[PATCH v2 1/6] dm: crypto: Define UCLASS API for ECDSA signature verification
Alex G.
mr.nuke.me at gmail.com
Tue Mar 30 01:03:16 CEST 2021
On 3/29/21 2:43 AM, Simon Glass wrote:
> Hi Alexandru,
>
> On Tue, 16 Mar 2021 at 13:24, Alexandru Gagniuc <mr.nuke.me at gmail.com> wrote:
>>
>> Define a UCLASS API for verifying ECDSA signatures. Unlike
>> UCLASS_MOD_EXP, which focuses strictly on modular exponentiation,
>> the ECDSA class focuses on verification. This is done so that it
>> better aligns with mach-specific implementations, such as stm32mp.
>>
>> Signed-off-by: Alexandru Gagniuc <mr.nuke.me at gmail.com>
>> ---
>> include/crypto/ecdsa-uclass.h | 39 +++++++++++++++++++++++++++++++++++
>> include/dm/uclass-id.h | 1 +
>> 2 files changed, 40 insertions(+)
>> create mode 100644 include/crypto/ecdsa-uclass.h
>>
>> diff --git a/include/crypto/ecdsa-uclass.h b/include/crypto/ecdsa-uclass.h
>> new file mode 100644
>> index 0000000000..189843820a
>> --- /dev/null
>> +++ b/include/crypto/ecdsa-uclass.h
>> @@ -0,0 +1,39 @@
>> +/* SPDX-License-Identifier: GPL-2.0+ */
>> +/*
>> + * Copyright (c) 2020, Alexandru Gagniuc <mr.nuke.me at gmail.com>
>> + */
>> +
>> +#include <dm/device.h>
>> +
>> +/**
>> + * struct ecdsa_public_key - ECDSA public key properties
>> + *
>> + * The struct has pointers to the (x, y) curve coordinates to an ECDSA public
>> + * key, as well as the name of the ECDSA curve. The size of the key is inferred
>> + * from the 'curve_name'
>> + */
>> +struct ecdsa_public_key {
>> + const char *curve_name; /* Name of curve, e.g. "prime256v1" */
>> + const void *x; /* x coordinate of public key */
>> + const void *y; /* y coordinate of public key */
>> + unsigned int size_bits; /* key size in bits, derived from curve name */
>> +};
>> +
>> +struct ecdsa_ops {
>> + /**
>> + * Verify signature of hash against given public key
>> + *
>> + * @dev: ECDSA Device
>> + * @pubkey: ECDSA public key
>> + * @hash: Hash of binary image
>> + * @hash_len: Length of hash in bytes
>> + * @signature: Signature in a raw (R, S) point pair
>
> What is the format of this? I think a better API would be to have a struct here.
It's the raw format, which is the R, and S points. It's the same format
used by pycryptodomex, and inside the FIT. see ecdsa_sig_encode_raw() in
the other series ("v6: Add support for ECDSA image signing")
I don't know if it's a good idea to split up the R,S points since the
verify step(both pycryptodomex and stm32) uses this concatenated format.
Then the implementation would have to memcpy R and S to a buffer.
Alex
>> + * @sig_len: Length of signature in bytes
>> + *
>> + * This function verifies that the 'signature' of the given 'hash' was
>> + * signed by the private key corresponding to 'pubkey'.
>> + */
>> + int (*verify)(struct udevice *dev, const struct ecdsa_public_key *pubkey,
>> + const void *hash, size_t hash_len,
>> + const void *signature, size_t sig_len);
>> +};
>> diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h
>> index d75de368c5..f335f4e5a4 100644
>> --- a/include/dm/uclass-id.h
>> +++ b/include/dm/uclass-id.h
>> @@ -47,6 +47,7 @@ enum uclass_id {
>> UCLASS_DSI_HOST, /* Display Serial Interface host */
>> UCLASS_DMA, /* Direct Memory Access */
>> UCLASS_DSA, /* Distributed (Ethernet) Switch Architecture */
>> + UCLASS_ECDSA, /* Elliptic curve cryptographic device */
>> UCLASS_EFI, /* EFI managed devices */
>> UCLASS_ETH, /* Ethernet device */
>> UCLASS_ETH_PHY, /* Ethernet PHY device */
>> --
>> 2.26.2
>>
>
> Regards,
> Simon
>
More information about the U-Boot
mailing list