:10 AM, Simon Glass wrote:
> On Thu, 7 Jan 2021 at 15:34, Alexandru Gagniuc <mr.nuke.me@gmail.com> wrote:
>>
>> mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
>> now supporting hardware-accelerated ECDSA, it makes sense to expand
>> signing support to elliptic curves.
>>
>> Implement host-side ECDSA signing and verification with libcrypto.
>> Device-side implementation of signature verification is beyond the
>> scope of this patch.
>>
>> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
>> ---
>> common/image-sig.c | 11 +-
>> include/image.h | 3 +
>> include/u-boot/ecdsa.h | 94 +++++++++++
>> lib/ecdsa/ecdsa-libcrypto.c | 306 ++++++++++++++++++++++++++++++++++++
>> tools/Makefile | 3 +
>> 5 files changed, 415 insertions(+), 2 deletions(-)
>> create mode 100644 include/u-boot/ecdsa.h
>> create mode 100644 lib/ecdsa/ecdsa-libcrypto.c
>
> Reviewed-by: Simon Glass <sjg@chromium.org>
>
> But you should check the return value of do_sign(). Why do you call
> ecdsa_check_signature() afterwards? Can you not trust the library?
You are right that it's a redundant step. It's an automatic test for the
ecdsa_sig_encode_raw()/ecdsa_sig_from_raw() pair.
Alex
> Regards,
> Simon
>
next prev parent reply other threads:[~2021-01-14 15:48 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-01-07 22:33 [PATCH v3 0/6] Add support for ECDSA image signing (with test) Alexandru Gagniuc
2021-01-07 22:33 ` [PATCH v3 1/6] lib: Rename rsa-checksum.c to hash-checksum.c Alexandru Gagniuc
2021-01-13 16:10 ` Simon Glass
2021-01-07 22:33 ` [PATCH v3 2/6] lib/rsa: Make fdt_add_bignum() available outside of RSA code Alexandru Gagniuc
2021-01-13 16:10 ` Simon Glass
2021-01-07 22:33 ` [PATCH v3 3/6] lib: Add support for ECDSA image signing Alexandru Gagniuc
2021-01-13 16:10 ` Simon Glass
2021-01-14 15:48 ` Alex G. [this message]
2021-01-07 22:33 ` [PATCH v3 4/6] doc: signature.txt: Document devicetree format for ECDSA keys Alexandru Gagniuc
2021-01-13 16:10 ` Simon Glass
2021-01-07 22:33 ` [PATCH v3 5/6] test/py: Add pycryptodomex to list of required pakages Alexandru Gagniuc
2021-01-13 16:10 ` Simon Glass
2021-01-07 22:33 ` [PATCH v3 6/6] test/py: ecdsa: Add test for mkimage ECDSA signing Alexandru Gagniuc
2021-01-13 16:10 ` Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cef8b45e-6545-934b-afd5-7a0b1045b320@gmail.com \
--to=mr.nuke.me@gmail.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox