TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 006994b7547e9d69342a027e5b8fb69d632653e9 / . / boot / bootutil / src / image_ec256.c
blob: dbaea76e1536a985f483f96578cb67979566f591 [file] [log] [blame]
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]1/*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
Marko Kiiskila755daed2016-12-30 18:53:13 -0800[diff] [blame]20#include <string.h>
21
Fabio Utzigba1fbe62017-07-21 14:01:20 -0300[diff] [blame]22#include "mcuboot_config/mcuboot_config.h"
Fabio Utzigeed80b62017-06-10 08:03:05 -0300[diff] [blame]23
Fabio Utzig19356bf2017-05-11 16:19:36 -0300[diff] [blame]24#ifdef MCUBOOT_SIGN_EC256
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]25#include "bootutil/sign_key.h"
26
27#include "mbedtls/oid.h"
28#include "mbedtls/asn1.h"
29
30#include "tinycrypt/ecc_dsa.h"
31#include "bootutil_priv.h"
32
33/*
34 * Declaring these like this adds NULL termination.
35 */
36static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_EC_ALG_UNRESTRICTED;
37static const uint8_t ec_secp256r1_oid[] = MBEDTLS_OID_EC_GRP_SECP256R1;
38
39/*
40 * Parse the public key used for signing.
41 */
42static int
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]43tinycrypt_import_key(uint8_t **cp, uint8_t *end)
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]44{
45 size_t len;
46 mbedtls_asn1_buf alg;
47 mbedtls_asn1_buf param;
48
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]49 if (mbedtls_asn1_get_tag(cp, end, &len,
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]50 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
51 return -1;
52 }
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]53 end = *cp + len;
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]54
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]55 /* ECParameters (RFC5480) */
56 if (mbedtls_asn1_get_alg(cp, end, &alg, &param)) {
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]57 return -2;
58 }
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]59 /* id-ecPublicKey (RFC5480) */
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]60 if (alg.len != sizeof(ec_pubkey_oid) - 1 ||
61 memcmp(alg.p, ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
62 return -3;
63 }
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]64 /* namedCurve (RFC5480) */
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]65 if (param.len != sizeof(ec_secp256r1_oid) - 1 ||
66 memcmp(param.p, ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) {
67 return -4;
68 }
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]69 /* ECPoint (RFC5480) */
70 if (mbedtls_asn1_get_bitstring_null(cp, end, &len)) {
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]71 return -6;
72 }
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]73 if (*cp + len != end) {
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]74 return -7;
75 }
76
77 if (len != 2 * NUM_ECC_BYTES + 1) {
78 return -8;
79 }
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]80 /* Is uncompressed? */
81 if (*cp[0] != 0x04) {
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]82 return -9;
83 }
84
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]85 (*cp)++;
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]86 return 0;
87}
88
89/*
90 * cp points to ASN1 string containing an integer.
91 * Verify the tag, and that the length is 32 bytes.
92 */
93static int
Szymon Janc16184882017-09-22 18:32:11 -0300[diff] [blame]94tinycrypt_read_bigint(uint8_t i[NUM_ECC_BYTES], uint8_t **cp, uint8_t *end)
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]95{
96 size_t len;
97
98 if (mbedtls_asn1_get_tag(cp, end, &len, MBEDTLS_ASN1_INTEGER)) {
99 return -3;
100 }
Szymon Janc16184882017-09-22 18:32:11 -0300[diff] [blame]101
Fabio Utzig006994b2019-01-16 16:33:20 -0800[diff] [blame^]102 if (len >= NUM_ECC_BYTES) {
Szymon Janc16184882017-09-22 18:32:11 -0300[diff] [blame]103 memcpy(i, *cp + len - NUM_ECC_BYTES, NUM_ECC_BYTES);
Marko Kiiskila755daed2016-12-30 18:53:13 -0800[diff] [blame]104 } else {
Fabio Utzig006994b2019-01-16 16:33:20 -0800[diff] [blame^]105 memset(i, 0, NUM_ECC_BYTES - len);
Szymon Janc16184882017-09-22 18:32:11 -0300[diff] [blame]106 memcpy(i + NUM_ECC_BYTES - len, *cp, len);
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]107 }
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]108 *cp += len;
109 return 0;
110}
111
112/*
113 * Read in signature. Signature has r and s encoded as integers.
114 */
115static int
Szymon Janc16184882017-09-22 18:32:11 -0300[diff] [blame]116tinycrypt_decode_sig(uint8_t signature[NUM_ECC_BYTES * 2], uint8_t *cp, uint8_t *end)
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]117{
118 int rc;
119 size_t len;
120
121 rc = mbedtls_asn1_get_tag(&cp, end, &len,
122 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
123 if (rc) {
124 return -1;
125 }
David Brownbaff96f2017-01-27 17:35:14 -0700[diff] [blame]126 if (cp + len > end) {
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]127 return -2;
128 }
Szymon Janc16184882017-09-22 18:32:11 -0300[diff] [blame]129
130 rc = tinycrypt_read_bigint(signature, &cp, end);
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]131 if (rc) {
132 return -3;
133 }
Szymon Janc16184882017-09-22 18:32:11 -0300[diff] [blame]134 rc = tinycrypt_read_bigint(signature + NUM_ECC_BYTES, &cp, end);
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]135 if (rc) {
136 return -4;
137 }
138 return 0;
139}
140
141int
Fabio Utzig1a927dd2017-12-05 10:30:26 -0200[diff] [blame]142bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]143 uint8_t key_id)
144{
145 int rc;
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]146 uint8_t *pubkey;
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]147 uint8_t *end;
Szymon Janc16184882017-09-22 18:32:11 -0300[diff] [blame]148
Szymon Janc16184882017-09-22 18:32:11 -0300[diff] [blame]149 uint8_t signature[2 * NUM_ECC_BYTES];
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]150
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]151 pubkey = (uint8_t *)bootutil_keys[key_id].key;
152 end = pubkey + *bootutil_keys[key_id].len;
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]153
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]154 rc = tinycrypt_import_key(&pubkey, end);
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]155 if (rc) {
156 return -1;
157 }
158
Szymon Janc16184882017-09-22 18:32:11 -0300[diff] [blame]159 rc = tinycrypt_decode_sig(signature, sig, sig + slen);
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]160 if (rc) {
161 return -1;
162 }
163
164 /*
165 * This is simplified, as the hash length is also 32 bytes.
166 */
167 if (hlen != NUM_ECC_BYTES) {
168 return -1;
169 }
170
Fabio Utzig33fa8ad2017-10-05 18:21:30 -0300[diff] [blame]171 rc = uECC_verify(pubkey, hash, NUM_ECC_BYTES, signature, uECC_secp256r1());
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]172 if (rc == 1) {
173 return 0;
174 } else {
175 return -2;
176 }
177}
Fabio Utzig19356bf2017-05-11 16:19:36 -0300[diff] [blame]178#endif /* MCUBOOT_SIGN_EC256 */