bootutil: Replace hash with SHA384 when P384 is used
Currently all the hashing functionality is done with SHA256
but if we would like to use ECDSA-P384 that requires SHA384
as the hashing algorithm, but MCUboot is using SHA256
for image hashing and public key hashing. This commit modifies
the hashing operations to use SHA384 thus SHA256 can be omitted
which is beneficial from a code size standpoint.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I59230f76f88e0b42ad6383b2c9b71b73f33d7dd7
diff --git a/boot/bootutil/include/bootutil/crypto/sha.h b/boot/bootutil/include/bootutil/crypto/sha.h
new file mode 100644
index 0000000..9ce54be
--- /dev/null
+++ b/boot/bootutil/include/bootutil/crypto/sha.h
@@ -0,0 +1,213 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright (c) 2017-2019 Linaro LTD
+ * Copyright (c) 2017-2019 JUUL Labs
+ * Copyright (c) 2021-2023 Arm Limited
+ */
+
+/*
+ * This module provides a thin abstraction over some of the crypto
+ * primitives to make it easier to swap out the used crypto library.
+ *
+ * At this point, the choices are: MCUBOOT_USE_MBED_TLS, MCUBOOT_USE_TINYCRYPT,
+ * MCUBOOT_USE_PSA_CRYPTO, MCUBOOT_USE_CC310. Note that support for MCUBOOT_USE_PSA_CRYPTO
+ * is still experimental and it might not support all the crypto abstractions
+ * that MCUBOOT_USE_MBED_TLS supports. For this reason, it's allowed to have
+ * both of them defined, and for crypto modules that support both abstractions,
+ * the MCUBOOT_USE_PSA_CRYPTO will take precedence.
+ */
+
+#ifndef __BOOTUTIL_CRYPTO_SHA_H_
+#define __BOOTUTIL_CRYPTO_SHA_H_
+
+#include "mcuboot_config/mcuboot_config.h"
+#include "mcuboot_config/mcuboot_logging.h"
+
+#if defined(MCUBOOT_USE_PSA_CRYPTO) || defined(MCUBOOT_USE_MBED_TLS)
+#define MCUBOOT_USE_PSA_OR_MBED_TLS
+#endif /* MCUBOOT_USE_PSA_CRYPTO || MCUBOOT_USE_MBED_TLS */
+
+#if (defined(MCUBOOT_USE_PSA_OR_MBED_TLS) + \
+ defined(MCUBOOT_USE_TINYCRYPT) + \
+ defined(MCUBOOT_USE_CC310)) != 1
+ #error "One crypto backend must be defined: either CC310/MBED_TLS/TINYCRYPT/PSA_CRYPTO"
+#endif
+
+#if defined(MCUBOOT_SIGN_EC384)
+ #define IMAGE_HASH_SIZE (48)
+ #define EXPECTED_HASH_TLV IMAGE_TLV_SHA384
+#else
+ #define IMAGE_HASH_SIZE (32)
+ #define EXPECTED_HASH_TLV IMAGE_TLV_SHA256
+#endif /* MCUBOOT_SIGN_EC384 */
+
+/* Universal defines for SHA-256 */
+#define BOOTUTIL_CRYPTO_SHA256_BLOCK_SIZE (64)
+#define BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE (32)
+
+#if defined(MCUBOOT_USE_PSA_CRYPTO)
+
+#include <psa/crypto.h>
+
+#elif defined(MCUBOOT_USE_MBED_TLS)
+
+#include <mbedtls/sha256.h>
+#include <mbedtls/version.h>
+#if MBEDTLS_VERSION_NUMBER >= 0x03000000
+#include <mbedtls/compat-2.x.h>
+#endif
+
+#endif /* MCUBOOT_USE_MBED_TLS */
+
+#if defined(MCUBOOT_USE_TINYCRYPT)
+ #include <tinycrypt/sha256.h>
+ #include <tinycrypt/constants.h>
+#endif /* MCUBOOT_USE_TINYCRYPT */
+
+#if defined(MCUBOOT_USE_CC310)
+ #include <cc310_glue.h>
+#endif /* MCUBOOT_USE_CC310 */
+
+#include <stdint.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MCUBOOT_USE_PSA_CRYPTO)
+
+typedef psa_hash_operation_t bootutil_sha_context;
+
+static inline int bootutil_sha_init(bootutil_sha_context *ctx)
+{
+ *ctx = psa_hash_operation_init();
+#if defined(MCUBOOT_SIGN_EC384)
+ psa_status_t status = psa_hash_setup(ctx, PSA_ALG_SHA_384);
+#else
+ psa_status_t status = psa_hash_setup(ctx, PSA_ALG_SHA_256);
+#endif
+ return (int)status;
+}
+
+static inline int bootutil_sha_drop(bootutil_sha_context *ctx)
+{
+ return (int)psa_hash_abort(ctx);
+}
+
+static inline int bootutil_sha_update(bootutil_sha_context *ctx,
+ const void *data,
+ uint32_t data_len)
+{
+ return (int)psa_hash_update(ctx, data, data_len);
+}
+
+static inline int bootutil_sha_finish(bootutil_sha_context *ctx,
+ uint8_t *output)
+{
+ size_t hash_length = 0;
+ /* Assumes the output buffer is at least the expected size of the hash */
+#if defined(MCUBOOT_SIGN_EC384)
+ return (int)psa_hash_finish(ctx, output, PSA_HASH_LENGTH(PSA_ALG_SHA_384), &hash_length);
+#else
+ return (int)psa_hash_finish(ctx, output, PSA_HASH_LENGTH(PSA_ALG_SHA_256), &hash_length);
+#endif
+}
+
+#elif defined(MCUBOOT_USE_MBED_TLS)
+
+typedef mbedtls_sha256_context bootutil_sha_context;
+
+static inline int bootutil_sha_init(bootutil_sha_context *ctx)
+{
+ mbedtls_sha256_init(ctx);
+ return mbedtls_sha256_starts_ret(ctx, 0);
+}
+
+static inline int bootutil_sha_drop(bootutil_sha_context *ctx)
+{
+ /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */
+ /* (void)mbedtls_sha256_free(ctx); */
+ (void)ctx;
+ return 0;
+}
+
+static inline int bootutil_sha_update(bootutil_sha_context *ctx,
+ const void *data,
+ uint32_t data_len)
+{
+ return mbedtls_sha256_update_ret(ctx, data, data_len);
+}
+
+static inline int bootutil_sha_finish(bootutil_sha_context *ctx,
+ uint8_t *output)
+{
+ return mbedtls_sha256_finish_ret(ctx, output);
+}
+
+#endif /* MCUBOOT_USE_MBED_TLS */
+
+#if defined(MCUBOOT_USE_TINYCRYPT)
+typedef struct tc_sha256_state_struct bootutil_sha_context;
+
+static inline int bootutil_sha_init(bootutil_sha_context *ctx)
+{
+ tc_sha256_init(ctx);
+ return 0;
+}
+
+static inline int bootutil_sha_drop(bootutil_sha_context *ctx)
+{
+ (void)ctx;
+ return 0;
+}
+
+static inline int bootutil_sha_update(bootutil_sha_context *ctx,
+ const void *data,
+ uint32_t data_len)
+{
+ return tc_sha256_update(ctx, data, data_len);
+}
+
+static inline int bootutil_sha_finish(bootutil_sha_context *ctx,
+ uint8_t *output)
+{
+ return tc_sha256_final(output, ctx);
+}
+#endif /* MCUBOOT_USE_TINYCRYPT */
+
+#if defined(MCUBOOT_USE_CC310)
+static inline int bootutil_sha_init(bootutil_sha_context *ctx)
+{
+ cc310_sha256_init(ctx);
+ return 0;
+}
+
+static inline int bootutil_sha_drop(bootutil_sha_context *ctx)
+{
+ (void)ctx;
+ nrf_cc310_disable();
+ return 0;
+}
+
+static inline int bootutil_sha_update(bootutil_sha_context *ctx,
+ const void *data,
+ uint32_t data_len)
+{
+ cc310_sha256_update(ctx, data, data_len);
+ return 0;
+}
+
+static inline int bootutil_sha_finish(bootutil_sha_context *ctx,
+ uint8_t *output)
+{
+ cc310_sha256_finalize(ctx, output);
+ return 0;
+}
+#endif /* MCUBOOT_USE_CC310 */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __BOOTUTIL_CRYPTO_SHA_H_ */
diff --git a/boot/bootutil/include/bootutil/crypto/sha256.h b/boot/bootutil/include/bootutil/crypto/sha256.h
deleted file mode 100644
index ff9cf61..0000000
--- a/boot/bootutil/include/bootutil/crypto/sha256.h
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * SPDX-License-Identifier: Apache-2.0
- *
- * Copyright (c) 2017-2019 Linaro LTD
- * Copyright (c) 2017-2019 JUUL Labs
- * Copyright (c) 2021-2023 Arm Limited
- */
-
-/*
- * This module provides a thin abstraction over some of the crypto
- * primitives to make it easier to swap out the used crypto library.
- *
- * At this point, the choices are: MCUBOOT_USE_MBED_TLS, MCUBOOT_USE_TINYCRYPT,
- * MCUBOOT_USE_PSA_CRYPTO, MCUBOOT_USE_CC310. Note that support for MCUBOOT_USE_PSA_CRYPTO
- * is still experimental and it might not support all the crypto abstractions
- * that MCUBOOT_USE_MBED_TLS supports. For this reason, it's allowed to have
- * both of them defined, and for crypto modules that support both abstractions,
- * the MCUBOOT_USE_PSA_CRYPTO will take precedence.
- */
-
-#ifndef __BOOTUTIL_CRYPTO_SHA256_H_
-#define __BOOTUTIL_CRYPTO_SHA256_H_
-
-#include "mcuboot_config/mcuboot_config.h"
-#include "mcuboot_config/mcuboot_logging.h"
-
-#if defined(MCUBOOT_USE_PSA_CRYPTO) || defined(MCUBOOT_USE_MBED_TLS)
-#define MCUBOOT_USE_PSA_OR_MBED_TLS
-#endif /* MCUBOOT_USE_PSA_CRYPTO || MCUBOOT_USE_MBED_TLS */
-
-#if (defined(MCUBOOT_USE_PSA_OR_MBED_TLS) + \
- defined(MCUBOOT_USE_TINYCRYPT) + \
- defined(MCUBOOT_USE_CC310)) != 1
- #error "One crypto backend must be defined: either CC310/MBED_TLS/TINYCRYPT/PSA_CRYPTO"
-#endif
-
-/* Universal defines for SHA-256 */
-#define BOOTUTIL_CRYPTO_SHA256_BLOCK_SIZE (64)
-#define BOOTUTIL_CRYPTO_SHA256_DIGEST_SIZE (32)
-
-#if defined(MCUBOOT_USE_PSA_CRYPTO)
-
-#include <psa/crypto.h>
-
-#elif defined(MCUBOOT_USE_MBED_TLS)
-
-#include <mbedtls/sha256.h>
-#include <mbedtls/version.h>
-#if MBEDTLS_VERSION_NUMBER >= 0x03000000
-#include <mbedtls/compat-2.x.h>
-#endif
-
-#endif /* MCUBOOT_USE_MBED_TLS */
-
-#if defined(MCUBOOT_USE_TINYCRYPT)
- #include <tinycrypt/sha256.h>
- #include <tinycrypt/constants.h>
-#endif /* MCUBOOT_USE_TINYCRYPT */
-
-#if defined(MCUBOOT_USE_CC310)
- #include <cc310_glue.h>
-#endif /* MCUBOOT_USE_CC310 */
-
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MCUBOOT_USE_PSA_CRYPTO)
-
-typedef psa_hash_operation_t bootutil_sha256_context;
-
-static inline int bootutil_sha256_init(bootutil_sha256_context *ctx)
-{
- *ctx = psa_hash_operation_init();
- return (int)psa_hash_setup(ctx, PSA_ALG_SHA_256);
-}
-
-static inline int bootutil_sha256_drop(bootutil_sha256_context *ctx)
-{
- return (int)psa_hash_abort(ctx);
-}
-
-static inline int bootutil_sha256_update(bootutil_sha256_context *ctx,
- const void *data,
- uint32_t data_len)
-{
- return (int)psa_hash_update(ctx, data, data_len);
-}
-
-static inline int bootutil_sha256_finish(bootutil_sha256_context *ctx,
- uint8_t *output)
-{
- size_t hash_length = 0;
- /* Assumes the output buffer is at least the expected size of the hash */
- return (int)psa_hash_finish(ctx, output, PSA_HASH_LENGTH(PSA_ALG_SHA_256), &hash_length);
-}
-
-#elif defined(MCUBOOT_USE_MBED_TLS)
-
-typedef mbedtls_sha256_context bootutil_sha256_context;
-
-static inline int bootutil_sha256_init(bootutil_sha256_context *ctx)
-{
- mbedtls_sha256_init(ctx);
- return mbedtls_sha256_starts_ret(ctx, 0);
-}
-
-static inline int bootutil_sha256_drop(bootutil_sha256_context *ctx)
-{
- /* XXX: config defines MBEDTLS_PLATFORM_NO_STD_FUNCTIONS so no need to free */
- /* (void)mbedtls_sha256_free(ctx); */
- (void)ctx;
- return 0;
-}
-
-static inline int bootutil_sha256_update(bootutil_sha256_context *ctx,
- const void *data,
- uint32_t data_len)
-{
- return mbedtls_sha256_update_ret(ctx, data, data_len);
-}
-
-static inline int bootutil_sha256_finish(bootutil_sha256_context *ctx,
- uint8_t *output)
-{
- return mbedtls_sha256_finish_ret(ctx, output);
-}
-
-#endif /* MCUBOOT_USE_MBED_TLS */
-
-#if defined(MCUBOOT_USE_TINYCRYPT)
-typedef struct tc_sha256_state_struct bootutil_sha256_context;
-static inline int bootutil_sha256_init(bootutil_sha256_context *ctx)
-{
- tc_sha256_init(ctx);
- return 0;
-}
-
-static inline int bootutil_sha256_drop(bootutil_sha256_context *ctx)
-{
- (void)ctx;
- return 0;
-}
-
-static inline int bootutil_sha256_update(bootutil_sha256_context *ctx,
- const void *data,
- uint32_t data_len)
-{
- return tc_sha256_update(ctx, data, data_len);
-}
-
-static inline int bootutil_sha256_finish(bootutil_sha256_context *ctx,
- uint8_t *output)
-{
- return tc_sha256_final(output, ctx);
-}
-#endif /* MCUBOOT_USE_TINYCRYPT */
-
-#if defined(MCUBOOT_USE_CC310)
-static inline int bootutil_sha256_init(bootutil_sha256_context *ctx)
-{
- cc310_sha256_init(ctx);
- return 0;
-}
-
-static inline int bootutil_sha256_drop(bootutil_sha256_context *ctx)
-{
- (void)ctx;
- nrf_cc310_disable();
- return 0;
-}
-
-static inline int bootutil_sha256_update(bootutil_sha256_context *ctx,
- const void *data,
- uint32_t data_len)
-{
- cc310_sha256_update(ctx, data, data_len);
- return 0;
-}
-
-static inline int bootutil_sha256_finish(bootutil_sha256_context *ctx,
- uint8_t *output)
-{
- cc310_sha256_finalize(ctx, output);
- return 0;
-}
-#endif /* MCUBOOT_USE_CC310 */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __BOOTUTIL_CRYPTO_SHA256_H_ */
diff --git a/boot/bootutil/include/bootutil/image.h b/boot/bootutil/include/bootutil/image.h
index 69ff033..d3e5f93 100644
--- a/boot/bootutil/include/bootutil/image.h
+++ b/boot/bootutil/include/bootutil/image.h
@@ -80,7 +80,6 @@
* Image trailer TLV types.
*
* Signature is generated by computing signature over the image hash.
- * Currently the only image hash type is SHA256.
*
* Signature comes in the form of 2 TLVs.
* 1st on identifies the public key which should be used to verify it.
@@ -89,6 +88,7 @@
#define IMAGE_TLV_KEYHASH 0x01 /* hash of the public key */
#define IMAGE_TLV_PUBKEY 0x02 /* public key */
#define IMAGE_TLV_SHA256 0x10 /* SHA256 of image hdr and body */
+#define IMAGE_TLV_SHA384 0x11 /* SHA384 of image hdr and body */
#define IMAGE_TLV_RSA2048_PSS 0x20 /* RSA2048 of hash output */
#define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output - Not supported anymore */
#define IMAGE_TLV_ECDSA_SIG 0x22 /* ECDSA of hash output */
diff --git a/boot/bootutil/src/boot_record.c b/boot/bootutil/src/boot_record.c
index 343aba0..59a900c 100644
--- a/boot/bootutil/src/boot_record.c
+++ b/boot/bootutil/src/boot_record.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018-2021 Arm Limited
+ * Copyright (c) 2018-2023 Arm Limited
* Copyright (c) 2020 Linaro Limited
* Copyright (c) 2023, Nordic Semiconductor ASA
*
@@ -23,6 +23,7 @@
#include <string.h>
#include "mcuboot_config/mcuboot_config.h"
+#include "bootutil/crypto/sha.h"
#if defined(MCUBOOT_MEASURED_BOOT) || defined(MCUBOOT_DATA_SHARING)
#include "bootutil/boot_record.h"
@@ -127,7 +128,7 @@
uint16_t type;
uint16_t ias_minor;
size_t record_len = 0;
- uint8_t image_hash[32]; /* SHA256 - 32 Bytes */
+ uint8_t image_hash[IMAGE_HASH_SIZE];
uint8_t buf[MAX_BOOT_RECORD_SZ];
bool boot_record_found = false;
bool hash_found = false;
@@ -165,7 +166,7 @@
record_len = len;
boot_record_found = true;
- } else if (type == IMAGE_TLV_SHA256) {
+ } else if (type == EXPECTED_HASH_TLV) {
/* Get the image's hash value from the manifest section. */
if (len > sizeof(image_hash)) {
return -1;
diff --git a/boot/bootutil/src/encrypted.c b/boot/bootutil/src/encrypted.c
index 82435a4..bc4d917 100644
--- a/boot/bootutil/src/encrypted.c
+++ b/boot/bootutil/src/encrypted.c
@@ -30,7 +30,7 @@
#endif
#if defined(MCUBOOT_ENCRYPT_EC256) || defined(MCUBOOT_ENCRYPT_X25519)
-#include "bootutil/crypto/sha256.h"
+#include "bootutil/crypto/sha.h"
#include "bootutil/crypto/hmac_sha256.h"
#include "mbedtls/oid.h"
#include "mbedtls/asn1.h"
diff --git a/boot/bootutil/src/image_rsa.c b/boot/bootutil/src/image_rsa.c
index 34ee85b..37c35e0 100644
--- a/boot/bootutil/src/image_rsa.c
+++ b/boot/bootutil/src/image_rsa.c
@@ -43,7 +43,7 @@
*/
#if !defined(MCUBOOT_USE_PSA_CRYPTO)
-#include "bootutil/crypto/sha256.h"
+#include "bootutil/crypto/sha.h"
/*
* Constants for this particular constrained implementation of
@@ -86,17 +86,17 @@
static void
pss_mgf1(uint8_t *mask, const uint8_t *hash)
{
- bootutil_sha256_context ctx;
+ bootutil_sha_context ctx;
uint8_t counter[4] = { 0, 0, 0, 0 };
uint8_t htmp[PSS_HLEN];
int count = PSS_MASK_LEN;
int bytes;
while (count > 0) {
- bootutil_sha256_init(&ctx);
- bootutil_sha256_update(&ctx, hash, PSS_HLEN);
- bootutil_sha256_update(&ctx, counter, 4);
- bootutil_sha256_finish(&ctx, htmp);
+ bootutil_sha_init(&ctx);
+ bootutil_sha_update(&ctx, hash, PSS_HLEN);
+ bootutil_sha_update(&ctx, counter, 4);
+ bootutil_sha_finish(&ctx, htmp);
counter[3]++;
@@ -109,7 +109,7 @@
count -= bytes;
}
- bootutil_sha256_drop(&ctx);
+ bootutil_sha_drop(&ctx);
}
/*
@@ -121,7 +121,7 @@
bootutil_cmp_rsasig(bootutil_rsa_context *ctx, uint8_t *hash, uint32_t hlen,
uint8_t *sig, size_t slen)
{
- bootutil_sha256_context shactx;
+ bootutil_sha_context shactx;
uint8_t em[MBEDTLS_MPI_MAX_SIZE];
uint8_t db_mask[PSS_MASK_LEN];
uint8_t h2[PSS_HLEN];
@@ -221,12 +221,12 @@
/* Step 12. Let M' = 0x00 00 00 00 00 00 00 00 || mHash || salt; */
/* Step 13. Let H' = Hash(M') */
- bootutil_sha256_init(&shactx);
- bootutil_sha256_update(&shactx, pss_zeros, 8);
- bootutil_sha256_update(&shactx, hash, PSS_HLEN);
- bootutil_sha256_update(&shactx, &db_mask[PSS_MASK_SALT_POS], PSS_SLEN);
- bootutil_sha256_finish(&shactx, h2);
- bootutil_sha256_drop(&shactx);
+ bootutil_sha_init(&shactx);
+ bootutil_sha_update(&shactx, pss_zeros, 8);
+ bootutil_sha_update(&shactx, hash, PSS_HLEN);
+ bootutil_sha_update(&shactx, &db_mask[PSS_MASK_SALT_POS], PSS_SLEN);
+ bootutil_sha_finish(&shactx, h2);
+ bootutil_sha_drop(&shactx);
/* Step 14. If H = H', output "consistent". Otherwise, output
* "inconsistent". */
diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c
index 8260e59..d045a3e 100644
--- a/boot/bootutil/src/image_validate.c
+++ b/boot/bootutil/src/image_validate.c
@@ -33,7 +33,7 @@
#include <flash_map_backend/flash_map_backend.h>
#include "bootutil/image.h"
-#include "bootutil/crypto/sha256.h"
+#include "bootutil/crypto/sha.h"
#include "bootutil/sign_key.h"
#include "bootutil/security_cnt.h"
#include "bootutil/fault_injection_hardening.h"
@@ -57,7 +57,9 @@
#include "bootutil_priv.h"
/*
- * Compute SHA256 over the image.
+ * Compute SHA hash over the image.
+ * (SHA384 if ECDSA-P384 is being used,
+ * SHA256 otherwise).
*/
static int
bootutil_img_hash(struct enc_key_data *enc_state, int image_index,
@@ -65,7 +67,7 @@
uint8_t *tmp_buf, uint32_t tmp_buf_sz, uint8_t *hash_result,
uint8_t *seed, int seed_len)
{
- bootutil_sha256_context sha256_ctx;
+ bootutil_sha_context sha_ctx;
uint32_t blk_sz;
uint32_t size;
uint16_t hdr_size;
@@ -99,12 +101,12 @@
}
#endif
- bootutil_sha256_init(&sha256_ctx);
+ bootutil_sha_init(&sha_ctx);
/* in some cases (split image) the hash is seeded with data from
* the loader image */
if (seed && (seed_len > 0)) {
- bootutil_sha256_update(&sha256_ctx, seed, seed_len);
+ bootutil_sha_update(&sha_ctx, seed, seed_len);
}
/* Hash is computed over image header and image itself. */
@@ -116,9 +118,9 @@
size += hdr->ih_protect_tlv_size;
#ifdef MCUBOOT_RAM_LOAD
- bootutil_sha256_update(&sha256_ctx,
- (void*)(IMAGE_RAM_BASE + hdr->ih_load_addr),
- size);
+ bootutil_sha_update(&sha_ctx,
+ (void*)(IMAGE_RAM_BASE + hdr->ih_load_addr),
+ size);
#else
for (off = 0; off < size; off += blk_sz) {
blk_sz = size - off;
@@ -140,7 +142,7 @@
#endif
rc = flash_area_read(fap, off, tmp_buf, blk_sz);
if (rc) {
- bootutil_sha256_drop(&sha256_ctx);
+ bootutil_sha_drop(&sha_ctx);
return rc;
}
#ifdef MCUBOOT_ENC_IMAGES
@@ -153,11 +155,11 @@
}
}
#endif
- bootutil_sha256_update(&sha256_ctx, tmp_buf, blk_sz);
+ bootutil_sha_update(&sha_ctx, tmp_buf, blk_sz);
}
#endif /* MCUBOOT_RAM_LOAD */
- bootutil_sha256_finish(&sha256_ctx, hash_result);
- bootutil_sha256_drop(&sha256_ctx);
+ bootutil_sha_finish(&sha_ctx, hash_result);
+ bootutil_sha_drop(&sha_ctx);
return 0;
}
@@ -170,6 +172,7 @@
*/
#if (defined(MCUBOOT_SIGN_RSA) + \
defined(MCUBOOT_SIGN_EC256) + \
+ defined(MCUBOOT_SIGN_EC384) + \
defined(MCUBOOT_SIGN_ED25519)) > 1
#error "Only a single signature type is supported!"
#endif
@@ -185,6 +188,7 @@
# define SIG_BUF_SIZE (MCUBOOT_SIGN_RSA_LEN / 8)
# define EXPECTED_SIG_LEN(x) ((x) == SIG_BUF_SIZE) /* 2048 bits */
#elif defined(MCUBOOT_SIGN_EC256) || \
+ defined(MCUBOOT_SIGN_EC384) || \
defined(MCUBOOT_SIGN_EC)
# define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA_SIG
# define SIG_BUF_SIZE 128
@@ -202,26 +206,26 @@
static int
bootutil_find_key(uint8_t *keyhash, uint8_t keyhash_len)
{
- bootutil_sha256_context sha256_ctx;
+ bootutil_sha_context sha_ctx;
int i;
const struct bootutil_key *key;
- uint8_t hash[32];
+ uint8_t hash[IMAGE_HASH_SIZE];
- if (keyhash_len > 32) {
+ if (keyhash_len > IMAGE_HASH_SIZE) {
return -1;
}
for (i = 0; i < bootutil_key_cnt; i++) {
key = &bootutil_keys[i];
- bootutil_sha256_init(&sha256_ctx);
- bootutil_sha256_update(&sha256_ctx, key->key, *key->len);
- bootutil_sha256_finish(&sha256_ctx, hash);
+ bootutil_sha_init(&sha_ctx);
+ bootutil_sha_update(&sha_ctx, key->key, *key->len);
+ bootutil_sha_finish(&sha_ctx, hash);
if (!memcmp(hash, keyhash, keyhash_len)) {
- bootutil_sha256_drop(&sha256_ctx);
+ bootutil_sha_drop(&sha_ctx);
return i;
}
}
- bootutil_sha256_drop(&sha256_ctx);
+ bootutil_sha_drop(&sha_ctx);
return -1;
}
#else
@@ -229,17 +233,17 @@
static int
bootutil_find_key(uint8_t image_index, uint8_t *key, uint16_t key_len)
{
- bootutil_sha256_context sha256_ctx;
- uint8_t hash[32];
- uint8_t key_hash[32];
+ bootutil_sha_context sha_ctx;
+ uint8_t hash[IMAGE_HASH_SIZE];
+ uint8_t key_hash[IMAGE_HASH_SIZE];
size_t key_hash_size = sizeof(key_hash);
int rc;
FIH_DECLARE(fih_rc, FIH_FAILURE);
- bootutil_sha256_init(&sha256_ctx);
- bootutil_sha256_update(&sha256_ctx, key, key_len);
- bootutil_sha256_finish(&sha256_ctx, hash);
- bootutil_sha256_drop(&sha256_ctx);
+ bootutil_sha_init(&sha_ctx);
+ bootutil_sha_update(&sha_ctx, key, key_len);
+ bootutil_sha_finish(&sha_ctx, hash);
+ bootutil_sha_drop(&sha_ctx);
rc = boot_retrieve_public_key_hash(image_index, key_hash, &key_hash_size);
if (rc) {
@@ -337,7 +341,7 @@
uint32_t off;
uint16_t len;
uint16_t type;
- int sha256_valid = 0;
+ int image_hash_valid = 0;
#ifdef EXPECTED_SIG_TLV
FIH_DECLARE(valid_signature, FIH_FAILURE);
int key_id = -1;
@@ -348,7 +352,7 @@
#endif /* EXPECTED_SIG_TLV */
struct image_tlv_iter it;
uint8_t buf[SIG_BUF_SIZE];
- uint8_t hash[32];
+ uint8_t hash[IMAGE_HASH_SIZE];
int rc = 0;
FIH_DECLARE(fih_rc, FIH_FAILURE);
#ifdef MCUBOOT_HW_ROLLBACK_PROT
@@ -364,7 +368,7 @@
}
if (out_hash) {
- memcpy(out_hash, hash, 32);
+ memcpy(out_hash, hash, IMAGE_HASH_SIZE);
}
rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_ANY, false);
@@ -389,11 +393,8 @@
break;
}
- if (type == IMAGE_TLV_SHA256) {
- /*
- * Verify the SHA256 image hash. This must always be
- * present.
- */
+ if (type == EXPECTED_HASH_TLV) {
+ /* Verify the image hash. This must always be present. */
if (len != sizeof(hash)) {
rc = -1;
goto out;
@@ -409,14 +410,14 @@
goto out;
}
- sha256_valid = 1;
+ image_hash_valid = 1;
#ifdef EXPECTED_SIG_TLV
#ifndef MCUBOOT_HW_KEY
} else if (type == IMAGE_TLV_KEYHASH) {
/*
* Determine which key we should be checking.
*/
- if (len > 32) {
+ if (len > IMAGE_HASH_SIZE) {
rc = -1;
goto out;
}
@@ -506,7 +507,7 @@
}
}
- rc = !sha256_valid;
+ rc = !image_hash_valid;
if (rc) {
goto out;
}
diff --git a/ext/nrf/cc310_glue.h b/ext/nrf/cc310_glue.h
index c42fad5..ed3ed5c 100644
--- a/ext/nrf/cc310_glue.h
+++ b/ext/nrf/cc310_glue.h
@@ -32,7 +32,7 @@
#define NRF_CRYPTOCELL NRF_CRYPTOCELL_S
#endif
-typedef nrf_cc310_bl_hash_context_sha256_t bootutil_sha256_context;
+typedef nrf_cc310_bl_hash_context_sha256_t bootutil_sha_context;
int cc310_ecdsa_verify_secp256r1(uint8_t *hash,
uint8_t *public_key,
@@ -66,7 +66,7 @@
nrf_cc310_bl_hash_sha256_init(ctx);
}
-static inline void cc310_sha256_finalize(bootutil_sha256_context *ctx,
+static inline void cc310_sha256_finalize(nrf_cc310_bl_hash_context_sha256_t *ctx,
uint8_t *output)
{
nrf_cc310_bl_hash_sha256_finalize(ctx,