[EXTERNAL] Re: [PATCH v2 6/6] test: dm: Add test for ECDSA UCLASS support

public inbox for u-boot@lists.denx.de
 help / color / mirror / Atom feed

From: Tim Romanski <tromanski@linux.microsoft.com>
To: u-boot@lists.denx.de
Subject: [EXTERNAL] Re: [PATCH v2 6/6] test: dm: Add test for ECDSA UCLASS support
Date: Fri, 23 Apr 2021 13:03:25 -0400	[thread overview]
Message-ID: <fe0e6d2a-2044-661a-b753-e6c885af1a99@linux.microsoft.com> (raw)
In-Reply-To: <6ee9fe12-dbaa-ef8c-e350-54cd99fea14d@linux.microsoft.com>

Update on ECDSA verification progress, I've forked Alex's repo and have 
included my changes in the 'ecdsa-vrf-1' branch [1]. This includes the 
isolated OpenSSL code for verification, and I split up the 
lib/ecdsa/ecdsa-libcrypto.c file into lib/ecdsa/ecdsa-sign.c and 
lib/ecdsa/ecdsa-verify.c. I've also included unit tests under 
test/py/tests/test_vboot_ecdsa.py, which test ECDSA with the sha1 and 
sha256 digest algos. There are some outstanding changes to be made 
before it's ready for review, mainly cleaning up the OpenSSL code as it 
has redundant code still included though it works without any additional 
dependencies, and better integration with U-Boot's build system. 
Currently I've added a new Kconfig setting to turn on ECDSA 
signing/verification called "CONFIG_FIT_SIGNATURE_ECDSA" in 
common/Kconfig.boot which sets config options "CONFIG_ECDSA" and 
"CONFIG_ECDSA_VERIFY". This is done mainly to replicate how the RSA 
config was setup, though creating "CONFIG_FIT_SIGNATURE_ECDSA" separate 
from "CONFIG_FIT_SIGNATURE" feels messy, there's probably a better approach.

Today is also my last day at my internship. Deskin, a team member of 
mine at Microsoft who was keeping an eye on the project, will be the 
main point of contact from here (deskinm at linux.microsoft.com) though I 
can also be reached at timromanski at gmail.com (CC'd) and will be 
responsive if there are any questions.

All the best,

Tim

[1] timr11/u-boot: u-boot + elliptic curve verification (github.com) 
<https://github.com/timr11/u-boot>

On 2021-04-08 12:56 p.m., Tim Romanski wrote:
> Ok, will do. I'm writing the verification code, I noticed you're 
> passing the public key into the fdt using fdt_add_bignum, which 
> converts the x and y values into big endian integer arrays. Do you 
> have a method to read these values from the fdt and convert them back 
> into bignums, or is that TODO? I can get that done if it's not yet 
> implemented.
>
> All the best,
>
> Tim
>
> On 2021-04-07 4:03 p.m., Alex G. wrote:
>> On 4/7/21 12:29 PM, Tim Romanski wrote:
>>
>>> Question for Alex, I see your repo has a few branches related to 
>>> ECDSA (patch-ecdsa-v[1-5], patch-mkimage-keyfile-v{1,2}). You sent 
>>> me a link to 'patch-ecdsa-v1' in a previous email, is that the one 
>>> that's being upstreamed? Should I be working off a different branch 
>>> or is that one ok?
>>
>> I'm up to v6 on the patch submission. The differences are not that 
>> big, but I recommend sticking to the latest.
>>
>> Alex

next prev parent reply	other threads:[~2021-04-23 17:03 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-03-16  0:24 [PATCH v2 0/6] Enable ECDSA FIT verification for stm32mp Alexandru Gagniuc
2021-03-16  0:24 ` [PATCH v2 1/6] dm: crypto: Define UCLASS API for ECDSA signature verification Alexandru Gagniuc
2021-03-29  7:43   ` Simon Glass
2021-03-29 23:03     ` Alex G.
2021-03-16  0:24 ` [PATCH v2 2/6] lib: ecdsa: Add skeleton to implement ecdsa verification in u-boot Alexandru Gagniuc
2021-03-29  7:43   ` Simon Glass
2021-03-16  0:24 ` [PATCH v2 3/6] lib: ecdsa: Implement signature verification for crypto_algo API Alexandru Gagniuc
2021-03-16  0:24 ` [PATCH v2 4/6] arm: stm32mp1: Implement ECDSA signature verification Alexandru Gagniuc
2021-03-16  0:24 ` [PATCH v2 5/6] Kconfig: FIT_SIGNATURE should not select RSA_VERIFY Alexandru Gagniuc
2021-03-16  0:24 ` [PATCH v2 6/6] test: dm: Add test for ECDSA UCLASS support Alexandru Gagniuc
2021-03-29  7:43   ` Simon Glass
2021-03-29 18:42     ` Alex G.
2021-03-30 18:27       ` [EXTERNAL] " Tim Romanski
2021-04-07 17:29         ` Tim Romanski
2021-04-07 20:03           ` Alex G.
2021-04-08 16:56             ` Tim Romanski
2021-04-08 17:05               ` Alex G.
2021-04-23 17:03               ` Tim Romanski [this message]
2021-04-24 13:30                 ` Tom Rini

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=fe0e6d2a-2044-661a-b753-e6c885af1a99@linux.microsoft.com \
    --to=tromanski@linux.microsoft.com \
    --cc=u-boot@lists.denx.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox