commit 4f4833d4655fdafe5301c74624a68325137646e6
author Blaž Hrastnik <blaz@mxxn.io> Mon Sep 14 13:53:31 2020 +0900
committer David Brown <davidb@davidb.org> Mon Sep 28 09:08:44 2020 -0600
tree 754092db98bc10731e679eb417523837222bf32b
parent f62ea0c4643557db7c771276f192f9b467ea0100

Abstracting mcuboot crypto functions for cleaner porting and less of an ifdef hell.

- The enc_context needs to initialize.

boot_enc_load seems to always be used to start the process, so calling
init inside makes sense.

- Handle boot_encrypt getting called with size of 0.

- No need to free contexts because Zephyr sets MBEDTLS_PLATFORM_NO_STD_FUNCTIONS.

I don't quite like this because it's implicit and will leak memory on
other ports.

Signed-off-by: Blaž Hrastnik <blaz@mxxn.io>

boot/bootutil/src/image_ec256.c

diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c
index 84ece6a..ef99381 100644
--- a/boot/bootutil/src/image_ec256.c
+++ b/boot/bootutil/src/image_ec256.c
@@ -33,14 +33,7 @@
 
 #include "mbedtls/oid.h"
 #include "mbedtls/asn1.h"
-
-#ifdef MCUBOOT_USE_TINYCRYPT
-#include "tinycrypt/ecc_dsa.h"
-#endif
-#ifdef MCUBOOT_USE_CC310
-#include "cc310_glue.h"
-#define NUM_ECC_BYTES (4*8)
-#endif
+#include "bootutil/crypto/ecdsa_p256.h"
 #include "bootutil_priv.h"
 
 /*
@@ -96,6 +89,7 @@
     }
 
     (*cp)++;
+
     return 0;
 }
 
@@ -151,12 +145,12 @@
     return 0;
 }
 
-#ifdef MCUBOOT_USE_TINYCRYPT
 int
 bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
   uint8_t key_id)
 {
     int rc;
+    bootutil_ecdsa_p256_context ctx;
     uint8_t *pubkey;
     uint8_t *end;
 
@@ -182,56 +176,10 @@
         return -1;
     }
 
-    rc = uECC_verify(pubkey, hash, NUM_ECC_BYTES, signature, uECC_secp256r1());
-    if (rc == 1) {
-        return 0;
-    } else {
-        return -2;
-    }
-}
-#endif /* MCUBOOT_USE_TINYCRYPT */
-#ifdef MCUBOOT_USE_CC310
-int
-bootutil_verify_sig(uint8_t *hash,
-                    uint32_t hlen,
-                    uint8_t *sig,
-                    size_t slen,
-                    uint8_t key_id)
-{
-    int rc;
-    uint8_t *pubkey;
-    uint8_t *end;
-    uint8_t signature[2 * NUM_ECC_BYTES];
-
-    pubkey = (uint8_t *)bootutil_keys[key_id].key;
-    end = pubkey + *bootutil_keys[key_id].len;
-
-    rc = bootutil_import_key(&pubkey, end);
-    if (rc) {
-        return -1;
-    }
-
-    /* Decode signature */
-    rc = bootutil_decode_sig(signature, sig, sig + slen);
-    if (rc) {
-        return -1;
-    }
-
-    /*
-     * This is simplified, as the hash length is also 32 bytes.
-     */
-    if (hlen != NUM_ECC_BYTES) {
-        return -1;
-    }
-
-    /* Initialize and verify in one go */
-    rc = cc310_ecdsa_verify_secp256r1(hash, pubkey, signature, hlen);
-
-    if (rc != 0) {
-        return -2;
-    }
-
+    bootutil_ecdsa_p256_init(&ctx);
+    rc = bootutil_ecdsa_p256_verify(&ctx, pubkey, hash, signature);
+    bootutil_ecdsa_p256_drop(&ctx);
     return rc;
 }
-#endif /* MCUBOOT_USE_CC310 */
+
 #endif /* MCUBOOT_SIGN_EC256 */