Merge patch series "aspeed: ast2700: Add Caliptra ECDSA driver"

Chia-Wei Wang <chiawei_wang@aspeedtech.com> says:

Aspeed AST2700 SoCs integrates the Caliptra secure IP, where an ECDSA384
signature verification HW interface is exported for SoC crypto needs.

This patch series firstly extends the FIT image signing/verify common
code to support the ECDSA384 algorithm. For better convenience, the
device tree for ECDSA public key storage is also revised by referring
to RSA implementations.

After the FIT common code revision, the driver is implemented for
AST2700 to leverage the Caliptra ECDSA384 signature verification.

These are verified by signed FIT images with the algorithm "sha384,ecdsa384".

Link: https://lore.kernel.org/r/20241014095620.216936-1-chiawei_wang@aspeedtech.com

1 files changed, 11 insertions, 3 deletions

diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c
index 4d1835b598a..629b662cf6c 100644
--- a/lib/ecdsa/ecdsa-verify.c
+++ b/lib/ecdsa/ecdsa-verify.c
@@ -22,8 +22,10 @@ static int ecdsa_key_size(const char *curve_name)
 {
 	if (!strcmp(curve_name, "prime256v1"))
 		return 256;
-	else
-		return 0;
+	else if (!strcmp(curve_name, "secp384r1"))
+		return 384;
+
+	return 0;
 }
 
 static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)
@@ -121,12 +123,18 @@ int ecdsa_verify(struct image_sign_info *info,
 	return ecdsa_verify_hash(dev, info, hash, sig, sig_len);
 }
 
-U_BOOT_CRYPTO_ALGO(ecdsa) = {
+U_BOOT_CRYPTO_ALGO(ecdsa256) = {
 	.name = "ecdsa256",
 	.key_len = ECDSA256_BYTES,
 	.verify = ecdsa_verify,
 };
 
+U_BOOT_CRYPTO_ALGO(ecdsa384) = {
+	.name = "ecdsa384",
+	.key_len = ECDSA384_BYTES,
+	.verify = ecdsa_verify,
+};
+
 /*
  * uclass definition for ECDSA API
  *