[PATCH 1/5] dm: crypto: Define UCLASS API for ECDSA signature verification

Simon Glass sjg at chromium.org
Thu Jan 14 20:16:36 CET 2021


Hi Alex,

On Thu, 14 Jan 2021 at 09:09, Alex G. <mr.nuke.me at gmail.com> wrote:
>
> On 1/13/21 10:10 AM, Simon Glass wrote:
> > Hi Alexandru,
> >
> > On Mon, 11 Jan 2021 at 08:41, Alexandru Gagniuc <mr.nuke.me at gmail.com> wrote:
> >>
> >> Define a UCLASS API for verifying ECDSA signatures. Unlike
> >> UCLASS_MOD_EXP, which focuses strictly on modular exponentiation,
> >> the ECDSA class focuses on verification. This is done so that it
> >> better aligns with mach-specific implementations, such as stm32mp.
> >>
> >> Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
> >> ---
> >>   include/crypto/ecdsa-uclass.h | 39 +++++++++++++++++++++++++++++++++++
> >>   include/dm/uclass-id.h        |  1 +
> >>   2 files changed, 40 insertions(+)
> >>   create mode 100644 include/crypto/ecdsa-uclass.h
> >
> > This needs a test, as do all uclasses in U-Boot. If it isn't easy to
> > implement the algorithm then I suppose you could fake it by using an
> > easy algorithm like md5, but it does need a test.
>
> I agree. I couldn't find a test for UCLASS_MOD_EXP (for guidance), so
> I'm not sure where to even start.

How about dm_test_rng_read()? That is pretty simple and does a few basic things.

Re UCLASS_MOD_EXP this is tested by the vboot tests. It should really
have a simple unit test too, though. This is an example of how to add
a software implementation of a hardware algorithm. See mod_exp_sw.c

Regards,
Simon


More information about the U-Boot mailing list