From patchwork Mon Jan 11 15:41:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Alex G." X-Patchwork-Id: 1424691 X-Patchwork-Delegate: patrick.delaunay73@gmail.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=RJ58a1pa; dkim-atps=neutral Received: from phobos.denx.de (unknown [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4DDyd75dbxz9srZ for ; Tue, 12 Jan 2021 02:42:19 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id B71C38271C; Mon, 11 Jan 2021 16:41:51 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="RJ58a1pa"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 5EC758274E; Mon, 11 Jan 2021 16:41:45 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from mail-ot1-x32c.google.com (mail-ot1-x32c.google.com [IPv6:2607:f8b0:4864:20::32c]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id BF59E826D3 for ; Mon, 11 Jan 2021 16:41:41 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=mr.nuke.me@gmail.com Received: by mail-ot1-x32c.google.com with SMTP id b24so96570otj.0 for ; Mon, 11 Jan 2021 07:41:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=puHAstfGS5Zqey48UVkD2/Zru3gLar5jVOkNrkVf0Nk=; b=RJ58a1pacho2HOT1LE5QTYf4IE2Um6RPSQ7DbvsL8WTmqJ/UkvKfrG8VpG0A49UAFA nne5zLykB24LfMx0jRX+kzjoqHVbh15nwdRJkJrR38S48MZKiVkWPsd/md6fZidNG5Ab QlZAL0zRsKSp1+v1wkWlY0qLhVHwIkqq/rB65BhfHYdfAH8nyAlQ4oEyMa0lHdIBSYz7 KCVFimFQcz2E6REc9pMcGgf9lCMUSv1CWPw3etYH/C+ZvXT+YXD3lGJZ5tYPUCqoKgjy UlFspIk8Z5H9VyFzcijtIggt/SDd0aSIcRlHgYL+Ky3EUccvVIXZ5NN8t+/z2VpzwdEU FJrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=puHAstfGS5Zqey48UVkD2/Zru3gLar5jVOkNrkVf0Nk=; b=ch15r58h5L8OvAqjeoSsEROudwoy12SPFptg2sZLv8spCthVSjjSh5UYwe72GmNa/l S/67/RIB6qQPywDJfyT7f99bukMP4PE41ELhi0H0/7r8Jjc5s7VequB3tuQyQ2ZBzT0U bnrp8lQKC5RuFDq7Tkzq+nB7gyrZFIl5gmhQnnG20OV/YRahDzlJi9+lbQctFRu191FY vJkisNUlaqRHg/v11781ayppTGaF78U8C27YIjpSPnVD0C1cl1sY03rgy9nE9J73WFUe 2MPylu2twMsC5S8llRkhWzsv7yOhpYtUdDoUN2UEbvgTe3ENo1at6MvV0uH8kOidLgE7 T4Lg== X-Gm-Message-State: AOAM533yD9O+EiOBE5WKWC7G36m10j12UTJDYxZGupp1spu6013TGxyv JJw8YPdgKV43eHJ9CN64wBKQE3gCZZ/tHg== X-Google-Smtp-Source: ABdhPJxwkJ7IEhB7F/k/QyHybl9P2Ugbfxx1i2bYNXaNIzQ7sv7gWBWgEUwKPRQngLqRCCEMwl1gXQ== X-Received: by 2002:a9d:6f82:: with SMTP id h2mr11532879otq.276.1610379700136; Mon, 11 Jan 2021 07:41:40 -0800 (PST) Received: from nuclearis2-1.lan (c-98-195-139-126.hsd1.tx.comcast.net. [98.195.139.126]) by smtp.gmail.com with ESMTPSA id k10sm16690otn.71.2021.01.11.07.41.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 Jan 2021 07:41:39 -0800 (PST) From: Alexandru Gagniuc To: u-boot@lists.denx.de, sjg@chromium.org Cc: Alexandru Gagniuc , trini@konsulko.com, marex@denx.de Subject: [PATCH 1/5] dm: crypto: Define UCLASS API for ECDSA signature verification Date: Mon, 11 Jan 2021 09:41:33 -0600 Message-Id: <20210111154137.621732-2-mr.nuke.me@gmail.com> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20210111154137.621732-1-mr.nuke.me@gmail.com> References: <20210111154137.621732-1-mr.nuke.me@gmail.com> MIME-Version: 1.0 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.34 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.102.3 at phobos.denx.de X-Virus-Status: Clean Define a UCLASS API for verifying ECDSA signatures. Unlike UCLASS_MOD_EXP, which focuses strictly on modular exponentiation, the ECDSA class focuses on verification. This is done so that it better aligns with mach-specific implementations, such as stm32mp. Signed-off-by: Alexandru Gagniuc --- include/crypto/ecdsa-uclass.h | 39 +++++++++++++++++++++++++++++++++++ include/dm/uclass-id.h | 1 + 2 files changed, 40 insertions(+) create mode 100644 include/crypto/ecdsa-uclass.h diff --git a/include/crypto/ecdsa-uclass.h b/include/crypto/ecdsa-uclass.h new file mode 100644 index 0000000000..189843820a --- /dev/null +++ b/include/crypto/ecdsa-uclass.h @@ -0,0 +1,39 @@ +/* SPDX-License-Identifier: GPL-2.0+ */ +/* + * Copyright (c) 2020, Alexandru Gagniuc + */ + +#include + +/** + * struct ecdsa_public_key - ECDSA public key properties + * + * The struct has pointers to the (x, y) curve coordinates to an ECDSA public + * key, as well as the name of the ECDSA curve. The size of the key is inferred + * from the 'curve_name' + */ +struct ecdsa_public_key { + const char *curve_name; /* Name of curve, e.g. "prime256v1" */ + const void *x; /* x coordinate of public key */ + const void *y; /* y coordinate of public key */ + unsigned int size_bits; /* key size in bits, derived from curve name */ +}; + +struct ecdsa_ops { + /** + * Verify signature of hash against given public key + * + * @dev: ECDSA Device + * @pubkey: ECDSA public key + * @hash: Hash of binary image + * @hash_len: Length of hash in bytes + * @signature: Signature in a raw (R, S) point pair + * @sig_len: Length of signature in bytes + * + * This function verifies that the 'signature' of the given 'hash' was + * signed by the private key corresponding to 'pubkey'. + */ + int (*verify)(struct udevice *dev, const struct ecdsa_public_key *pubkey, + const void *hash, size_t hash_len, + const void *signature, size_t sig_len); +}; diff --git a/include/dm/uclass-id.h b/include/dm/uclass-id.h index e952a9967c..de4f5db086 100644 --- a/include/dm/uclass-id.h +++ b/include/dm/uclass-id.h @@ -45,6 +45,7 @@ enum uclass_id { UCLASS_DISPLAY, /* Display (e.g. DisplayPort, HDMI) */ UCLASS_DSI_HOST, /* Display Serial Interface host */ UCLASS_DMA, /* Direct Memory Access */ + UCLASS_ECDSA, /* Elliptic curve cryptographic device */ UCLASS_EFI, /* EFI managed devices */ UCLASS_ETH, /* Ethernet device */ UCLASS_ETH_PHY, /* Ethernet PHY device */