[PATCH] mkimage: ecdsa: add nodes to signature/key node

Matthias Pritschet matthias at pritschet.eu
Thu Aug 29 14:44:47 CEST 2024 

From: Matthias Pritschet <matthias.pritschet at itk-engineering.de>

Add the "required", "algo", and "key-name-hint" nodes to the
signature/key node if ecdsa256 is used.

This change is mainly copy&paste from rsa_add_verify_data which already
adds these nodes.

Signed-off-by: Matthias Pritschet <matthias.pritschet at itk-engineering.de>
---
 lib/ecdsa/ecdsa-libcrypto.c | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index db0a828a29..4513703d08 100644
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -272,7 +272,8 @@ int ecdsa_verify(struct image_sign_info *info,
 	return ret;
 }
 
-static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
+static int do_add(struct signer *ctx, void *fdt, const char *key_node_name,
+		  struct image_sign_info *info)
 {
 	int signature_node, key_node, ret, key_bits;
 	const char *curve_name;
@@ -322,6 +322,11 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
 	point = EC_KEY_get0_public_key(ctx->ecdsa_key);
 	EC_POINT_get_affine_coordinates(group, point, x, y, NULL);
 
+	ret = fdt_setprop_string(fdt, key_node, FIT_KEY_HINT,
+				 info->keyname);
+	if (ret < 0)
+		return ret;
+
 	ret = fdt_setprop_string(fdt, key_node, "ecdsa,curve", curve_name);
 	if (ret < 0)
 		return ret;
@@ -334,6 +339,16 @@ static int do_add(struct signer *ctx, void *fdt, const char *key_node_name)
 	if (ret < 0)
 		return ret;
 
+	ret = fdt_setprop_string(fdt, key_node, FIT_ALGO_PROP,
+				 info->name);
+	if (ret < 0)
+		return ret;
+
+	ret = fdt_setprop_string(fdt, key_node, FIT_KEY_REQUIRED,
+				 info->require_keys);
+	if (ret < 0)
+		return ret;
+
 	return key_node;
 }
 
@@ -346,7 +361,7 @@ int ecdsa_add_verify_data(struct image_sign_info *info, void *fdt)
 	fdt_key_name = info->keyname ? info->keyname : "default-key";
 	ret = prepare_ctx(&ctx, info);
 	if (ret >= 0){
-		ret = do_add(&ctx, fdt, fdt_key_name);
+		ret = do_add(&ctx, fdt, fdt_key_name, info);
 		if (ret < 0)
 			ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
 	}
-- 
2.34.1

More information about the U-Boot mailing list