{"id":2225950,"url":"http://patchwork.ozlabs.org/api/patches/2225950/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/patch/20260421210954.1170437-4-philippe.reynes@softathome.com/","project":{"id":18,"url":"http://patchwork.ozlabs.org/api/projects/18/?format=json","name":"U-Boot","link_name":"uboot","list_id":"u-boot.lists.denx.de","list_email":"u-boot@lists.denx.de","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260421210954.1170437-4-philippe.reynes@softathome.com>","list_archive_url":null,"date":"2026-04-21T21:09:42","name":"[v5,03/15] ecdsa: initial support of ecdsa using mbedtls","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"e76ab0470250cd76724fc136a79ec3b2c134712b","submitter":{"id":74351,"url":"http://patchwork.ozlabs.org/api/people/74351/?format=json","name":"Philippe Reynes","email":"philippe.reynes@softathome.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/uboot/patch/20260421210954.1170437-4-philippe.reynes@softathome.com/mbox/","series":[{"id":500895,"url":"http://patchwork.ozlabs.org/api/series/500895/?format=json","web_url":"http://patchwork.ozlabs.org/project/uboot/list/?series=500895","date":"2026-04-21T21:09:51","name":"add software ecdsa support","version":5,"mbox":"http://patchwork.ozlabs.org/series/500895/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2225950/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2225950/checks/","tags":{},"related":[],"headers":{"Return-Path":"<u-boot-bounces@lists.denx.de>","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":"patchwork-incoming@legolas.ozlabs.org","Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.a=rsa-sha256 header.s=selector1-softathome1-onmicrosoft-com\n header.b=jWbEVKGW;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de\n (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de;\n envelope-from=u-boot-bounces@lists.denx.de; receiver=patchwork.ozlabs.org)","phobos.denx.de;\n dmarc=none (p=none dis=none) header.from=softathome.com","phobos.denx.de;\n spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de","phobos.denx.de;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=softathome1.onmicrosoft.com header.i=@softathome1.onmicrosoft.com\n header.b=\"jWbEVKGW\";\n\tdkim-atps=neutral","phobos.denx.de; dmarc=none (p=none dis=none)\n header.from=softathome.com","phobos.denx.de;\n spf=pass smtp.mailfrom=philippe.reynes@softathome.com"],"Received":["from phobos.denx.de (phobos.denx.de\n [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0ZlJ3Ds3z1yGs\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 22 Apr 2026 07:10:52 +1000 (AEST)","from h2850616.stratoserver.net (localhost [IPv6:::1])\n\tby phobos.denx.de (Postfix) with ESMTP id A34EB83FFA;\n\tTue, 21 Apr 2026 23:10:27 +0200 (CEST)","by phobos.denx.de (Postfix, from userid 109)\n id B558D842FC; Tue, 21 Apr 2026 23:10:10 +0200 (CEST)","from PA5P264CU001.outbound.protection.outlook.com\n (mail-francecentralazlp170100000.outbound.protection.outlook.com\n [IPv6:2a01:111:f403:c20a::])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))\n (No client certificate requested)\n by phobos.denx.de (Postfix) with ESMTPS id 4C88683FFA\n for <u-boot@lists.denx.de>; Tue, 21 Apr 2026 23:10:01 +0200 (CEST)","from PAYP264CA0024.FRAP264.PROD.OUTLOOK.COM (2603:10a6:102:11f::11)\n by MRZP264MB3193.FRAP264.PROD.OUTLOOK.COM (2603:10a6:501:1a::14) with\n Microsoft SMTP Server (version=TLS1_2,\n cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9846.17; Tue, 21 Apr\n 2026 21:09:57 +0000","from PA3PEPF000089B9.FRAP264.PROD.OUTLOOK.COM\n (2603:10a6:102:11f:cafe::7e) by PAYP264CA0024.outlook.office365.com\n (2603:10a6:102:11f::11) with Microsoft SMTP Server (version=TLS1_3,\n cipher=TLS_AES_256_GCM_SHA384) id 15.20.9791.48 via Frontend Transport; Tue,\n 21 Apr 2026 21:09:57 +0000","from proxy.softathome.com (149.6.166.170) by\n PA3PEPF000089B9.mail.protection.outlook.com (10.167.242.21) with Microsoft\n SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9846.18\n via Frontend Transport; Tue, 21 Apr 2026 21:09:57 +0000","from sah1lpt726.softathome.com (unknown [192.168.72.32])\n by proxy.softathome.com (Postfix) with ESMTPSA id ED50A20931;\n Tue, 21 Apr 2026 23:09:56 +0200 (CEST)"],"X-Spam-Checker-Version":"SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de","X-Spam-Level":"","X-Spam-Status":"No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,\n DKIM_VALID,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_PASS,SPF_PASS autolearn=ham\n autolearn_force=no version=3.4.2","ARC-Seal":"i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;\n b=J8MRsE2KtbTPpnDZ1hg0jpKd7xlKTRIaZBm0JLQEsloA/s6RBe2y5BE89sE+a5GUQcAJKg93WeZwEm5WHZuumK+jVERe3M/cFVp2yoAhxPTUm2bkKEUF7i0+BKCTQYmGhZrSjRhI6Ut3NI9Yr/XqSFx7ACGsQbflW6qgg19R3qamuRC0O/elODlr5K5M39d++d9WJ/jQ8J2xX7nn4OT80bj1V8SlDo5Y/ZEsDNiHFzFbeBJ4UkLIKEVU+lP4Xdv8g5P6ppXRtIJrPGFZ0CTnAYsZ/j7PsbDADdc6tUBS1De+oXVZmvK+lZOa+Xv9ni9P056CaNbLFqO5elwP0ixMPQ==","ARC-Message-Signature":"i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;\n s=arcselector10001;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;\n bh=TRysJCb1krZYgkjQxUd3ru6dQkUb9EwAJmtzE/bfLRY=;\n b=ANQvgGOrNCxvRcErjhyT4NF+SMF+iL959iqozRAkOsjebkNTZFiOQyhaNIuY4FBSEgw97wxR1xCGuf+cwPOyrRTEpfSsssr3oBtSO+fMNv/U3jQc9fgDldYYqH5r8Pc0eTL7yBz3DMyxa5z2QiexCS51uCeqgn43sLThnSZP5Vz1yJwA1/x5/tAExsIYQ9ktMaerELeVqXFZY/2xYNxYOvPWl8ebj129LEx8mTRcBLkI35j4W8TAKpaGxAJKpY4iCnEkk1TlDpPLDqBJ9J6o1tvJT+Yq21H0aNWzStMYgKT5uVCw8orPTU9mMoebSbKB5UjvRnFl12DnOcDuVBGPPg==","ARC-Authentication-Results":"i=1; mx.microsoft.com 1; spf=pass (sender ip is\n 149.6.166.170) smtp.rcpttodomain=canonical.com smtp.mailfrom=softathome.com;\n dmarc=bestguesspass action=none header.from=softathome.com; dkim=none\n (message not signed); arc=none (0)","DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=softathome1.onmicrosoft.com; s=selector1-softathome1-onmicrosoft-com;\n h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;\n bh=TRysJCb1krZYgkjQxUd3ru6dQkUb9EwAJmtzE/bfLRY=;\n b=jWbEVKGW7RC+X94MT07ghfWzkCY9+QROtXIfdwqb0SqTcQ22OXIDMSPnzt6WJCsd3RdNKdBDVY0mYQ0iIJOYPPkjjhVCmZBQIxKj1TWd9L5+B5B6WiSR40mZ95ZseGJRGL0miq6rYh+2UxlTrpm98vPj0WaZJ497o4+mmEfWTMQZ9KtaxDSy8SSKb82k2a2+2MSxuKs+cPL/sBuauaGgZXDALg2VFxXLsEdXHQoP07UxODE1ahsiUTMG1x166QkrWdKUd25zEFohf1bdLw44kCwjAclUnTeAoiOztjnjFpQSfXf/Y/f49ohg+9ZPhnYFoC70hAtrnnEVhzuHmZ/4Pg==","X-MS-Exchange-Authentication-Results":"spf=pass (sender IP is 149.6.166.170)\n smtp.mailfrom=softathome.com; dkim=none (message not signed)\n header.d=none;dmarc=bestguesspass action=none header.from=softathome.com;","Received-SPF":"Pass (protection.outlook.com: domain of softathome.com\n designates 149.6.166.170 as permitted sender)\n receiver=protection.outlook.com; client-ip=149.6.166.170;\n helo=proxy.softathome.com; pr=C","From":"Philippe Reynes <philippe.reynes@softathome.com>","To":"marko.makela@iki.fi, jonny.green@keytechinc.com, raymondmaoca@gmail.com,\n trini@konsulko.com, simon.glass@canonical.com","Cc":"u-boot@lists.denx.de,\n\tPhilippe Reynes <philippe.reynes@softathome.com>","Subject":"[PATCH v5 03/15] ecdsa: initial support of ecdsa using mbedtls","Date":"Tue, 21 Apr 2026 23:09:42 +0200","Message-ID":"<20260421210954.1170437-4-philippe.reynes@softathome.com>","X-Mailer":"git-send-email 2.43.0","In-Reply-To":"<20260421210954.1170437-1-philippe.reynes@softathome.com>","References":"<20260421210954.1170437-1-philippe.reynes@softathome.com>","MIME-Version":"1.0","Content-Transfer-Encoding":"8bit","X-EOPAttributedMessage":"0","X-MS-PublicTrafficType":"Email","X-MS-TrafficTypeDiagnostic":"PA3PEPF000089B9:EE_|MRZP264MB3193:EE_","Content-Type":"text/plain","X-MS-Office365-Filtering-Correlation-Id":"b3b240fe-c708-4daf-9577-08de9fea5776","X-MS-Exchange-SenderADCheck":"1","X-MS-Exchange-AntiSpam-Relay":"0","X-Microsoft-Antispam":"BCL:0;\n ARA:13230040|36860700016|376014|82310400026|1800799024|56012099003|22082099003|18002099003;","X-Microsoft-Antispam-Message-Info":"\n oiP136Gw1WUshvDEWfi+P1Hpz3BXfxLXpdmTeaY9+t3UVGX7jDmbfeqhZ4dpecDDAiFHe2vU10war4MvzfFSXLC0aL+I8lTdf5AGVEsKf3nSOlybnTdqSDcbRLQzSyBF/NatdAZmNy9/yfYCcQcQvbV2O33wevt+P992YMn14BJSNbZrPbgzEJqPGKVL2TqSCXpx3lVYqpL7XW3akkJDA1wChf6i4AwpxLtCA+UlmksnETI+aBzUkmGy/m8BK08TmWq7TFLG7ibDxipl7Nhj3upFSKS63ObWLRlZYn5Vf8lCJbt1zrIZql8iggitPYeda8EVvfFYZZpHaCvymju2vQXNKCm0DRyL0coo8mTlnu8re1Hx/BFwgpOSzysZez+2ET2dOLAMYkX1lzZvns5Yzs4zJFCmsGeWoA5C5nT/bfYKXZ44JCVJECPKrzJNeweayAdP+R9g4jp8VNP8BTdz3+tHsx6B9AiQBvZ8Sz9NpEDF2/svkfmBz7Fw+a2xsGgiVSl5zs+vfWc0+vSvvOFb45bz94OwNL2Z3fWwn1Zex9IgWQ1WvUnBEOCHfLT+gWFOkzKxphkkM6GZ15kZ8Uvw/4CPj5N1cuhwZA8YBkbKfiG/CIcrViZX7nxTDJ2KUKx136pBXGFa75vhiwfQa5ry0BwQ8GxhK1asvVikMFlx5LOYjkX4o91vLA4iRXGs+hVEVkhYRkiF623Tz326MVPVP0GgaXeDJTEtQ+DnYnFDRJCUwJPkfHO2a1LZphBGBxwOIKZj2u485SLa8tA6Lp3Pjg==","X-Forefront-Antispam-Report":"CIP:149.6.166.170; CTRY:FR; LANG:en; SCL:1; SRV:;\n IPV:CAL; SFV:NSPM; H:proxy.softathome.com; PTR:InfoDomainNonexistent;\n CAT:NONE;\n SFS:(13230040)(36860700016)(376014)(82310400026)(1800799024)(56012099003)(22082099003)(18002099003);\n DIR:OUT; SFP:1101;","X-MS-Exchange-AntiSpam-MessageData-ChunkCount":"1","X-MS-Exchange-AntiSpam-MessageData-0":"\n GJ7ovVAGCjwPKAMoZU+3U38Gm0hwrcZXSjN8eK8MOme1UBxxVINBM/W9LVePNFG72SlAyzmTv6cp6ieuYEpyIg84Q8MXzraFamRGiIJT8h342gYCBLnonwWWunbBAJh/rsMI+VUU6fpPgq6EX2NoL8U/4DPvNhGs1jdJhwIZcJD/Va0XnqdKxOVFlbiuVEMyYvQrcusYzI+tG0O1gE6atinHCwQxKh0i3s41AP50REjJSluU9Rfnu3ss+gGvkS9SYt0vTNP7ZvxjZRwcXGamtjzLaBk7lW0NOVyA4e9j6L0BG0g+ddE0Wl9YoupkAerEAlx8pPBB00OeB05O05A2EHTHasOBMpJrb9Z3bvXrQhBh4yK7BflAIGoFUtUv83pQuIVkHPxc9uAaxKl6xuFTUHgh0LtQnVjI0iJOxutiv/RmDuYXCF4uhhCkUwbpa1sL","X-OriginatorOrg":"softathome.com","X-MS-Exchange-CrossTenant-OriginalArrivalTime":"21 Apr 2026 21:09:57.1219 (UTC)","X-MS-Exchange-CrossTenant-Network-Message-Id":"\n b3b240fe-c708-4daf-9577-08de9fea5776","X-MS-Exchange-CrossTenant-Id":"aa10e044-e405-4c10-8353-36b4d0cce511","X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp":"\n TenantId=aa10e044-e405-4c10-8353-36b4d0cce511; Ip=[149.6.166.170];\n Helo=[proxy.softathome.com]","X-MS-Exchange-CrossTenant-AuthSource":"PA3PEPF000089B9.FRAP264.PROD.OUTLOOK.COM","X-MS-Exchange-CrossTenant-AuthAs":"Anonymous","X-MS-Exchange-CrossTenant-FromEntityHeader":"HybridOnPrem","X-MS-Exchange-Transport-CrossTenantHeadersStamped":"MRZP264MB3193","X-BeenThere":"u-boot@lists.denx.de","X-Mailman-Version":"2.1.39","Precedence":"list","List-Id":"U-Boot discussion <u-boot.lists.denx.de>","List-Unsubscribe":"<https://lists.denx.de/options/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=unsubscribe>","List-Archive":"<https://lists.denx.de/pipermail/u-boot/>","List-Post":"<mailto:u-boot@lists.denx.de>","List-Help":"<mailto:u-boot-request@lists.denx.de?subject=help>","List-Subscribe":"<https://lists.denx.de/listinfo/u-boot>,\n <mailto:u-boot-request@lists.denx.de?subject=subscribe>","Errors-To":"u-boot-bounces@lists.denx.de","Sender":"\"U-Boot\" <u-boot-bounces@lists.denx.de>","X-Virus-Scanned":"clamav-milter 0.103.8 at phobos.denx.de","X-Virus-Status":"Clean"},"content":"Adds an initial support of ecdsa verify using mbedtls.\n\nSigned-off-by: Philippe Reynes <philippe.reynes@softathome.com>\n---\nv2:\n- rename sw_ecdsa.c to ecdsa.c\nv3:\n- rename sw_ecdsa_verify to ecdsa_hash_verify\n- stop on first group found\n- check signature len\n- use debug instead of printf\n- check function returns\n- fix memleaks in ecdsa_hash_verify\nv4:\n- move struct ecdsa_public_key from ecdsa-u-class.h to internal/ecdsa.h\n- use DIV_ROUND_UP\n- some code cleanup\nv5:\n- add kerneldoc header for ecdsa_hash_verify\n- read error when setting Q.Z\n\n include/crypto/ecdsa-uclass.h   |  15 +---\n include/crypto/internal/ecdsa.h |  39 +++++++++\n lib/mbedtls/Makefile            |   3 +\n lib/mbedtls/ecdsa.c             | 146 ++++++++++++++++++++++++++++++++\n 4 files changed, 189 insertions(+), 14 deletions(-)\n create mode 100644 include/crypto/internal/ecdsa.h\n create mode 100644 lib/mbedtls/ecdsa.c","diff":"diff --git a/include/crypto/ecdsa-uclass.h b/include/crypto/ecdsa-uclass.h\nindex 189843820a0..047a5eda2fc 100644\n--- a/include/crypto/ecdsa-uclass.h\n+++ b/include/crypto/ecdsa-uclass.h\n@@ -4,20 +4,7 @@\n  */\n \n #include <dm/device.h>\n-\n-/**\n- * struct ecdsa_public_key - ECDSA public key properties\n- *\n- * The struct has pointers to the (x, y) curve coordinates to an ECDSA public\n- * key, as well as the name of the ECDSA curve. The size of the key is inferred\n- * from the 'curve_name'\n- */\n-struct ecdsa_public_key {\n-\tconst char *curve_name;\t/* Name of curve, e.g. \"prime256v1\" */\n-\tconst void *x;\t\t/* x coordinate of public key */\n-\tconst void *y;\t\t/* y coordinate of public key */\n-\tunsigned int size_bits;\t/* key size in bits, derived from curve name */\n-};\n+#include <crypto/internal/ecdsa.h>\n \n struct ecdsa_ops {\n \t/**\ndiff --git a/include/crypto/internal/ecdsa.h b/include/crypto/internal/ecdsa.h\nnew file mode 100644\nindex 00000000000..fe00797c5b0\n--- /dev/null\n+++ b/include/crypto/internal/ecdsa.h\n@@ -0,0 +1,39 @@\n+/* SPDX-License-Identifier: GPL-2.0+ */\n+/*\n+ * Copyright (c) 2026, Philippe Reynes <philippe.reynes@softathome.com>\n+ */\n+#ifndef _ECDSA_HELPER_\n+#define _ECDSA_HELPER_\n+\n+#include <linux/types.h>\n+\n+/**\n+ * struct ecdsa_public_key - ECDSA public key properties\n+ *\n+ * The struct has pointers to the (x, y) curve coordinates to an ECDSA public\n+ * key, as well as the name of the ECDSA curve. The size of the key is inferred\n+ * from the 'curve_name'\n+ */\n+struct ecdsa_public_key {\n+\tconst char *curve_name;\t/* Name of curve, e.g. \"prime256v1\" */\n+\tconst void *x;\t\t/* x coordinate of public key */\n+\tconst void *y;\t\t/* y coordinate of public key */\n+\tunsigned int size_bits;\t/* key size in bits, derived from curve name */\n+};\n+\n+/**\n+ *\n+ * ecdsa_hash_verify() - Verify the ecdsa signature of a hash\n+ *\n+ * @pubkey : ecdsa public key\n+ * @hash : Hash\n+ * @hash_len : Size of the hash\n+ * @signature : Signature\n+ * @sig_len : Size of the signature\n+ * Return: 0 if all verified ok, <0 on error\n+ */\n+int ecdsa_hash_verify(const struct ecdsa_public_key *pubkey,\n+\t\t      const void *hash, size_t hash_len,\n+\t\t      const void *signature, size_t sig_len);\n+\n+#endif\ndiff --git a/lib/mbedtls/Makefile b/lib/mbedtls/Makefile\nindex a24c8389744..33698c92282 100644\n--- a/lib/mbedtls/Makefile\n+++ b/lib/mbedtls/Makefile\n@@ -11,6 +11,9 @@ obj-$(CONFIG_$(PHASE_)SHA1_MBEDTLS) += sha1.o\n obj-$(CONFIG_$(PHASE_)SHA256_MBEDTLS) += sha256.o\n obj-$(CONFIG_$(PHASE_)SHA512_MBEDTLS) += sha512.o\n \n+# shim layer for ecdsa\n+obj-$(CONFIG_$(PHASE_)ECDSA_MBEDTLS) += ecdsa.o\n+\n # x509 libraries\n obj-$(CONFIG_$(PHASE_)ASYMMETRIC_PUBLIC_KEY_MBEDTLS) += \\\n \tpublic_key.o\ndiff --git a/lib/mbedtls/ecdsa.c b/lib/mbedtls/ecdsa.c\nnew file mode 100644\nindex 00000000000..90c9c37e96e\n--- /dev/null\n+++ b/lib/mbedtls/ecdsa.c\n@@ -0,0 +1,146 @@\n+// SPDX-License-Identifier: GPL-2.0+\n+/*\n+ * Copyright (C) 2026 Philippe Reynes <philippe.reynes@softathome.com>\n+ */\n+\n+#include <log.h>\n+#include <linux/errno.h>\n+#include <linux/string.h>\n+#include <linux/types.h>\n+\n+#include <crypto/internal/ecdsa.h>\n+\n+#include \"mbedtls_options.h\" /* required to access private fields */\n+#include <mbedtls/ecdsa.h>\n+#include <mbedtls/ecp.h>\n+\n+static mbedtls_ecp_group_id ecdsa_search_group_id(const char *curve_name)\n+{\n+\tmbedtls_ecp_group_id grp_id = MBEDTLS_ECP_DP_NONE;\n+\tconst mbedtls_ecp_curve_info *info;\n+\n+\tif (!curve_name)\n+\t\tgoto out;\n+\n+\tif (!strcmp(curve_name, \"prime256v1\"))\n+\t\treturn MBEDTLS_ECP_DP_SECP256R1;\n+\n+\tinfo = mbedtls_ecp_curve_list();\n+\twhile (info && info->name) {\n+\t\tif (!strcmp(curve_name, info->name)) {\n+\t\t\tgrp_id = info->grp_id;\n+\t\t\tbreak;\n+\t\t}\n+\t\tinfo++;\n+\t}\n+\n+ out:\n+\treturn grp_id;\n+}\n+\n+int ecdsa_hash_verify(const struct ecdsa_public_key *pubkey,\n+\t\t      const void *hash, size_t hash_len,\n+\t\t      const void *signature, size_t sig_len)\n+{\n+\tmbedtls_ecp_group_id grp_id;\n+\tmbedtls_ecp_group grp;\n+\tmbedtls_ecp_point Q;\n+\tmbedtls_mpi r, s;\n+\tint key_len;\n+\tint err = -1;\n+\n+\tkey_len = DIV_ROUND_UP(pubkey->size_bits, 8);\n+\n+\t/* check the signature len */\n+\tif (sig_len != 2 * key_len) {\n+\t\tlog_debug(\"sig len should be twice the key len (sig len = %zu, key len = %d)\\n\",\n+\t\t\t  sig_len, key_len);\n+\t\terr = -EINVAL;\n+\t\tgoto out;\n+\t}\n+\n+\t/* search the group */\n+\tgrp_id = ecdsa_search_group_id(pubkey->curve_name);\n+\tif (grp_id == MBEDTLS_ECP_DP_NONE) {\n+\t\tlog_debug(\"curve name %s not found\\n\", pubkey->curve_name);\n+\t\terr = -EINVAL;\n+\t\tgoto out;\n+\t}\n+\n+\t/* init and load the group */\n+\tmbedtls_ecp_group_init(&grp);\n+\terr = mbedtls_ecp_group_load(&grp, grp_id);\n+\tif (err) {\n+\t\terr = -EINVAL;\n+\t\tgoto out1;\n+\t}\n+\n+\t/* prepare the pubkey */\n+\tmbedtls_ecp_point_init(&Q);\n+\terr = mbedtls_mpi_read_binary(&Q.X, pubkey->x, key_len);\n+\tif (err) {\n+\t\tlog_debug(\"could not read value x of the public key (err = %d)\\n\",\n+\t\t\t  err);\n+\t\terr = -EINVAL;\n+\t\tgoto out2;\n+\t}\n+\terr = mbedtls_mpi_read_binary(&Q.Y, pubkey->y, key_len);\n+\tif (err) {\n+\t\tlog_debug(\"could not read value y of the public key (err = %d)\\n\",\n+\t\t\t  err);\n+\t\terr = -EINVAL;\n+\t\tgoto out2;\n+\t}\n+\terr = mbedtls_mpi_lset(&Q.Z, 1);\n+\tif (err) {\n+\t\tlog_debug(\"could not set value z of the public key (err = %d)\\n\",\n+\t\t\t  err);\n+\t\terr = -EINVAL;\n+\t\tgoto out2;\n+\t}\n+\n+\t/* check if the pubkey is valid */\n+\terr = mbedtls_ecp_check_pubkey(&grp, &Q);\n+\tif (err) {\n+\t\tlog_debug(\"public key is invalid (err = %d)\\n\", err);\n+\t\terr = -EKEYREJECTED;\n+\t\tgoto out2;\n+\t}\n+\n+\t/* compute r */\n+\tmbedtls_mpi_init(&r);\n+\terr = mbedtls_mpi_read_binary(&r, signature, key_len);\n+\tif (err) {\n+\t\tlog_debug(\"could not read value r of the signature (err = %d)\\n\",\n+\t\t\t  err);\n+\t\terr = -EINVAL;\n+\t\tgoto out3;\n+\t}\n+\n+\t/* compute s */\n+\tmbedtls_mpi_init(&s);\n+\terr = mbedtls_mpi_read_binary(&s, signature + key_len, key_len);\n+\tif (err) {\n+\t\tlog_debug(\"could not read value s of the signature (err = %d)\\n\",\n+\t\t\t  err);\n+\t\terr = -EINVAL;\n+\t\tgoto out4;\n+\t}\n+\n+\t/* check the signature */\n+\terr = mbedtls_ecdsa_verify(&grp, hash, hash_len, &Q, &r, &s);\n+\tif (err)\n+\t\terr = -EINVAL;\n+\n+ out4:\n+\tmbedtls_mpi_free(&s);\n+ out3:\n+\tmbedtls_mpi_free(&r);\n+ out2:\n+\tmbedtls_ecp_point_free(&Q);\n+ out1:\n+\tmbedtls_ecp_group_free(&grp);\n+ out:\n+\n+\treturn err;\n+}\n","prefixes":["v5","03/15"]}