Fix a segmentation fault in the ECDSA signing logic of `mkimage`
that occurs when the "-r" option is not specified.
This reproduces the logic in `lib/rsa/rsa-sign.c` by checking if
`info->require_keys` is non-null before passing it to
`fdt_setprop_string()`.
Signed-off-by: Lucas Dietrich <lucas.dietrich.git@proton.me>
This patch adds support for parsing ECDSA public keys from the device tree
blob (FDT) under the `/signature` node. The public key is expected to be
defined using:
- ecdsa,curve (e.g., "prime256v1", "secp384r1")
- ecdsa,x-point
- ecdsa,y-point
The implementation introduces:
- struct ecdsa_public_key to hold parsed key fields
- fdt_get_key() to parse the curve and coordinates from the FDT
- read_key_from_fdt() to convert the parsed values into an OpenSSL EC_KEY
- load_key_from_fdt() to support loading keys using required_keynode,
keyname hint, or fallback to scanning all subnodes under "/signature".
If "info->fdt_blob" is provided, the key is loaded from the FDT. Otherwise,
the code falls back to loading a PEM-formatted key from file as before.
This allows for ECDSA signature verification where the public key is
embedded in the FIT image device tree, useful for systems that require
signature validation without external files.
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com>
- Ensure `free_ctx` is called in both error and success paths.
- Fix memory leak in `ctx.signature` when `do_add` fails."
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@gmail.com>
Add the "required", "algo", and "key-name-hint" nodes to the
signature/key node if ecdsa256 is used.
This change is mainly copy&paste from rsa_add_verify_data which already
adds these nodes.
Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de>
If the signature/key node(s) are not yet present in the U-Boot device
tree, ecdsa_add_verify_data simply fails if it can't find the nodes.
This behaviour differs from rsa_add_verify_data, wich does add the missing
nodes and proceeds in that case.
This change is mainly copy&paste from rsa_add_verify_data to add the
same behaviour to ecdsa_add_verify_data.
Signed-off-by: Matthias Pritschet <matthias.pritschet@itk-engineering.de>
Adds support for the secp521r1 ECDSA algorithm to mkimage.
Signed-off-by: Joakim Tjernlund <joakim.tjernlund@infinera.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
Use a variable (MKIMAGE_SIGN_PASSWORD) like already done for RSA to
allow the signing process to run in batch.
Signed-off-by: Stefano Babic <sbabic@denx.de>
Our Gitlab CI buildsystem is set up to treat warnings as errors.
With OpenSSL 3.0 a lot of deprecation warnings occur.
With the patch compatibility with OpenSSL 1.1.1 is declared.
In the long run we should upgrade our code to use the current API.
A -Wdiscarded-qualifiers warning is muted by casting.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Keys can be derived from keydir, and the "key-name-hint" property of
the FIT. They can also be specified ad-literam via 'keyfile'. Update
the ECDSA signing path to use the appropriate one.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
mkimage supports rsa2048, and rsa4096 signatures. With newer silicon
now supporting hardware-accelerated ECDSA, it makes sense to expand
signing support to elliptic curves.
Implement host-side ECDSA signing and verification with libcrypto.
Device-side implementation of signature verification is beyond the
scope of this patch.
Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
