OrgZephyr/mcuboot
OrgZephyr
/
mcuboot
mirror of https://github.com/zephyrproject-rtos/mcuboot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

bootutil: Remove P224 curve 

Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I49fad7ede202de4e3c710bf4aa1df195a310b037
This commit is contained in:
Roland Mikhel 2023-02-23 15:28:52 +01:00 committed by Dávid Vincze
parent a97f009d20
commit 206b914852
17 changed files with 29 additions and 239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
boot/bootutil/CMakeLists.txt
View File

@ -1,5 +1,5 @@
#------------------------------------------------------------------------------
# Copyright (c) 2020, Arm Limited. All rights reserved.
# Copyright (c) 2020-2023, Arm Limited. All rights reserved.
#
# SPDX-License-Identifier: Apache-2.0
#
@ -23,7 +23,6 @@ target_sources(bootutil
src/encrypted.c
src/fault_injection_hardening.c
src/fault_injection_hardening_delay_rng_mbedtls.c
src/image_ec.c
src/image_ec256.c
src/image_ed25519.c
src/image_rsa.c

35
boot/bootutil/include/bootutil/caps.h
View File

@ -1,6 +1,6 @@
/*
* Copyright (c) 2017 Linaro Limited
* Copyright (c) 2021 Arm Limited
* Copyright (c) 2021-2023 Arm Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -34,23 +34,22 @@ extern "C" {
uint32_t bootutil_get_caps(void);
#define BOOTUTIL_CAP_RSA2048 (1<<0)
#define BOOTUTIL_CAP_ECDSA_P224 (1<<1)
#define BOOTUTIL_CAP_ECDSA_P256 (1<<2)
#define BOOTUTIL_CAP_SWAP_USING_SCRATCH (1<<3)
#define BOOTUTIL_CAP_OVERWRITE_UPGRADE (1<<4)
#define BOOTUTIL_CAP_ENC_RSA (1<<5)
#define BOOTUTIL_CAP_ENC_KW (1<<6)
#define BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT (1<<7)
#define BOOTUTIL_CAP_RSA3072 (1<<8)
#define BOOTUTIL_CAP_ED25519 (1<<9)
#define BOOTUTIL_CAP_ENC_EC256 (1<<10)
#define BOOTUTIL_CAP_SWAP_USING_MOVE (1<<11)
#define BOOTUTIL_CAP_DOWNGRADE_PREVENTION (1<<12)
#define BOOTUTIL_CAP_ENC_X25519 (1<<13)
#define BOOTUTIL_CAP_BOOTSTRAP (1<<14)
#define BOOTUTIL_CAP_AES256 (1<<15)
#define BOOTUTIL_CAP_RAM_LOAD (1<<16)
#define BOOTUTIL_CAP_DIRECT_XIP (1<<17)
#define BOOTUTIL_CAP_ECDSA_P256 (1<<1)
#define BOOTUTIL_CAP_SWAP_USING_SCRATCH (1<<2)
#define BOOTUTIL_CAP_OVERWRITE_UPGRADE (1<<3)
#define BOOTUTIL_CAP_ENC_RSA (1<<4)
#define BOOTUTIL_CAP_ENC_KW (1<<5)
#define BOOTUTIL_CAP_VALIDATE_PRIMARY_SLOT (1<<6)
#define BOOTUTIL_CAP_RSA3072 (1<<7)
#define BOOTUTIL_CAP_ED25519 (1<<8)
#define BOOTUTIL_CAP_ENC_EC256 (1<<9)
#define BOOTUTIL_CAP_SWAP_USING_MOVE (1<<10)
#define BOOTUTIL_CAP_DOWNGRADE_PREVENTION (1<<11)
#define BOOTUTIL_CAP_ENC_X25519 (1<<12)
#define BOOTUTIL_CAP_BOOTSTRAP (1<<13)
#define BOOTUTIL_CAP_AES256 (1<<14)
#define BOOTUTIL_CAP_RAM_LOAD (1<<15)
#define BOOTUTIL_CAP_DIRECT_XIP (1<<16)
/*
* Query the number of images this bootloader is configured for. This

4
boot/bootutil/include/bootutil/image.h
View File

@ -3,7 +3,7 @@
*
* Copyright (c) 2016-2019 Linaro LTD
* Copyright (c) 2016-2019 JUUL Labs
* Copyright (c) 2019-2021 Arm Limited
* Copyright (c) 2019-2023 Arm Limited
*
* Original license:
*
@ -85,7 +85,7 @@ struct flash_area;
#define IMAGE_TLV_PUBKEY 0x02 /* public key */
#define IMAGE_TLV_SHA256 0x10 /* SHA256 of image hdr and body */
#define IMAGE_TLV_RSA2048_PSS 0x20 /* RSA2048 of hash output */
#define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output */
#define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output - Not supported anymore */
#define IMAGE_TLV_ECDSA256 0x22 /* ECDSA of hash output */
#define IMAGE_TLV_RSA3072_PSS 0x23 /* RSA3072 of hash output */
#define IMAGE_TLV_ED25519 0x24 /* ed25519 of hash output */

5
boot/bootutil/src/caps.c
View File

@ -2,7 +2,7 @@
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2017 Linaro Limited
* Copyright (c) 2021 Arm Limited
* Copyright (c) 2021-2023 Arm Limited
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -32,9 +32,6 @@ uint32_t bootutil_get_caps(void)
res |= BOOTUTIL_CAP_RSA3072;
#endif
#endif
#if defined(MCUBOOT_SIGN_EC)
res |= BOOTUTIL_CAP_ECDSA_P224;
#endif
#if defined(MCUBOOT_SIGN_EC256)
res |= BOOTUTIL_CAP_ECDSA_P256;
#endif

130
boot/bootutil/src/image_ec.c
View File

@ -1,130 +0,0 @@
/*
* SPDX-License-Identifier: Apache-2.0
*
* Copyright (c) 2016-2018 JUUL Labs
* Copyright (C) 2021 Arm Limited
*
* Original license:
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
#include <string.h>
#include "mcuboot_config/mcuboot_config.h"
#ifdef MCUBOOT_SIGN_EC
#include "bootutil/sign_key.h"
#include "mbedtls/ecdsa.h"
#include "mbedtls/oid.h"
#include "mbedtls/asn1.h"
#include "bootutil/crypto/common.h"
#include "bootutil_priv.h"
/*
* Declaring these like this adds NULL termination.
*/
static const uint8_t ec_pubkey_oid[] = MBEDTLS_OID_EC_ALG_UNRESTRICTED;
static const uint8_t ec_secp224r1_oid[] = MBEDTLS_OID_EC_GRP_SECP224R1;
/*
* Parse the public key used for signing.
*/
static int
bootutil_parse_eckey(mbedtls_ecdsa_context *ctx, uint8_t **p, uint8_t *end)
{
size_t len;
mbedtls_asn1_buf alg;
mbedtls_asn1_buf param;
if (mbedtls_asn1_get_tag(p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) {
return -1;
}
end = *p + len;
if (mbedtls_asn1_get_alg(p, end, &alg, &param)) {
return -2;
}
if (alg.len != sizeof(ec_pubkey_oid) - 1 ||
memcmp(alg.p, ec_pubkey_oid, sizeof(ec_pubkey_oid) - 1)) {
return -3;
}
if (param.len != sizeof(ec_secp224r1_oid) - 1||
memcmp(param.p, ec_secp224r1_oid, sizeof(ec_secp224r1_oid) - 1)) {
return -4;
}
if (mbedtls_ecp_group_load(&ctx->MBEDTLS_CONTEXT_MEMBER(grp), MBEDTLS_ECP_DP_SECP224R1)) {
return -5;
}
if (mbedtls_asn1_get_bitstring_null(p, end, &len)) {
return -6;
}
if (*p + len != end) {
return -7;
}
if (mbedtls_ecp_point_read_binary(&ctx->MBEDTLS_CONTEXT_MEMBER(grp), &ctx->MBEDTLS_CONTEXT_MEMBER(Q), *p, end - *p)) {
return -8;
}
if (mbedtls_ecp_check_pubkey(&ctx->MBEDTLS_CONTEXT_MEMBER(grp), &ctx->MBEDTLS_CONTEXT_MEMBER(Q))) {
return -9;
}
return 0;
}
static int
bootutil_cmp_sig(mbedtls_ecdsa_context *ctx, uint8_t *hash, uint32_t hlen,
uint8_t *sig, size_t slen)
{
return mbedtls_ecdsa_read_signature(ctx, hash, hlen, sig, slen);
}
int
bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
uint8_t key_id)
{
int rc;
uint8_t *cp;
uint8_t *end;
mbedtls_ecdsa_context ctx;
mbedtls_ecdsa_init(&ctx);
cp = (uint8_t *)bootutil_keys[key_id].key;
end = cp + *bootutil_keys[key_id].len;
rc = bootutil_parse_eckey(&ctx, &cp, end);
if (rc) {
return -1;
}
while (sig[slen - 1] == '\0') {
slen--;
}
rc = bootutil_cmp_sig(&ctx, hash, hlen, sig, slen);
mbedtls_ecdsa_free(&ctx);
return rc;
}
#endif /* MCUBOOT_SIGN_EC */

11
boot/bootutil/src/image_validate.c
View File

@ -3,7 +3,7 @@
*
* Copyright (c) 2017-2019 Linaro LTD
* Copyright (c) 2016-2019 JUUL Labs
* Copyright (c) 2019-2020 Arm Limited
* Copyright (c) 2019-2023 Arm Limited
*
* Original license:
*
@ -46,11 +46,11 @@
#if defined(MCUBOOT_SIGN_RSA)
#include "mbedtls/rsa.h"
#endif
#if defined(MCUBOOT_SIGN_EC) || defined(MCUBOOT_SIGN_EC256)
#if defined(MCUBOOT_SIGN_EC256)
#include "mbedtls/ecdsa.h"
#endif
#if defined(MCUBOOT_ENC_IMAGES) || defined(MCUBOOT_SIGN_RSA) || \
defined(MCUBOOT_SIGN_EC) || defined(MCUBOOT_SIGN_EC256)
defined(MCUBOOT_SIGN_EC256)
#include "mbedtls/asn1.h"
#endif
@ -169,7 +169,6 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index,
* configured for any signature, don't define this macro.
*/
#if (defined(MCUBOOT_SIGN_RSA) + \
defined(MCUBOOT_SIGN_EC) + \
defined(MCUBOOT_SIGN_EC256) + \
defined(MCUBOOT_SIGN_ED25519)) > 1
#error "Only a single signature type is supported!"
@ -185,10 +184,6 @@ bootutil_img_hash(struct enc_key_data *enc_state, int image_index,
# endif
# define SIG_BUF_SIZE (MCUBOOT_SIGN_RSA_LEN / 8)
# define EXPECTED_SIG_LEN(x) ((x) == SIG_BUF_SIZE) /* 2048 bits */
#elif defined(MCUBOOT_SIGN_EC)
# define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA224
# define SIG_BUF_SIZE 128
# define EXPECTED_SIG_LEN(x) (1) /* always true, ASN.1 will validate */
#elif defined(MCUBOOT_SIGN_EC256)
# define EXPECTED_SIG_TLV IMAGE_TLV_ECDSA256
# define SIG_BUF_SIZE 128

2
boot/cypress/MCUBootApp/config/mcuboot_config/mcuboot_config.h
View File

@ -37,8 +37,6 @@
/* Uncomment for ECDSA signatures using curve P-256. */
#define MCUBOOT_SIGN_EC256
// #define MCUBOOT_SIGN_EC
/*
* Upgrade mode
*

29
boot/cypress/MCUBootApp/keys.c
View File

@ -85,31 +85,6 @@ const unsigned char rsa_pub_key[] = {
0xc9, 0x02, 0x03, 0x01, 0x00, 0x01
};
const unsigned int rsa_pub_key_len = 270;
#elif defined(MCUBOOT_SIGN_EC)
/* Format of PEM :
* -----BEGIN PUBLIC KEY-----
* base64encode(DER)
* -----END PUBLIC KEY----- */
#if defined(ECC224_KEY_FILE)
#include ECC224_KEY_FILE
#else
#warning "Used default ECC224 ecdsa_pub_key"
/* It is OEM_PUB_KEY at this moment for debug purposes */
/* Autogenerated by imgtool.py, do not edit. */
const unsigned char ecdsa_pub_key[] = {
0x30, 0x4e, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86,
0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b,
0x81, 0x04, 0x00, 0x21, 0x03, 0x3a, 0x00, 0x04,
0xa5, 0x8b, 0x18, 0xa4, 0x60, 0x37, 0xf7, 0x0d,
0x2b, 0x06, 0xba, 0x4b, 0x4c, 0xd7, 0x8d, 0xec,
0x2a, 0x32, 0x5a, 0x0e, 0x52, 0xf4, 0x1b, 0x7c,
0x99, 0xec, 0x68, 0x5d, 0x05, 0xc3, 0x6b, 0x7b,
0x40, 0x9c, 0xaa, 0xac, 0x90, 0xf4, 0xfc, 0xbe,
0x98, 0xe5, 0x3e, 0x86, 0x3d, 0x37, 0xbf, 0x45,
0x78, 0x92, 0x27, 0xca, 0x69, 0xe6, 0xf2, 0xc5,
};
const unsigned int ecdsa_pub_key_len = 80;
#endif
#elif defined(MCUBOOT_SIGN_EC256)
/* Format of PEM :
* -----BEGIN PUBLIC KEY-----
@ -141,7 +116,6 @@ const unsigned int ecdsa_pub_key_len = 91;
#endif
#if defined(MCUBOOT_SIGN_RSA) || \
defined(MCUBOOT_SIGN_EC) || \
defined(MCUBOOT_SIGN_EC256)
const struct bootutil_key bootutil_keys[] = {
#if defined(MCUBOOT_SIGN_RSA)
@ -149,8 +123,7 @@ const struct bootutil_key bootutil_keys[] = {
.key = rsa_pub_key,
.len = &rsa_pub_key_len,
},
#elif defined(MCUBOOT_SIGN_EC) || \
defined(MCUBOOT_SIGN_EC256)
#elif defined(MCUBOOT_SIGN_EC256)
{
.key = ecdsa_pub_key,
.len = &ecdsa_pub_key_len,

1
boot/espressif/CMakeLists.txt
View File

@ -134,7 +134,6 @@ set(bootutil_srcs
${BOOTUTIL_DIR}/src/encrypted.c
${BOOTUTIL_DIR}/src/fault_injection_hardening.c
${BOOTUTIL_DIR}/src/fault_injection_hardening_delay_rng_mbedtls.c
${BOOTUTIL_DIR}/src/image_ec.c
${BOOTUTIL_DIR}/src/image_ec256.c
${BOOTUTIL_DIR}/src/image_ed25519.c
${BOOTUTIL_DIR}/src/image_rsa.c

3
boot/mynewt/mcuboot_config/include/mcuboot_config/mcuboot_config.h
View File

@ -48,9 +48,6 @@
#if MYNEWT_VAL(BOOTUTIL_SIGN_ED25519)
#define MCUBOOT_SIGN_ED25519 1
#endif
#if MYNEWT_VAL(BOOTUTIL_SIGN_EC)
#define MCUBOOT_SIGN_EC 1
#endif
#if MYNEWT_VAL(BOOTUTIL_ENCRYPT_RSA)
#define MCUBOOT_ENCRYPT_RSA 1
#endif

3
boot/mynewt/mcuboot_config/syscfg.yml
View File

@ -31,9 +31,6 @@ syscfg.defs:
BOOTUTIL_SIGN_RSA_LEN:
description: 'Key size for RSA keys (2048 or 3072).'
value: 2048
BOOTUTIL_SIGN_EC:
description: 'Images are signed using ECDSA NIST P-224.'
value: 0
BOOTUTIL_SIGN_EC256:
description: 'Images are signed using ECDSA NIST P-256.'
value: 0

4
docs/design.md
View File

@ -3,7 +3,7 @@
- Copyright (c) 2017-2020 Linaro LTD
- Copyright (c) 2017-2019 JUUL Labs
- Copyright (c) 2019-2021 Arm Limited
- Copyright (c) 2019-2023 Arm Limited
- Original license:
@ -107,7 +107,7 @@ struct image_tlv {
#define IMAGE_TLV_KEYHASH 0x01 /* hash of the public key */
#define IMAGE_TLV_SHA256 0x10 /* SHA256 of image hdr and body */
#define IMAGE_TLV_RSA2048_PSS 0x20 /* RSA2048 of hash output */
#define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output */
#define IMAGE_TLV_ECDSA224 0x21 /* ECDSA of hash output - Not supported anymore */
#define IMAGE_TLV_ECDSA256 0x22 /* ECDSA of hash output */
#define IMAGE_TLV_RSA3072_PSS 0x23 /* RSA3072 of hash output */
#define IMAGE_TLV_ED25519 0x24 /* ED25519 of hash output */

4
docs/ecdsa.md
View File

@ -5,10 +5,6 @@ shortcut was taken, and these signatures were padded to make them
always a fixed length. Unfortunately, this padding was done in a way
that is not easily reversible. Some crypto libraries (specifically, Mbed
TLS) are fairly strict about the formatting of the ECDSA signature.
This currently means that the ECDSA SECP224R1 (EC) signature
checking code will fail to boot about 1 out of every 256 images,
because the signature itself will end in a 0x00 byte, and the code
will remove too much data, invalidating the signature.
There are two ways to fix this:

10
docs/signed_images.md
View File

@ -53,12 +53,7 @@ openssl rsa -in image_sign.pem -pubout -out image_sign_pub.der -outform DER -RSA
Now the public key is in file called image_sign_pub.der.
For ECDSA224 these commands are similar.
openssl ecparam -name secp224r1 -genkey -noout -out image_sign.pem
openssl ec -in image_sign.pem -pubout -outform DER -out image_sign_pub.der
And then the ECDSA256.
For ECDSA256 these commands are similar.
openssl ecparam -name prime256v1 -genkey -noout -out image_sign.pem
openssl ec -in image_sign.pem -pubout -outform DER -out image_sign_pub.der
@ -102,5 +97,4 @@ file
After you've created the key package, you must include it in the build
for bootloader. So modify the pkg.yml for apps/boot to include it.
The syscfg variable to enable ECDSA224 is BOOTUTIL_SIGN_EC, and
BOOTUTIL_SIGN_EC256 for ECDS256.
The syscfg variable to enable ECDSA256 is BOOTUTIL_SIGN_EC256.

3
testplan/mynewt/keys/ec/pkg.yml
View File

@ -1,3 +0,0 @@
pkg.name: keys/ec
pkg.author: "Apache Mynewt <dev@mynewt.apache.org>"
pkg.homepage: "http://mynewt.apache.org/"

18
testplan/mynewt/keys/ec/src/keys.c
View File

@ -1,18 +0,0 @@
#include <bootutil/sign_key.h>
static unsigned char key[] = {
0x30, 0x4e, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x21, 0x03, 0x3a, 0x00, 0x04,
0xa0, 0x8c, 0x5a, 0xd6, 0x98, 0x20, 0x1a, 0xd5, 0xb9, 0xc4, 0xfd, 0x7f,
0xa5, 0xd3, 0x08, 0xca, 0x00, 0x91, 0x5e, 0xc6, 0x92, 0x49, 0xce, 0x18,
0xc5, 0x64, 0x17, 0xed, 0xbf, 0x63, 0xd0, 0xcd, 0xb8, 0xf7, 0xff, 0x29,
0x25, 0x35, 0x5a, 0x7a, 0x20, 0x30, 0xc9, 0x26, 0x95, 0xb2, 0x57, 0xd1,
0x46, 0x0d, 0x69, 0x18, 0x13, 0xc9, 0x7d, 0xb3
};
static unsigned int key_len = 80;
const struct bootutil_key bootutil_keys[] = {
[0] = {
.key = key,
.len = &key_len,
},
};
const int bootutil_key_cnt = 1;

3
testplan/mynewt/keys/pkg.yml
View File

@ -5,8 +5,5 @@ pkg.homepage: "http://mynewt.apache.org/"
pkg.deps.BOOTUTIL_SIGN_RSA:
- keys/rsa
pkg.deps.BOOTUTIL_SIGN_EC:
- keys/ec
pkg.deps.BOOTUTIL_SIGN_EC256:
- keys/ec256