lib: Add support for ECDSA image signing mkimage supports rsa2048, and rsa4096 signatures. With newer silicon now supporting hardware-accelerated ECDSA, it makes sense to expand signing support to elliptic curves. Implement host-side ECDSA signing and verification with libcrypto. Device-side implementation of signature verification is beyond the scope of this patch. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>

commit: ed6c9e0b6668a05d62f5d1b75aecaf246ba51042 [log] [tgz]
author: Alexandru Gagniuc <mr.nuke.me@gmail.com> Fri Feb 19 12:45:12 2021 -0600
committer: Tom Rini <trini@konsulko.com> Wed Apr 14 15:06:08 2021 -0400
tree: e8e4fe47b24fe1c25fb3dffb79d25276864dd4a9
parent: 4c17e5f69170bf033df7b4f1a2b87fa72f18aaf5 [diff] [blame]
diff --git a/common/image-sig.c b/common/image-sig.c
index 54f0eb2..0f8e592 100644
--- a/common/image-sig.c
+++ b/common/image-sig.c

@@ -16,6 +16,7 @@
 DECLARE_GLOBAL_DATA_PTR;
 #endif /* !USE_HOSTCC*/
 #include <image.h>
+#include <u-boot/ecdsa.h>
 #include <u-boot/rsa.h>
 #include <u-boot/hash-checksum.h>
 
@@ -83,8 +84,14 @@
 		.sign = rsa_sign,
 		.add_verify_data = rsa_add_verify_data,
 		.verify = rsa_verify,
-	}
-
+	},
+	{
+		.name = "ecdsa256",
+		.key_len = ECDSA256_BYTES,
+		.sign = ecdsa_sign,
+		.add_verify_data = ecdsa_add_verify_data,
+		.verify = ecdsa_verify,
+	},
 };
 
 struct padding_algo padding_algos[] = {
commit	ed6c9e0b6668a05d62f5d1b75aecaf246ba51042	[log] [tgz]
author	Alexandru Gagniuc <mr.nuke.me@gmail.com>	Fri Feb 19 12:45:12 2021 -0600
committer	Tom Rini <trini@konsulko.com>	Wed Apr 14 15:06:08 2021 -0400
tree	e8e4fe47b24fe1c25fb3dffb79d25276864dd4a9
parent	4c17e5f69170bf033df7b4f1a2b87fa72f18aaf5 [diff] [blame]