[PATCH v4 00/16] Add ECDSA support for FIT image verification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This series implements ECDSA signature verification for FIT images.
The ECDSA code itself is taken from the Kernel. Currently only supported
way to specify a ECDSA key is to compile it into the binary using
CONFIG_CRYPTO_PUBLIC_KEYS, taking it from a device tree is not yet
supported.
Since v2 this series unifies the way public keys are passed to barebox.
We now have a single Kconfig option which takes a list of public keys,
which can be either RSA or ECDSA keys.

Changes since v3:
- add patch to remove unnecessary dependencies from public-keys.h
- add commit message to "crypto: Makefile: make simpler"

Changes since v2:
- fix endianess problems when ECDSA keys are built for a machine with
  different endianess
- add struct public_key as a container for different key types
- make FIT image code use generic public key functions
- drop ECDSA dts snippet support (not needed, doesn't work)
- pass NULL to EVP_PKEY_get_utf8_string_param()

Sascha Hauer (16):
  keytoc: remove ECDSA dts support
  keytoc: fail in case gen_key() fails
  keytoc: fix ECDSA endianess problems
  keytoc: remove duplicate __ENV__ check
  crypto: Makefile: make simpler
  crypto/Makefile: Drop unnecessary dependencies
  keytoc: make key name hint optional
  crypto: rsa: include key name hint into CONFIG_CRYPTO_RSA_KEY
  crypto: rsa: encapsulate rsa keys in public keys struct
  crypto: add public_key functions
  crypto: builtin_keys: Allow to specify multiple keys in
    CONFIG_CRYPTO_PUBLIC_KEYS
  crypto: public-keys: use array of public_keys
  crypto: rsa: create static inline wrapper for rsa_verify()
  Add elliptic curve cryptography (ECC) helper functions
  crypto: add ECDSA support
  crypto: make RSA a visible option

 common/Kconfig                    |    1 -
 common/image-fit.c                |   20 +-
 crypto/Kconfig                    |   37 +-
 crypto/Makefile                   |   18 +-
 crypto/ecc.c                      | 1661 +++++++++++++++++++++++++++++
 crypto/ecc_curve_defs.h           |  155 +++
 crypto/ecdsa.c                    |  140 +++
 crypto/public-keys.c              |  107 ++
 crypto/rsa.c                      |   95 +-
 include/asm-generic/barebox.lds.h |   10 +-
 include/crypto/ecc_curve.h        |   62 ++
 include/crypto/ecdh.h             |   83 ++
 include/crypto/internal/ecc.h     |  278 +++++
 include/crypto/public_key.h       |   36 +
 include/ecdsa.h                   |   42 +
 include/rsa.h                     |   35 +-
 scripts/Makefile.lib              |    2 +-
 scripts/keytoc.c                  |  119 ++-
 18 files changed, 2716 insertions(+), 185 deletions(-)
 create mode 100644 crypto/ecc.c
 create mode 100644 crypto/ecc_curve_defs.h
 create mode 100644 crypto/ecdsa.c
 create mode 100644 crypto/public-keys.c
 create mode 100644 include/crypto/ecc_curve.h
 create mode 100644 include/crypto/ecdh.h
 create mode 100644 include/crypto/internal/ecc.h
 create mode 100644 include/crypto/public_key.h
 create mode 100644 include/ecdsa.h

-- 
2.39.2
[Index of Archives]     [Linux Embedded]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux