On 1/13/21 10:10 AM, Simon Glass wrote:
On Thu, 7 Jan 2021 at 15:34, Alexandru Gagniuc <[email protected]> wrote:
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.
Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.
Signed-off-by: Alexandru Gagniuc <[email protected]>
---
common/image-sig.c | 11 +-
include/image.h | 3 +
include/u-boot/ecdsa.h | 94 +++++++++++
lib/ecdsa/ecdsa-libcrypto.c | 306 ++++++++++++++++++++++++++++++++++++
tools/Makefile | 3 +
5 files changed, 415 insertions(+), 2 deletions(-)
create mode 100644 include/u-boot/ecdsa.h
create mode 100644 lib/ecdsa/ecdsa-libcrypto.c
Reviewed-by: Simon Glass <[email protected]>
But you should check the return value of do_sign(). Why do you call
ecdsa_check_signature() afterwards? Can you not trust the library?
You are right that it's a redundant step. It's an automatic test for the
ecdsa_sig_encode_raw()/ecdsa_sig_from_raw() pair.
Alex
Regards,
Simon
