Add ecdsa signing support to the simulator
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/sim/src/ecdsa_pub_key-rs.txt b/sim/src/ecdsa_pub_key-rs.txt
new file mode 100644
index 0000000..b63f6b0
--- /dev/null
+++ b/sim/src/ecdsa_pub_key-rs.txt
@@ -0,0 +1,14 @@
+static ECDSA256_PUB_KEY: &'static [u8] = &[
+ 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a,
+ 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
+ 0x42, 0x00, 0x04, 0x2a, 0xcb, 0x40, 0x3c, 0xe8,
+ 0xfe, 0xed, 0x5b, 0xa4, 0x49, 0x95, 0xa1, 0xa9,
+ 0x1d, 0xae, 0xe8, 0xdb, 0xbe, 0x19, 0x37, 0xcd,
+ 0x14, 0xfb, 0x2f, 0x24, 0x57, 0x37, 0xe5, 0x95,
+ 0x39, 0x88, 0xd9, 0x94, 0xb9, 0xd6, 0x5a, 0xeb,
+ 0xd7, 0xcd, 0xd5, 0x30, 0x8a, 0xd6, 0xfe, 0x48,
+ 0xb2, 0x4a, 0x6a, 0x81, 0x0e, 0xe5, 0xf0, 0x7d,
+ 0x8b, 0x68, 0x34, 0xcc, 0x3a, 0x6a, 0xfc, 0x53,
+ 0x8e, 0xfa, 0xc1,
+];
diff --git a/sim/src/lib.rs b/sim/src/lib.rs
index 1314c42..b83e31b 100644
--- a/sim/src/lib.rs
+++ b/sim/src/lib.rs
@@ -887,7 +887,13 @@
TlvGen::new_rsa_pss()
}
+#[cfg(feature = "sig-ecdsa")]
+fn make_tlv() -> TlvGen {
+ TlvGen::new_ecdsa()
+}
+
#[cfg(not(feature = "sig-rsa"))]
+#[cfg(not(feature = "sig-ecdsa"))]
fn make_tlv() -> TlvGen {
TlvGen::new_hash_only()
}
diff --git a/sim/src/tlv.rs b/sim/src/tlv.rs
index f2191f6..79e89fd 100644
--- a/sim/src/tlv.rs
+++ b/sim/src/tlv.rs
@@ -12,6 +12,7 @@
use pem;
use ring::{digest, rand, signature};
use untrusted;
+use mcuboot_sys::c;
#[repr(u8)]
#[derive(Copy, Clone, PartialEq, Eq)]
@@ -53,6 +54,16 @@
}
}
+ #[allow(dead_code)]
+ pub fn new_ecdsa() -> TlvGen {
+ TlvGen {
+ flags: 0,
+ kinds: vec![TlvKinds::SHA256, TlvKinds::KEYHASH, TlvKinds::ECDSA256],
+ size: 4 + 32 + 4 + 72,
+ payload: vec![],
+ }
+ }
+
/// Retrieve the header flags for this configuration. This can be called at any time.
pub fn get_flags(&self) -> u32 {
self.flags
@@ -68,6 +79,37 @@
self.payload.extend_from_slice(bytes);
}
+ /// Create a DER representation of one ec curve point
+ fn _make_der_int(&self, x: &[u8]) -> Vec<u8> {
+ assert!(x.len() == 32);
+
+ let mut i: Vec<u8> = vec![0x02];
+ if x[0] >= 0x7f {
+ i.push(33);
+ i.push(0);
+ } else {
+ i.push(32);
+ }
+ i.extend(x);
+ i
+ }
+
+ /// Create an ecdsa256 TLV
+ fn _make_der_sequence(&self, r: Vec<u8>, s: Vec<u8>) -> Vec<u8> {
+ let mut der: Vec<u8> = vec![0x30];
+ der.push(r.len() as u8 + s.len() as u8);
+ der.extend(r);
+ der.extend(s);
+ let mut size = der.len();
+ // must pad up to 72 bytes...
+ while size <= 72 {
+ der.push(0);
+ der[1] += 1;
+ size += 1;
+ }
+ der
+ }
+
/// Compute the TLV given the specified block of data.
pub fn make_tlv(self) -> Vec<u8> {
let mut result: Vec<u8> = vec![];
@@ -120,8 +162,59 @@
result.extend_from_slice(&signature);
}
+ if self.kinds.contains(&TlvKinds::ECDSA256) {
+ let keyhash = digest::digest(&digest::SHA256, ECDSA256_PUB_KEY);
+ let keyhash = keyhash.as_ref();
+
+ assert!(keyhash.len() == 32);
+ result.push(TlvKinds::KEYHASH as u8);
+ result.push(0);
+ result.push(32);
+ result.push(0);
+ result.extend_from_slice(keyhash);
+
+ let key_bytes = pem::parse(include_bytes!("../../root-ec-p256.pem").as_ref()).unwrap();
+ assert_eq!(key_bytes.tag, "EC PRIVATE KEY");
+
+ let hash = digest::digest(&digest::SHA256, &self.payload);
+ let hash = hash.as_ref();
+ assert!(hash.len() == 32);
+
+ /* FIXME
+ *
+ * Although `ring` has an ASN1 parser, it hides access
+ * to its low-level data, which was designed to be used
+ * by its internal signing/verifying functions. Since it does
+ * not yet support ecdsa signing, for the time being I am
+ * manually loading the key from its index in the PEM and
+ * building the TLV DER manually.
+ *
+ * Once ring gets ecdsa signing (hopefully soon!) this code
+ * should be updated to leverage its functionality...
+ */
+
+ /* Load key directly from PEM */
+ let key = &key_bytes.contents[7..39];
+
+ let signature = match c::ecdsa256_sign(&key, &hash) {
+ Ok(sign) => sign,
+ Err(_) => panic!("Failed signature generation"),
+ };
+
+ let r = self._make_der_int(&signature.to_vec()[..32]);
+ let s = self._make_der_int(&signature.to_vec()[32..64]);
+ let der = self._make_der_sequence(r, s);
+
+ result.push(TlvKinds::ECDSA256 as u8);
+ result.push(0);
+ result.push(der.len() as u8);
+ result.push(0);
+ result.extend(der);
+ }
+
result
}
}
include!("rsa_pub_key-rs.txt");
+include!("ecdsa_pub_key-rs.txt");