summaryrefslogtreecommitdiff
path: root/lib/ecdsa
AgeCommit message (Collapse)AuthorFilesLines
2024-03-07Check curve_name for null to avoid crashBob Wolff1-0/+5
If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent into the ecdsa verify. Without the ecdsa,curve property, this function will crash due to lack of checking the null pointer return. Signed-off-by: Bob Wolff <bob.wolff68@gmail.com>
2023-06-20mkimage: ecdsa: password for signing from environmentStefano Babic1-1/+15
Use a variable (MKIMAGE_SIGN_PASSWORD) like already done for RSA to allow the signing process to run in batch. Signed-off-by: Stefano Babic <sbabic@denx.de>
2022-07-07spl: Ensure all SPL symbols in Kconfig have some SPL dependencyTom Rini1-0/+1
Tighten up symbol dependencies in a number of places. Ensure that a SPL specific option has at least a direct dependency on SPL. In places where it's clear that we depend on something more specific, use that dependency instead. This means in a very small number of places we can drop redundant dependencies. Reported-by: Pali Rohár <pali@kernel.org> Signed-off-by: Tom Rini <trini@konsulko.com>
2022-01-26image: Return destination node for add_verify_data() methodSimon Glass1-2/+2
It is useful to know where the verification data was written. Update the API to return this. Signed-off-by: Simon Glass <sjg@chromium.org>
2021-12-26tools: avoid OpenSSL deprecation warningsHeinrich Schuchardt1-0/+2
Our Gitlab CI buildsystem is set up to treat warnings as errors. With OpenSSL 3.0 a lot of deprecation warnings occur. With the patch compatibility with OpenSSL 1.1.1 is declared. In the long run we should upgrade our code to use the current API. A -Wdiscarded-qualifiers warning is muted by casting. Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-08-16lib: ecdsa: Implement UCLASS_ECDSA verification on targetAlexandru Gagniuc3-0/+158
Implement the crypto_algo .verify() function for ecdsa256. Because it backends on UCLASS_ECDSA, this change is focused on parsing the keys from devicetree and passing this information to the specific UCLASS driver. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org> Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
2021-04-14lib/ecdsa: Use the 'keydir' argument from mkimage if appropriateAlexandru Gagniuc1-1/+13
Keys can be derived from keydir, and the "key-name-hint" property of the FIT. They can also be specified ad-literam via 'keyfile'. Update the ECDSA signing path to use the appropriate one. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
2021-04-14lib: Add support for ECDSA image signingAlexandru Gagniuc1-0/+306
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon now supporting hardware-accelerated ECDSA, it makes sense to expand signing support to elliptic curves. Implement host-side ECDSA signing and verification with libcrypto. Device-side implementation of signature verification is beyond the scope of this patch. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-23 03:48:48 +0000