[PATCH RFC v2 5/5] test/py: ecdsa: Add test for mkimage ECDSA signing
Simon Glass
sjg at chromium.org
Thu Jan 7 18:31:11 CET 2021
Hi Alex,
On Thu, 7 Jan 2021 at 09:44, Alex G. <mr.nuke.me at gmail.com> wrote:
>
>
>
> On 1/7/21 6:35 AM, Simon Glass wrote:
> > Hi Alexandru,
> >
> > On Wed, 30 Dec 2020 at 14:00, Alexandru Gagniuc <mr.nuke.me at gmail.com> wrote:
> >>
> >> Add a test to make sure that the ECDSA signatures generated by
> >> mkimage can be verified successfully. pyCryptodomex was chosen as the
> >> crypto library because it integrates much better with python code.
> >> Using openssl would have been unnecessarily painful.
> >>
> >> Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> >> ---
> >> test/py/tests/test_fit_ecdsa.py | 111 ++++++++++++++++++++++++++++++++
> >> 1 file changed, 111 insertions(+)
> >> create mode 100644 test/py/tests/test_fit_ecdsa.py
> >>
> >
> > This test looks fine but the functions need full comments. I do think
> > it might be worth putting the code in test_vboot, particularly when
> > you get to the sandbox implementation.
>
> test_vboot seems to be testing the bootm command, while with this test
It also runs fit_check_sign to check the signature.
> I'm only looking to test the host-side (mkimage). In the next series, I
> won't have a software implementation of ECDSA, like RSA_MOD_EXP. I will
> use the ROM on the stm32mp. So there won't be somthing testable in the
> sandbox.
I'm not sure that is a good idea. With driver model you'll end up
creating a ECDSA driver I suppose, so implementing it for sandbox
should be possible. Is it a complicated algorithm? Without that, I'm
not even sure how fit_check_sign could work?
>
[..]
Regards,
Simon
More information about the U-Boot
mailing list