Add ecdsa signing support
Since ring does not yet support ecdsa signing, a thin layer was added
to allow the simulator to call tinycrypt's signing routine.
Signed-off-by: Fabio Utzig <utzig@apache.org>
diff --git a/sim/mcuboot-sys/csupport/run.c b/sim/mcuboot-sys/csupport/run.c
index 7010988..d749e49 100644
--- a/sim/mcuboot-sys/csupport/run.c
+++ b/sim/mcuboot-sys/csupport/run.c
@@ -10,6 +10,10 @@
#include "../../../boot/bootutil/src/bootutil_priv.h"
+#ifdef MCUBOOT_SIGN_EC256
+#include "../../../ext/tinycrypt/lib/include/tinycrypt/ecc_dsa.h"
+#endif
+
#define BOOT_LOG_LEVEL BOOT_LOG_LEVEL_ERROR
#include <bootutil/bootutil_log.h>
@@ -22,6 +26,20 @@
int jumped = 0;
+int ecdsa256_sign_(const uint8_t *privkey, const uint8_t *hash,
+ unsigned hash_len, uint8_t *signature)
+{
+#ifdef MCUBOOT_SIGN_EC256
+ return uECC_sign(privkey, hash, hash_len, signature, uECC_secp256r1());
+#else
+ (void)privkey;
+ (void)hash;
+ (void)hash_len;
+ (void)signature;
+ return 0;
+#endif
+}
+
uint8_t sim_flash_align = 1;
uint8_t flash_area_align(const struct flash_area *area)
{
diff --git a/sim/mcuboot-sys/src/c.rs b/sim/mcuboot-sys/src/c.rs
index dd2aac3..9f364cb 100644
--- a/sim/mcuboot-sys/src/c.rs
+++ b/sim/mcuboot-sys/src/c.rs
@@ -44,6 +44,17 @@
unsafe { raw::BOOT_MAX_ALIGN as usize }
}
+pub fn ecdsa256_sign(privkey: &[u8], hash: &[u8]) -> Result<[u8; 64], &'static str> {
+ unsafe {
+ let mut signature: [u8; 64] = [0; 64];
+ if raw::ecdsa256_sign_(privkey.as_ptr(), hash.as_ptr(),
+ hash.len() as u32, signature.as_mut_ptr()) == 1 {
+ return Ok(signature);
+ }
+ return Err("Failed signature generation");
+ }
+}
+
mod raw {
use area::CAreaDesc;
use libc;
@@ -60,5 +71,9 @@
pub static BOOT_MAGIC_SZ: u32;
pub static BOOT_MAX_ALIGN: u32;
+
+ pub fn ecdsa256_sign_(privkey: *const u8, hash: *const u8,
+ hash_len: libc::c_uint,
+ signature: *mut u8) -> libc::c_int;
}
}