diff options
| author | Alexandru Gagniuc | 2021-02-19 12:45:12 -0600 |
|---|---|---|
| committer | Tom Rini | 2021-04-14 15:06:08 -0400 |
| commit | ed6c9e0b6668a05d62f5d1b75aecaf246ba51042 (patch) | |
| tree | e8e4fe47b24fe1c25fb3dffb79d25276864dd4a9 /common | |
| parent | 4c17e5f69170bf033df7b4f1a2b87fa72f18aaf5 (diff) | |
lib: Add support for ECDSA image signing
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.
Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Diffstat (limited to 'common')
| -rw-r--r-- | common/image-sig.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/common/image-sig.c b/common/image-sig.c index 54f0eb2019a..0f8e592aba7 100644 --- a/common/image-sig.c +++ b/common/image-sig.c @@ -16,6 +16,7 @@ DECLARE_GLOBAL_DATA_PTR; #endif /* !USE_HOSTCC*/ #include <image.h> +#include <u-boot/ecdsa.h> #include <u-boot/rsa.h> #include <u-boot/hash-checksum.h> @@ -83,8 +84,14 @@ struct crypto_algo crypto_algos[] = { .sign = rsa_sign, .add_verify_data = rsa_add_verify_data, .verify = rsa_verify, - } - + }, + { + .name = "ecdsa256", + .key_len = ECDSA256_BYTES, + .sign = ecdsa_sign, + .add_verify_data = ecdsa_add_verify_data, + .verify = ecdsa_verify, + }, }; struct padding_algo padding_algos[] = { |