boot: Support Mbed TLS ECDSA for signatures
Add Mbed TLS ECDSA signature verification as an option (in addition to
Tinycrypt and the CC310 hardware version). Although the Mbed TLS ECDSA
verification code is both larger and slower, this will still save space
if there is another reason that the Mbed TLS code is already being
brought in for another reason (such as certificate management, for
example).
Mbed TLS's ECDSA verification works at a different level than the other
two libraries, so this takes a bit of reworking. There are some
additional parameters passed to the various functions, and a new define
MCUBOOT_ECDSA_NEED_ASN1_SIG to indicate that the ecdsa verification
wants the original ASN1 signature, not a decoded key.
This adds the boot changes and simulator support to test this configuration.
Signed-off-by: David Brown <david.brown@linaro.org>
diff --git a/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h b/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h
index b77cd34..fa26ffd 100644
--- a/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h
+++ b/boot/bootutil/include/bootutil/crypto/ecdsa_p256.h
@@ -15,7 +15,7 @@
#if (defined(MCUBOOT_USE_TINYCRYPT) + \
defined(MCUBOOT_USE_CC310) + \
defined(MCUBOOT_USE_MBED_TLS)) != 1
- #error "One crypto backend must be defined: either CC310 or TINYCRYPT"
+ #error "One crypto backend must be defined: either CC310, TINYCRYPT, or MBED_TLS"
#endif
#if defined(MCUBOOT_USE_TINYCRYPT)
@@ -29,6 +29,11 @@
#define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)
#endif /* MCUBOOT_USE_CC310 */
+#if defined(MCUBOOT_USE_MBED_TLS)
+ #include <mbedtls/ecdsa.h>
+ #define BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE (4 * 8)
+#endif
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -45,10 +50,22 @@
(void)ctx;
}
-static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx, const uint8_t *pk, const uint8_t *hash, const uint8_t *sig)
+static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,
+ const uint8_t *pk, size_t pk_len,
+ const uint8_t *hash,
+ const uint8_t *sig, size_t sig_len)
{
int rc;
(void)ctx;
+ (void)pk_len;
+ (void)sig_len;
+
+ /* Only support uncompressed keys. */
+ if (pk[0] != 0x04) {
+ return -1;
+ }
+ pk++;
+
rc = uECC_verify(pk, hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE, sig, uECC_secp256r1());
if (rc != TC_CRYPTO_SUCCESS) {
return -1;
@@ -69,13 +86,77 @@
(void)ctx;
}
-static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx, uint8_t *pk, uint8_t *hash, uint8_t *sig)
+static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,
+ uint8_t *pk, size_t pk_len,
+ uint8_t *hash,
+ uint8_t *sig, size_t sig_len)
{
(void)ctx;
+ (void)pk_len;
+ (void)sig_len;
+
+ /* Only support uncompressed keys. */
+ if (pk[0] != 0x04) {
+ return -1;
+ }
+ pk++;
+
return cc310_ecdsa_verify_secp256r1(hash, pk, sig, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE);
}
#endif /* MCUBOOT_USE_CC310 */
+#if defined(MCUBOOT_USE_MBED_TLS)
+
+/* Indicate to the caller that the verify function needs the raw ASN.1
+ * signature, not a decoded one. */
+#define MCUBOOT_ECDSA_NEED_ASN1_SIG
+
+typedef mbedtls_ecdsa_context bootutil_ecdsa_p256_context;
+static inline void bootutil_ecdsa_p256_init(bootutil_ecdsa_p256_context *ctx)
+{
+ mbedtls_ecdsa_init(ctx);
+}
+
+static inline void bootutil_ecdsa_p256_drop(bootutil_ecdsa_p256_context *ctx)
+{
+ mbedtls_ecdsa_free(ctx);
+}
+
+static inline int bootutil_ecdsa_p256_verify(bootutil_ecdsa_p256_context *ctx,
+ uint8_t *pk, size_t pk_len,
+ uint8_t *hash,
+ uint8_t *sig, size_t sig_len)
+{
+ int rc;
+
+ (void)sig;
+ (void)hash;
+
+ rc = mbedtls_ecp_group_load(&ctx->grp, MBEDTLS_ECP_DP_SECP256R1);
+ if (rc) {
+ return -1;
+ }
+
+ rc = mbedtls_ecp_point_read_binary(&ctx->grp, &ctx->Q, pk, pk_len);
+ if (rc) {
+ return -1;
+ }
+
+ rc = mbedtls_ecp_check_pubkey(&ctx->grp, &ctx->Q);
+ if (rc) {
+ return -1;
+ }
+
+ rc = mbedtls_ecdsa_read_signature(ctx, hash, BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE,
+ sig, sig_len);
+ if (rc) {
+ return -1;
+ }
+
+ return 0;
+}
+#endif /* MCUBOOT_USE_MBED_TLS */
+
#ifdef __cplusplus
}
#endif
diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c
index f5b8135..ccb67f3 100644
--- a/boot/bootutil/src/image_ec256.c
+++ b/boot/bootutil/src/image_ec256.c
@@ -30,10 +30,11 @@
#ifdef MCUBOOT_SIGN_EC256
/*TODO: remove this after cypress port mbedtls to abstract crypto api */
-#ifdef MCUBOOT_USE_CC310
+#if defined(MCUBOOT_USE_CC310) || defined(MCUBOOT_USE_MBED_TLS)
#define NUM_ECC_BYTES (256 / 8)
#endif
-#if defined (MCUBOOT_USE_TINYCRYPT) || defined (MCUBOOT_USE_CC310)
+#if defined(MCUBOOT_USE_TINYCRYPT) || defined(MCUBOOT_USE_CC310) || \
+ defined(MCUBOOT_USE_MBED_TLS)
#include "bootutil/sign_key.h"
#include "mbedtls/oid.h"
@@ -88,16 +89,11 @@
if (len != 2 * NUM_ECC_BYTES + 1) {
return -8;
}
- /* Is uncompressed? */
- if (*cp[0] != 0x04) {
- return -9;
- }
-
- (*cp)++;
return 0;
}
+#ifndef MCUBOOT_ECDSA_NEED_ASN1_SIG
/*
* cp points to ASN1 string containing an integer.
* Verify the tag, and that the length is 32 bytes.
@@ -149,6 +145,7 @@
}
return 0;
}
+#endif /* not MCUBOOT_ECDSA_NEED_ASN1_SIG */
int
bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
@@ -159,7 +156,9 @@
uint8_t *pubkey;
uint8_t *end;
+#ifndef MCUBOOT_ECDSA_NEED_ASN1_SIG
uint8_t signature[2 * NUM_ECC_BYTES];
+#endif
pubkey = (uint8_t *)bootutil_keys[key_id].key;
end = pubkey + *bootutil_keys[key_id].len;
@@ -169,10 +168,12 @@
return -1;
}
+#ifndef MCUBOOT_ECDSA_NEED_ASN1_SIG
rc = bootutil_decode_sig(signature, sig, sig + slen);
if (rc) {
return -1;
}
+#endif
/*
* This is simplified, as the hash length is also 32 bytes.
@@ -182,7 +183,12 @@
}
bootutil_ecdsa_p256_init(&ctx);
- rc = bootutil_ecdsa_p256_verify(&ctx, pubkey, hash, signature);
+#ifdef MCUBOOT_ECDSA_NEED_ASN1_SIG
+ rc = bootutil_ecdsa_p256_verify(&ctx, pubkey, end - pubkey, hash, sig, slen);
+#else
+ rc = bootutil_ecdsa_p256_verify(&ctx, pubkey, end - pubkey, hash, signature,
+ 2 * NUM_ECC_BYTES);
+#endif
bootutil_ecdsa_p256_drop(&ctx);
return rc;
}