TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mcuboot / 19356bf45fdd39a6a6a8c15701cbafce7bd778ad / . / boot / bootutil / src / image_ec256.c
blob: 615fb9fb1531680698dead0a9d3a485d3f82398d [file] [log] [blame]
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]1/*
2 * Licensed to the Apache Software Foundation (ASF) under one
3 * or more contributor license agreements. See the NOTICE file
4 * distributed with this work for additional information
5 * regarding copyright ownership. The ASF licenses this file
6 * to you under the Apache License, Version 2.0 (the
7 * "License"); you may not use this file except in compliance
8 * with the License. You may obtain a copy of the License at
9 *
10 * http://www.apache.org/licenses/LICENSE-2.0
11 *
12 * Unless required by applicable law or agreed to in writing,
13 * software distributed under the License is distributed on an
14 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15 * KIND, either express or implied. See the License for the
16 * specific language governing permissions and limitations
17 * under the License.
18 */
19
Marko Kiiskila755daed2016-12-30 18:53:13 -0800[diff] [blame]20#include <string.h>
21
Fabio Utzig19356bf2017-05-11 16:19:36 -0300[diff] [blame^]22#ifdef MCUBOOT_SIGN_EC256
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]23#include "bootutil/sign_key.h"
24
25#include "mbedtls/oid.h"
26#include "mbedtls/asn1.h"
27
28#include "tinycrypt/ecc_dsa.h"
29#include "bootutil_priv.h"
30
31/*
32 * Declaring these like this adds NULL termination.
33 */
34static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_EC_ALG_UNRESTRICTED;
35static const uint8_t ec_secp256r1_oid[] = MBEDTLS_OID_EC_GRP_SECP256R1;
36
37/*
38 * Parse the public key used for signing.
39 */
40static int
41tinycrypt_import_key(EccPoint *pubkey, uint8_t *cp, uint8_t *end)
42{
43 size_t len;
44 mbedtls_asn1_buf alg;
45 mbedtls_asn1_buf param;
46
47 if (mbedtls_asn1_get_tag(&cp, end, &len,
48 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
49 return -1;
50 }
51 end = cp + len;
52
53 if (mbedtls_asn1_get_alg(&cp, end, &alg, &param)) {
54 return -2;
55 }
56 if (alg.len != sizeof(ec_pubkey_oid) - 1 ||
57 memcmp(alg.p, ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
58 return -3;
59 }
60 if (param.len != sizeof(ec_secp256r1_oid) - 1 ||
61 memcmp(param.p, ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) {
62 return -4;
63 }
64 if (mbedtls_asn1_get_bitstring_null(&cp, end, &len)) {
65 return -6;
66 }
67 if (cp + len != end) {
68 return -7;
69 }
70
71 if (len != 2 * NUM_ECC_BYTES + 1) {
72 return -8;
73 }
74 if (cp[0] != 0x04) {
75 return -9;
76 }
77
78 ecc_bytes2native(pubkey->x, cp + 1);
79 ecc_bytes2native(pubkey->y, cp + 1 + NUM_ECC_BYTES);
80
81 return 0;
82}
83
84/*
85 * cp points to ASN1 string containing an integer.
86 * Verify the tag, and that the length is 32 bytes.
87 */
88static int
89tinycrypt_read_bigint(uint32_t i[NUM_ECC_DIGITS], uint8_t **cp, uint8_t *end)
90{
91 size_t len;
Marko Kiiskila755daed2016-12-30 18:53:13 -0800[diff] [blame]92 uint8_t bigint[NUM_ECC_BYTES];
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]93
94 if (mbedtls_asn1_get_tag(cp, end, &len, MBEDTLS_ASN1_INTEGER)) {
95 return -3;
96 }
Marko Kiiskila755daed2016-12-30 18:53:13 -0800[diff] [blame]97 if (len > NUM_ECC_BYTES) {
98 memcpy(bigint, *cp + len - NUM_ECC_BYTES, NUM_ECC_BYTES);
99 } else {
100 memset(bigint, 0, NUM_ECC_BYTES - len);
101 memcpy(bigint + NUM_ECC_BYTES - len, *cp, len);
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]102 }
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]103 *cp += len;
Marko Kiiskila755daed2016-12-30 18:53:13 -0800[diff] [blame]104 ecc_bytes2native(i, bigint);
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]105 return 0;
106}
107
108/*
109 * Read in signature. Signature has r and s encoded as integers.
110 */
111static int
112tinycrypt_decode_sig(uint32_t r[NUM_ECC_DIGITS], uint32_t s[NUM_ECC_DIGITS],
113 uint8_t *cp, uint8_t *end)
114{
115 int rc;
116 size_t len;
117
118 rc = mbedtls_asn1_get_tag(&cp, end, &len,
119 MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
120 if (rc) {
121 return -1;
122 }
David Brownbaff96f2017-01-27 17:35:14 -0700[diff] [blame]123 if (cp + len > end) {
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]124 return -2;
125 }
126 rc = tinycrypt_read_bigint(r, &cp, end);
127 if (rc) {
128 return -3;
129 }
130 rc = tinycrypt_read_bigint(s, &cp, end);
131 if (rc) {
132 return -4;
133 }
134 return 0;
135}
136
137int
138bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, int slen,
139 uint8_t key_id)
140{
141 int rc;
142 uint8_t *cp;
143 uint8_t *end;
144 EccPoint ctx;
145 uint32_t r[NUM_ECC_DIGITS];
146 uint32_t s[NUM_ECC_DIGITS];
147 uint32_t hash_t[NUM_ECC_DIGITS];
148
149 cp = (uint8_t *)bootutil_keys[key_id].key;
150 end = cp + *bootutil_keys[key_id].len;
151
152 rc = tinycrypt_import_key(&ctx, cp, end);
153 if (rc) {
154 return -1;
155 }
156
Marko Kiiskilabf943392016-12-29 17:29:48 -0800[diff] [blame]157 rc = tinycrypt_decode_sig(r, s, sig, sig + slen);
158 if (rc) {
159 return -1;
160 }
161
162 /*
163 * This is simplified, as the hash length is also 32 bytes.
164 */
165 if (hlen != NUM_ECC_BYTES) {
166 return -1;
167 }
168
169 ecc_bytes2native(hash_t, hash);
170 rc = ecdsa_verify(&ctx, hash_t, r, s);
171 if (rc == 1) {
172 return 0;
173 } else {
174 return -2;
175 }
176}
Fabio Utzig19356bf2017-05-11 16:19:36 -0300[diff] [blame^]177#endif /* MCUBOOT_SIGN_EC256 */