[PATCH v4 2/6] lib: ecdsa: Add skeleton to implement ecdsa verification in u-boot

Simon Glass sjg at chromium.org
Wed Apr 21 09:15:05 CEST 2021


Hi Alexandru,

On Fri, 16 Apr 2021 at 08:07, Alexandru Gagniuc <mr.nuke.me at gmail.com> wrote:
>
> Prepare the source tree for accepting implementations of the ECDSA
> algorithm. This patch deals with the boring aspects of Makefiles and
> Kconfig files.
>
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> ---
>  include/image.h          | 10 +++++-----
>  include/u-boot/rsa.h     |  2 +-
>  lib/Kconfig              |  1 +
>  lib/Makefile             |  1 +
>  lib/ecdsa/Kconfig        | 23 +++++++++++++++++++++++
>  lib/ecdsa/Makefile       |  1 +
>  lib/ecdsa/ecdsa-verify.c | 13 +++++++++++++
>  7 files changed, 45 insertions(+), 6 deletions(-)
>  create mode 100644 lib/ecdsa/Kconfig
>  create mode 100644 lib/ecdsa/Makefile
>  create mode 100644 lib/ecdsa/ecdsa-verify.c

Reviewed-by: Simon Glass <sjg at chromium.org>

nit below

>
> diff --git a/include/image.h b/include/image.h
> index 3ff3c035a7..9b95f6783b 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -1224,20 +1224,20 @@ int calculate_hash(const void *data, int data_len, const char *algo,
>  #if defined(USE_HOSTCC)
>  # if defined(CONFIG_FIT_SIGNATURE)
>  #  define IMAGE_ENABLE_SIGN    1
> -#  define IMAGE_ENABLE_VERIFY  1
> +#  define IMAGE_ENABLE_VERIFY_RSA      1
>  #  define IMAGE_ENABLE_VERIFY_ECDSA    1
>  #  define FIT_IMAGE_ENABLE_VERIFY      1
>  #  include <openssl/evp.h>
>  # else
>  #  define IMAGE_ENABLE_SIGN    0
> -#  define IMAGE_ENABLE_VERIFY  0
> +#  define IMAGE_ENABLE_VERIFY_RSA      0
>  # define IMAGE_ENABLE_VERIFY_ECDSA     0
>  #  define FIT_IMAGE_ENABLE_VERIFY      0
>  # endif
>  #else
>  # define IMAGE_ENABLE_SIGN     0
> -# define IMAGE_ENABLE_VERIFY           CONFIG_IS_ENABLED(RSA_VERIFY)
> -# define IMAGE_ENABLE_VERIFY_ECDSA     0
> +# define IMAGE_ENABLE_VERIFY_RSA       CONFIG_IS_ENABLED(RSA_VERIFY)
> +# define IMAGE_ENABLE_VERIFY_ECDSA     CONFIG_IS_ENABLED(ECDSA_VERIFY)

Since we are using Kconfig now, can we drop this IMAGE_... stuff and
just use CONFIG_IS_ENABLED() in the code?

>  # define FIT_IMAGE_ENABLE_VERIFY       CONFIG_IS_ENABLED(FIT_SIGNATURE)
>  #endif
>
> @@ -1293,7 +1293,7 @@ struct image_region {
>         int size;
>  };
>
> -#if IMAGE_ENABLE_VERIFY
> +#if FIT_IMAGE_ENABLE_VERIFY
>  # include <u-boot/hash-checksum.h>
>  #endif
>  struct checksum_algo {
> diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
> index bed1c097c2..eb258fca4c 100644
> --- a/include/u-boot/rsa.h
> +++ b/include/u-boot/rsa.h
> @@ -81,7 +81,7 @@ static inline int rsa_add_verify_data(struct image_sign_info *info,
>  }
>  #endif

Regards,
Simon


More information about the U-Boot mailing list