Blame - boot/bootutil/src/image_ec256.c - mirror/mcuboot

blob: 3c6fd7dfc6f255ab8eceb6371f0d2f0191414ca4 [file] [log] [blame]

Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	1	/*
				2	* Licensed to the Apache Software Foundation (ASF) under one
				3	* or more contributor license agreements. See the NOTICE file
				4	* distributed with this work for additional information
				5	* regarding copyright ownership. The ASF licenses this file
				6	* to you under the Apache License, Version 2.0 (the
				7	* "License"); you may not use this file except in compliance
				8	* with the License. You may obtain a copy of the License at
				9	*
				10	* http://www.apache.org/licenses/LICENSE-2.0
				11	*
				12	* Unless required by applicable law or agreed to in writing,
				13	* software distributed under the License is distributed on an
				14	* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
				15	* KIND, either express or implied. See the License for the
				16	* specific language governing permissions and limitations
				17	* under the License.
				18	*/
				19
Marko Kiiskila	755daed	2016-12-30 18:53:13 -0800	[diff] [blame]	20	#include <string.h>
				21
Fabio Utzig	ba1fbe6	2017-07-21 14:01:20 -0300	[diff] [blame]	22	#ifdef MCUBOOT_MYNEWT
				23	#include "mcuboot_config/mcuboot_config.h"
Fabio Utzig	eed80b6	2017-06-10 08:03:05 -0300	[diff] [blame]	24	#endif
				25
Fabio Utzig	19356bf	2017-05-11 16:19:36 -0300	[diff] [blame]	26	#ifdef MCUBOOT_SIGN_EC256
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	27	#include "bootutil/sign_key.h"
				28
				29	#include "mbedtls/oid.h"
				30	#include "mbedtls/asn1.h"
				31
				32	#include "tinycrypt/ecc_dsa.h"
				33	#include "bootutil_priv.h"
				34
				35	/*
				36	* Declaring these like this adds NULL termination.
				37	*/
				38	static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_EC_ALG_UNRESTRICTED;
				39	static const uint8_t ec_secp256r1_oid[] = MBEDTLS_OID_EC_GRP_SECP256R1;
				40
				41	/*
				42	* Parse the public key used for signing.
				43	*/
				44	static int
Szymon Janc	1618488	2017-09-22 18:32:11 -0300	[diff] [blame^]	45	tinycrypt_import_key(uint8_t pubkey, uint8_t cp, uint8_t *end)
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	46	{
				47	size_t len;
				48	mbedtls_asn1_buf alg;
				49	mbedtls_asn1_buf param;
				50
				51	if (mbedtls_asn1_get_tag(&cp, end, &len,
				52	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE)) {
				53	return -1;
				54	}
				55	end = cp + len;
				56
				57	if (mbedtls_asn1_get_alg(&cp, end, &alg, &param)) {
				58	return -2;
				59	}
				60	if (alg.len != sizeof(ec_pubkey_oid) - 1 \|\|
				61	memcmp(alg.p, ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
				62	return -3;
				63	}
				64	if (param.len != sizeof(ec_secp256r1_oid) - 1 \|\|
				65	memcmp(param.p, ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) {
				66	return -4;
				67	}
				68	if (mbedtls_asn1_get_bitstring_null(&cp, end, &len)) {
				69	return -6;
				70	}
				71	if (cp + len != end) {
				72	return -7;
				73	}
				74
				75	if (len != 2 * NUM_ECC_BYTES + 1) {
				76	return -8;
				77	}
				78	if (cp[0] != 0x04) {
				79	return -9;
				80	}
				81
Szymon Janc	1618488	2017-09-22 18:32:11 -0300	[diff] [blame^]	82	/* TODO avoid this copy? */
				83	memcpy(pubkey, cp + 1, 2 * NUM_ECC_BYTES);
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	84
				85	return 0;
				86	}
				87
				88	/*
				89	* cp points to ASN1 string containing an integer.
				90	* Verify the tag, and that the length is 32 bytes.
				91	*/
				92	static int
Szymon Janc	1618488	2017-09-22 18:32:11 -0300	[diff] [blame^]	93	tinycrypt_read_bigint(uint8_t i[NUM_ECC_BYTES], uint8_t *cp, uint8_t end)
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	94	{
				95	size_t len;
				96
				97	if (mbedtls_asn1_get_tag(cp, end, &len, MBEDTLS_ASN1_INTEGER)) {
				98	return -3;
				99	}
Szymon Janc	1618488	2017-09-22 18:32:11 -0300	[diff] [blame^]	100
Marko Kiiskila	755daed	2016-12-30 18:53:13 -0800	[diff] [blame]	101	if (len > NUM_ECC_BYTES) {
Szymon Janc	1618488	2017-09-22 18:32:11 -0300	[diff] [blame^]	102	memcpy(i, *cp + len - NUM_ECC_BYTES, NUM_ECC_BYTES);
Marko Kiiskila	755daed	2016-12-30 18:53:13 -0800	[diff] [blame]	103	} else {
Szymon Janc	1618488	2017-09-22 18:32:11 -0300	[diff] [blame^]	104	memset(i + NUM_ECC_BYTES, 0, NUM_ECC_BYTES - len);
				105	memcpy(i + NUM_ECC_BYTES - len, *cp, len);
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	106	}
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	107	*cp += len;
				108	return 0;
				109	}
				110
				111	/*
				112	* Read in signature. Signature has r and s encoded as integers.
				113	*/
				114	static int
Szymon Janc	1618488	2017-09-22 18:32:11 -0300	[diff] [blame^]	115	tinycrypt_decode_sig(uint8_t signature[NUM_ECC_BYTES * 2], uint8_t cp, uint8_t end)
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	116	{
				117	int rc;
				118	size_t len;
				119
				120	rc = mbedtls_asn1_get_tag(&cp, end, &len,
				121	MBEDTLS_ASN1_CONSTRUCTED \| MBEDTLS_ASN1_SEQUENCE);
				122	if (rc) {
				123	return -1;
				124	}
David Brown	baff96f	2017-01-27 17:35:14 -0700	[diff] [blame]	125	if (cp + len > end) {
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	126	return -2;
				127	}
Szymon Janc	1618488	2017-09-22 18:32:11 -0300	[diff] [blame^]	128
				129	rc = tinycrypt_read_bigint(signature, &cp, end);
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	130	if (rc) {
				131	return -3;
				132	}
Szymon Janc	1618488	2017-09-22 18:32:11 -0300	[diff] [blame^]	133	rc = tinycrypt_read_bigint(signature + NUM_ECC_BYTES, &cp, end);
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	134	if (rc) {
				135	return -4;
				136	}
				137	return 0;
				138	}
				139
				140	int
				141	bootutil_verify_sig(uint8_t hash, uint32_t hlen, uint8_t sig, int slen,
				142	uint8_t key_id)
				143	{
				144	int rc;
				145	uint8_t *cp;
				146	uint8_t *end;
Szymon Janc	1618488	2017-09-22 18:32:11 -0300	[diff] [blame^]	147
				148	uint8_t public_key[2 * NUM_ECC_BYTES];
				149	uint8_t signature[2 * NUM_ECC_BYTES];
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	150
				151	cp = (uint8_t *)bootutil_keys[key_id].key;
				152	end = cp + *bootutil_keys[key_id].len;
				153
Szymon Janc	1618488	2017-09-22 18:32:11 -0300	[diff] [blame^]	154	rc = tinycrypt_import_key(public_key, cp, end);
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	155	if (rc) {
				156	return -1;
				157	}
				158
Szymon Janc	1618488	2017-09-22 18:32:11 -0300	[diff] [blame^]	159	rc = tinycrypt_decode_sig(signature, sig, sig + slen);
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	160	if (rc) {
				161	return -1;
				162	}
				163
				164	/*
				165	* This is simplified, as the hash length is also 32 bytes.
				166	*/
				167	if (hlen != NUM_ECC_BYTES) {
				168	return -1;
				169	}
				170
Szymon Janc	1618488	2017-09-22 18:32:11 -0300	[diff] [blame^]	171	rc = uECC_verify(public_key, hash, NUM_ECC_BYTES, signature, uECC_secp256r1());
Marko Kiiskila	bf94339	2016-12-29 17:29:48 -0800	[diff] [blame]	172	if (rc == 1) {
				173	return 0;
				174	} else {
				175	return -2;
				176	}
				177	}
Fabio Utzig	19356bf	2017-05-11 16:19:36 -0300	[diff] [blame]	178	#endif /* MCUBOOT_SIGN_EC256 */