[PATCH v8 06/15] test: dm: ecdsa.c: clean this test as software ecdsa is now implemented
Raymond Mao
raymondmaoca at gmail.com
Mon Jun 1 20:24:35 CEST 2026
Hi Philippe,
On Mon, Jun 1, 2026 at 9:43 AM Philippe Reynes
<philippe.reynes at softathome.com> wrote:
>
> The test ecdsa was done when ecdsa was only supported by hardware.
> So it wasn't possible to test ecdsa on sandbox, and there is a test
> to check that ecdsa is not supported on sandbox.
> Now, there is a software implementation of ecdsa. So we add a test
> to verify that ecdsa_verify may be used on sandbox.
>
> Signed-off-by: Philippe Reynes <philippe.reynes at softathome.com>
> ---
> v2:
> - initial version
> v3:
> - no change
> v4:
> - add a test that use ecdsa_verify
> v5:
> - change secp256r1 to ecdsa256
> - check that checksum and crypto are not null
> v6:
> - update commit message
> - remove fdt_strerror in macro CHECK
> - return ENOMEM when malloc fails
> - add a define FDT_MAX_SIZE to avoid hardcoded value
> v7:
> - change uint8_t to u8
> - set required_keynode to -1
> v8:
> - remove macro CHECK with a goto inside
> - use lowercase for hex data
> - code cleanup
>
> test/dm/ecdsa.c | 107 +++++++++++++++++++++++++++++++++++++++++++-----
> 1 file changed, 97 insertions(+), 10 deletions(-)
>
Thanks!
Reviewed-by: Raymond Mao <raymondmaoca at gmail.com>
> diff --git a/test/dm/ecdsa.c b/test/dm/ecdsa.c
> index d7eac7115f7..261ca3f9f73 100644
> --- a/test/dm/ecdsa.c
> +++ b/test/dm/ecdsa.c
> @@ -3,36 +3,123 @@
> #include <crypto/ecdsa-uclass.h>
> #include <dm.h>
> #include <dm/test.h>
> +#include <malloc.h>
> #include <test/ut.h>
> #include <u-boot/ecdsa.h>
>
> +#define FDT_MAX_SIZE 512
> +
> +static int set_fdt_ecdsa_point(char *fdt, const char *name, const char *data)
> +{
> + char *value = NULL;
> + size_t len;
> + int ret = 0;
> +
> + if (!fdt || !name || !data) {
> + ret = -EINVAL;
> + goto out;
> + }
> +
> + len = strlen(data) / 2;
> + if (!len) {
> + ret = -EINVAL;
> + goto out;
> + }
> +
> + value = malloc(len);
> + if (!value) {
> + ret = -ENOMEM;
> + goto out;
> + }
> +
> + ret = hex2bin(value, data, len);
> + if (ret)
> + goto out;
> +
> + ret = fdt_property(fdt, name, value, len);
> + if (ret)
> + goto out;
> +
> +out:
> + free(value);
> + return ret;
> +}
> +
> +static int create_fdt_with_ecdsa_key(struct unit_test_state *uts,
> + char *fdt, size_t size,
> + const char *name, const char *curve,
> + const char *x, const char *y)
> +{
> + ut_assertok(fdt_create(fdt, size));
> + ut_assertok(fdt_finish_reservemap(fdt));
> + ut_assertok(fdt_begin_node(fdt, ""));
> + ut_assertok(fdt_begin_node(fdt, "signature"));
> + ut_assertok(fdt_begin_node(fdt, name));
> + ut_assertok(fdt_property_string(fdt, "algo", "sha256,ecdsa256"));
> + ut_assertok(set_fdt_ecdsa_point(fdt, "ecdsa,y-point", y));
> + ut_assertok(set_fdt_ecdsa_point(fdt, "ecdsa,x-point", x));
> + ut_assertok(fdt_property_string(fdt, "ecdsa,curve", curve));
> + ut_assertok(fdt_property_string(fdt, "key-name-hint", name));
> + ut_assertok(fdt_end_node(fdt)); /* name */
> + ut_assertok(fdt_end_node(fdt)); /* "signature" */
> + ut_assertok(fdt_end_node(fdt)); /* "" */
> + ut_assertok(fdt_finish(fdt));
> + ut_assertok(fdt_pack(fdt));
> +
> + return 0;
> +}
> +
> /*
> * Basic test of the ECDSA uclass and ecdsa_verify()
> *
> - * ECDSA implementations in u-boot are hardware-dependent. Until we have a
> - * software implementation that can be compiled into the sandbox, all we can
> - * test is the uclass support.
> + * ECDSA software implementation is tested in another test,
> + * so we only check that the UCLASS_ECDSA uclass may be used.
> *
> - * The uclass_get() test is redundant since ecdsa_verify() would also fail. We
> - * run both functions in order to isolate the cause more clearly. i.e. is
> - * ecdsa_verify() failing because the UCLASS is absent/broken?
> + * The data used in this test come from RFC6979 and use the
> + * sample with curve NIST P-256, hash sha256 and text "sample".
> */
> static int dm_test_ecdsa_verify(struct unit_test_state *uts)
> {
> struct uclass *ucp;
> + const char *full_name = "sha256,ecdsa256";
> + const char *name = "key-ecdsa-256";
> + const char *curve = "prime256v1";
> + const char *x = "60fed4ba255a9d31c961eb74c6356d68c049b8923b61fa6ce669622e60f29fb6";
> + const char *y = "7903fe1008b8bc99a41ae9e95628bc64f2f1b20c2d7e9f5177a3c294d4462299";
> + const char *r = "efd48b2aacb6a8fd1140dd9cd45e81d69d2c877b56aaf991c34d0ea84eaf3716";
> + const char *s = "f7cb1c942d657c41d436c7a1b6e29f65f3e900dbb9aff4064dc4ab2f843acda8";
> + u8 sig[64];
> + char fdt[FDT_MAX_SIZE];
>
> - struct checksum_algo algo = {
> - .checksum_len = 256,
> + struct image_region region[] = {
> + {
> + .data = "sample",
> + .size = strlen("sample"),
> + },
> };
>
> struct image_sign_info info = {
> - .checksum = &algo,
> + .checksum = image_get_checksum_algo(full_name),
> + .crypto = image_get_crypto_algo(full_name),
> + .required_keynode = -1,
> + .fdt_blob = fdt,
> };
>
> + ut_assertnonnull(info.checksum);
> + ut_assertnonnull(info.crypto);
> +
> + /* create a fdt with the public key */
> + ut_assertok(create_fdt_with_ecdsa_key(uts, fdt, sizeof(fdt), name, curve, x, y));
> +
> + /* prepare the signature */
> + ut_assertok(hex2bin(sig + 0, r, strlen(r) / 2));
> + ut_assertok(hex2bin(sig + 32, s, strlen(s) / 2));
> +
> ut_assertok(uclass_get(UCLASS_ECDSA, &ucp));
> ut_assertnonnull(ucp);
> - ut_asserteq(-ENODEV, ecdsa_verify(&info, NULL, 0, NULL, 0));
> + ut_assertok(ecdsa_verify(&info, region, 1, sig, sizeof(sig)));
>
> return 0;
> }
> +
> DM_TEST(dm_test_ecdsa_verify, UTF_SCAN_PDATA | UTF_SCAN_FDT);
> --
> 2.43.0
>
More information about the U-Boot
mailing list