Hi Philippe, On Tue, Mar 31, 2026 at 6:00 AM Philippe Reynes <[email protected]> wrote: > > Adds an initial support of ecdsa verify using mbedtls. > > Signed-off-by: Philippe Reynes <[email protected]> > --- > v2: > - rename sw_ecdsa.c to ecdsa.c > v3: > - rename sw_ecdsa_verify to ecdsa_hash_verify > - stop on first group found > - check signature len > - use debug instead of printf > - check function returns > - fix memleaks in ecdsa_hash_verify > > include/crypto/internal/ecdsa.h | 14 ++++ > lib/mbedtls/Makefile | 3 + > lib/mbedtls/ecdsa.c | 141 ++++++++++++++++++++++++++++++++ > 3 files changed, 158 insertions(+) > create mode 100644 include/crypto/internal/ecdsa.h > create mode 100644 lib/mbedtls/ecdsa.c > > diff --git a/include/crypto/internal/ecdsa.h b/include/crypto/internal/ecdsa.h > new file mode 100644 > index 00000000000..d2edc006cc2 > --- /dev/null > +++ b/include/crypto/internal/ecdsa.h > @@ -0,0 +1,14 @@ > +/* SPDX-License-Identifier: GPL-2.0+ */ > +/* > + * Copyright (c) 2026, Philippe Reynes <[email protected]> > + */ > +#ifndef __ECDSA_HELPER > +#define __ECDSA_HELPER
Suggest to keep the same guard style as the existing one for RSA '_RSA_HELPER_'. > + > +struct ecdsa_public_key; > + > +int ecdsa_hash_verify(const struct ecdsa_public_key *pubkey, > + const void *hash, size_t hash_len, > + const void *signature, size_t sig_len); > + > +#endif > diff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile > index 5433e17cc64..6db06092cee 100644 > --- a/lib/mbedtls/Makefile > +++ b/lib/mbedtls/Makefile > @@ -11,6 +11,9 @@ obj-$(CONFIG_$(PHASE_)SHA1_MBEDTLS) += sha1.o > obj-$(CONFIG_$(PHASE_)SHA256_MBEDTLS) += sha256.o > obj-$(CONFIG_$(PHASE_)SHA512_MBEDTLS) += sha512.o > > +# shim layer for ecdsa > +obj-$(CONFIG_$(PHASE_)ECDSA_MBEDTLS) += ecdsa.o > + > # x509 libraries > obj-$(CONFIG_$(PHASE_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \ > public_key.o > diff --git a/lib/mbedtls/ecdsa.c b/lib/mbedtls/ecdsa.c > new file mode 100644 > index 00000000000..c2ba5c3d72b > --- /dev/null > +++ b/lib/mbedtls/ecdsa.c > @@ -0,0 +1,141 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Copyright (C) 2026 Philippe Reynes <[email protected]> > + */ > + > +#include <crypto/ecdsa-uclass.h> Should include the header you added: #include <crypto/internal/ecdsa.h> > +#include "mbedtls_options.h" /* required to access private fields */ I didn't find private member access in below code, please double confirm. If there is no private access, suggest removing this line. > +#include <mbedtls/ecdsa.h> > +#include <mbedtls/ecp.h> > + > +static mbedtls_ecp_group_id ecdsa_search_group_id(const char *curve_name) > +{ > + mbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE; > + const mbedtls_ecp_curve_info *info; > + > + if (!curve_name) > + goto out; > + > + if (!strcmp(curve_name, "prime256v1")) > + grp_id = MBEDTLS_ECP_DP_SECP256R1; As the statement 'stop on first group found', the grp_id should be returned here. if (!strcmp(curve_name, "prime256v1")) return MBEDTLS_ECP_DP_SECP256R1; > + > + info = mbedtls_ecp_curve_list(); > + while (info && info->name) { > + if (!strcmp(curve_name, info->name)) { > + grp_id = info->grp_id; > + break; > + } > + info++; > + } > + > + out: > + return grp_id; > +} > + > +int ecdsa_hash_verify(const struct ecdsa_public_key *pubkey, > + const void *hash, size_t hash_len, > + const void *signature, size_t sig_len) > +{ > + mbedtls_ecp_group_id grp_id; > + mbedtls_ecp_group grp; > + const unsigned char *buf = hash; > + size_t blen = hash_len; > + mbedtls_ecp_point Q; > + mbedtls_mpi r, s; > + int key_len; > + int err = -1; > + > + if (!(pubkey->size_bits % 8)) > + key_len = pubkey->size_bits / 8; > + else > + key_len = pubkey->size_bits / 8 + 1; Please use 'DIV_ROUND_UP(pubkey->size_bits, 8)'. > + > + /* check the signature len */ > + if (sig_len != 2 * key_len) { > + debug("%s: sig len should be twice the key len (sig len = > %ld, key len = %d)\n", > + __func__, sig_len, key_len); > + err = -EINVAL; > + goto out; > + } > + > + /* search the group */ > + grp_id = ecdsa_search_group_id(pubkey->curve_name); > + if (grp_id == MBEDTLS_ECP_DP_NONE) { > + debug("%s: curve name %s not found\n", > + __func__, pubkey->curve_name); > + err = -EINVAL; > + goto out; > + } > + > + /* init and load the group */ > + mbedtls_ecp_group_init(&grp); > + err = mbedtls_ecp_group_load(&grp, grp_id); > + if (err) { > + err = -EINVAL; > + goto out1; > + } > + > + /* prepare the pubkey */ > + mbedtls_ecp_point_init(&Q); > + err = mbedtls_mpi_read_binary(&Q.X, pubkey->x, key_len); > + if (err) { > + debug("%s: could not read value x of the public key (err = > %d)\n", > + __func__, err); > + err = -EINVAL; > + goto out2; > + } > + err = mbedtls_mpi_read_binary(&Q.Y, pubkey->y, key_len); > + if (err) { > + debug("%s: could not read value y of the public key (err = > %d)\n", > + __func__, err); > + err = -EINVAL; > + goto out2; > + } > + mbedtls_mpi_lset(&Q.Z, 1); The return code from mbedtls_mpi_lset needs to be checked here. > + > + /* check if the pubkey is valid */ > + err = mbedtls_ecp_check_pubkey(&grp, &Q); > + if (err < 0) { if (err) > + debug("%s: public key is invalid (err = %d)\n", __func__, > err); > + err = -EKEYREJECTED; > + goto out2; > + } > + > + /* compute r */ > + mbedtls_mpi_init(&r); > + err = mbedtls_mpi_read_binary(&r, signature, key_len); > + if (err) { > + debug("%s: could not read value r of the signature (err = > %d)\n", > + __func__, err); > + err = -EINVAL; > + goto out3; > + } > + > + /* compute s */ > + mbedtls_mpi_init(&s); > + err = mbedtls_mpi_read_binary(&s, (unsigned char *)signature + > key_len, > + key_len); The casting of 'signature' is not needed. Regards, Raymond > + if (err) { > + debug("%s: could not read value s of the signature (err = > %d)\n", > + __func__, err); > + err = -EINVAL; > + goto out4; > + } > + > + /* check the signature */ > + err = mbedtls_ecdsa_verify(&grp, buf, blen, &Q, &r, &s); > + if (err) > + err = -EINVAL; > + > + out4: > + mbedtls_mpi_free(&s); > + out3: > + mbedtls_mpi_free(&r); > + out2: > + mbedtls_ecp_point_free(&Q); > + out1: > + mbedtls_ecp_group_free(&grp); > + out: > + > + return err; > +} > -- > 2.43.0 >
