Add mkimage secp521r1 ECDSA curve support

Adds support for the secp521r1 ECDSA algorithm to mkimage.

Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Reviewed-by: Simon Glass <sjg@chromium.org>

diff --git a/include/u-boot/ecdsa.h b/include/u-boot/ecdsa.h
index 53490c6b287f77d5cabc94dcb192f57692b2ec41..8f9f5e7d6e7c8df6dc3aefd8ea89905852cadf6e 100644 (file)
--- a/include/u-boot/ecdsa.h
+++ b/include/u-boot/ecdsa.h
@@ -65,5 +65,6 @@ int ecdsa_verify(struct image_sign_info *info,
 /** @} */
 
 #define ECDSA256_BYTES (256 / 8)
+#define ECDSA521_BYTES ((521 + 7) / 8)
 
 #endif

diff --git a/lib/ecdsa/ecdsa-libcrypto.c b/lib/ecdsa/ecdsa-libcrypto.c
index 5fa9be10b4bba7f2f63ac60a28aca12e213cb368..403dfe0b97c97b4c8743302eb96ab7ff1d8faa8d 100644 (file)
--- a/lib/ecdsa/ecdsa-libcrypto.c
+++ b/lib/ecdsa/ecdsa-libcrypto.c
@@ -108,7 +108,7 @@ static size_t ecdsa_key_size_bytes(const EC_KEY *key)
        const EC_GROUP *group;
 
        group = EC_KEY_get0_group(key);
-       return EC_GROUP_order_bits(group) / 8;
+       return (EC_GROUP_order_bits(group) + 7) / 8;
 }
 
 static int default_password(char *buf, int size, int rwflag, void *u)

diff --git a/tools/image-sig-host.c b/tools/image-sig-host.c
index d0133aec4c819cfb030ef296b0c509bbc9e3cf8e..21b4fa5d39df5775061b2b697dc8f0ef7d1f9824 100644 (file)
--- a/tools/image-sig-host.c
+++ b/tools/image-sig-host.c
@@ -76,6 +76,13 @@ struct crypto_algo crypto_algos[] = {
                .add_verify_data = ecdsa_add_verify_data,
                .verify = ecdsa_verify,
        },
+       {
+               .name = "secp521r1",
+               .key_len = ECDSA521_BYTES,
+               .sign = ecdsa_sign,
+               .add_verify_data = ecdsa_add_verify_data,
+               .verify = ecdsa_verify,
+       },
 };
 
 struct padding_algo padding_algos[] = {