Hi Alexandru, On Tue, 16 Mar 2021 at 13:24, Alexandru Gagniuc <mr.nuke...@gmail.com> wrote: > > Prepare the source tree for accepting implementations of the ECDSA > algorithm. This patch deals with the boring aspects of Makefiles and > Kconfig files. > > Signed-off-by: Alexandru Gagniuc <mr.nuke...@gmail.com> > --- > include/image.h | 10 +++++----- > include/u-boot/rsa.h | 2 +- > lib/Kconfig | 1 + > lib/Makefile | 1 + > lib/ecdsa/Kconfig | 23 +++++++++++++++++++++++ > lib/ecdsa/Makefile | 1 + > lib/ecdsa/ecdsa-verify.c | 13 +++++++++++++ > 7 files changed, 45 insertions(+), 6 deletions(-) > create mode 100644 lib/ecdsa/Kconfig > create mode 100644 lib/ecdsa/Makefile > create mode 100644 lib/ecdsa/ecdsa-verify.c > > diff --git a/include/image.h b/include/image.h > index b5bcf08e61..800d981f03 100644 > --- a/include/image.h > +++ b/include/image.h > @@ -1219,20 +1219,20 @@ int calculate_hash(const void *data, int data_len, > const char *algo, > #if defined(USE_HOSTCC) > # if defined(CONFIG_FIT_SIGNATURE) > # define IMAGE_ENABLE_SIGN 1 > -# define IMAGE_ENABLE_VERIFY 1 > +# define IMAGE_ENABLE_VERIFY_RSA 1 > # define IMAGE_ENABLE_VERIFY_ECDSA 1 > # define FIT_IMAGE_ENABLE_VERIFY 1 > # include <openssl/evp.h> > # else > # define IMAGE_ENABLE_SIGN 0 > -# define IMAGE_ENABLE_VERIFY 0 > +# define IMAGE_ENABLE_VERIFY_RSA 0 > # define IMAGE_ENABLE_VERIFY_ECDSA 0 > # define FIT_IMAGE_ENABLE_VERIFY 0 > # endif > #else > # define IMAGE_ENABLE_SIGN 0 > -# define IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(RSA_VERIFY) > -# define IMAGE_ENABLE_VERIFY_ECDSA 0 > +# define IMAGE_ENABLE_VERIFY_RSA CONFIG_IS_ENABLED(RSA_VERIFY) > +# define IMAGE_ENABLE_VERIFY_ECDSA CONFIG_IS_ENABLED(ECDSA_VERIFY) > # define FIT_IMAGE_ENABLE_VERIFY CONFIG_IS_ENABLED(FIT_SIGNATURE) > #endif > > @@ -1288,7 +1288,7 @@ struct image_region { > int size; > }; > > -#if IMAGE_ENABLE_VERIFY > +#if FIT_IMAGE_ENABLE_VERIFY > # include <u-boot/hash-checksum.h> > #endif > struct checksum_algo { > diff --git a/include/u-boot/rsa.h b/include/u-boot/rsa.h > index bed1c097c2..eb258fca4c 100644 > --- a/include/u-boot/rsa.h > +++ b/include/u-boot/rsa.h > @@ -81,7 +81,7 @@ static inline int rsa_add_verify_data(struct > image_sign_info *info, > } > #endif > > -#if IMAGE_ENABLE_VERIFY > +#if IMAGE_ENABLE_VERIFY_RSA > /** > * rsa_verify_hash() - Verify a signature against a hash > * > diff --git a/lib/Kconfig b/lib/Kconfig > index 7288340614..48895e4e4f 100644 > --- a/lib/Kconfig > +++ b/lib/Kconfig > @@ -295,6 +295,7 @@ config AES > supported by the algorithm but only a 128-bit key is supported at > present. > > +source lib/ecdsa/Kconfig > source lib/rsa/Kconfig > source lib/crypto/Kconfig > > diff --git a/lib/Makefile b/lib/Makefile > index 1d4b7d3aad..de55914f52 100644 > --- a/lib/Makefile > +++ b/lib/Makefile > @@ -59,6 +59,7 @@ endif > > obj-$(CONFIG_$(SPL_)ACPIGEN) += acpi/ > obj-$(CONFIG_$(SPL_)MD5) += md5.o > +obj-$(CONFIG_ECDSA) += ecdsa/ > obj-$(CONFIG_$(SPL_)RSA) += rsa/ > obj-$(CONFIG_FIT_SIGNATURE) += hash-checksum.o > obj-$(CONFIG_SHA1) += sha1.o > diff --git a/lib/ecdsa/Kconfig b/lib/ecdsa/Kconfig > new file mode 100644 > index 0000000000..1244d6b6ea > --- /dev/null > +++ b/lib/ecdsa/Kconfig > @@ -0,0 +1,23 @@ > +config ECDSA > + bool "Enable ECDSA support" > + depends on DM > + help > + This enables the ECDSA algorithm for FIT image verification in > U-Boot. > + See doc/uImage.FIT/signature.txt for more details. > + The ECDSA algorithm is implemented using the driver model. So > + CONFIG_DM is required by this library. > + ECDSA is enabled for mkimage regardless of this option.
drop extra space before option Can you write out ECDSA in full once, briefly mention what it is and perhaps a link to more info? > + > +if ECDSA > + > +config ECDSA_VERIFY > + bool "Enable ECDSA verification support in U-Boot." > + help > + Allow ECDSA signatures to be recognized and verified in U-Boot. > + > +config SPL_ECDSA_VERIFY > + bool "Enable ECDSA verification support in SPL" > + help > + Allow ECDSA signatures to be recognized and verified in SPL. > + > +endif > diff --git a/lib/ecdsa/Makefile b/lib/ecdsa/Makefile > new file mode 100644 > index 0000000000..771d6d3135 > --- /dev/null > +++ b/lib/ecdsa/Makefile > @@ -0,0 +1 @@ > +obj-$(CONFIG_$(SPL_)ECDSA_VERIFY) += ecdsa-verify.o > diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c > new file mode 100644 > index 0000000000..d2e6a40f4a > --- /dev/null > +++ b/lib/ecdsa/ecdsa-verify.c > @@ -0,0 +1,13 @@ > +// SPDX-License-Identifier: GPL-2.0+ > +/* > + * Copyright (c) 2020, Alexandru Gagniuc <mr.nuke...@gmail.com> > + */ > + > +#include <u-boot/ecdsa.h> > + > +int ecdsa_verify(struct image_sign_info *info, > + const struct image_region region[], int region_count, > + uint8_t *sig, uint sig_len) > +{ > + return -EOPNOTSUPP; > +} > -- > 2.26.2 > Regards,Simon