[PATCH v4 02/14] ecdsa: initial support of ecdsa using mbedtls
Raymond Mao
raymondmaoca at gmail.com
Mon Apr 20 18:36:23 CEST 2026
Hi Philippe,
On Fri, Apr 17, 2026 at 9:02 AM Philippe Reynes
<philippe.reynes at softathome.com> wrote:
>
> Adds an initial support of ecdsa verify using mbedtls.
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
> v2:
> - rename sw_ecdsa.c to ecdsa.c
> v3:
> - rename sw_ecdsa_verify to ecdsa_hash_verify
> - stop on first group found
> - check signature len
> - use debug instead of printf
> - check function returns
> - fix memleaks in ecdsa_hash_verify
> v4:
> - move struct ecdsa_public_key from ecdsa-u-class.h to internal/ecdsa.h
> - use DIV_ROUND_UP
> - some code cleanup
>
> include/crypto/ecdsa-uclass.h | 15 +---
> include/crypto/internal/ecdsa.h | 28 ++++++
> lib/mbedtls/Makefile | 3 +
> lib/mbedtls/ecdsa.c | 146 ++++++++++++++++++++++++++++++++
> 4 files changed, 178 insertions(+), 14 deletions(-)
> create mode 100644 include/crypto/internal/ecdsa.h
> create mode 100644 lib/mbedtls/ecdsa.c
>
> diff --git a/include/crypto/ecdsa-uclass.h b/include/crypto/ecdsa-uclass.h
> index 189843820a0..047a5eda2fc 100644
> --- a/include/crypto/ecdsa-uclass.h
> +++ b/include/crypto/ecdsa-uclass.h
> @@ -4,20 +4,7 @@
> */
>
> #include <dm/device.h>
> -
> -/**
> - * struct ecdsa_public_key - ECDSA public key properties
> - *
> - * The struct has pointers to the (x, y) curve coordinates to an ECDSA public
> - * key, as well as the name of the ECDSA curve. The size of the key is inferred
> - * from the 'curve_name'
> - */
> -struct ecdsa_public_key {
> - const char *curve_name; /* Name of curve, e.g. "prime256v1" */
> - const void *x; /* x coordinate of public key */
> - const void *y; /* y coordinate of public key */
> - unsigned int size_bits; /* key size in bits, derived from curve name */
> -};
> +#include <crypto/internal/ecdsa.h>
>
> struct ecdsa_ops {
> /**
> diff --git a/include/crypto/internal/ecdsa.h b/include/crypto/internal/ecdsa.h
> new file mode 100644
> index 00000000000..bfdc137091e
> --- /dev/null
> +++ b/include/crypto/internal/ecdsa.h
> @@ -0,0 +1,28 @@
> +/* SPDX-License-Identifier: GPL-2.0+ */
> +/*
> + * Copyright (c) 2026, Philippe Reynes <philippe.reynes at softathome.com>
> + */
> +#ifndef _ECDSA_HELPER_
> +#define _ECDSA_HELPER_
> +
> +#include <linux/types.h>
> +
> +/**
> + * struct ecdsa_public_key - ECDSA public key properties
> + *
> + * The struct has pointers to the (x, y) curve coordinates to an ECDSA public
> + * key, as well as the name of the ECDSA curve. The size of the key is inferred
> + * from the 'curve_name'
> + */
> +struct ecdsa_public_key {
> + const char *curve_name; /* Name of curve, e.g. "prime256v1" */
> + const void *x; /* x coordinate of public key */
> + const void *y; /* y coordinate of public key */
> + unsigned int size_bits; /* key size in bits, derived from curve name */
> +};
> +
> +int ecdsa_hash_verify(const struct ecdsa_public_key *pubkey,
> + const void *hash, size_t hash_len,
> + const void *signature, size_t sig_len);
> +
> +#endif
> diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile
> index aa1ca6d196b..d872c0eb788 100644
> --- a/lib/mbedtls/Makefile
> +++ b/lib/mbedtls/Makefile
> @@ -11,6 +11,9 @@ obj-$(CONFIG_$(PHASE_)SHA1_MBEDTLS) += sha1.o
> obj-$(CONFIG_$(PHASE_)SHA256_MBEDTLS) += sha256.o
> obj-$(CONFIG_$(PHASE_)SHA512_MBEDTLS) += sha512.o
>
> +# shim layer for ecdsa
> +obj-$(CONFIG_$(PHASE_)ECDSA_MBEDTLS) += ecdsa.o
> +
> # x509 libraries
> obj-$(CONFIG_$(PHASE_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \
> public_key.o
> diff --git a/lib/mbedtls/ecdsa.c b/lib/mbedtls/ecdsa.c
> new file mode 100644
> index 00000000000..a87b0d0e17f
> --- /dev/null
> +++ b/lib/mbedtls/ecdsa.c
> @@ -0,0 +1,146 @@
> +// SPDX-License-Identifier: GPL-2.0+
> +/*
> + * Copyright (C) 2026 Philippe Reynes <philippe.reynes at softathome.com>
> + */
> +
> +#include <log.h>
> +#include <linux/errno.h>
> +#include <linux/string.h>
> +#include <linux/types.h>
> +
> +#include <crypto/internal/ecdsa.h>
> +
> +#include "mbedtls_options.h" /* required to access private fields */
> +#include <mbedtls/ecdsa.h>
> +#include <mbedtls/ecp.h>
> +
> +static mbedtls_ecp_group_id ecdsa_search_group_id(const char *curve_name)
> +{
> + mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE;
> + const mbedtls_ecp_curve_info *info;
> +
> + if (!curve_name)
> + goto out;
> +
> + if (!strcmp(curve_name, "prime256v1"))
> + return MBEDTLS_ECP_DP_SECP256R1;
> +
> + info = mbedtls_ecp_curve_list();
> + while (info && info->name) {
> + if (!strcmp(curve_name, info->name)) {
> + grp_id = info->grp_id;
> + break;
> + }
> + info++;
> + }
> +
> + out:
> + return grp_id;
> +}
> +
> +int ecdsa_hash_verify(const struct ecdsa_public_key *pubkey,
> + const void *hash, size_t hash_len,
> + const void *signature, size_t sig_len)
> +{
> + mbedtls_ecp_group_id grp_id;
> + mbedtls_ecp_group grp;
> + mbedtls_ecp_point Q;
> + mbedtls_mpi r, s;
> + int key_len;
> + int err = -1;
> +
> + key_len = DIV_ROUND_UP(pubkey->size_bits, 8);
> +
> + /* check the signature len */
> + if (sig_len != 2 * key_len) {
> + log_debug("sig len should be twice the key len (sig len = %zu, key len = %d)\n",
> + sig_len, key_len);
> + err = -EINVAL;
> + goto out;
> + }
> +
> + /* search the group */
> + grp_id = ecdsa_search_group_id(pubkey->curve_name);
> + if (grp_id == MBEDTLS_ECP_DP_NONE) {
> + log_debug("curve name %s not found\n", pubkey->curve_name);
> + err = -EINVAL;
> + goto out;
> + }
> +
> + /* init and load the group */
> + mbedtls_ecp_group_init(&grp);
> + err = mbedtls_ecp_group_load(&grp, grp_id);
> + if (err) {
> + err = -EINVAL;
> + goto out1;
> + }
> +
> + /* prepare the pubkey */
> + mbedtls_ecp_point_init(&Q);
> + err = mbedtls_mpi_read_binary(&Q.X, pubkey->x, key_len);
> + if (err) {
> + log_debug("could not read value x of the public key (err = %d)\n",
> + err);
> + err = -EINVAL;
> + goto out2;
> + }
> + err = mbedtls_mpi_read_binary(&Q.Y, pubkey->y, key_len);
> + if (err) {
> + log_debug("could not read value y of the public key (err = %d)\n",
> + err);
> + err = -EINVAL;
> + goto out2;
> + }
> + mbedtls_mpi_lset(&Q.Z, 1);
'err = ' is missing.
Raymond
> + if (err) {
> + log_debug("could not set value z of the public key (err = %d)\n",
> + err);
> + err = -EINVAL;
> + goto out2;
> + }
> +
> + /* check if the pubkey is valid */
> + err = mbedtls_ecp_check_pubkey(&grp, &Q);
> + if (err) {
> + log_debug("public key is invalid (err = %d)\n", err);
> + err = -EKEYREJECTED;
> + goto out2;
> + }
> +
> + /* compute r */
> + mbedtls_mpi_init(&r);
> + err = mbedtls_mpi_read_binary(&r, signature, key_len);
> + if (err) {
> + log_debug("could not read value r of the signature (err = %d)\n",
> + err);
> + err = -EINVAL;
> + goto out3;
> + }
> +
> + /* compute s */
> + mbedtls_mpi_init(&s);
> + err = mbedtls_mpi_read_binary(&s, signature + key_len, key_len);
> + if (err) {
> + log_debug("could not read value s of the signature (err = %d)\n",
> + err);
> + err = -EINVAL;
> + goto out4;
> + }
> +
> + /* check the signature */
> + err = mbedtls_ecdsa_verify(&grp, hash, hash_len, &Q, &r, &s);
> + if (err)
> + err = -EINVAL;
> +
> + out4:
> + mbedtls_mpi_free(&s);
> + out3:
> + mbedtls_mpi_free(&r);
> + out2:
> + mbedtls_ecp_point_free(&Q);
> + out1:
> + mbedtls_ecp_group_free(&grp);
> + out:
> +
> + return err;
> +}
> --
> 2.43.0
>
More information about the U-Boot
mailing list