On 13.09.24 09:59, Sascha Hauer wrote:
> This adds ECDSA signature verification support. The code is based on the
> Linux code as of Linux-6.10. The Linux code expects the key to be in
> ASN.1 encoded format. We don't need this in barebox as directly compile
> the x and y key values into the binary, so this is left out.
>
> Signed-off-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
Acked-by: Ahmad Fatoum <a.fatoum@xxxxxxxxxxxxxx>
Some minor comments below.
> diff --git a/crypto/public-keys.c b/crypto/public-keys.c
> index dc51ef18f8..bab608be17 100644
> --- a/crypto/public-keys.c
> +++ b/crypto/public-keys.c
> @@ -1,6 +1,7 @@
> #include <common.h>
> #include <crypto/public_key.h>
> #include <rsa.h>
> +#include <ecdsa.h>
We should perhaps move these two into crypto/ as well.
> diff --git a/include/crypto/public_key.h b/include/crypto/public_key.h
> index 1b91063042..ed7c74859f 100644
> --- a/include/crypto/public_key.h
> +++ b/include/crypto/public_key.h
> @@ -8,6 +8,7 @@ struct ecdsa_public_key;
>
> enum pulic_key_type {
s/pulic/public/
> PUBLIC_KEY_TYPE_RSA,
> + PUBLIC_KEY_TYPE_ECDSA,
> };
>
> struct public_key {
> diff --git a/include/ecdsa.h b/include/ecdsa.h
> new file mode 100644
> index 0000000000..1d6340c645
> --- /dev/null
> +++ b/include/ecdsa.h
> @@ -0,0 +1,42 @@
> +// SPDX-License-Identifier: GPL-2.0-only
> +#ifndef _ECDSA_H
> +#define _ECDSA_H
#include <linux/list.h>
#include <linux/types.h>
> +
> +struct ecdsa_public_key {
> + const char *curve_name; /* Name of curve, e.g. "prime256v1" */
> + const uint64_t *x; /* x coordinate of public key */
> + const uint64_t *y; /* y coordinate of public key */
> + unsigned int size_bits; /* key size in bits, derived from curve name */
> + struct list_head list;
> +};
Cheers,
Ahmad
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
