u-boot.git/lib/ecdsa, branch v2024.07 Unnamed repository; edit this file 'description' to name the repository. Check curve_name for null to avoid crash 2024-03-07T12:41:41+00:00 Bob Wolff bob.wolff68@gmail.com 2024-02-27T23:57:03+00:00 9522956605205d23fe99142547ca3227574d418a If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent into the ecdsa verify. Without the ecdsa,curve property, this function will crash due to lack of checking the null pointer return. Signed-off-by: Bob Wolff <bob.wolff68@gmail.com> 
If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent
into the ecdsa verify. Without the ecdsa,curve property, this function will
crash due to lack of checking the null pointer return.

Signed-off-by: Bob Wolff <bob.wolff68@gmail.com>
mkimage: ecdsa: password for signing from environment 2023-06-20T20:08:13+00:00 Stefano Babic sbabic@denx.de 2023-05-25T08:18:05+00:00 50195a23468e3a8a32cba8534d76627b5d189551 Use a variable (MKIMAGE_SIGN_PASSWORD) like already done for RSA to allow the signing process to run in batch. Signed-off-by: Stefano Babic <sbabic@denx.de> 
Use a variable (MKIMAGE_SIGN_PASSWORD) like already done for RSA to
allow the signing process to run in batch.

Signed-off-by: Stefano Babic <sbabic@denx.de>
spl: Ensure all SPL symbols in Kconfig have some SPL dependency 2022-07-07T13:29:08+00:00 Tom Rini trini@konsulko.com 2022-06-11T03:03:09+00:00 b340199f828e7d57945785b698ff97469972d1ca Tighten up symbol dependencies in a number of places. Ensure that a SPL specific option has at least a direct dependency on SPL. In places where it's clear that we depend on something more specific, use that dependency instead. This means in a very small number of places we can drop redundant dependencies. Reported-by: Pali Rohár <pali@kernel.org> Signed-off-by: Tom Rini <trini@konsulko.com> 
Tighten up symbol dependencies in a number of places.  Ensure that a SPL
specific option has at least a direct dependency on SPL.  In places
where it's clear that we depend on something more specific, use that
dependency instead.  This means in a very small number of places we can
drop redundant dependencies.

Reported-by: Pali Rohár <pali@kernel.org>
Signed-off-by: Tom Rini <trini@konsulko.com>
image: Return destination node for add_verify_data() method 2022-01-26T15:50:44+00:00 Simon Glass sjg@chromium.org 2021-11-12T19:28:11+00:00 c033dc8c0c4b744e028e124f88be4829309c75d1 It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org> 
It is useful to know where the verification data was written. Update the
API to return this.

Signed-off-by: Simon Glass <sjg@chromium.org>
tools: avoid OpenSSL deprecation warnings 2021-12-26T05:57:20+00:00 Heinrich Schuchardt heinrich.schuchardt@canonical.com 2021-12-18T10:25:12+00:00 3a8b919932fdf07b6fefc1e76abb086984909be9 Our Gitlab CI buildsystem is set up to treat warnings as errors. With OpenSSL 3.0 a lot of deprecation warnings occur. With the patch compatibility with OpenSSL 1.1.1 is declared. In the long run we should upgrade our code to use the current API. A -Wdiscarded-qualifiers warning is muted by casting. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com> 
Our Gitlab CI buildsystem is set up to treat warnings as errors.
With OpenSSL 3.0 a lot of deprecation warnings occur.

With the patch compatibility with OpenSSL 1.1.1 is declared.
In the long run we should upgrade our code to use the current API.

A -Wdiscarded-qualifiers warning is muted by casting.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
lib: ecdsa: Implement UCLASS_ECDSA verification on target 2021-08-16T08:49:35+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-07-29T16:47:16+00:00 928a8be79480b0e2ea2461a7b2533d3e71bcb3e6 Implement the crypto_algo .verify() function for ecdsa256. Because it backends on UCLASS_ECDSA, this change is focused on parsing the keys from devicetree and passing this information to the specific UCLASS driver. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com> 
Implement the crypto_algo .verify() function for ecdsa256. Because
it backends on UCLASS_ECDSA, this change is focused on parsing the
keys from devicetree and passing this information to the specific
UCLASS driver.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
lib/ecdsa: Use the 'keydir' argument from mkimage if appropriate 2021-04-14T19:23:01+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:19+00:00 eb22759e2be9c45b0f39ee7ab028e6e4144ce629 Keys can be derived from keydir, and the "key-name-hint" property of the FIT. They can also be specified ad-literam via 'keyfile'. Update the ECDSA signing path to use the appropriate one. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the ECDSA signing path to use the appropriate one.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib: Add support for ECDSA image signing 2021-04-14T19:06:08+00:00 Alexandru Gagniuc mr.nuke.me@gmail.com 2021-02-19T18:45:12+00:00 ed6c9e0b6668a05d62f5d1b75aecaf246ba51042 mkimage supports rsa2048, and rsa4096 signatures. With newer silicon now supporting hardware-accelerated ECDSA, it makes sense to expand signing support to elliptic curves. Implement host-side ECDSA signing and verification with libcrypto. Device-side implementation of signature verification is beyond the scope of this patch. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> 
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.

Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>