[PATCH v4 2/6] lib: ecdsa: Add skeleton to implement ecdsa verification in u-boot
Simon Glass
sjg at chromium.org
Wed Apr 21 09:15:05 CEST 2021
Hi Alexandru,
On Fri, 16 Apr 2021 at 08:07, Alexandru Gagniuc <mr.nuke.me at gmail.com> wrote:
>
> Prepare the source tree for accepting implementations of the ECDSA
> algorithm. This patch deals with the boring aspects of Makefiles and
> Kconfig files.
>
> Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> ---
> include/image.h | 10 +++++-----
> include/u-boot/rsa.h | 2 +-
> lib/Kconfig | 1 +
> lib/Makefile | 1 +
> lib/ecdsa/Kconfig | 23 +++++++++++++++++++++++
> lib/ecdsa/Makefile | 1 +
> lib/ecdsa/ecdsa-verify.c | 13 +++++++++++++
> 7 files changed, 45 insertions(+), 6 deletions(-)
> create mode 100644 lib/ecdsa/Kconfig
> create mode 100644 lib/ecdsa/Makefile
> create mode 100644 lib/ecdsa/ecdsa-verify.c
Reviewed-by: Simon Glass <sjg at chromium.org>
nit below
>
> diff --git a/include/image.h b/include/image.h
> index 3ff3c035a7..9b95f6783b 100644
> --- a/include/image.h
> +++ b/include/image.h
> @@ -1224,20 +1224,20 @@ int calculate_hash(const void *data, int data_len, const char *algo,
> #if defined(USE_HOSTCC)
> # if defined(CONFIG_FIT_SIGNATURE)
> # define IMAGE_ENABLE_SIGN 1
> -# define IMAGE_ENABLE_VERIFY 1
> +# define IMAGE_ENABLE_VERIFY_RSA 1
> # define IMAGE_ENABLE_VERIFY_ECDSA 1
> # define FIT_IMAGE_ENABLE_VERIFY 1
> # include <openssl/evp.h>
> # else
> # define IMAGE_ENABLE_SIGN 0
> -# define IMAGE_ENABLE_VERIFY 0
> +# define IMAGE_ENABLE_VERIFY_RSA 0
> # define IMAGE_ENABLE_VERIFY_ECDSA 0
> # define FIT_IMAGE_ENABLE_VERIFY 0
> # endif
> #else
> # define IMAGE_ENABLE_SIGN 0
> -# define IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(RSA_VERIFY)
> -# define IMAGE_ENABLE_VERIFY_ECDSA 0
> +# define IMAGE_ENABLE_VERIFY_RSA CONFIG_IS_ENABLED(RSA_VERIFY)
> +# define IMAGE_ENABLE_VERIFY_ECDSA CONFIG_IS_ENABLED(ECDSA_VERIFY)
Since we are using Kconfig now, can we drop this IMAGE_... stuff and
just use CONFIG_IS_ENABLED() in the code?
> # define FIT_IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE)
> #endif
>
> @@ -1293,7 +1293,7 @@ struct image_region {
> int size;
> };
>
> -#if IMAGE_ENABLE_VERIFY
> +#if FIT_IMAGE_ENABLE_VERIFY
> # include <u-boot/hash-checksum.h>
> #endif
> struct checksum_algo {
> diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h
> index bed1c097c2..eb258fca4c 100644
> --- a/include/u-boot/rsa.h
> +++ b/include/u-boot/rsa.h
> @@ -81,7 +81,7 @@ static inline int rsa_add_verify_data(struct image_sign_info *info,
> }
> #endif
Regards,
Simon
More information about the U-Boot
mailing list