From: Alex G. <mr.nuke.me@gmail.com>
To: u-boot@lists.denx.de
Subject: [PATCH v4 2/6] lib: ecdsa: Add skeleton to implement ecdsa verification in u-boot
Date: Mon, 26 Apr 2021 09:21:19 -0500 [thread overview]
Message-ID: <f927a7f0-0a38-b824-0ac1-9ecfb79ff2af@gmail.com> (raw)
In-Reply-To: <CAPnjgZ0boC59wUSQbFWxpwUa8BjNTjk5y5aZFthA68Cr1etj0w@mail.gmail.com>
On 4/23/21 11:56 PM, Simon Glass wrote:
> Hi Tom, Alex,
>
> On Fri, 23 Apr 2021 at 12:47, Tom Rini <trini@konsulko.com> wrote:
>>
>> On Fri, Apr 23, 2021 at 11:55:57AM +1200, Simon Glass wrote:
>>> Hi Alex,
>>>
>>> On Thu, 22 Apr 2021 at 07:30, Alex G. <mr.nuke.me@gmail.com> wrote:
>>>>
>>>> On 4/21/21 2:15 AM, Simon Glass wrote:
>>>>> Hi Alexandru,
>>>>>
>>>>> On Fri, 16 Apr 2021 at 08:07, Alexandru Gagniuc <mr.nuke.me@gmail.com> wrote:
>>>>>>
>>>>>> Prepare the source tree for accepting implementations of the ECDSA
>>>>>> algorithm. This patch deals with the boring aspects of Makefiles and
>>>>>> Kconfig files.
>>>>>>
>>>>>> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
>>>>>> ---
>>>>>> include/image.h | 10 +++++-----
>>>>>> include/u-boot/rsa.h | 2 +-
>>>>>> lib/Kconfig | 1 +
>>>>>> lib/Makefile | 1 +
>>>>>> lib/ecdsa/Kconfig | 23 +++++++++++++++++++++++
>>>>>> lib/ecdsa/Makefile | 1 +
>>>>>> lib/ecdsa/ecdsa-verify.c | 13 +++++++++++++
>>>>>> 7 files changed, 45 insertions(+), 6 deletions(-)
>>>>>> create mode 100644 lib/ecdsa/Kconfig
>>>>>> create mode 100644 lib/ecdsa/Makefile
>>>>>> create mode 100644 lib/ecdsa/ecdsa-verify.c
>>>>>
>>>>> Reviewed-by: Simon Glass <sjg@chromium.org>
>>>>>
>>>>> nit below
>>>>>
>>>>>>
>>>>>> diff --git a/include/image.h b/include/image.h
>>>>>> index 3ff3c035a7..9b95f6783b 100644
>>>>>> --- a/include/image.h
>>>>>> +++ b/include/image.h
>>>>>> @@ -1224,20 +1224,20 @@ int calculate_hash(const void *data, int data_len, const char *algo,
>>>>>> #if defined(USE_HOSTCC)
>>>>>> # if defined(CONFIG_FIT_SIGNATURE)
>>>>>> # define IMAGE_ENABLE_SIGN 1
>>>>>> -# define IMAGE_ENABLE_VERIFY 1
>>>>>> +# define IMAGE_ENABLE_VERIFY_RSA 1
>>>>>> # define IMAGE_ENABLE_VERIFY_ECDSA 1
>>>>>> # define FIT_IMAGE_ENABLE_VERIFY 1
>>>>>> # include <openssl/evp.h>
>>>>>> # else
>>>>>> # define IMAGE_ENABLE_SIGN 0
>>>>>> -# define IMAGE_ENABLE_VERIFY 0
>>>>>> +# define IMAGE_ENABLE_VERIFY_RSA 0
>>>>>> # define IMAGE_ENABLE_VERIFY_ECDSA 0
>>>>>> # define FIT_IMAGE_ENABLE_VERIFY 0
>>>>>> # endif
>>>>>> #else
>>>>>> # define IMAGE_ENABLE_SIGN 0
>>>>>> -# define IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(RSA_VERIFY)
>>>>>> -# define IMAGE_ENABLE_VERIFY_ECDSA 0
>>>>>> +# define IMAGE_ENABLE_VERIFY_RSA CONFIG_IS_ENABLED(RSA_VERIFY)
>>>>>> +# define IMAGE_ENABLE_VERIFY_ECDSA CONFIG_IS_ENABLED(ECDSA_VERIFY)
>>>>>
>>>>> Since we are using Kconfig now, can we drop this IMAGE_... stuff and
>>>>> just use CONFIG_IS_ENABLED() in the code?
>>>>
>>>> CONFIG_IS_ENABLED() doesn't work for host tools.
>>>
>>> I wonder if that and IS_ENABLED() can be fixed?
>>
>> Not super easily? Some sort of seeing about cleaning up the code we
>> share with userspace would be nice, yes. But it should also probably
>> means that for the user side of things we always enable a bunch of stuff
>> so that in the end we end up with (nearly) target-agnostic tools.
>
> (just to be clear, this discussion should not hold up this patch IMO)
>
> Yes and in fact at present we allow some things to be disabled in
> tools where we probably should not.
>
> My original question was about CONFIG_IS_ENABLED(). I wonder if it
> doesn't work because the CONFIG is not enabled or because of some
> other reason?
CONFIG_IS_ENABLED() macro isn't available when compiling host tools. I
suspect nobody implemented it host-side?
Alex
next prev parent reply other threads:[~2021-04-26 14:21 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-15 20:05 [PATCH v4 0/6] nable ECDSA FIT verification for stm32mp Alexandru Gagniuc
2021-04-15 20:05 ` [PATCH v4 1/6] dm: crypto: Define UCLASS API for ECDSA signature verification Alexandru Gagniuc
2021-04-21 7:15 ` Simon Glass
2021-04-15 20:05 ` [PATCH v4 2/6] lib: ecdsa: Add skeleton to implement ecdsa verification in u-boot Alexandru Gagniuc
2021-04-21 7:15 ` Simon Glass
2021-04-21 19:30 ` Alex G.
2021-04-22 23:55 ` Simon Glass
2021-04-23 0:47 ` Tom Rini
2021-04-24 4:56 ` Simon Glass
2021-04-26 14:21 ` Alex G. [this message]
2021-04-29 16:10 ` Simon Glass
2021-05-04 16:58 ` Simon Glass
2021-05-05 17:49 ` Alex G.
2021-05-05 18:43 ` Simon Glass
2021-05-05 18:56 ` Alex G.
2021-04-15 20:05 ` [PATCH v4 3/6] lib: ecdsa: Implement signature verification for crypto_algo API Alexandru Gagniuc
2021-04-15 20:05 ` [PATCH v4 4/6] arm: stm32mp1: Implement ECDSA signature verification Alexandru Gagniuc
2021-04-15 20:05 ` [PATCH v4 5/6] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY Alexandru Gagniuc
2021-04-15 20:05 ` [PATCH v4 6/6] test: dm: Add test for ECDSA UCLASS support Alexandru Gagniuc
2021-04-21 7:15 ` Simon Glass
2021-04-21 7:14 ` [PATCH v4 0/6] nable ECDSA FIT verification for stm32mp Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f927a7f0-0a38-b824-0ac1-9ecfb79ff2af@gmail.com \
--to=mr.nuke.me@gmail.com \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox