Skip to content

Backport 27176 ([opentitanlib] Support ECDSA and SPX+ pem signature) #29175

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pamaury merged 2 commits into from
Jan 31, 2026
Merged

Backport 27176 ([opentitanlib] Support ECDSA and SPX+ pem signature) #29175

pamaury merged 2 commits into from
Jan 31, 2026

Conversation

@pamaury
Copy link
Contributor

@pamaury pamaury commented Jan 26, 2026
edited
Loading

Backport #27176.

Note: the fact that this PR introduces a module in sw/host/opentitanlib/util is not great in my opnion. Indeed, it's not part of otlib because otlib depends on which sphincsplus which depends on this library so this would cause a loop if the code was included in there. On the other hand, it's still in the opentitanlib directory and is poorly named util. I think this should be changed in the future. @jwnrt @cfrantz

@pamaury pamaury requested a review from a team as a code owner January 26, 2026 12:40
@pamaury pamaury requested review from cfrantz, jwnrt and timothytrippel and removed request for a team January 26, 2026 12:40
@anthonychen1251 @pamaury
[opentitanlib] Add PEM parsing for ECDSA signature
830d366 
This introduces the ability to parse ECDSA signature from PEM-encoded
files. This change adds a new `from_pem` method to `EcdsaRawSignature`
to handle this encoding format.

The PEM parsing logic incorporates a new utility function
(`clean_pem_bytes_for_parsing`) within a new `util` module. This utility
handles deviations from strict RFC 7468 PEM formatting, ensuring
compatibility with a wider range of generated PEM files.

Signed-off-by: Anthony Chen <[email protected]>
(cherry picked from commit 174f06c)
@anthonychen1251 @pamaury
[opentitanlib] Add PEM parsing for SPX+ signature
e39df22 
This introduces support for parsing SPX+ signatures from PEM-encoded
files.

A new `SpxRawSignature` struct is introduced to encapsulate raw SPX+
signature data. Its `read_from_file` method now detects whether a
signature file is in raw binary format (based on size) or PEM format.

The `opentitantool` commands (`image` and `spx`) have been updated to
leverage the new `SpxSignature` struct and its file reading
capabilities.

Signed-off-by: Anthony Chen <[email protected]>
(cherry picked from commit 4d3dd86)
@pamaury pamaury added this pull request to the merge queue Jan 31, 2026
Merged via the queue into lowRISC:master with commit 550bedd Jan 31, 2026
47 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timothytrippel timothytrippel timothytrippel approved these changes

@jwnrt jwnrt Awaiting requested review from jwnrt jwnrt is a code owner automatically assigned from lowRISC/ot-rust-reviewers

@cfrantz cfrantz Awaiting requested review from cfrantz

Assignees

No one assigned

Labels

MergeBack:1.0.0 to master

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pamaury @timothytrippel @anthonychen1251