bootutil/crypto: Have a single ECDSA verification module
Remove the generic ECDSA verification module and keep the
existing one, just renaming it image_ecdsa.c. Make sure
that the abstraction layer is generically called ecdsa.h
and the abstraction names are not P256 specific.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I6f78cfc1b1c2851cdad67efa91c6cb49498187bb
diff --git a/boot/bootutil/CMakeLists.txt b/boot/bootutil/CMakeLists.txt
index 3d34359..9097706 100644
--- a/boot/bootutil/CMakeLists.txt
+++ b/boot/bootutil/CMakeLists.txt
@@ -23,10 +23,9 @@
src/encrypted.c
src/fault_injection_hardening.c
src/fault_injection_hardening_delay_rng_mbedtls.c
- src/image_ec256.c
+ src/image_ecdsa.c
src/image_ed25519.c
src/image_rsa.c
- src/image_ecdsa.c
src/image_validate.c
src/loader.c
src/swap_misc.c
diff --git a/boot/bootutil/include/bootutil/crypto/ecdsa.h b/boot/bootutil/include/bootutil/crypto/ecdsa.h
index 1868d03..b62b708 100644
--- a/boot/bootutil/include/bootutil/crypto/ecdsa.h
+++ b/boot/bootutil/include/bootutil/crypto/ecdsa.h
@@ -1,214 +1,585 @@
-/*
- * SPDX-License-Identifier: Apache-2.0
- *
- * Copyright (c) 2023 Arm Limited
- */
-
-/*
- * This module provides a thin abstraction over some of the crypto
- * primitives to make it easier to swap out the used crypto library.
- *
- * At this point, the choice is: MCUBOOT_USE_PSA_CRYPTO
- * Note that support for MCUBOOT_USE_PSA_CRYPTO is still experimental and it
- * might not support all the crypto abstractions that MCUBOOT_USE_MBED_TLS
- * supports. For this reason, it's allowed to have both of them defined, and
- * for crypto modules that support both abstractions, the
- * MCUBOOT_USE_PSA_CRYPTO will take precedence.
- */
-
-#ifndef __BOOTUTIL_CRYPTO_ECDSA_H_
-#define __BOOTUTIL_CRYPTO_ECDSA_H_
-
-#include "mcuboot_config/mcuboot_config.h"
-
-#if defined(MCUBOOT_USE_PSA_CRYPTO)
-#define MCUBOOT_USE_PSA_OR_MBED_TLS
-#endif /* MCUBOOT_USE_PSA_CRYPTO */
-
-#if (defined(MCUBOOT_USE_PSA_OR_MBED_TLS)) != 1
- #error "One crypto backend must be defined: PSA_CRYPTO"
-#endif
-
-#if defined(MCUBOOT_USE_PSA_CRYPTO)
- #include <psa/crypto.h>
- #include <string.h>
-#endif /* MCUBOOT_USE_PSA_CRYPTO */
-
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MCUBOOT_USE_PSA_CRYPTO)
-// OID id-ecPublicKey 1.2.840.10045.2.1.
-const uint8_t IdEcPublicKey[] = {0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01};
-// OID secp256r1 1.2.840.10045.3.1.7.
-const uint8_t Secp256r1[] = {0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
-// OID secp384r1 1.3.132.0.34
-const uint8_t Secp384r1[] = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22};
-
-typedef struct {
- psa_key_id_t key_id;
- size_t curve_byte_count;
- psa_algorithm_t required_algorithm;
-} bootutil_ecdsa_context;
-
-static inline void bootutil_ecdsa_init(bootutil_ecdsa_context *ctx)
-{
- ctx->key_id = PSA_KEY_ID_NULL;
- ctx->curve_byte_count = 0;
- ctx->required_algorithm = 0;
-}
-
-static inline void bootutil_ecdsa_drop(bootutil_ecdsa_context *ctx)
-{
- if (ctx->key_id != PSA_KEY_ID_NULL) {
- (void)psa_destroy_key(ctx->key_id);
- }
-}
-
-/* ECDSA public key with format specified in RFC5280 et al. in ASN-1 syntax
- *
- * SEQUENCE {
- * SEQUENCE {
- * OBJECT idEcPublicKey
- * OBJECT namedCurve
- * }
- * BIT STRING publicKey
- * }
- *
- * ECDSA signature format specified in RFC3279 et al. in ASN-1 syntax
- *
- * SEQUENCE {
- * INTEGER r
- * INTEGER s
- * }
- *
- */
-
-/* Offset in bytes from the start of the encoding to the length
- * of the innermost SEQUENCE
- */
-#define PUB_KEY_LEN_OFF (3)
-/* Offset in bytes from the start of the publicKey encoding of the BIT STRING */
-#define PUB_KEY_VAL_OFF (3)
-/* Computes the pointer to the idEcPublicKey OID from the base of the encoding */
-#define PUB_KEY_OID_OFFSET(p) (*p + PUB_KEY_LEN_OFF+1)
-/* Computes the pointer to the namedCurve OID from the base of the encoding */
-#define CURVE_TYPE_OID_OFFSET(p) PUB_KEY_OID_OFFSET(p) + sizeof(IdEcPublicKey)
-
-/* This helper function gets a pointer to the bitstring associated to the publicKey
- * as encoded per RFC 5280. This function assumes that the public key encoding is not
- * bigger than 127 bytes (i.e. usually up until 384 bit curves)
- *
- * \param[in,out] p Double pointer to a buffer containing the RFC 5280 of the ECDSA public key.
- * On output, the pointer is updated to point to the start of the public key
- * in BIT STRING form.
- * \param[out] size Pointer to a buffer containing the size of the public key extracted
- *
- */
-static inline void get_public_key_from_rfc5280_encoding(uint8_t **p, size_t *size)
-{
- uint8_t *key_start = (*p) + (PUB_KEY_LEN_OFF + 1 + (*p)[PUB_KEY_LEN_OFF] + PUB_KEY_VAL_OFF);
- *p = key_start;
- *size = key_start[-2]-1; /* -2 from PUB_KEY_VAL_OFF to get the length, -1 to remove the ASN.1 padding byte count */
-}
-
-/*
- * Parse a ECDSA public key with format specified in RFC5280 et al.
- *
- * OID for icEcPublicKey is 1.2.840.10045.2.1
- * OIDs for supported curves are as follows:
- * secp224r1: 1.3.132.0.33
- * secp256r1 (prime256v1): 1.2.840.10045.3.1.7
- * secp384r1: 1.3.132.0.34
- */
-static int
-bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx, uint8_t **p, uint8_t *end)
-{
- psa_key_attributes_t key_attributes = psa_key_attributes_init();
- size_t key_size;
- (void)end;
-
- /* public key oid is valid */
- if (memcmp(PUB_KEY_OID_OFFSET(p), IdEcPublicKey, sizeof(IdEcPublicKey))) {
- return (int)PSA_ERROR_INVALID_ARGUMENT;
- }
-
- if (!memcmp(CURVE_TYPE_OID_OFFSET(p), Secp256r1, sizeof(Secp256r1))) {
- ctx->curve_byte_count = 32;
- ctx->required_algorithm = PSA_ALG_SHA_256;
- } else if (!memcmp(CURVE_TYPE_OID_OFFSET(p), Secp384r1, sizeof(Secp384r1))) {
- ctx->curve_byte_count = 48;
- ctx->required_algorithm = PSA_ALG_SHA_384;
- } else {
- return (int)PSA_ERROR_INVALID_ARGUMENT;
- }
-
- get_public_key_from_rfc5280_encoding(p, &key_size);
- /* Set attributes and import key */
- psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_VERIFY_HASH);
- psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDSA(ctx->required_algorithm));
- psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
-
- return (int)psa_import_key(&key_attributes, *p, key_size, &ctx->key_id);
-}
-
-/* This helper function parses a signature as specified in RFC 5480 into a pair
- * (r,s) of contiguous bytes
- *
- * \param[in] sig Pointer to a buffer containing the encoded signature
- * \param[in] num_of_curve_bytes The required number of bytes for r and s
- * \param[out] r_s_pair Buffer containing the (r,s) pair extracted. It's caller
- * responsibility to ensure the buffer is big enough to
- * hold the parsed (r,s) pair.
- */
-static inline void parse_signature_from_rfc5480_encoding(const uint8_t *sig,size_t num_of_curve_bytes,
- uint8_t *r_s_pair)
-{
- const uint8_t *sig_ptr = NULL;
-
- /* Move r in place */
- size_t r_len = sig[3];
- sig_ptr = &sig[4];
- if (r_len >= num_of_curve_bytes) {
- sig_ptr = sig_ptr + r_len - num_of_curve_bytes;
- memcpy(&r_s_pair[0], sig_ptr, num_of_curve_bytes);
- if(r_len % 2) {
- r_len--;
- }
- } else {
- memcpy(&r_s_pair[num_of_curve_bytes - r_len], sig_ptr, r_len);
- }
-
- /* Move s in place */
- size_t s_len = sig_ptr[r_len+1]; /* + 1 to skip SEQUENCE */
- sig_ptr = &sig_ptr[r_len+2];
- if (s_len >= num_of_curve_bytes) {
- sig_ptr = sig_ptr + s_len - num_of_curve_bytes;
- memcpy(&r_s_pair[num_of_curve_bytes], sig_ptr, num_of_curve_bytes);
- } else {
- memcpy(&r_s_pair[2*num_of_curve_bytes - s_len], sig_ptr, s_len);
- }
-}
-
-/* PSA Crypto has a dedicated API for ECDSA verification */
-static inline int bootutil_ecdsa_verify(const bootutil_ecdsa_context *ctx,
- uint8_t *hash, size_t hlen, uint8_t *sig, size_t slen)
-{
- (void)slen;
-
- uint8_t reformatted_signature[96] = {0}; /* Up to P-384 signature sizes */
- parse_signature_from_rfc5480_encoding(sig, ctx->curve_byte_count,reformatted_signature);
-
- return (int) psa_verify_hash(ctx->key_id, PSA_ALG_ECDSA(ctx->required_algorithm),
- hash, hlen, reformatted_signature, 2*ctx->curve_byte_count);
-}
-#endif /* MCUBOOT_USE_PSA_CRYPTO */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __BOOTUTIL_CRYPTO_ECDSA_H_ */
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright (c) 2023 Arm Limited
+ */
+
+/*
+ * This module provides a thin abstraction over some of the crypto
+ * primitives to make it easier to swap out the used crypto library.
+ *
+ * At this point, the choices are: MCUBOOT_USE_TINYCRYPT, MCUBOOT_USE_CC310,
+ * MCUBOOT_USE_MBED_TLS, MCUBOOT_USE_PSA_CRYPTO. Note that support for
+ * MCUBOOT_USE_PSA_CRYPTO is still experimental and it might not support all
+ * the crypto abstractions that MCUBOOT_USE_MBED_TLS supports. For this
+ * reason, it's allowed to have both of them defined, and for crypto modules
+ * that support both abstractions, the MCUBOOT_USE_PSA_CRYPTO will take
+ * precedence.
+ */
+
+#ifndef __BOOTUTIL_CRYPTO_ECDSA_H_
+#define __BOOTUTIL_CRYPTO_ECDSA_H_
+
+#include "mcuboot_config/mcuboot_config.h"
+
+#if defined(MCUBOOT_USE_PSA_CRYPTO) || defined(MCUBOOT_USE_MBED_TLS)
+#define MCUBOOT_USE_PSA_OR_MBED_TLS
+#endif /* MCUBOOT_USE_PSA_CRYPTO || MCUBOOT_USE_MBED_TLS */
+
+#if defined(MCUBOOT_SIGN_EC384) && \
+ !defined(MCUBOOT_USE_PSA_CRYPTO)
+ #error "P384 requires PSA_CRYPTO to be defined"
+#endif
+
+#if (defined(MCUBOOT_USE_TINYCRYPT) + \
+ defined(MCUBOOT_USE_CC310) + \
+ defined(MCUBOOT_USE_PSA_OR_MBED_TLS)) != 1
+ #error "One crypto backend must be defined: either CC310/TINYCRYPT/MBED_TLS/PSA_CRYPTO"
+#endif
+
+#if defined(MCUBOOT_USE_TINYCRYPT)
+ #include <tinycrypt/ecc_dsa.h>
+ #include <tinycrypt/constants.h>
+ #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)
+#endif /* MCUBOOT_USE_TINYCRYPT */
+
+#if defined(MCUBOOT_USE_CC310)
+ #include <cc310_glue.h>
+ #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)
+#endif /* MCUBOOT_USE_CC310 */
+
+#if defined(MCUBOOT_USE_PSA_CRYPTO)
+ #include <psa/crypto.h>
+ #include <string.h>
+#elif defined(MCUBOOT_USE_MBED_TLS)
+ #include <mbedtls/ecdsa.h>
+ #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)
+ /* Indicate to the caller that the verify function needs the raw ASN.1
+ * signature, not a decoded one. */
+ #define MCUBOOT_ECDSA_NEED_ASN1_SIG
+#endif /* MCUBOOT_USE_MBED_TLS */
+
+/*TODO: remove this after cypress port mbedtls to abstract crypto api */
+#if defined(MCUBOOT_USE_CC310) || defined(MCUBOOT_USE_MBED_TLS)
+#define NUM_ECC_BYTES (256 / 8)
+#endif
+
+#include "mbedtls/oid.h"
+#include "mbedtls/asn1.h"
+#include "bootutil/sign_key.h"
+#include "common.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#if defined(MCUBOOT_USE_TINYCRYPT) || defined(MCUBOOT_USE_MBED_TLS) || defined(MCUBOOT_USE_CC310)
+/*
+ * Declaring these like this adds NULL termination.
+ */
+static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_EC_ALG_UNRESTRICTED;
+static const uint8_t ec_secp256r1_oid[] = MBEDTLS_OID_EC_GRP_SECP256R1;
+
+/*
+ * Parse a public key. Helper function.
+ */
+static int bootutil_import_key(uint8_t **cp, uint8_t *end)
+{
+ size_t len;
+ mbedtls_asn1_buf alg;
+ mbedtls_asn1_buf param;
+
+ if (mbedtls_asn1_get_tag(cp, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
+ return -1;
+ }
+ end = *cp + len;
+
+ /* ECParameters (RFC5480) */
+ if (mbedtls_asn1_get_alg(cp, end, &alg, ¶m)) {
+ return -2;
+ }
+ /* id-ecPublicKey (RFC5480) */
+ if (alg.MBEDTLS_CONTEXT_MEMBER(len) != sizeof(ec_pubkey_oid) - 1 ||
+ memcmp(alg.MBEDTLS_CONTEXT_MEMBER(p), ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
+ return -3;
+ }
+ /* namedCurve (RFC5480) */
+ if (param.MBEDTLS_CONTEXT_MEMBER(len) != sizeof(ec_secp256r1_oid) - 1 ||
+ memcmp(param.MBEDTLS_CONTEXT_MEMBER(p), ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) {
+ return -4;
+ }
+ /* ECPoint (RFC5480) */
+ if (mbedtls_asn1_get_bitstring_null(cp, end, &len)) {
+ return -6;
+ }
+ if (*cp + len != end) {
+ return -7;
+ }
+
+ if (len != 2 * NUM_ECC_BYTES + 1) {
+ return -8;
+ }
+
+ return 0;
+}
+#endif /* MCUBOOT_USE_TINYCRYPT || MCUBOOT_USE_MBED_TLS || MCUBOOT_USE_CC310 */
+
+#if defined(MCUBOOT_USE_TINYCRYPT)
+#ifndef MCUBOOT_ECDSA_NEED_ASN1_SIG
+/*
+ * cp points to ASN1 string containing an integer.
+ * Verify the tag, and that the length is 32 bytes. Helper function.
+ */
+static int bootutil_read_bigint(uint8_t i[NUM_ECC_BYTES], uint8_t **cp, uint8_t *end)
+{
+ size_t len;
+
+ if (mbedtls_asn1_get_tag(cp, end, &len, MBEDTLS_ASN1_INTEGER)) {
+ return -3;
+ }
+
+ if (len >= NUM_ECC_BYTES) {
+ memcpy(i, *cp + len - NUM_ECC_BYTES, NUM_ECC_BYTES);
+ } else {
+ memset(i, 0, NUM_ECC_BYTES - len);
+ memcpy(i + NUM_ECC_BYTES - len, *cp, len);
+ }
+ *cp += len;
+ return 0;
+}
+
+/*
+ * Read in signature. Signature has r and s encoded as integers. Helper function.
+ */
+static int bootutil_decode_sig(uint8_t signature[NUM_ECC_BYTES * 2], uint8_t *cp, uint8_t *end)
+{
+ int rc;
+ size_t len;
+
+ rc = mbedtls_asn1_get_tag(&cp, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+ if (rc) {
+ return -1;
+ }
+ if (cp + len > end) {
+ return -2;
+ }
+
+ rc = bootutil_read_bigint(signature, &cp, end);
+ if (rc) {
+ return -3;
+ }
+ rc = bootutil_read_bigint(signature + NUM_ECC_BYTES, &cp, end);
+ if (rc) {
+ return -4;
+ }
+ return 0;
+}
+#endif /* not MCUBOOT_ECDSA_NEED_ASN1_SIG */
+
+typedef uintptr_t bootutil_ecdsa_context;
+static inline void bootutil_ecdsa_init(bootutil_ecdsa_context *ctx)
+{
+ (void)ctx;
+}
+
+static inline void bootutil_ecdsa_drop(bootutil_ecdsa_context *ctx)
+{
+ (void)ctx;
+}
+
+static inline int bootutil_ecdsa_verify(bootutil_ecdsa_context *ctx,
+ uint8_t *pk, size_t pk_len,
+ uint8_t *hash, size_t hash_len,
+ uint8_t *sig, size_t sig_len)
+{
+ int rc;
+ (void)ctx;
+ (void)pk_len;
+ (void)sig_len;
+ (void)hash_len;
+
+ uint8_t signature[2 * NUM_ECC_BYTES];
+ rc = bootutil_decode_sig(signature, sig, sig + sig_len);
+ if (rc) {
+ return -1;
+ }
+
+ /* Only support uncompressed keys. */
+ if (pk[0] != 0x04) {
+ return -1;
+ }
+ pk++;
+
+ rc = uECC_verify(pk, hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE, signature, uECC_secp256r1());
+ if (rc != TC_CRYPTO_SUCCESS) {
+ return -1;
+ }
+ return 0;
+}
+
+static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
+ uint8_t **cp,uint8_t *end)
+{
+ (void)ctx;
+ return bootutil_import_key(cp, end);
+}
+#endif /* MCUBOOT_USE_TINYCRYPT */
+
+#if defined(MCUBOOT_USE_CC310)
+typedef uintptr_t bootutil_ecdsa_context;
+static inline void bootutil_ecdsa_init(bootutil_ecdsa_context *ctx)
+{
+ (void)ctx;
+}
+
+static inline void bootutil_ecdsa_drop(bootutil_ecdsa_context *ctx)
+{
+ (void)ctx;
+}
+
+static inline int bootutil_ecdsa_verify(bootutil_ecdsa_context *ctx,
+ uint8_t *pk, size_t pk_len,
+ uint8_t *hash, size_t hash_len,
+ uint8_t *sig, size_t sig_len)
+{
+ (void)ctx;
+ (void)pk_len;
+ (void)sig_len;
+ (void)hash_len;
+
+ /* Only support uncompressed keys. */
+ if (pk[0] != 0x04) {
+ return -1;
+ }
+ pk++;
+
+ return cc310_ecdsa_verify_secp256r1(hash, pk, sig, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE);
+}
+
+static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
+ uint8_t **cp,uint8_t *end)
+{
+ (void)ctx;
+ return bootutil_import_key(cp, end);
+}
+#endif /* MCUBOOT_USE_CC310 */
+
+#if defined(MCUBOOT_USE_PSA_CRYPTO)
+typedef struct {
+ psa_key_id_t key_id;
+ size_t curve_byte_count;
+ psa_algorithm_t required_algorithm;
+} bootutil_ecdsa_context;
+
+/* ECDSA public key with format specified in RFC5280 et al. in ASN.1 syntax
+ *
+ * SEQUENCE {
+ * SEQUENCE {
+ * OBJECT idEcPublicKey
+ * OBJECT namedCurve
+ * }
+ * BIT STRING publicKey
+ * }
+ *
+ * ECDSA signature format specified in RFC3279 et al. in ASN.1 syntax
+ *
+ * SEQUENCE {
+ * INTEGER r
+ * INTEGER s
+ * }
+ *
+ */
+
+/* Offset in bytes from the start of the encoding to the length field
+ * of the innermost SEQUENCE in the ECDSA public key
+ */
+#define PUB_KEY_LEN_OFF (3)
+
+/* Offset in bytes from the start of the publicKey encoding of the BIT STRING */
+#define PUB_KEY_VAL_OFF (3)
+
+/* Computes the pointer to the idEcPublicKey OID from the base of the encoding */
+#define PUB_KEY_OID_OFFSET(p) (*p + PUB_KEY_LEN_OFF+1)
+
+/* Computes the pointer to the namedCurve OID from the base of the encoding */
+#define CURVE_TYPE_OID_OFFSET(p) PUB_KEY_OID_OFFSET(p) + sizeof(IdEcPublicKey)
+
+/* This helper function gets a pointer to the bitstring associated to the publicKey
+ * as encoded per RFC 5280. This function assumes that the public key encoding is not
+ * bigger than 127 bytes (i.e. usually up until 384 bit curves)
+ *
+ * \param[in,out] p Double pointer to a buffer containing the RFC 5280 of the ECDSA public key.
+ * On output, the pointer is updated to point to the start of the public key
+ * in BIT STRING form.
+ * \param[out] size Pointer to a buffer containing the size of the public key extracted
+ *
+ */
+static inline void get_public_key_from_rfc5280_encoding(uint8_t **p, size_t *size)
+{
+ uint8_t *key_start = (*p) + (PUB_KEY_LEN_OFF + 1 + (*p)[PUB_KEY_LEN_OFF] + PUB_KEY_VAL_OFF);
+ *p = key_start;
+ *size = key_start[-2]-1; /* -2 from PUB_KEY_VAL_OFF to get the length, -1 to remove the ASN.1 padding byte count */
+}
+
+/* This helper function parses a signature as specified in RFC3279 into a pair
+ * (r,s) of contiguous bytes
+ *
+ * \param[in] sig Pointer to a buffer containing the encoded signature
+ * \param[in] num_of_curve_bytes The required number of bytes for r and s
+ * \param[out] r_s_pair Buffer containing the (r,s) pair extracted. It's caller
+ * responsibility to ensure the buffer is big enough to
+ * hold the parsed (r,s) pair.
+ */
+static inline void parse_signature_from_rfc5480_encoding(const uint8_t *sig,
+ size_t num_of_curve_bytes,
+ uint8_t *r_s_pair)
+{
+ const uint8_t *sig_ptr = NULL;
+
+ /* r or s can be greater than the expected size by one, due to the way
+ * ASN.1 encodes signed integers. If either r or s starts with a bit 1,
+ * a zero byte will be added in front of the encoding
+ */
+
+ /* sig[0] == 0x30, sig[1] == <length>, sig[2] == 0x02 */
+
+ /* Move r in place */
+ size_t r_len = sig[3];
+ sig_ptr = &sig[4];
+ if (r_len >= num_of_curve_bytes) {
+ sig_ptr = sig_ptr + r_len - num_of_curve_bytes;
+ memcpy(&r_s_pair[0], sig_ptr, num_of_curve_bytes);
+ if(r_len % 2) {
+ r_len--;
+ }
+ } else {
+ /* For encodings that reduce the size of r or s in case of zeros */
+ memcpy(&r_s_pair[num_of_curve_bytes - r_len], sig_ptr, r_len);
+ }
+
+ /* Move s in place */
+ size_t s_len = sig_ptr[r_len+1]; /* + 1 to skip SEQUENCE */
+ sig_ptr = &sig_ptr[r_len+2];
+ if (s_len >= num_of_curve_bytes) {
+ sig_ptr = sig_ptr + s_len - num_of_curve_bytes;
+ memcpy(&r_s_pair[num_of_curve_bytes], sig_ptr, num_of_curve_bytes);
+ } else {
+ /* For encodings that reduce the size of r or s in case of zeros */
+ memcpy(&r_s_pair[2*num_of_curve_bytes - s_len], sig_ptr, s_len);
+ }
+}
+
+// OID id-ecPublicKey 1.2.840.10045.2.1.
+const uint8_t IdEcPublicKey[] = {0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01};
+// OID secp256r1 1.2.840.10045.3.1.7.
+const uint8_t Secp256r1[] = {0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
+// OID secp384r1 1.3.132.0.34
+const uint8_t Secp384r1[] = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22};
+
+static inline void bootutil_ecdsa_init(bootutil_ecdsa_context *ctx)
+{
+ ctx->key_id = PSA_KEY_ID_NULL;
+ ctx->curve_byte_count = 0;
+ ctx->required_algorithm = 0;
+}
+
+static inline void bootutil_ecdsa_drop(bootutil_ecdsa_context *ctx)
+{
+ if (ctx->key_id != PSA_KEY_ID_NULL) {
+ (void)psa_destroy_key(ctx->key_id);
+ }
+}
+
+/*
+ * Parse a ECDSA public key with format specified in RFC5280 et al.
+ *
+ * OID for icEcPublicKey is 1.2.840.10045.2.1
+ * OIDs for supported curves are as follows:
+ * secp256r1 (prime256v1): 1.2.840.10045.3.1.7
+ * secp384r1: 1.3.132.0.34
+ */
+static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
+ uint8_t **cp, uint8_t *end)
+{
+ psa_key_attributes_t key_attributes = psa_key_attributes_init();
+ size_t key_size;
+ (void)end;
+
+ /* public key oid is valid */
+ if (memcmp(PUB_KEY_OID_OFFSET(cp), IdEcPublicKey, sizeof(IdEcPublicKey))) {
+ return (int)PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ if (!memcmp(CURVE_TYPE_OID_OFFSET(cp), Secp256r1, sizeof(Secp256r1))) {
+ ctx->curve_byte_count = 32;
+ ctx->required_algorithm = PSA_ALG_SHA_256;
+ } else if (!memcmp(CURVE_TYPE_OID_OFFSET(p), Secp384r1, sizeof(Secp384r1))) {
+ ctx->curve_byte_count = 48;
+ ctx->required_algorithm = PSA_ALG_SHA_384;
+ } else {
+ return (int)PSA_ERROR_INVALID_ARGUMENT;
+ }
+
+ get_public_key_from_rfc5280_encoding(cp, &key_size);
+ /* Set attributes and import key */
+ psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_VERIFY_HASH);
+ psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDSA(ctx->required_algorithm));
+ psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
+
+ return (int)psa_import_key(&key_attributes, *cp, key_size, &ctx->key_id);
+}
+
+/* Verify the signature against the provided hash. The signature gets parsed from
+ * the encoding first, then PSA Crypto has a dedicated API for ECDSA verification
+ */
+static inline int bootutil_ecdsa_verify(const bootutil_ecdsa_context *ctx,
+ uint8_t *hash, size_t hlen, uint8_t *sig, size_t slen)
+{
+ (void)slen;
+
+ uint8_t reformatted_signature[96] = {0}; /* Enough for P-384 signature sizes */
+ parse_signature_from_rfc5480_encoding(sig, ctx->curve_byte_count,reformatted_signature);
+
+ return (int) psa_verify_hash(ctx->key_id, PSA_ALG_ECDSA(ctx->required_algorithm),
+ hash, hlen, reformatted_signature, 2*ctx->curve_byte_count);
+}
+#elif defined(MCUBOOT_USE_MBED_TLS)
+
+typedef mbedtls_ecdsa_context bootutil_ecdsa_context;
+static inline void bootutil_ecdsa_init(bootutil_ecdsa_context *ctx)
+{
+ mbedtls_ecdsa_init(ctx);
+}
+
+static inline void bootutil_ecdsa_drop(bootutil_ecdsa_context *ctx)
+{
+ mbedtls_ecdsa_free(ctx);
+}
+
+#ifdef CY_MBEDTLS_HW_ACCELERATION
+/*
+ * Parse the public key used for signing.
+ */
+static int bootutil_parse_eckey(bootutil_ecdsa_context *ctx, uint8_t **p, uint8_t *end)
+{
+ size_t len;
+ mbedtls_asn1_buf alg;
+ mbedtls_asn1_buf param;
+
+ if (mbedtls_asn1_get_tag(p, end, &len,
+ MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
+ return -1;
+ }
+ end = *p + len;
+
+ if (mbedtls_asn1_get_alg(p, end, &alg, ¶m)) {
+ return -2;
+ }
+ if (alg.MBEDTLS_CONTEXT_MEMBER(len) != sizeof(ec_pubkey_oid) - 1 ||
+ memcmp(alg.MBEDTLS_CONTEXT_MEMBER(p), ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
+ return -3;
+ }
+ if (param.MBEDTLS_CONTEXT_MEMBER(len) != sizeof(ec_secp256r1_oid) - 1||
+ memcmp(param.MBEDTLS_CONTEXT_MEMBER(p), ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) {
+ return -4;
+ }
+
+ if (mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP256R1)) {
+ return -5;
+ }
+
+ if (mbedtls_asn1_get_bitstring_null(p, end, &len)) {
+ return -6;
+ }
+ if (*p + len != end) {
+ return -7;
+ }
+
+ if (mbedtls_ecp_point_read_binary(&ctx->grp, &ctx->Q, *p, end - *p)) {
+ return -8;
+ }
+
+ if (mbedtls_ecp_check_pubkey(&ctx->grp, &ctx->Q)) {
+ return -9;
+ }
+ return 0;
+}
+
+static inline int bootutil_ecdsa_verify(bootutil_ecdsa_context *ctx,
+ uint8_t *pk, size_t pk_len,
+ uint8_t *hash, size_t hash_len,
+ uint8_t *sig, size_t sig_len)
+{
+ (void)pk;
+ (void)pk_len;
+
+ /*
+ * This is simplified, as the hash length is also 32 bytes.
+ */
+ while (sig[sig_len - 1] == '\0') {
+ sig_len--;
+ }
+ return mbedtls_ecdsa_read_signature(&ctx, hash, hash_len, sig, sig_len);
+}
+
+#else /* CY_MBEDTLS_HW_ACCELERATION */
+
+static inline int bootutil_ecdsa_verify(bootutil_ecdsa_context *ctx,
+ uint8_t *pk, size_t pk_len,
+ uint8_t *hash, size_t hash_len,
+ uint8_t *sig, size_t sig_len)
+{
+ int rc;
+
+ (void)sig;
+ (void)hash;
+ (void)hash_len;
+
+ rc = mbedtls_ecp_group_load(&ctx->MBEDTLS_CONTEXT_MEMBER(grp), MBEDTLS_ECP_DP_SECP256R1);
+ if (rc) {
+ return -1;
+ }
+
+ rc = mbedtls_ecp_point_read_binary(&ctx->MBEDTLS_CONTEXT_MEMBER(grp), &ctx->MBEDTLS_CONTEXT_MEMBER(Q), pk, pk_len);
+ if (rc) {
+ return -1;
+ }
+
+ rc = mbedtls_ecp_check_pubkey(&ctx->MBEDTLS_CONTEXT_MEMBER(grp), &ctx->MBEDTLS_CONTEXT_MEMBER(Q));
+ if (rc) {
+ return -1;
+ }
+
+ rc = mbedtls_ecdsa_read_signature(ctx, hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE,
+ sig, sig_len);
+ if (rc) {
+ return -1;
+ }
+
+ return 0;
+}
+
+#endif /* CY_MBEDTLS_HW_ACCELERATION */
+
+static inline int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
+ uint8_t **cp,uint8_t *end)
+{
+ int rc;
+#ifdef CY_MBEDTLS_HW_ACCELERATION
+ rc = bootutil_parse_eckey(&ctx, cp, end);
+#else
+ (void)ctx;
+ rc = bootutil_import_key(cp, end);
+#endif
+ return rc;
+}
+
+#endif /* MCUBOOT_USE_MBED_TLS */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* __BOOTUTIL_CRYPTO_ECDSA_H_ */
diff --git a/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h b/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h
deleted file mode 100644
index a5e10de..0000000
--- a/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h
+++ /dev/null
@@ -1,580 +0,0 @@
-/*
- * SPDX-License-Identifier: Apache-2.0
- *
- * Copyright (c) 2023 Arm Limited
- */
-
-/*
- * This module provides a thin abstraction over some of the crypto
- * primitives to make it easier to swap out the used crypto library.
- *
- * At this point, the choices are: MCUBOOT_USE_TINYCRYPT, MCUBOOT_USE_CC310,
- * MCUBOOT_USE_MBED_TLS, MCUBOOT_USE_PSA_CRYPTO. Note that support for
- * MCUBOOT_USE_PSA_CRYPTO is still experimental and it might not support all
- * the crypto abstractions that MCUBOOT_USE_MBED_TLS supports. For this
- * reason, it's allowed to have both of them defined, and for crypto modules
- * that support both abstractions, the MCUBOOT_USE_PSA_CRYPTO will take
- * precedence.
- */
-
-#ifndef __BOOTUTIL_CRYPTO_ECDSA_P256_H_
-#define __BOOTUTIL_CRYPTO_ECDSA_P256_H_
-
-#include "mcuboot_config/mcuboot_config.h"
-
-#if defined(MCUBOOT_USE_PSA_CRYPTO) || defined(MCUBOOT_USE_MBED_TLS)
-#define MCUBOOT_USE_PSA_OR_MBED_TLS
-#endif /* MCUBOOT_USE_PSA_CRYPTO || MCUBOOT_USE_MBED_TLS */
-
-#if (defined(MCUBOOT_USE_TINYCRYPT) + \
- defined(MCUBOOT_USE_CC310) + \
- defined(MCUBOOT_USE_PSA_OR_MBED_TLS)) != 1
- #error "One crypto backend must be defined: either CC310/TINYCRYPT/MBED_TLS/PSA_CRYPTO"
-#endif
-
-#if defined(MCUBOOT_USE_TINYCRYPT)
- #include <tinycrypt/ecc_dsa.h>
- #include <tinycrypt/constants.h>
- #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)
-#endif /* MCUBOOT_USE_TINYCRYPT */
-
-#if defined(MCUBOOT_USE_CC310)
- #include <cc310_glue.h>
- #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)
-#endif /* MCUBOOT_USE_CC310 */
-
-#if defined(MCUBOOT_USE_PSA_CRYPTO)
- #include <psa/crypto.h>
- #include <string.h>
-#elif defined(MCUBOOT_USE_MBED_TLS)
- #include <mbedtls/ecdsa.h>
- #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)
- /* Indicate to the caller that the verify function needs the raw ASN.1
- * signature, not a decoded one. */
- #define MCUBOOT_ECDSA_NEED_ASN1_SIG
-#endif /* MCUBOOT_USE_MBED_TLS */
-
-/*TODO: remove this after cypress port mbedtls to abstract crypto api */
-#if defined(MCUBOOT_USE_CC310) || defined(MCUBOOT_USE_MBED_TLS)
-#define NUM_ECC_BYTES (256 / 8)
-#endif
-
-#include "mbedtls/oid.h"
-#include "mbedtls/asn1.h"
-#include "bootutil/sign_key.h"
-#include "common.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#if defined(MCUBOOT_USE_TINYCRYPT) || defined(MCUBOOT_USE_MBED_TLS) || defined(MCUBOOT_USE_CC310)
-/*
- * Declaring these like this adds NULL termination.
- */
-static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_EC_ALG_UNRESTRICTED;
-static const uint8_t ec_secp256r1_oid[] = MBEDTLS_OID_EC_GRP_SECP256R1;
-
-/*
- * Parse a public key. Helper function.
- */
-static int bootutil_import_key(uint8_t **cp, uint8_t *end)
-{
- size_t len;
- mbedtls_asn1_buf alg;
- mbedtls_asn1_buf param;
-
- if (mbedtls_asn1_get_tag(cp, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
- return -1;
- }
- end = *cp + len;
-
- /* ECParameters (RFC5480) */
- if (mbedtls_asn1_get_alg(cp, end, &alg, ¶m)) {
- return -2;
- }
- /* id-ecPublicKey (RFC5480) */
- if (alg.MBEDTLS_CONTEXT_MEMBER(len) != sizeof(ec_pubkey_oid) - 1 ||
- memcmp(alg.MBEDTLS_CONTEXT_MEMBER(p), ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
- return -3;
- }
- /* namedCurve (RFC5480) */
- if (param.MBEDTLS_CONTEXT_MEMBER(len) != sizeof(ec_secp256r1_oid) - 1 ||
- memcmp(param.MBEDTLS_CONTEXT_MEMBER(p), ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) {
- return -4;
- }
- /* ECPoint (RFC5480) */
- if (mbedtls_asn1_get_bitstring_null(cp, end, &len)) {
- return -6;
- }
- if (*cp + len != end) {
- return -7;
- }
-
- if (len != 2 * NUM_ECC_BYTES + 1) {
- return -8;
- }
-
- return 0;
-}
-#endif /* MCUBOOT_USE_TINYCRYPT || MCUBOOT_USE_MBED_TLS || MCUBOOT_USE_CC310 */
-
-#if defined(MCUBOOT_USE_TINYCRYPT)
-#ifndef MCUBOOT_ECDSA_NEED_ASN1_SIG
-/*
- * cp points to ASN1 string containing an integer.
- * Verify the tag, and that the length is 32 bytes. Helper function.
- */
-static int bootutil_read_bigint(uint8_t i[NUM_ECC_BYTES], uint8_t **cp, uint8_t *end)
-{
- size_t len;
-
- if (mbedtls_asn1_get_tag(cp, end, &len, MBEDTLS_ASN1_INTEGER)) {
- return -3;
- }
-
- if (len >= NUM_ECC_BYTES) {
- memcpy(i, *cp + len - NUM_ECC_BYTES, NUM_ECC_BYTES);
- } else {
- memset(i, 0, NUM_ECC_BYTES - len);
- memcpy(i + NUM_ECC_BYTES - len, *cp, len);
- }
- *cp += len;
- return 0;
-}
-
-/*
- * Read in signature. Signature has r and s encoded as integers. Helper function.
- */
-static int bootutil_decode_sig(uint8_t signature[NUM_ECC_BYTES * 2], uint8_t *cp, uint8_t *end)
-{
- int rc;
- size_t len;
-
- rc = mbedtls_asn1_get_tag(&cp, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
- if (rc) {
- return -1;
- }
- if (cp + len > end) {
- return -2;
- }
-
- rc = bootutil_read_bigint(signature, &cp, end);
- if (rc) {
- return -3;
- }
- rc = bootutil_read_bigint(signature + NUM_ECC_BYTES, &cp, end);
- if (rc) {
- return -4;
- }
- return 0;
-}
-#endif /* not MCUBOOT_ECDSA_NEED_ASN1_SIG */
-
-typedef uintptr_t bootutil_ecdsa_p256_context;
-static inline void bootutil_ecdsa_p256_init(bootutil_ecdsa_p256_context *ctx)
-{
- (void)ctx;
-}
-
-static inline void bootutil_ecdsa_p256_drop(bootutil_ecdsa_p256_context *ctx)
-{
- (void)ctx;
-}
-
-static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,
- uint8_t *pk, size_t pk_len,
- uint8_t *hash, size_t hash_len,
- uint8_t *sig, size_t sig_len)
-{
- int rc;
- (void)ctx;
- (void)pk_len;
- (void)sig_len;
- (void)hash_len;
-
- uint8_t signature[2 * NUM_ECC_BYTES];
- rc = bootutil_decode_sig(signature, sig, sig + sig_len);
- if (rc) {
- return -1;
- }
-
- /* Only support uncompressed keys. */
- if (pk[0] != 0x04) {
- return -1;
- }
- pk++;
-
- rc = uECC_verify(pk, hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE, signature, uECC_secp256r1());
- if (rc != TC_CRYPTO_SUCCESS) {
- return -1;
- }
- return 0;
-}
-
-static inline int bootutil_ecdsa_p256_parse_public_key(bootutil_ecdsa_p256_context *ctx,
- uint8_t **cp,uint8_t *end)
-{
- (void)ctx;
- return bootutil_import_key(cp, end);
-}
-#endif /* MCUBOOT_USE_TINYCRYPT */
-
-#if defined(MCUBOOT_USE_CC310)
-typedef uintptr_t bootutil_ecdsa_p256_context;
-static inline void bootutil_ecdsa_p256_init(bootutil_ecdsa_p256_context *ctx)
-{
- (void)ctx;
-}
-
-static inline void bootutil_ecdsa_p256_drop(bootutil_ecdsa_p256_context *ctx)
-{
- (void)ctx;
-}
-
-static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,
- uint8_t *pk, size_t pk_len,
- uint8_t *hash, size_t hash_len,
- uint8_t *sig, size_t sig_len)
-{
- (void)ctx;
- (void)pk_len;
- (void)sig_len;
- (void)hash_len;
-
- /* Only support uncompressed keys. */
- if (pk[0] != 0x04) {
- return -1;
- }
- pk++;
-
- return cc310_ecdsa_verify_secp256r1(hash, pk, sig, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE);
-}
-
-static inline int bootutil_ecdsa_p256_parse_public_key(bootutil_ecdsa_p256_context *ctx,
- uint8_t **cp,uint8_t *end)
-{
- (void)ctx;
- return bootutil_import_key(cp, end);
-}
-#endif /* MCUBOOT_USE_CC310 */
-
-#if defined(MCUBOOT_USE_PSA_CRYPTO)
-typedef struct {
- psa_key_id_t key_id;
- size_t curve_byte_count;
- psa_algorithm_t required_algorithm;
-} bootutil_ecdsa_p256_context;
-
-/* ECDSA public key with format specified in RFC5280 et al. in ASN.1 syntax
- *
- * SEQUENCE {
- * SEQUENCE {
- * OBJECT idEcPublicKey
- * OBJECT namedCurve
- * }
- * BIT STRING publicKey
- * }
- *
- * ECDSA signature format specified in RFC3279 et al. in ASN.1 syntax
- *
- * SEQUENCE {
- * INTEGER r
- * INTEGER s
- * }
- *
- */
-
-/* Offset in bytes from the start of the encoding to the length field
- * of the innermost SEQUENCE in the ECDSA public key
- */
-#define PUB_KEY_LEN_OFF (3)
-
-/* Offset in bytes from the start of the publicKey encoding of the BIT STRING */
-#define PUB_KEY_VAL_OFF (3)
-
-/* Computes the pointer to the idEcPublicKey OID from the base of the encoding */
-#define PUB_KEY_OID_OFFSET(p) (*p + PUB_KEY_LEN_OFF+1)
-
-/* Computes the pointer to the namedCurve OID from the base of the encoding */
-#define CURVE_TYPE_OID_OFFSET(p) PUB_KEY_OID_OFFSET(p) + sizeof(IdEcPublicKey)
-
-/* This helper function gets a pointer to the bitstring associated to the publicKey
- * as encoded per RFC 5280. This function assumes that the public key encoding is not
- * bigger than 127 bytes (i.e. usually up until 384 bit curves)
- *
- * \param[in,out] p Double pointer to a buffer containing the RFC 5280 of the ECDSA public key.
- * On output, the pointer is updated to point to the start of the public key
- * in BIT STRING form.
- * \param[out] size Pointer to a buffer containing the size of the public key extracted
- *
- */
-static inline void get_public_key_from_rfc5280_encoding(uint8_t **p, size_t *size)
-{
- uint8_t *key_start = (*p) + (PUB_KEY_LEN_OFF + 1 + (*p)[PUB_KEY_LEN_OFF] + PUB_KEY_VAL_OFF);
- *p = key_start;
- *size = key_start[-2]-1; /* -2 from PUB_KEY_VAL_OFF to get the length, -1 to remove the ASN.1 padding byte count */
-}
-
-/* This helper function parses a signature as specified in RFC3279 into a pair
- * (r,s) of contiguous bytes
- *
- * \param[in] sig Pointer to a buffer containing the encoded signature
- * \param[in] num_of_curve_bytes The required number of bytes for r and s
- * \param[out] r_s_pair Buffer containing the (r,s) pair extracted. It's caller
- * responsibility to ensure the buffer is big enough to
- * hold the parsed (r,s) pair.
- */
-static inline void parse_signature_from_rfc5480_encoding(const uint8_t *sig,
- size_t num_of_curve_bytes,
- uint8_t *r_s_pair)
-{
- const uint8_t *sig_ptr = NULL;
-
- /* r or s can be greater than the expected size by one, due to the way
- * ASN.1 encodes signed integers. If either r or s starts with a bit 1,
- * a zero byte will be added in front of the encoding
- */
-
- /* sig[0] == 0x30, sig[1] == <length>, sig[2] == 0x02 */
-
- /* Move r in place */
- size_t r_len = sig[3];
- sig_ptr = &sig[4];
- if (r_len >= num_of_curve_bytes) {
- sig_ptr = sig_ptr + r_len - num_of_curve_bytes;
- memcpy(&r_s_pair[0], sig_ptr, num_of_curve_bytes);
- if(r_len % 2) {
- r_len--;
- }
- } else {
- /* For encodings that reduce the size of r or s in case of zeros */
- memcpy(&r_s_pair[num_of_curve_bytes - r_len], sig_ptr, r_len);
- }
-
- /* Move s in place */
- size_t s_len = sig_ptr[r_len+1]; /* + 1 to skip SEQUENCE */
- sig_ptr = &sig_ptr[r_len+2];
- if (s_len >= num_of_curve_bytes) {
- sig_ptr = sig_ptr + s_len - num_of_curve_bytes;
- memcpy(&r_s_pair[num_of_curve_bytes], sig_ptr, num_of_curve_bytes);
- } else {
- /* For encodings that reduce the size of r or s in case of zeros */
- memcpy(&r_s_pair[2*num_of_curve_bytes - s_len], sig_ptr, s_len);
- }
-}
-
-// OID id-ecPublicKey 1.2.840.10045.2.1.
-const uint8_t IdEcPublicKey[] = {0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01};
-// OID secp256r1 1.2.840.10045.3.1.7.
-const uint8_t Secp256r1[] = {0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07};
-// OID secp384r1 1.3.132.0.34
-const uint8_t Secp384r1[] = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22};
-
-static inline void bootutil_ecdsa_p256_init(bootutil_ecdsa_p256_context *ctx)
-{
- ctx->key_id = PSA_KEY_ID_NULL;
- ctx->curve_byte_count = 0;
- ctx->required_algorithm = 0;
-}
-
-static inline void bootutil_ecdsa_p256_drop(bootutil_ecdsa_p256_context *ctx)
-{
- if (ctx->key_id != PSA_KEY_ID_NULL) {
- (void)psa_destroy_key(ctx->key_id);
- }
-}
-
-/*
- * Parse a ECDSA public key with format specified in RFC5280 et al.
- *
- * OID for icEcPublicKey is 1.2.840.10045.2.1
- * OIDs for supported curves are as follows:
- * secp256r1 (prime256v1): 1.2.840.10045.3.1.7
- * secp384r1: 1.3.132.0.34
- */
-static inline int bootutil_ecdsa_p256_parse_public_key(bootutil_ecdsa_p256_context *ctx,
- uint8_t **cp, uint8_t *end)
-{
- psa_key_attributes_t key_attributes = psa_key_attributes_init();
- size_t key_size;
- (void)end;
-
- /* public key oid is valid */
- if (memcmp(PUB_KEY_OID_OFFSET(cp), IdEcPublicKey, sizeof(IdEcPublicKey))) {
- return (int)PSA_ERROR_INVALID_ARGUMENT;
- }
-
- if (!memcmp(CURVE_TYPE_OID_OFFSET(cp), Secp256r1, sizeof(Secp256r1))) {
- ctx->curve_byte_count = 32;
- ctx->required_algorithm = PSA_ALG_SHA_256;
- } else if (!memcmp(CURVE_TYPE_OID_OFFSET(p), Secp384r1, sizeof(Secp384r1))) {
- ctx->curve_byte_count = 48;
- ctx->required_algorithm = PSA_ALG_SHA_384;
- } else {
- return (int)PSA_ERROR_INVALID_ARGUMENT;
- }
-
- get_public_key_from_rfc5280_encoding(cp, &key_size);
- /* Set attributes and import key */
- psa_set_key_usage_flags(&key_attributes, PSA_KEY_USAGE_VERIFY_HASH);
- psa_set_key_algorithm(&key_attributes, PSA_ALG_ECDSA(ctx->required_algorithm));
- psa_set_key_type(&key_attributes, PSA_KEY_TYPE_ECC_PUBLIC_KEY(PSA_ECC_FAMILY_SECP_R1));
-
- return (int)psa_import_key(&key_attributes, *cp, key_size, &ctx->key_id);
-}
-
-/* Verify the signature against the provided hash. The signature gets parsed from
- * the encoding first, then PSA Crypto has a dedicated API for ECDSA verification
- */
-static inline int bootutil_ecdsa_p256_verify(const bootutil_ecdsa_p256_context *ctx,
- uint8_t *hash, size_t hlen, uint8_t *sig, size_t slen)
-{
- (void)slen;
-
- uint8_t reformatted_signature[96] = {0}; /* Enough for P-384 signature sizes */
- parse_signature_from_rfc5480_encoding(sig, ctx->curve_byte_count,reformatted_signature);
-
- return (int) psa_verify_hash(ctx->key_id, PSA_ALG_ECDSA(ctx->required_algorithm),
- hash, hlen, reformatted_signature, 2*ctx->curve_byte_count);
-}
-#elif defined(MCUBOOT_USE_MBED_TLS)
-
-typedef mbedtls_ecdsa_context bootutil_ecdsa_p256_context;
-static inline void bootutil_ecdsa_p256_init(bootutil_ecdsa_p256_context *ctx)
-{
- mbedtls_ecdsa_init(ctx);
-}
-
-static inline void bootutil_ecdsa_p256_drop(bootutil_ecdsa_p256_context *ctx)
-{
- mbedtls_ecdsa_free(ctx);
-}
-
-#ifdef CY_MBEDTLS_HW_ACCELERATION
-/*
- * Parse the public key used for signing.
- */
-static int bootutil_parse_eckey(bootutil_ecdsa_p256_context *ctx, uint8_t **p, uint8_t *end)
-{
- size_t len;
- mbedtls_asn1_buf alg;
- mbedtls_asn1_buf param;
-
- if (mbedtls_asn1_get_tag(p, end, &len,
- MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
- return -1;
- }
- end = *p + len;
-
- if (mbedtls_asn1_get_alg(p, end, &alg, ¶m)) {
- return -2;
- }
- if (alg.MBEDTLS_CONTEXT_MEMBER(len) != sizeof(ec_pubkey_oid) - 1 ||
- memcmp(alg.MBEDTLS_CONTEXT_MEMBER(p), ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
- return -3;
- }
- if (param.MBEDTLS_CONTEXT_MEMBER(len) != sizeof(ec_secp256r1_oid) - 1||
- memcmp(param.MBEDTLS_CONTEXT_MEMBER(p), ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) {
- return -4;
- }
-
- if (mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP256R1)) {
- return -5;
- }
-
- if (mbedtls_asn1_get_bitstring_null(p, end, &len)) {
- return -6;
- }
- if (*p + len != end) {
- return -7;
- }
-
- if (mbedtls_ecp_point_read_binary(&ctx->grp, &ctx->Q, *p, end - *p)) {
- return -8;
- }
-
- if (mbedtls_ecp_check_pubkey(&ctx->grp, &ctx->Q)) {
- return -9;
- }
- return 0;
-}
-
-static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,
- uint8_t *pk, size_t pk_len,
- uint8_t *hash, size_t hash_len,
- uint8_t *sig, size_t sig_len)
-{
- (void)pk;
- (void)pk_len;
-
- /*
- * This is simplified, as the hash length is also 32 bytes.
- */
- while (sig[sig_len - 1] == '\0') {
- sig_len--;
- }
- return mbedtls_ecdsa_read_signature(&ctx, hash, hash_len, sig, sig_len);
-}
-
-#else /* CY_MBEDTLS_HW_ACCELERATION */
-
-static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,
- uint8_t *pk, size_t pk_len,
- uint8_t *hash, size_t hash_len,
- uint8_t *sig, size_t sig_len)
-{
- int rc;
-
- (void)sig;
- (void)hash;
- (void)hash_len;
-
- rc = mbedtls_ecp_group_load(&ctx->MBEDTLS_CONTEXT_MEMBER(grp), MBEDTLS_ECP_DP_SECP256R1);
- if (rc) {
- return -1;
- }
-
- rc = mbedtls_ecp_point_read_binary(&ctx->MBEDTLS_CONTEXT_MEMBER(grp), &ctx->MBEDTLS_CONTEXT_MEMBER(Q), pk, pk_len);
- if (rc) {
- return -1;
- }
-
- rc = mbedtls_ecp_check_pubkey(&ctx->MBEDTLS_CONTEXT_MEMBER(grp), &ctx->MBEDTLS_CONTEXT_MEMBER(Q));
- if (rc) {
- return -1;
- }
-
- rc = mbedtls_ecdsa_read_signature(ctx, hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE,
- sig, sig_len);
- if (rc) {
- return -1;
- }
-
- return 0;
-}
-
-#endif /* CY_MBEDTLS_HW_ACCELERATION */
-
-static inline int bootutil_ecdsa_p256_parse_public_key(bootutil_ecdsa_p256_context *ctx,
- uint8_t **cp,uint8_t *end)
-{
- int rc;
-#ifdef CY_MBEDTLS_HW_ACCELERATION
- rc = bootutil_parse_eckey(&ctx, cp, end);
-#else
- (void)ctx;
- rc = bootutil_import_key(cp, end);
-#endif
- return rc;
-}
-
-#endif /* MCUBOOT_USE_MBED_TLS */
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __BOOTUTIL_CRYPTO_ECDSA_P256_H_ */
diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c
deleted file mode 100644
index b06c281..0000000
--- a/boot/bootutil/src/image_ec256.c
+++ /dev/null
@@ -1,69 +0,0 @@
-/*
- * SPDX-License-Identifier: Apache-2.0
- *
- * Copyright (c) 2016-2019 JUUL Labs
- * Copyright (c) 2017 Linaro LTD
- * Copyright (C) 2021-2023 Arm Limited
- *
- * Original license:
- *
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements. See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership. The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License. You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied. See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
-#include <string.h>
-
-#include "mcuboot_config/mcuboot_config.h"
-
-#ifdef MCUBOOT_SIGN_EC256
-
-#include "bootutil_priv.h"
-#include "bootutil/fault_injection_hardening.h"
-#include "bootutil/crypto/ecdsa_p256.h"
-
-fih_ret
-bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
- uint8_t key_id)
-{
- int rc;
- bootutil_ecdsa_p256_context ctx;
- FIH_DECLARE(fih_rc, FIH_FAILURE);
- uint8_t *pubkey;
- uint8_t *end;
-
- pubkey = (uint8_t *)bootutil_keys[key_id].key;
- end = pubkey + *bootutil_keys[key_id].len;
- bootutil_ecdsa_p256_init(&ctx);
-
- rc = bootutil_ecdsa_p256_parse_public_key(&ctx, &pubkey, end);
- if (rc) {
- goto out;
- }
-
- rc = bootutil_ecdsa_p256_verify(&ctx, pubkey, end-pubkey, hash, hlen, sig, slen);
- fih_rc = fih_ret_encode_zero_equality(rc);
- if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
- FIH_SET(fih_rc, FIH_FAILURE);
- }
-
-out:
- bootutil_ecdsa_p256_drop(&ctx);
-
- FIH_RET(fih_rc);
-}
-
-#endif /* MCUBOOT_SIGN_EC256 */
diff --git a/boot/bootutil/src/image_ecdsa.c b/boot/bootutil/src/image_ecdsa.c
index 53e5db1..1acfd54 100644
--- a/boot/bootutil/src/image_ecdsa.c
+++ b/boot/bootutil/src/image_ecdsa.c
@@ -1,64 +1,69 @@
-/*
- * SPDX-License-Identifier: Apache-2.0
- *
- * Copyright (c) 2023 Arm Limited
- */
-
-#include <string.h>
-
-#include "mcuboot_config/mcuboot_config.h"
-
-#ifdef MCUBOOT_SIGN_ECDSA
-#include "bootutil_priv.h"
-#include "bootutil/sign_key.h"
-#include "bootutil/fault_injection_hardening.h"
-
-#include "bootutil/crypto/ecdsa.h"
-
-static fih_ret
-bootutil_cmp_ecdsa_sig(bootutil_ecdsa_context *ctx, uint8_t *hash, uint32_t hlen,
- uint8_t *sig, size_t slen)
-{
- int rc = -1;
- FIH_DECLARE(fih_rc, FIH_FAILURE);
-
- /* PSA Crypto APIs allow the verification in a single call */
- rc = bootutil_ecdsa_verify(ctx, hash, hlen, sig, slen);
-
- fih_rc = fih_ret_encode_zero_equality(rc);
- if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
- FIH_SET(fih_rc, FIH_FAILURE);
- }
-
- FIH_RET(fih_rc);
-}
-
-fih_ret
-bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
- uint8_t key_id)
-{
- int rc = -1;
- FIH_DECLARE(fih_rc, FIH_FAILURE);
- uint8_t *cp;
- uint8_t *end;
- bootutil_ecdsa_context ctx;
-
- bootutil_ecdsa_init(&ctx);
-
- cp = (uint8_t *)bootutil_keys[key_id].key;
- end = cp + *bootutil_keys[key_id].len;
-
- /* The key used for signature verification is a public ECDSA key */
- rc = bootutil_ecdsa_parse_public_key(&ctx, &cp, end);
- if (rc) {
- goto out;
- }
-
- FIH_CALL(bootutil_cmp_ecdsa_sig, fih_rc, &ctx, hash, hlen, sig, slen);
-
-out:
- bootutil_ecdsa_drop(&ctx);
-
- FIH_RET(fih_rc);
-}
-#endif /* MCUBOOT_SIGN_ECDSA */
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Copyright (c) 2016-2019 JUUL Labs
+ * Copyright (c) 2017 Linaro LTD
+ * Copyright (C) 2021-2023 Arm Limited
+ *
+ * Original license:
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include <string.h>
+
+#include "mcuboot_config/mcuboot_config.h"
+
+#if defined(MCUBOOT_SIGN_EC256) || defined(MCUBOOT_SIGN_EC384)
+
+#include "bootutil_priv.h"
+#include "bootutil/fault_injection_hardening.h"
+#include "bootutil/crypto/ecdsa.h"
+
+fih_ret
+bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
+ uint8_t key_id)
+{
+ int rc;
+ bootutil_ecdsa_context ctx;
+ FIH_DECLARE(fih_rc, FIH_FAILURE);
+ uint8_t *pubkey;
+ uint8_t *end;
+
+ pubkey = (uint8_t *)bootutil_keys[key_id].key;
+ end = pubkey + *bootutil_keys[key_id].len;
+ bootutil_ecdsa_init(&ctx);
+
+ rc = bootutil_ecdsa_parse_public_key(&ctx, &pubkey, end);
+ if (rc) {
+ goto out;
+ }
+
+ rc = bootutil_ecdsa_verify(&ctx, pubkey, end-pubkey, hash, hlen, sig, slen);
+ fih_rc = fih_ret_encode_zero_equality(rc);
+ if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
+ FIH_SET(fih_rc, FIH_FAILURE);
+ }
+
+out:
+ bootutil_ecdsa_drop(&ctx);
+
+ FIH_RET(fih_rc);
+}
+
+#endif /* MCUBOOT_SIGN_EC256 || MCUBOOT_SIGN_EC384 */
diff --git a/boot/espressif/CMakeLists.txt b/boot/espressif/CMakeLists.txt
index a235e00..f9588d5 100644
--- a/boot/espressif/CMakeLists.txt
+++ b/boot/espressif/CMakeLists.txt
@@ -134,7 +134,7 @@
${BOOTUTIL_DIR}/src/encrypted.c
${BOOTUTIL_DIR}/src/fault_injection_hardening.c
${BOOTUTIL_DIR}/src/fault_injection_hardening_delay_rng_mbedtls.c
- ${BOOTUTIL_DIR}/src/image_ec256.c
+ ${BOOTUTIL_DIR}/src/image_ecdsa.c
${BOOTUTIL_DIR}/src/image_ed25519.c
${BOOTUTIL_DIR}/src/image_rsa.c
${BOOTUTIL_DIR}/src/image_validate.c
diff --git a/boot/zephyr/CMakeLists.txt b/boot/zephyr/CMakeLists.txt
index 34a39db..998464b 100644
--- a/boot/zephyr/CMakeLists.txt
+++ b/boot/zephyr/CMakeLists.txt
@@ -100,7 +100,7 @@
${BOOT_DIR}/bootutil/src/tlv.c
${BOOT_DIR}/bootutil/src/encrypted.c
${BOOT_DIR}/bootutil/src/image_rsa.c
- ${BOOT_DIR}/bootutil/src/image_ec256.c
+ ${BOOT_DIR}/bootutil/src/image_ecdsa.c
${BOOT_DIR}/bootutil/src/image_ed25519.c
${BOOT_DIR}/bootutil/src/bootutil_misc.c
${BOOT_DIR}/bootutil/src/fault_injection_hardening.c
diff --git a/sim/mcuboot-sys/build.rs b/sim/mcuboot-sys/build.rs
index acc2af2..dd92988 100644
--- a/sim/mcuboot-sys/build.rs
+++ b/sim/mcuboot-sys/build.rs
@@ -359,7 +359,7 @@
conf.file("../../boot/bootutil/src/image_rsa.c");
} else if sig_ecdsa || sig_ecdsa_mbedtls {
conf.conf.include("../../ext/mbedtls/include");
- conf.file("../../boot/bootutil/src/image_ec256.c");
+ conf.file("../../boot/bootutil/src/image_ecdsa.c");
} else if sig_ed25519 {
conf.file("../../boot/bootutil/src/image_ed25519.c");
}