boot; first cut at adding support for signatures with ECSDA using NIST P-256.
Project: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/commit/bf7b6161 Tree: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/tree/bf7b6161 Diff: http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/diff/bf7b6161 Branch: refs/heads/develop Commit: bf7b6161936b16cc8eb9c16d902755de90d4f823 Parents: b455cb0 Author: Marko Kiiskila <[email protected]> Authored: Thu Dec 29 17:29:48 2016 -0800 Committer: Marko Kiiskila <[email protected]> Committed: Thu Dec 29 17:32:34 2016 -0800 ---------------------------------------------------------------------- boot/bootutil/include/bootutil/image.h | 9 +- boot/bootutil/pkg.yml | 3 + boot/bootutil/src/image_ec256.c | 183 ++++++++++++++++++++++++++++ boot/bootutil/src/image_validate.c | 20 ++- boot/bootutil/syscfg.yml | 3 + 5 files changed, 215 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/bf7b6161/boot/bootutil/include/bootutil/image.h ---------------------------------------------------------------------- diff --git a/boot/bootutil/include/bootutil/image.h b/boot/bootutil/include/bootutil/image.h index ce98e0c..70ce7fb 100644 --- a/boot/bootutil/include/bootutil/image.h +++ b/boot/bootutil/include/bootutil/image.h @@ -39,8 +39,14 @@ struct flash_area; #define IMAGE_F_PIC 0x00000001 /* Not currently supported. */ #define IMAGE_F_SHA256 0x00000002 /* Image contains hash TLV */ #define IMAGE_F_PKCS15_RSA2048_SHA256 0x00000004 /* PKCS15 w/RSA and SHA */ -#define IMAGE_F_ECDSA224_SHA256 0x00000008 /* ECDSA256 over SHA256 */ +#define IMAGE_F_ECDSA224_SHA256 0x00000008 /* ECDSA224 over SHA256 */ #define IMAGE_F_NON_BOOTABLE 0x00000010 /* Split image app. */ +#define IMAGE_F_ECDSA256_SHA256 0x00000020 /* ECDSA256 over SHA256 */ + +/* + * ECSDA224 is with NIST P-224 + * ECSDA256 is with NIST P-256 + */ /* * Image trailer TLV types. @@ -48,6 +54,7 @@ struct flash_area; #define IMAGE_TLV_SHA256 1 /* SHA256 of image hdr and body */ #define IMAGE_TLV_RSA2048 2 /* RSA2048 of hash output */ #define IMAGE_TLV_ECDSA224 3 /* ECDSA of hash output */ +#define IMAGE_TLV_ECDSA256 4 /* ECDSA of hash output */ struct image_version { uint8_t iv_major; http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/bf7b6161/boot/bootutil/pkg.yml ---------------------------------------------------------------------- diff --git a/boot/bootutil/pkg.yml b/boot/bootutil/pkg.yml index ca9dbf7..20a7a58 100644 --- a/boot/bootutil/pkg.yml +++ b/boot/bootutil/pkg.yml @@ -31,3 +31,6 @@ pkg.deps: - kernel/os - sys/defs - sys/flash_map + +pkg.deps.BOOTUTIL_SIGN_EC256: + - crypto/tinycrypt http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/bf7b6161/boot/bootutil/src/image_ec256.c ---------------------------------------------------------------------- diff --git a/boot/bootutil/src/image_ec256.c b/boot/bootutil/src/image_ec256.c new file mode 100644 index 0000000..b27a70b --- /dev/null +++ b/boot/bootutil/src/image_ec256.c @@ -0,0 +1,183 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +#include "syscfg/syscfg.h" + +#if MYNEWT_VAL(BOOTUTIL_SIGN_EC256) +#include "bootutil/sign_key.h" + +#include "mbedtls/oid.h" +#include "mbedtls/asn1.h" + +#include "tinycrypt/ecc_dsa.h" +#include "bootutil_priv.h" + +/* + * Declaring these like this adds NULL termination. + */ +static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_EC_ALG_UNRESTRICTED; +static const uint8_t ec_secp256r1_oid[] = MBEDTLS_OID_EC_GRP_SECP256R1; + +/* + * Parse the public key used for signing. + */ +static int +tinycrypt_import_key(EccPoint *pubkey, uint8_t *cp, uint8_t *end) +{ + size_t len; + mbedtls_asn1_buf alg; + mbedtls_asn1_buf param; + + if (mbedtls_asn1_get_tag(&cp, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) { + return -1; + } + end = cp + len; + + if (mbedtls_asn1_get_alg(&cp, end, &alg, ¶m)) { + return -2; + } + if (alg.len != sizeof(ec_pubkey_oid) - 1 || + memcmp(alg.p, ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) { + return -3; + } + if (param.len != sizeof(ec_secp256r1_oid) - 1 || + memcmp(param.p, ec_secp256r1_oid, sizeof(ec_secp256r1_oid) - 1)) { + return -4; + } + if (mbedtls_asn1_get_bitstring_null(&cp, end, &len)) { + return -6; + } + if (cp + len != end) { + return -7; + } + + if (len != 2 * NUM_ECC_BYTES + 1) { + return -8; + } + if (cp[0] != 0x04) { + return -9; + } + + ecc_bytes2native(pubkey->x, cp + 1); + ecc_bytes2native(pubkey->y, cp + 1 + NUM_ECC_BYTES); + + return 0; +} + +/* + * cp points to ASN1 string containing an integer. + * Verify the tag, and that the length is 32 bytes. + */ +static int +tinycrypt_read_bigint(uint32_t i[NUM_ECC_DIGITS], uint8_t **cp, uint8_t *end) +{ + size_t len; + + if (mbedtls_asn1_get_tag(cp, end, &len, MBEDTLS_ASN1_INTEGER)) { + return -3; + } + + for (; *cp < end; *cp = *cp + 1, len--) { + if (**cp != 0) { + break; + } + } + if (len != NUM_ECC_BYTES) { + return -1; + } + ecc_bytes2native(i, *cp); + *cp += len; + return 0; +} + +/* + * Read in signature. Signature has r and s encoded as integers. + */ +static int +tinycrypt_decode_sig(uint32_t r[NUM_ECC_DIGITS], uint32_t s[NUM_ECC_DIGITS], + uint8_t *cp, uint8_t *end) +{ + int rc; + size_t len; + + rc = mbedtls_asn1_get_tag(&cp, end, &len, + MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE); + if (rc) { + return -1; + } + if (cp + len != end) { + return -2; + } + rc = tinycrypt_read_bigint(r, &cp, end); + if (rc) { + return -3; + } + rc = tinycrypt_read_bigint(s, &cp, end); + if (rc) { + return -4; + } + return 0; +} + +int +bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, int slen, + uint8_t key_id) +{ + int rc; + uint8_t *cp; + uint8_t *end; + EccPoint ctx; + uint32_t r[NUM_ECC_DIGITS]; + uint32_t s[NUM_ECC_DIGITS]; + uint32_t hash_t[NUM_ECC_DIGITS]; + + cp = (uint8_t *)bootutil_keys[key_id].key; + end = cp + *bootutil_keys[key_id].len; + + rc = tinycrypt_import_key(&ctx, cp, end); + if (rc) { + return -1; + } + + while (sig[slen - 1] == '\0') { + slen--; + } + + rc = tinycrypt_decode_sig(r, s, sig, sig + slen); + if (rc) { + return -1; + } + + /* + * This is simplified, as the hash length is also 32 bytes. + */ + if (hlen != NUM_ECC_BYTES) { + return -1; + } + + ecc_bytes2native(hash_t, hash); + rc = ecdsa_verify(&ctx, hash_t, r, s); + if (rc == 1) { + return 0; + } else { + return -2; + } +} +#endif /* MYNEWT_VAL(BOOTUTIL_SIGN_EC256) */ http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/bf7b6161/boot/bootutil/src/image_validate.c ---------------------------------------------------------------------- diff --git a/boot/bootutil/src/image_validate.c b/boot/bootutil/src/image_validate.c index 98fdc9b..9ab08b7 100644 --- a/boot/bootutil/src/image_validate.c +++ b/boot/bootutil/src/image_validate.c @@ -93,7 +93,8 @@ bootutil_img_validate(struct image_header *hdr, const struct flash_area *fap, uint32_t off; uint32_t size; uint32_t sha_off = 0; -#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA) || MYNEWT_VAL(BOOTUTIL_SIGN_EC) +#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA) || MYNEWT_VAL(BOOTUTIL_SIGN_EC) || \ + MYNEWT_VAL(BOOTUTIL_SIGN_EC256) uint32_t sig_off = 0; uint32_t sig_len = 0; #endif @@ -112,6 +113,11 @@ bootutil_img_validate(struct image_header *hdr, const struct flash_area *fap, return -1; } #endif +#if MYNEWT_VAL(BOOTUTIL_SIGN_EC256) + if ((hdr->ih_flags & IMAGE_F_ECDSA256_SHA256) == 0) { + return -1; + } +#endif if ((hdr->ih_flags & IMAGE_F_SHA256) == 0) { return -1; } @@ -159,6 +165,15 @@ bootutil_img_validate(struct image_header *hdr, const struct flash_area *fap, sig_len = tlv.it_len; } #endif +#if MYNEWT_VAL(BOOTUTIL_SIGN_EC256) + if (tlv.it_type == IMAGE_TLV_ECDSA256) { + if (tlv.it_len < 72) { /* oids + 2 * 32 bytes */ + return -1; + } + sig_off = off + sizeof(tlv); + sig_len = tlv.it_len; + } +#endif } if (hdr->ih_flags & IMAGE_F_SHA256) { if (!sha_off) { @@ -175,7 +190,8 @@ bootutil_img_validate(struct image_header *hdr, const struct flash_area *fap, return -1; } } -#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA) || MYNEWT_VAL(BOOTUTIL_SIGN_EC) +#if MYNEWT_VAL(BOOTUTIL_SIGN_RSA) || MYNEWT_VAL(BOOTUTIL_SIGN_EC) || \ + MYNEWT_VAL(BOOTUTIL_SIGN_EC256) if (!sig_off) { /* * Header said there should be PKCS1.v5 signature, no TLV http://git-wip-us.apache.org/repos/asf/incubator-mynewt-core/blob/bf7b6161/boot/bootutil/syscfg.yml ---------------------------------------------------------------------- diff --git a/boot/bootutil/syscfg.yml b/boot/bootutil/syscfg.yml index 2951c03..e896bf9 100644 --- a/boot/bootutil/syscfg.yml +++ b/boot/bootutil/syscfg.yml @@ -25,3 +25,6 @@ syscfg.defs: BOOTUTIL_SIGN_EC: description: 'TBD' value: '0' + BOOTUTIL_SIGN_EC256: + description: 'TBD' + value: '0'
