Update on current progress on U-Boot ECDSA verification: I've isolated the OpenSSL code required to verify a signature signed with the nistp256v1 curve, and I've written a small test program to show that the code works without any external dependencies [1]. Currently fitting the code into Alex's fork of U-Boot.
Question for Alex, I see your repo has a few branches related to ECDSA (patch-ecdsa-v[1-5], patch-mkimage-keyfile-v{1,2}). You sent me a link to 'patch-ecdsa-v1' in a previous email, is that the one that's being upstreamed? Should I be working off a different branch or is that one ok?
Tim
[1] https://github.com/timr11/openssl-ecdsa-verify
On 2021-03-30 2:27 p.m., Tim Romanski wrote:
On 3/30/21 2:17PM, Alexandru Gagniuc mr.nuke.me@gmail.com wrote:
I don't have any updates from Tim that you don't. I assume he's still silently hacking at it.
Yep, I'm working on a software implementation of ECDSA. Currently have the OpenSSL implementation for the nistp256 curve isolated, debugging a test program that verifies a signature on data that was randomly generated, then will need to clean up unnecessary code and fit it into U-Boot.
CC'd my @linux.microsoft.com email, I prefer to use that one from now on.
All the best, Tim
-----Original Message----- From: Alex G. mr.nuke.me@gmail.com Sent: March 29, 2021 2:43 PM To: Simon Glass sjg@chromium.org Cc: U-Boot Mailing List u-boot@lists.denx.de; Tom Rini trini@konsulko.com; Tim Romanski t-tromanski@microsoft.com Subject: [EXTERNAL] Re: [PATCH v2 6/6] test: dm: Add test for ECDSA UCLASS support
- Tim
On 3/29/21 2:43 AM, Simon Glass wrote:
Hi Alexandru,
On Tue, 16 Mar 2021 at 13:24, Alexandru Gagniuc mr.nuke.me@gmail.com wrote:
This test verifies that ECDSA_UCLASS is implemented, and that ecdsa_verify() works as expected. The definition of "expected" is "does not find a device, and returns -ENODEV".
The lack of a hardware-independent ECDSA implementation prevents us from having one in the sandbox, for now.
Yes we do need a software impl at some point. Any update on that?
I don't have any updates from Tim that you don't. I assume he's still silently hacking at it.
Alex