Fix a local variable name typo in parse public key function
for the PSA Crypto abstraction, and at the same time put the
memcmp under ifdefs.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Icadca37e4207ad703a853ea720a053aa2ba76411
This reverts commit 78135ee6eb
as bba5a711483447d7eee2531b65bd1c07c81746c9 made it unnecessary.
Change-Id: Idee755f05c17502599aaa947826e9a7feb08b4a7
Signed-off-by: David Vincze <david.vincze@arm.com>
The IMAGE_TLV_ECDSA256 TLV has been put out of use by
commit 63d2346da4.
This commit reverts this part of that patch and at the
same time it extends the usage of this TLV to cover all types
of curves (replacing the newly introduced 0x25 TLV type)
while retaining its value (0x22) for backward compatibility.
Rename IMAGE_TLV_ECDSA256 to IMAGE_TLV_ECDSA_SIG.
Change-Id: I904f292db775c38f26a5e9a87c5f414165efc173
Signed-off-by: David Vincze <david.vincze@arm.com>
Switch from toml to tomllib when supported, Python 3.11+, and fallback to
using tomli instead of toml otherwise.
Signed-off-by: Fabio Utzig <utzig@apache.org>
BOOTUTIL_CRYPTO_ECDSA_P256_HASH_SIZE is a universal define
that should be moved into a common area of the header
instead of repeating it for every abstraction that needs it
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I21e7511218d0dafac8b7337715932c6564d7c3a1
Fixes in the ecdsa.h abstraction layer:
* Align indentation of parameters to the opening bracket of the function
* Remove inline in some of the bigger functions of the PSA Crypto abstraction
* Fix the prototype of ecdsa_verify for the PSA Crypto abstraction
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I28e1be83bc1a16fdf8b796f89c002528b1bd7791
Remove the generic ECDSA verification module and keep the
existing one, just renaming it image_ecdsa.c. Make sure
that the abstraction layer is generically called ecdsa.h
and the abstraction names are not P256 specific.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I6f78cfc1b1c2851cdad67efa91c6cb49498187bb
Extend the ecdsa abstraction layer to support P384 curves
during parsing the public key and the signature.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I05e9b27b1809352a6115184ef16c95dc8b6d2a40
To keep a single ECDSA abstraction to support both existing
modes and PSA Crypto APIs, merge the contents of ecdsa.h
into ecdsa_p256.h
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I08b4a42d87c491badfee3ec4579bd2a23a80602d
The ecdsa abstraction layer header does not have a license header.
Add it in preparation for the merge with ecdsa.h
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: Ibb906c7f6bb3b50387e4816e1a95b31d3c8b515f
Add a dedicated signature validation module for generic ECDSA signatures,
and a corresponding cryptographic abstraction backend based on PSA Crypto
APIs. This signature verification backend is enabled by defining the
option MCUBOOT_SIGN_ECDSA
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I47da70629da0a5681ec7c4dcceed875a997b071b
Remove those TLVs that are tied to a specific curve and modify the
code to use the new generic ECDSA TLV.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: Iffe9052580c99e75118cf5df4286e0e9a2af4a8c
Add support to the simulator so that
the generic ECDSA TLV can be tested.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I3322ed829d150ff35abfaaa8ecf69ab7017bd7cf
Add backwards compatibility to the imgtool to support
the old curve specific TLVs. Currently only ECDSA256 needs this.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I275894ebc713ea8adcaab4198b036c41233b11e8
Update imgtool to support the new
generic ECDSA TLV and the ECDSA
p384 curve type with sha-384
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I9b1887610cc5d0e7cde90f47999fcdf3500ef51c
Remove those TLVs that are tied to a specific curve and update
the image validation logic to look for the new generic TLV
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I924f2742424bc255fbed1b0941648baa88f60147
Create a new generic ECDSA TLV type that can be used
to store any signatures irrespective of the curve type.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I2aeb885251fd25e23f5430328b8cc64b8cc8d7be
The stm32 defines is somewhat redundant due to the generic watchdog
defines which uses the watchdog0 alias. Therefore they are removed in
this commit.
Signed-off-by: Jeppe Odgaard <jeppe.odgaard@prevas.dk>
The Zephyr watchdog API defines a setup function. This function needs to
be executed before the watchdog is functional in some cases. This commit
adds MCUBOOT_WATCHDOG_SETUP when using the generic watchdog0 alias
otherwise it is an empty define.
Fixes https://github.com/mcu-tools/mcuboot/issues/1659
Signed-off-by: Jeppe Odgaard <jeppe.odgaard@prevas.dk>
Fixes include paths for zephyr builds to use the system zcbor_*
files rather than the local files.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
For bootutil_verify_sig the declaration expects fih_ret
as the return type not fih_int, this has now been fixed.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: If5943758bebdbf401b1eb387de334fa19a3a7781
When using CDC only and CONFIG_SERIAL is not enabled in Zephyr,
but there is chosen zephyr,mcumgr-uart, the chosen
takes precedence over CDC and directs MCUmgr to that uart.
This causes two issues: first the CDC is ignored if chosen exists,
and makes build fail because drivers are not built.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Commit provides boot_set_next function that allows to set next
application slot to boot by flash area object pointer, describing
the slot.
The function also takes active which is supposed to indicate whether
running application is being set for next boot and confirm parameter
that allows to confirm the image.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Adds a bootloader serial recovery entrance mode that will allow
recovering a module if there is no application that can be booted.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Adds an optional entrance method for mcuboot's serial recovery by
using Zephyr's boot mode retention system, this allows for an
application to set the retained data and reboot into the bootloader.
This also adds a selection of how to enter serial recovery mode, it
no longer requires having a GPIO entrance mechanism. Entrance
methods have been added under a new Kconfig menu.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
The current ECDSA-P256 implementation code contains
a lot of code that is tied to a specific condition being met.
The aim of this commit is to cleanup the main verification
logic to be unified between crypto backends and move the
conditional code where it is relevant.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I06b050a263b2b88b08708defb6aa1001a08ba2ae
Add new 'dumpinfo' command that can parse a signed image and
print all the available information from the header, TLV area and
trailer in the form of a basic "image map".
The --outfile option can be used to write the image information
to an output file in serialised YAML format.
Change-Id: I99e61078946b02eefd4ac2e682583476d53e8d4f
Signed-off-by: David Vincze <david.vincze@arm.com>
MCUBoot dropped P224 curve support as
there is little interest in using it.
The simulator threw an error as P224
was never supported, this was removed.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I96011e9b00dbc3a6f7590db365a5f480d85394e1
Imgtool does not provide support for P224
curve, just a placeholder function that
says it's not currently implemented.
This has now been removed as P224 support
had been removed from the boot code too.
Signed-off-by: Roland Mikhel <roland.mikhel@arm.com>
Change-Id: I477d8e273085f38f35eaf9a591584f3e937d748d
Added description on serial recovery mode features and
its configuration.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Anna Kielar <anna.kielar@nordicsemi.no>
Added description on what is the serial recovery protocol
in general.
Signed-off-by: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>
Signed-off-by: Anna Kielar <anna.kielar@nordicsemi.no>
fix
Adds support for outputting the image hash TLV in serial recovery
mode, which is needed to comply with the img_mgmt MCUmgr group
requirements.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Antonio de Angelis