[PATCH 6/9] lib: ecdsa: support additional curve sizes
Simon Glass
sjg at chromium.org
Thu Jul 2 22:03:33 CEST 2026
Hi James,
On 2026-07-02T01:46:51, James Hilliard <james.hilliard1 at gmail.com> wrote:
> lib: ecdsa: support additional curve sizes
>
> U-Boot's ECDSA FIT code is tied closely to prime256v1 and secp384r1.
> Hardware verifiers may support a wider set of curves, and FIT public key
> properties need to preserve the fixed coordinate width of those curves.
>
> Add common curve-size handling for secp224r1, prime256v1, secp384r1 and
> secp521r1. Use fixed-width big-endian byte arrays when writing libcrypto
> BIGNUM values into the control FDT so non-32-bit-aligned coordinates such
> as secp521r1 are encoded correctly.
>
> Register the corresponding host and target ECDSA algorithm names and clean
> up the libcrypto signing context so raw signatures are owned and freed
> consistently on error paths.
>
> Signed-off-by: James Hilliard <james.hilliard1 at gmail.com>
>
> doc/mkimage.1 | 3 +
> doc/usage/fit/signature.rst | 3 +-
> include/u-boot/ecdsa.h | 16 +++++
> include/u-boot/fdt-libcrypto.h | 6 +-
> lib/ecdsa/Kconfig | 2 +-
> lib/ecdsa/ecdsa-libcrypto.c | 141 ++++++++++++++++++++++++++---------------
> lib/ecdsa/ecdsa-verify.c | 39 ++++++------
> lib/fdt-libcrypto.c | 59 ++++-------------
> tools/image-sig-host.c | 7 ++
> 9 files changed, 152 insertions(+), 124 deletions(-)
> Add common curve-size handling for secp224r1, prime256v1, secp384r1 and
> secp521r1. Use fixed-width big-endian byte arrays when writing libcrypto
> BIGNUM values into the control FDT so non-32-bit-aligned coordinates such
> as secp521r1 are encoded correctly.
The fdt_add_bignum() rewrite also changes shared code used by
lib/rsa/rsa-sign.c for 'rsa,modulus' and 'rsa,r-squared', but neither
the subject nor the message mentions RSA. Please can you note that the
encoding is unchanged for RSA (key sizes are a multiple of 32 bits, so
the byte array is identical to the old word array)? Better still,
split the fdt_add_bignum() change into its own patch, since it stands
alone and affects both signature schemes.
This patch also bundles the new curves with quite a lot of unrelated
error-path and memory-ownership cleanup in ecdsa-libcrypto.c, which
would be easier to review as a separate patch.
> diff --git a/lib/ecdsa/Kconfig b/lib/ecdsa/Kconfig
> @@ -17,7 +17,7 @@ config ECDSA_VERIFY
> config SPL_ECDSA_VERIFY
> bool "Enable ECDSA verification support in SPL"
> - depends on SPL
> + depends on SPL && SPL_DM
This has nothing to do with curve sizes and is not mentioned in the
commit message. I suspect it is a build fix, since ecdsa-verify.c uses
the uclass API, but please can you either explain it in the message or
move it to a separate patch?
> diff --git a/doc/usage/fit/signature.rst b/doc/usage/fit/signature.rst
> @@ -132,7 +132,8 @@ rsa,n0-inverse
> ecdsa,x-point
> Public key X coordinate as a big-endian multi-word integer
Since fdt_add_bignum() now writes a fixed-width byte array, the
'multi-word integer' wording for 'ecdsa,x-point' and 'ecdsa,y-point'
is no longer accurate for secp521r1 (66 bytes). Please can you update
these to say the width is the curve size rounded up to whole bytes?
> diff --git a/include/u-boot/ecdsa.h b/include/u-boot/ecdsa.h
> @@ -64,8 +65,23 @@ int ecdsa_verify(struct image_sign_info *info,
> +static inline unsigned int ecdsa_curve_size(const char *curve_name)
Please can you add a function comment in the style of the other
declarations in this file, mentioning the parameter and that 0 is
returned for an unknown curve?
> diff --git a/lib/fdt-libcrypto.c b/lib/fdt-libcrypto.c
> @@ -5,68 +5,35 @@
> - return ret ? -FDT_ERR_NOSPACE : 0;
> + return ret;
This mixes error namespaces: the function can return -EINVAL and
-ENOMEM as well as raw libfdt codes from fdt_setprop(). Some values
collide (-ENOMEM is -12, the same as -FDT_ERR_BADLAYOUT), so a caller
cannot reliably interpret the result. It works today because callers
only check for -FDT_ERR_NOSPACE, but it would be cleaner to normalise
here, e.g. map -FDT_ERR_NOSPACE to -ENOSPC and other libfdt errors to
-EIO, adjusting the callers to match. What do you think?
Regards,
Simon
More information about the U-Boot
mailing list