[PATCH v4 0/6] Add support for ECDSA image signing (with test)
Alexandru Gagniuc
mr.nuke.me at gmail.com
Fri Jan 8 20:17:31 CET 2021
## Purpose and intent
The purpose of this series is to enable ECDSA as an alternative to RSA
for FIT signing. As new chips have built-in support for ECDSA verified
boot, it makes sense to stick to one signing algorithm, instead of
resorting to RSA for u-boot images.
The focus of this series is signing an existing FIT image:
mkimage -F some-existing.fit --signing-key some/key.pem
Signing while assembling a FIT is not a tested use case.
# Implementation
## Code organization
Unlike the RSA path, which mixes host and firmware code in the same,
source files, this series keeps a very clear distinction.
ecdsa-libcrypto.c is intended to be used for host code and only for
host code. There is more opportunity for code reuse this way.
## Signing
There is one major difference from the RSA path. The 'key-name-hint'
property is ignored in the ECDSA path. There are two reasons:
(1) The intent of 'key-name-hint' is not clear
(2) Initial implementation is much easier to review
There is an intentional side-effect. The RSA path takes 'key-name-hint'
to decide which key file to read from disk. In the context of "which
fdt node describes my signing key", this makes sense. On the other
hand, 'key-name-hint' is also used as the basename of where the key is
on the filesystem. This leads to some funny search paths, such as
"some/dir/(null).key"
So I am using the -K option to mkimage as the _full_ path to the key
file. It doesn't have to be named .key, it doesn't have to be named
.crt, and it doesn't have to exist in a particular directory (as is
the case for the RSA path). I understand and recognize that this
discrepancy must be resolved, but resolving it right now would make
the initial implementation much harder and longer.
# Testing
test/py/tests/test_fit_ecdsa.py is implemented withe the goal to check
that the signing is done correctly, and that the signature is encoded
in the proper raw format. Verification is done with pyCryptodomex, so
this test will catch both coding errors and openssl bugs. This is the
only scope of testing proposed here.
# Things not yet resolved:
- is mkimage '-k' supposed to be a directory or file path
I'm hoping I can postpone answering this question pending further discussion.
Changes since v3:
- Don't use 'log_msg_ret()', as it's not available host-side
Changes since v1 and v2:
- Added lots of function comments
- Replaced hardcoded error numbers with more meaningful errno numbers
- Changed some error paths to use 'return log_msg_ret'
Alexandru Gagniuc (6):
lib: Rename rsa-checksum.c to hash-checksum.c
lib/rsa: Make fdt_add_bignum() available outside of RSA code
lib: Add support for ECDSA image signing
doc: signature.txt: Document devicetree format for ECDSA keys
test/py: Add pycryptodomex to list of required pakages
test/py: ecdsa: Add test for mkimage ECDSA signing
common/image-fit-sig.c | 2 +-
common/image-sig.c | 13 +-
doc/uImage.FIT/signature.txt | 7 +-
include/image.h | 5 +-
include/u-boot/ecdsa.h | 94 ++++++
include/u-boot/fdt-libcrypto.h | 27 ++
.../{rsa-checksum.h => hash-checksum.h} | 0
lib/Makefile | 1 +
lib/crypto/pkcs7_verify.c | 2 +-
lib/crypto/x509_public_key.c | 2 +-
lib/ecdsa/ecdsa-libcrypto.c | 306 ++++++++++++++++++
lib/fdt-libcrypto.c | 72 +++++
lib/{rsa/rsa-checksum.c => hash-checksum.c} | 3 +-
lib/rsa/Makefile | 2 +-
lib/rsa/rsa-sign.c | 65 +---
test/py/requirements.txt | 1 +
test/py/tests/test_fit_ecdsa.py | 111 +++++++
tools/Makefile | 7 +-
18 files changed, 645 insertions(+), 75 deletions(-)
create mode 100644 include/u-boot/ecdsa.h
create mode 100644 include/u-boot/fdt-libcrypto.h
rename include/u-boot/{rsa-checksum.h => hash-checksum.h} (100%)
create mode 100644 lib/ecdsa/ecdsa-libcrypto.c
create mode 100644 lib/fdt-libcrypto.c
rename lib/{rsa/rsa-checksum.c => hash-checksum.c} (96%)
create mode 100644 test/py/tests/test_fit_ecdsa.py
--
2.26.2
More information about the U-Boot
mailing list