]> git.dujemihanovic.xyz Git - u-boot.git/commitdiff
dm: crypto: Define UCLASS API for ECDSA signature verification
authorAlexandru Gagniuc <mr.nuke.me@gmail.com>
Thu, 29 Jul 2021 16:47:15 +0000 (11:47 -0500)
committerPatrice Chotard <patrice.chotard@foss.st.com>
Mon, 16 Aug 2021 08:49:35 +0000 (10:49 +0200)
Define a UCLASS API for verifying ECDSA signatures. Unlike
UCLASS_MOD_EXP, which focuses strictly on modular exponentiation,
the ECDSA class focuses on verification. This is done so that it
better aligns with mach-specific implementations, such as stm32mp.

Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Patrick Delaunay <patrick.delaunay@foss.st.com>
include/crypto/ecdsa-uclass.h [new file with mode: 0644]
include/dm/uclass-id.h

diff --git a/include/crypto/ecdsa-uclass.h b/include/crypto/ecdsa-uclass.h
new file mode 100644 (file)
index 0000000..1898438
--- /dev/null
@@ -0,0 +1,39 @@
+/* SPDX-License-Identifier: GPL-2.0+ */
+/*
+ * Copyright (c) 2020, Alexandru Gagniuc <mr.nuke.me@gmail.com>
+ */
+
+#include <dm/device.h>
+
+/**
+ * struct ecdsa_public_key - ECDSA public key properties
+ *
+ * The struct has pointers to the (x, y) curve coordinates to an ECDSA public
+ * key, as well as the name of the ECDSA curve. The size of the key is inferred
+ * from the 'curve_name'
+ */
+struct ecdsa_public_key {
+       const char *curve_name; /* Name of curve, e.g. "prime256v1" */
+       const void *x;          /* x coordinate of public key */
+       const void *y;          /* y coordinate of public key */
+       unsigned int size_bits; /* key size in bits, derived from curve name */
+};
+
+struct ecdsa_ops {
+       /**
+        * Verify signature of hash against given public key
+        *
+        * @dev:        ECDSA Device
+        * @pubkey:     ECDSA public key
+        * @hash:       Hash of binary image
+        * @hash_len:   Length of hash in bytes
+        * @signature:  Signature in a raw (R, S) point pair
+        * @sig_len:    Length of signature in bytes
+        *
+        * This function verifies that the 'signature' of the given 'hash' was
+        * signed by the private key corresponding to 'pubkey'.
+        */
+       int (*verify)(struct udevice *dev, const struct ecdsa_public_key *pubkey,
+                     const void *hash, size_t hash_len,
+                     const void *signature, size_t sig_len);
+};
index 9d474533ba82634554d56ce457c84167b91ab55d..e7edd409f307fac7b87a0d6a205410dd4ffd9695 100644 (file)
@@ -47,6 +47,7 @@ enum uclass_id {
        UCLASS_DSI_HOST,        /* Display Serial Interface host */
        UCLASS_DMA,             /* Direct Memory Access */
        UCLASS_DSA,             /* Distributed (Ethernet) Switch Architecture */
+       UCLASS_ECDSA,           /* Elliptic curve cryptographic device */
        UCLASS_EFI,             /* EFI managed devices */
        UCLASS_ETH,             /* Ethernet device */
        UCLASS_ETH_PHY,         /* Ethernet PHY device */