bootutil/crypto: Builtin ECDSA key support for PSA Crypto backend

Enable the usage of builtin keys in the ECDSA verification module with
the PSA Crypto API based cryptographic backend.
This way parsing and importing the verification keys can also be avoided.

Change-Id: I6ada1ef8ed04a3f12c228ef399e3a7b8ebc7fb5e
Signed-off-by: David Vincze <david.vincze@arm.com>

boot/bootutil/include/bootutil/crypto/ecdsa.h

@@ -1,7 +1,7 @@
 /*
  * SPDX-License-Identifier: Apache-2.0
  *
- * Copyright (c) 2023 Arm Limited
+ * Copyright (c) 2023-2024 Arm Limited
  */
 
 /*
@@ -340,7 +340,7 @@ static void parse_signature_from_rfc5480_encoding(const uint8_t *sig,
 {
     const uint8_t *sig_ptr = NULL;
 
-    /* r or s can be greater than the expected size by one, due to the way 
+    /* r or s can be greater than the expected size by one, due to the way
      * ASN.1 encodes signed integers. If either r or s starts with a bit 1,
      * a zero byte will be added in front of the encoding
      */
@@ -386,9 +386,26 @@ static const uint8_t Secp384r1[] = {0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x22};
 
 static inline void bootutil_ecdsa_init(bootutil_ecdsa_context *ctx)
 {
+#if !defined(MCUBOOT_BUILTIN_KEY)
     ctx->key_id = PSA_KEY_ID_NULL;
     ctx->curve_byte_count = 0;
     ctx->required_algorithm = 0;
+
+#else /* !MCUBOOT_BUILTIN_KEY */
+    /* The incoming key ID is equal to the image index. The key ID value must be
+     * shifted (by one in this case) because zero is reserved (PSA_KEY_ID_NULL)
+     * and considered invalid.
+     */
+    ctx->key_id++; /* Make sure it is not equal to 0. */
+#if defined(MCUBOOT_SIGN_EC256)
+    ctx->curve_byte_count = 32;
+    ctx->required_algorithm = PSA_ALG_SHA_256;
+#endif /* MCUBOOT_SIGN_EC256 */
+#if defined(MCUBOOT_SIGN_EC384)
+    ctx->curve_byte_count = 48;
+    ctx->required_algorithm = PSA_ALG_SHA_384;
+#endif /* MCUBOOT_SIGN_EC384 */
+#endif /* !MCUBOOT_BUILTIN_KEY */
 }
 
 static inline void bootutil_ecdsa_drop(bootutil_ecdsa_context *ctx)
@@ -398,6 +415,7 @@ static inline void bootutil_ecdsa_drop(bootutil_ecdsa_context *ctx)
     }
 }
 
+#if !defined(MCUBOOT_BUILTIN_KEY)
 /*
  * Parse a ECDSA public key with format specified in RFC5280 et al.
  *
@@ -442,6 +460,7 @@ static int bootutil_ecdsa_parse_public_key(bootutil_ecdsa_context *ctx,
 
     return (int)psa_import_key(&key_attributes, *cp, key_size, &ctx->key_id);
 }
+#endif /* !MCUBOOT_BUILTIN_KEY */
 
 /* Verify the signature against the provided hash. The signature gets parsed from
  * the encoding first, then PSA Crypto has a dedicated API for ECDSA verification

boot/bootutil/src/image_ecdsa.c

@@ -3,7 +3,7 @@
  *
  * Copyright (c) 2016-2019 JUUL Labs
  * Copyright (c) 2017 Linaro LTD
- * Copyright (C) 2021-2023 Arm Limited
+ * Copyright (C) 2021-2024 Arm Limited
  *
  * Original license:
  *
@@ -35,6 +35,7 @@
 #include "bootutil/fault_injection_hardening.h"
 #include "bootutil/crypto/ecdsa.h"
 
+#if !defined(MCUBOOT_BUILTIN_KEY)
 fih_ret
 bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
                     uint8_t key_id)
@@ -65,5 +66,30 @@ out:
 
     FIH_RET(fih_rc);
 }
+#else /* !MCUBOOT_BUILTIN_KEY */
+fih_ret
+bootutil_verify_sig(uint8_t *hash, uint32_t hlen, uint8_t *sig, size_t slen,
+                    uint8_t key_id)
+{
+    int rc;
+    bootutil_ecdsa_context ctx;
+    FIH_DECLARE(fih_rc, FIH_FAILURE);
+
+    /* Use builtin key for image verification, no key parsing is required. */
+    ctx.key_id = key_id;
+    bootutil_ecdsa_init(&ctx);
+
+    /* The public key pointer and key size can be omitted. */
+    rc = bootutil_ecdsa_verify(&ctx, NULL, 0, hash, hlen, sig, slen);
+    fih_rc = fih_ret_encode_zero_equality(rc);
+    if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
+        FIH_SET(fih_rc, FIH_FAILURE);
+    }
+
+    bootutil_ecdsa_drop(&ctx);
+
+    FIH_RET(fih_rc);
+}
+#endif /* MCUBOOT_BUILTIN_KEY */
 
 #endif /* MCUBOOT_SIGN_EC256 || MCUBOOT_SIGN_EC384 */