From: Simon Glass <sjg@chromium.org>
To: u-boot@lists.denx.de
Subject: [PATCH RFC v2 5/5] test/py: ecdsa: Add test for mkimage ECDSA signing
Date: Thu, 7 Jan 2021 10:31:11 -0700 [thread overview]
Message-ID: <CAPnjgZ35k-1AmhjbjM6UquPuE+FoMkMZMN9rdNb1J_HDEQFqFA@mail.gmail.com> (raw)
In-Reply-To: <d982915d-6839-0796-0237-8aeb466c063a@gmail.com>
Hi Alex,
On Thu, 7 Jan 2021 at 09:44, Alex G. <mr.nuke.me@gmail.com> wrote:
>
>
>
> On 1/7/21 6:35 AM, Simon Glass wrote:
> > Hi Alexandru,
> >
> > On Wed, 30 Dec 2020 at 14:00, Alexandru Gagniuc <mr.nuke.me@gmail.com> wrote:
> >>
> >> Add a test to make sure that the ECDSA signatures generated by
> >> mkimage can be verified successfully. pyCryptodomex was chosen as the
> >> crypto library because it integrates much better with python code.
> >> Using openssl would have been unnecessarily painful.
> >>
> >> Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
> >> ---
> >> test/py/tests/test_fit_ecdsa.py | 111 ++++++++++++++++++++++++++++++++
> >> 1 file changed, 111 insertions(+)
> >> create mode 100644 test/py/tests/test_fit_ecdsa.py
> >>
> >
> > This test looks fine but the functions need full comments. I do think
> > it might be worth putting the code in test_vboot, particularly when
> > you get to the sandbox implementation.
>
> test_vboot seems to be testing the bootm command, while with this test
It also runs fit_check_sign to check the signature.
> I'm only looking to test the host-side (mkimage). In the next series, I
> won't have a software implementation of ECDSA, like RSA_MOD_EXP. I will
> use the ROM on the stm32mp. So there won't be somthing testable in the
> sandbox.
I'm not sure that is a good idea. With driver model you'll end up
creating a ECDSA driver I suppose, so implementing it for sandbox
should be possible. Is it a complicated algorithm? Without that, I'm
not even sure how fit_check_sign could work?
>
[..]
Regards,
Simon
next prev parent reply other threads:[~2021-01-07 17:31 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-30 21:00 [PATCH RFC v2 0/5] Add support for ECDSA image signing (with test) Alexandru Gagniuc
2020-12-30 21:00 ` [PATCH RFC v2 1/5] lib: Rename rsa-checksum.c to hash-checksum.c Alexandru Gagniuc
2021-01-07 12:35 ` Simon Glass
2020-12-30 21:00 ` [PATCH RFC v2 2/5] lib/rsa: Make fdt_add_bignum() available outside of RSA code Alexandru Gagniuc
2021-01-07 12:35 ` Simon Glass
2020-12-30 21:00 ` [PATCH RFC v2 3/5] lib: Add support for ECDSA image signing Alexandru Gagniuc
2021-01-07 12:35 ` Simon Glass
2021-01-07 16:27 ` Alex G.
2021-01-07 17:25 ` Tom Rini
2021-01-07 22:24 ` Alex G.
2021-01-07 17:29 ` Simon Glass
2021-01-07 19:56 ` Alex G.
2020-12-30 21:00 ` [PATCH RFC v2 4/5] doc: signature.txt: Document devicetree format for ECDSA keys Alexandru Gagniuc
2021-01-07 12:35 ` Simon Glass
2020-12-30 21:00 ` [PATCH RFC v2 5/5] test/py: ecdsa: Add test for mkimage ECDSA signing Alexandru Gagniuc
2021-01-07 12:35 ` Simon Glass
2021-01-07 16:44 ` Alex G.
2021-01-07 17:31 ` Simon Glass [this message]
2021-01-07 18:44 ` Alex G.
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAPnjgZ35k-1AmhjbjM6UquPuE+FoMkMZMN9rdNb1J_HDEQFqFA@mail.gmail.com \
--to=sjg@chromium.org \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.