On Fri, Apr 23, 2021 at 01:03:25PM -0400, Tim Romanski wrote: > Update on ECDSA verification progress, I've forked Alex's repo and have > included my changes in the 'ecdsa-vrf-1' branch [1]. This includes the > isolated OpenSSL code for verification, and I split up the > lib/ecdsa/ecdsa-libcrypto.c file into lib/ecdsa/ecdsa-sign.c and > lib/ecdsa/ecdsa-verify.c. I've also included unit tests under > test/py/tests/test_vboot_ecdsa.py, which test ECDSA with the sha1 and sha256 > digest algos. There are some outstanding changes to be made before it's > ready for review, mainly cleaning up the OpenSSL code as it has redundant > code still included though it works without any additional dependencies, and > better integration with U-Boot's build system. Currently I've added a new > Kconfig setting to turn on ECDSA signing/verification called > "CONFIG_FIT_SIGNATURE_ECDSA" in common/Kconfig.boot which sets config > options "CONFIG_ECDSA" and "CONFIG_ECDSA_VERIFY". This is done mainly to > replicate how the RSA config was setup, though creating > "CONFIG_FIT_SIGNATURE_ECDSA" separate from "CONFIG_FIT_SIGNATURE" feels > messy, there's probably a better approach. > > Today is also my last day at my internship. Deskin, a team member of mine at > Microsoft who was keeping an eye on the project, will be the main point of > contact from here ([email protected]) though I can also be reached > at [email protected] (CC'd) and will be responsive if there are any > questions. > > All the best,
Thanks for all your effort on this! -- Tom
signature.asc
Description: PGP signature
